With so many elements in information security -- application, network infrastructure, the endpoint, perimeter defenses, and data-centric approaches -- it's easy to fall in the trap of touting one as more important than the other. But it's a mistake to consider information security as a series of silos when it's actually an intersection of different areas. That overlap is most evident with application and endpoint security.For Jeremiah Grossman, the new chief security strategist at security vendor Sentinel One, application security and endpoint security are just different steps in the kill chain. As the founder and former CTO of the consultancy WhiteHat Security, Grossman has been the go-to-expert for web application security for years, and his new focus on endpoint security at Sentinel One does not mean that he has given up on securing web applications.To read this article in full or to leave a comment, please click here
No need to fightImage by Flickr/Peretz Partensky/REMIXEDIt's a familiar scenario: your security team wants—needs—to lock down part of your enterprise's network. And yet the network team resists you at every turn. Don't they understand that security is paramount? Do they want to get hacked?To read this article in full or to leave a comment, please click here
Agile software development methodologies are hardly new. But figuring out a way to adequately contract for them in IT outsourcing deal is.“Under traditional contracting approaches, there is an assumption that the development team can define, with some specificity, the ultimate ‘thing’ to be created supported by a detailed project plan and key milestones tied to client acceptance and financial payment triggers,” says Derek J. Schaffner, attorney in the Washington, D.C. office of law firm Mayer Brown. “These concepts are very easy to memorialize in a development agreement due to the linear nature of a traditional software development approach that commences with detailed planning, followed by design, coding, testing and deployment.”To read this article in full or to leave a comment, please click here
Trade secret leaks through videoconference camera angles are about to become a thing of the past, according to scientists at Duke University.The researchers there say they’ve developed a system that will block camera shots that include confidential information, such as whiteboard presentations. The blocking advantage being that one will no longer have to carefully sweep an office backdrop for secrets, or disable the camera even, before placing or receiving videoconference calls—the call can simply be placed.Duke’s under-development system also works for smartphone camera shots of receipts, say, for expense accounting.To read this article in full or to leave a comment, please click here
Federal regulators are investigating Tesla's autopilot feature after a fatal crash involving a tractor trailer and one of its Model S cars.The U.S. National Highway Traffic Safety Administration opened the investigation after a man was killed while driving a Model S with the self-driving mode engaged."This is the first known fatality in just over 130 million miles where Autopilot was activated," Tesla said in a statement Thursday. It called the incident a "tragic loss."The car was on a divided highway when a tractor trailer made a left turn in front of the Tesla at an intersection. "Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied," Tesla said.To read this article in full or to leave a comment, please click here
The hacker who claims to have breached the Democratic National Committee’s networks is trying to beat back accusations that he’s linked with the Russian government.The intrusion, which stole confidential files from the DNC, was his “personal project,” hacker Guccifer 2.0 said in a Thursday blog post.Security firms and the DNC may be trying to blame the attack on Russia, but “they can prove nothing!” Guccifer 2.0 added.“All I hear is blah-blah-blah, unfounded theories, and somebody’s estimates,” he wrote.Guccifer 2.0 appeared on the web just a day after the DNC revealed it had been hacked. To prove he was behind the breach, the hacker began posting the files he stole. This included opposition research on presidential candidate Donald Trump, along with donor lists and foreign policy files. To read this article in full or to leave a comment, please click here
Forget hoverboards. The Segway miniPRO is a smarter, stronger and safer personal transporter, UL 2272 Certified for the highest standards of electrical and fire safety requirements established by Underwriter Laboratories. The miniPRO has large air-filled tires suitable for almost any terrain. Its innovative knee bar makes steering easy and precise, and its powerful lithium-ion battery will take you up to 14 miles on a single charge at speeds of up to 10 miles per hour. Automatic head and tail-lights produce maximum visibility night or day, personalized from a spectrum of 16 million color variations. It comes with a full-featured app, available for iOS and Android, that lets you personalize your miniPRO, activate anti-theft features, control your miniPRO remotely, and much more. It's available to ship now, and its initial list price of $1,299 has been reduced for launch to $999. See or buy it now on Amazon.To read this article in full or to leave a comment, please click here
