Archive

Category Archives for "Network World Wireless"

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept

Oh, peachy. Say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks (pdf), by security researcher David Kierznowski is available on Royal Holloway. The paper describes BadUSB 2.0 as an “in-line hardware solution” that is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB 2.0 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Cloud or on-prem? This big-data service now swings both ways

There are countless "as-a-Service" offerings on the market today, and typically they live in the cloud. Back in 2014, startup BlueData blazed a different trail by launching its EPIC Enterprise big-data-as-a-service offering on-premises instead.On Wednesday, BlueData announced that the software can now run on Amazon Web Services (AWS) and other public clouds, making it the first BDaaS platform to work both ways, the company says."The future of Big Data analytics will be neither 100 percent on-premises nor 100 percent in the cloud," said Kumar Sreekanti, CEO of BlueData. "We’re seeing more multicloud and hybrid deployments, with data both on-prem and in the cloud. BlueData provides the only solution that can meet the realities of these mixed environments in the enterprise.”To read this article in full or to leave a comment, please click here

Dropbox enhances its productivity tools across the board

Dropbox just dumped a ton of new productivity features on users of its file storage and collaboration service that are all aimed at making it easier for people to get work done within its applications. Updates to the Dropbox app for iOS allow users to scan documents directly into the cloud storage service, and get started with creating Microsoft Office files from that app as well. The company also increased the ease and security of sharing files through Dropbox, and made it easier to preview and comment on files shared through the service.These launches mean that Dropbox will be more valuable to people as a productivity service, and not just a folder to hold files. It's especially important as the company tries to capture the interest of business users, who have a wide variety of competing storage services they could subscribe to instead. To read this article in full or to leave a comment, please click here

IDG Contributor Network: New life for residential Wi-Fi

The recent launch of two residential Wi-Fi products—from eero and Luma—is very welcome. They highlight just how stale the traditional offerings had become. But their central technical improvement should be unnecessary.The new devices apply the Nest treatment to Wi-Fi routers rather than thermostats. As with most brilliant ideas, one’s first reaction is why didn’t someone do this before, it’s so obvious?+ Also on Network World: Riding the new Wi-Fi wave (part 1) +To read this article in full or to leave a comment, please click here

Think tanks mull Geneva Convention for cybercrime

A Geneva Convention on cyberwar: That's how a panel of experts proposes to deal with the growing threat to critical infrastructure posed by the possibility of cyberattack.With control systems in dams, hospitals, power grids and industrial systems increasingly exposed online, it's possible that nation states could seek to damage or disable them electronically.But building electronic defenses to prevent such attacks is expensive -- and often ineffectual, given the myriad ways in which they can fail or be breached.That's why the Global Commission on Internet Governance recommends that in any future cyberwar, governments should pledge to restrict the list of legitimate targets for cyberattacks, to not target critical infrastructure predominantly used by civilians, and to not to use cyberweapons against core Internet infrastructure.To read this article in full or to leave a comment, please click here

‘Trojan horse’ stalks security conference

The creation pictured above, dubbed “Cyber Horse,” greets attendees of the ongoing Cyber Week 2016 conference being held at Tel Aviv University. This short video shows a time-lapse of the final assemblage with a narration devoted to a history lesson. And here’s another close-up video taken by a conference attendee: “Cyber Horse” was conceived and built by No, No, No, No, No, Yes, an agency based in New York City. Gideon Amichay, founder and chief creative officer, explains in a blog post.To read this article in full or to leave a comment, please click here

Get ready: Mobile World Congress is coming to the US

Mobile World Congress, arguably the most important tech trade show in the world, is coming to the U.S. Trade groups GSMA and CTIA are joining forces to bring a smaller version of the event to the U.S. in 2017.GSMA Mobile World Congress Americas will debut Sept. 12 to 14, 2017, in San Francisco and will replace U.S. trade group CTIA's Super Mobility conference. Super Mobility will continue this year in Las Vegas from Sept. 7 to 9.The new conference will be the "first truly global wireless event" in the Americas, CTIA President and CEO Meredith Attwell Baker said in a press release.ALSO: 9 tips for speeding up your business Wi-Fi The new trade show, however, will apparently be more focused, spotlighting the leading innovations from the North American mobile industry, John Hofman, CEO of GSMA, said in a press release.To read this article in full or to leave a comment, please click here

Why cyber hygiene isn’t enough

In numerous discussions and forums recently, the conversation about the need for a risk management approach to cybersecurity has quickly devolved into a discussion about cyber hygiene and, ultimately, a discussion about compliance (with perhaps some simple metrics thrown in).+ Also on Network World: Match security plans to your company's 'risk appetite' +This pattern of following a difficult, but business-oriented discussion of risk to a trivial oversimplification is common within government and industry circles—and even among the most sophisticated CISOs. What we really need, however, is a holistic risk framework and a solid commitment to risk-based measurements in order to accurately understand and defend against the most serious cybersecurity threats facing our country. Too often we focus solely on cyber hygiene, while important, doesn’t fully address the more severe risks organizations face with increasing frequency.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why cyber hygiene isn’t enough

In numerous discussions and forums recently, the conversation about the need for a risk management approach to cybersecurity has quickly devolved into a discussion about cyber hygiene and, ultimately, a discussion about compliance (with perhaps some simple metrics thrown in). + Also on Network World: Match security plans to your company's 'risk appetite' + This pattern of following a difficult, but business-oriented discussion of risk to a trivial oversimplification is common within government and industry circles—and even among the most sophisticated CISOs. What we really need, however, is a holistic risk framework and a solid commitment to risk-based measurements in order to accurately understand and defend against the most serious cybersecurity threats facing our country. Too often we focus solely on cyber hygiene, while important, doesn’t fully address the more severe risks organizations face with increasing frequency.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Will new technologies put us out of work? A peek into the future