The suspense is over: Google has revealed the sweet nickname for its newest edition of the Android operating system -- Nougat. Google, which had been calling the in-progress OS Android N, disclosed the news initially via Snapchat and Twitter.Google has a history of naming Android versions after sweet treats, with Kitkat, Lollipop and Marshmallow being the most recent three. The company solicited suggestions for the latest name following its recent Google I/O event.Google CEO Sundar Pichai earlier this year hinted that an Indian delight could be in the offing as a nickname, and indeed nougat is popular in India. It's also contained in popular candy bars such as 3 Muskateers and Snickers.To read this article in full or to leave a comment, please click here
The iPhone 7 is going to be an interesting release for a number of reasons. First and foremost, the iPhone 7 may be defined by what it lacks more so than by what ever new features it brings to the table. I am, of course, referring to the fact that the iPhone 7 may ship without a traditional 3.5mm headphone jack, a controversial decision to say the least.So perhaps in an effort so soften the blow, the latest iPhone 7 rumor we've stumbled across indicates that Apple is finally getting serious about storage. Indeed, one of the longstanding complaints regarding Apple's popular smartphone is that the base model only offers 16GB of storage. And sure, 16GB might have been more than enough storage back in 2009, it's arguably unacceptable in today's age of 4K video and more.To read this article in full or to leave a comment, please click here
After dropping slightly in the previous year, the number of federal and state wiretaps increased nearly 17% in 2105 over 2014, according to an annual report submitted to Congress by the Administrative Office of the U.S. Courts.
+More on Network World: NASA’s hot Juno Jupiter mission+
A total of 4,148 wiretaps were reported in 2015 versus 3,554 the previous year. Of those, 1,403 were authorized by federal judges, 10% more than in 2014, and 2,745 were authorized by state judges, an increase of 21%. The report said 4,448 persons had been arrested in wiretap investigations, a 26% increase from 2014. The number of convictions rose 7%, to 590. Federal wiretaps were responsible for 29 %of the arrests, and 19 % of the convictions, according to the report.To read this article in full or to leave a comment, please click here
After spending the better part of a year aggressively pushing consumers to upgrade to Windows 10, Microsoft is finally taking a step back with the acknowledgment it went too far.Customers have endured unwanted downloading of the software onto their PC without being told, then unwanted upgrades. And finally, the Get Windows 10 (GWX) application was changed so if you clicked the red “X” at the corner of the window thinking it would opt out, Microsoft treated this click as a confirmation of a scheduled update.The outcry has been very loud, and it recently cost Microsoft $10,000 in the form of a court loss over one small business user's forced upgrade that left her work PC unusable.To read this article in full or to leave a comment, please click here
Watson might schedule your meetings someday if a partnership between IBM and Cisco Systems bears the fruit they’re hoping to grow.In the meantime, the companies hope to save employees from some of the meaningless tasks they have to carry out just to work with their colleagues.IBM’s Verse email platform (see also: "In search of IBM Verse") and Connections collaboration suite are a good match for Cisco products like the Spark messaging app and WebEx conferencing service, so the two vendors have found ways to integrate them, company officials say. All this will happen in the cloud. They’ll demonstrate the first examples next month at the Cisco Live conference.To read this article in full or to leave a comment, please click here
Microsoft appears to be building a business app store. The company put online a test version of a service called AppSource that’s designed to help businesses find software that augments the Microsoft products they already use, such as Power BI and Dynamics AX.
The AppSource site was available Tuesday night at appsource.microsoft.com), but is down now. A description on its homepage said that users would be able to use the site to find software-as-a-service offerings from Microsoft and selected partners that they could try for free before purchasing them.