Over the past year, questions about how emerging technologies will impact employment have taken on a new tenor. Will robots take over our jobs? One thing is indisputable: automation and artificial intelligence (AI) will displace workers in the IT and business process outsourcing services industry.But this is not a new trend.+ Also on Network World: The 6 hottest new jobs in IT +Such tectonic shifts have occurred every few decades over the last two centuries. With each wave of new technology and each accompanying paradigm shift, jobs have disappeared. During the Industrial Revolution, people feared the loss of farm jobs. When industrial jobs went away, people flocked to the service sector. Then computers, telecom networks, ATMs and the internet made their way into the world, and people feared massive job loss in this sector. Manufacturing work moved to low-cost countries, such as China and Taiwan, and service-sector jobs soon moved to India and the Philippines.To read this article in full or to leave a comment, please click here

Apple surprise: iOS 10 preview’s kernel unencrypted

While new iOS 10 features like improved Maps, Siri integration and Photos were expected during Apple's Worldwide Developers Conference last week, the company stunned developers by leaving the kernel unencrypted in the preview edition of its new iPhone and iPad software.MIT Technology Review first reported on this revelation, discovered by security researchers and iOS developers, who were left wondering whether Apple did this on purpose or goofed up big time. To read this article in full or to leave a comment, please click here

Microsoft plugs Edge browser as power miser

Microsoft yesterday claimed its own tests show that Edge, the default in Windows 10, used 27% less power than the No. 1 browser, Chrome, and 35% less than the slowly-sliding-into-obscurity Firefox.The Redmond, Wash. company's Edge-eats-less campaign may have been motivated by Edge's poor performance in the marketplace, where it has been adopted by less than 30% of the Windows 10 population.In a pair of blog posts, a director of Edge's platform team and an Edge program manager touted the results of Microsoft's in-labs tests.To read this article in full or to leave a comment, please click here

Tech jobs report: Security, devops, and big data stay hot

If you're wondering what IT skill sets to acquire, security and devops are doing well in the job market. Pay for cloud skills, however, is eroding.Research firm Foote Partners' latest quarterly IT Skills and Certifications Pay Index determined that the market value for 404 of the 450 IT certifications it tracks had increased for 12 consecutive quarters. Market values rose for noncertified IT skills for the fifth consecutive quarter.[ Don't get left behind -- download the Devops Digital Spotlight, and learn all about the game-changer in app development and deployment. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ] Foote's report is based on data provided by 2,845 North American private and public sector employers, with data compiled from January to April 1. (Noncertified skills include skills that are in demand but for which there is no official certification, Foote spokesman Ted Lane noted.)To read this article in full or to leave a comment, please click here

How computer modeling built the 2016 Cadillac CT6

The automotive world is becoming much more dependent on modeling than ever before. Automakers are now using more aluminum parts; vehicles have complex computers on board, often working with each other; and there's an increasing need to make cars safer in the age of the distracted driver.To read this article in full or to leave a comment, please click here(Insider Story)

How to hire for the right big data skill set

Data science is a hot new industry, but what skills and background do you need to break into the field? Essentially, data science, data engineering and data analytics are broad -- and sometimes ambiguous -- terms that describe a litany of skills and job titles in the world of data analytics. "The title of 'data scientist' is broadly applied within different organizations, making it difficult to provide a complete and noncontroversial list of required skills. At a high level, a data scientist needs a mastery of the tools and techniques to access, transform, analyze and leverage the data of their organization," says Kyle Polich, principal data scientist at DataScience. If your company is looking to hire data scientists or analysts, it's important to know what you're hiring for. Data jobs often encompass a lot more than just data; there are people specifically dedicated to each stage of the process from collecting, to warehousing, to analyzing and to using that data to transform the business. Ultimately, a good data strategy relies on a number of qualified individuals who can write algorithms, manage and collate data, interpret the data and communicate it to key stake holders. Data warehousing Warehousing data is a Continue reading

Severe flaws in widely used archive library put many projects at risk

In a world where any new software project is built in large part on existing third-party code, finding and patching vulnerabilities in popular open-source libraries is vital to creating reliable and secure applications.For example, three severe flaws in libarchive, recently found by researchers from Cisco Systems' Talos group, could affect a large number of software products.Libarchive is an open-source library first created for FreeBSD, but since ported to all major operating systems. It provides real-time access to files compressed with a variety of algorithms, including tar, pax, cpio, ISO9660, zip, lha/lzh, rar, cab and 7-Zip.The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS. Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it.To read this article in full or to leave a comment, please click here

10 top-ranked tech-focused MBA programs

Top-ranked tech-focused MBA programsImage by ThinkstockThere's a looming executive leadership crisis in today's IT companies, but there's certainly no shortage of excellent, rigorous programs designed to help build the next generation of great leaders. If you're looking for a resume boost or considering a career path that leads to the C-suite, consider an MBA with a technology focus. Based on the 2016 rankings from U.S. News and World Report, here are the top 10 technology-centric MBA programs, their costs and full-time enrollment statistics. Massachusetts Institute of Technology (MIT)Image by Vitor Pamplona/Wikipedia To read this article in full or to leave a comment, please click here