All of this appears to have come to light after someone developing the site at Microsoft accidentally made a test version of it available on the public Internet, where it was discovered by a prolific Microsoft leaker who goes by Walking Cat on Twitter.To read this article in full or to leave a comment, please click here
The digital transformation imperative is becoming increasingly urgent for companies large and small, and SAP wants to help. On Wednesday, the ERP giant set its sights squarely on SMBs with an updated app that's been enriched with analytics and other key features.Originally announced last year, SAP Business One 9.2 is the latest version of SAP's ERP app for small and medium-size businesses, and it's now generally available both on-premises and in the cloud.To read this article in full or to leave a comment, please click here
The number of users infected with mobile ransomware is skyrocketing, as hackers try to expand the number of potential victims they can target.Compared with a year ago, almost four times as many users are being attacked by mobile ransomware, security firm Kaspersky Lab said on Wednesday.It's a troubling trend. Ransomware has typically targeted PCs by encrypting all the information that is inside the targeted machines, and then holding the data hostage in exchange for money.To read this article in full or to leave a comment, please click here
The lack of a traditional 3.5mm headphone jack may not be the only big design change Apple introduces when it rolls out the iPhone 7 later this year. According to sources, and most recently a report from analysts Cowen and Company (via Business Insider), the home button on the iPhone 7 will be like nothing Apple has ever shipped before.Specifically, the iPhone 7's home button may sit flush with the entire device itself and will not be able to be pressed down. Instead, Apple will incorporate Force Touch technology such that when a user taps the home button, it will trigger a series of vibrations that will mimic the feeling of a pressed button. While this may seem a bit far fetched, note that Apple already employs such technology on the company's MacBook line. And having used Apple's MacBook, I can attest that Apple's scheme of haptic feedback truly does mimic the feeling of a physical button.To read this article in full or to leave a comment, please click here
From executives to graduate students, anyone who presents can appreciate a good clicker. This one from DinoFire is currently discounted 55%, from $32.99 down to just $14.99, and receives an average of 4.5 out of 5 stars from over 200 customers (read reviews). Its generous 98-foot range lets you wander confidently around the room. It features up, down and red light buttons, as well as an on/off switch and low battery indicator. The DinoFire remote supports MS Word, Excel, PowerPoint, ACD See, website, iWork (Keynote & Numbers & Pages) Google Slides, and most major operating systems. Simply plug the receiver into your USB port and you're ready to go. When not in use, the receiver plugs into the remote for transporting in one piece. See the discounted presentation remote now on Amazon.To read this article in full or to leave a comment, please click here
Over 25,000 hacked internet-connected CCTV cameras are being used for a denial-of-service botnet, according the researchers from the security firm Sucuri.The discovery came after Sucuri mitigated a DDoS attack against a jewelry store site; it had been generating 35,000 HTTP requests per second. But after bringing the website back up, researchers said the attacks increased to nearly 50,000 HTTP requests per second. When the attack continued for days, the researchers discovered the attack botnet was leveraging only IoT CCTV devices which were located across the globe.Although this is not the first CCTV-based DDoS botnet discovered, since 900 had been used in attacks last year, it is the largest yet to be discovered. “It is not new that attackers have been using IoT devices to start their DDoS campaigns,” Sucuri wrote, “however, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long.”To read this article in full or to leave a comment, please click here
Ten years ago, power usage at data centers was growing at an unsustainable rate, soaring 24% from 2005 to 2010. But a shift to virtualization, cloud computing and improved data center management is reducing energy demand.According to a new study, data center energy use is expected to increase just 4% from 2014 to 2020, despite growing demand for computing resources.Total data center electricity usage in the U.S., which includes powering servers, storage, networking and the infrastructure to support it, was at 70 billion kWh (kilowatt hours) in 2014, representing 1.8% of total U.S. electricity consumption.ALSO ON NETWORK WORLD: Whatever happened to Green IT?
Based on current trends, data centers are expected to consume approximately 73 billion kWh in 2020, becoming nearly flat over the next four years. "Growth in data center energy consumption has slowed drastically since the previous decade," according to a study by the U.S. Department of Energy's Lawrence Berkeley National Laboratory. "However, demand for computations and the amount of productivity performed by data centers continues to rise at substantial rates."To read this article in full or to leave a comment, please click here
Microsoft's Outlook.com is used by some 400 million users around the world, so it's only natural that Salesforce wants its own software to play nicely with it. On Tuesday, the CRM giant announced a big step in that direction.The latest in a series of integrations resulting from the two-year-old partnership between Salesforce and Microsoft, Lightning for Outlook is an add-in that promises to let salespeople tailor their inboxes with smooth access to customer relationship management (CRM) data whenever they need it.To read this article in full or to leave a comment, please click here