This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Recently I was engaged by a large corporation for a writing project to support a product launch. This project had a small team of people who needed to collaborate on developing some promotional materials using content that had to remain confidential until launch day.The company was so protective of the content's secrecy that it provided me with a company-issued laptop computer, VPN access to their network, and a login ID for their network. In particular, I was given behind-the-firewall access to the SharePoint repository where the in-progress documents were kept. This way I was fully integrated into the internal team for the duration of the project, and the confidential documents would never have to leave the safety of the company's network.To read this article in full or to leave a comment, please click here
In his book The Gorilla Game, management consultant Geoffrey Moore identifies a tendency for some technology sectors to develop winner-take-all outcomes. The Internet of Things (IoT) market looks like a textbook example, as many industrial customers (original equipment manufacturers) are looking to consolidate around a single platform, a slice of enabling technology. It is surprising, therefore, that no IoT gorilla has yet emerged from the mist.+ More on Network World: Most powerful Internet of Things companies +To read this article in full or to leave a comment, please click here
It's open season on wireless carriers' silly and confusing commercials.Sure, Verizon, AT&T, Sprint & T-Mobile have been the butt of jokes for some time now, and justifiably so, for the flimflam they spew about their amazing speeds and bargain pricing. SNL, for example, skewered Verizon a few years back in a skit that depicted all the jargon spewed by Verizon as "an old person's nightmare."Comedy Central's Amy Schumer more recently sent up those mobile phone ads that feature perky young women interacting with customers.To read this article in full or to leave a comment, please click here
Retailers have to invest in digital tools such as inventory transparency if they want to retain customers, says shipper UPS in its new report on online shopping.If they don’t, fickle “shoppers will likely go elsewhere to more efficiently meet their needs,” the company says.UPS found that most online shoppers (58 percent) want to see a retailer’s inventory online while they are shopping, and 20 percent will check inventory status at alternate locations or on a retailer’s website when in the store.To read this article in full or to leave a comment, please click here
If you haven't heard much about XML lately, you're not the only one. XML has been rapidly falling out of favor with developers and has been replaced with a more flexible and faster format.XML, the Extensible Markup Language, rose from the SGML format in the 1990s. It reached the 1.0 spec in 1997 and grew from there. The primary appeal of XML is that it was ideal for transferring data between other formats. It required far fewer filters for data conversion to share data between different applications that might have their own proprietary format. That's one reason why with Office 2007, Microsoft shifted its Word and Excel file formats to XML-based format. Conversion to other formats was made much easier thanks to XML.To read this article in full or to leave a comment, please click here
Separating the true nerds from the wannabesYou can tell from five feet away if a screw is used to install a power supply or an optical drive. You can recite how much cache was in a Northwood Pentium 4. If you’re that kind of nerd, you won't have any problem with our PC Nerd Quiz. Or will you? We’ve assembled a mix of challenging questions designed to separate the true nerds from the wannabes. Let's see how you do. Ready? First question... To read this article in full or to leave a comment, please click here
Twitter said it had locked down and called for a password reset of some accounts after an unconfirmed claim of a leak of nearly 33 million usernames and passwords to the social network.The company said the information was not obtained from a hack of its servers, and speculated that the information may have been gathered from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both.“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner,” Twitter’s Trust & Information Security Officer, Michael Coates said in a blog post on Friday. To read this article in full or to leave a comment, please click here
A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of critical security bugs like Heartbleed and Shellshock in key pieces of the software.Mozilla has set up a US$500,000 initial fund that will be used for paying professional security firms to audit project code. The foundation will also work with the people maintaining the project to support and implement fixes and manage disclosures, while also paying for the verification of the remediation to ensure that identified bugs have been fixed.The initial fund will cover audits of some widely-used open source libraries and programs. To read this article in full or to leave a comment, please click here
Lenovo's new Phab2 Pro, developed with Google, brings augmented reality to smartphone screens without the need for a headset.
The device, which has a 6.4-inch screen, pushes smartphone functionality to new heights. The giant display presents a wealth of information that changes how people interact with the physical world around them.
The smartphone, based on Google's Project Tango computer vision technology, will ship worldwide in August for US $499, Lenovo announced Thursday. It's loaded with cutting-edge sensors, cameras, and a Snapdragon 652 processor from Qualcomm.
The device can be used to measure distances, recognize items, map locations, and provide real-time indoor navigation.To read this article in full or to leave a comment, please click here
Sometimes a great offense is much better than a stout defense, especially when it comes to protecting enterprise assets.This week the advanced technology developers from the Intelligence Advance Research Projects Activity (IARPA) office put out a Request For Information about how to best develop better denial and deception technologies – such as honeypots or deception servers for example -- that would bolster cyber security.To read this article in full or to leave a comment, please click here
No, the Internet has not become a series of bridges; it remains a series of tubes.The Internet is like the Verrazano Bridge in that there are moves afoot – ill-advised moves -- to change how each entity is represented through the written word.In the case of the Internet, the influential Associated Press and its indefatigable style disciples have already decreed that the word Internet should no longer be capitalized. Many news organizations and journalists are meekly complying by demoting the Internet to the internet. As you can see, I am refusing to fall in line.Meanwhile, in New York City, nitpicky petitioners are demanding that the Verrazano Bridge – North America’s longest such span – be renamed the Verrazzano Bridge. OK, fine, renaming may be oversating the case; they’re actually demanding the addition of a second “z” in Verrazano, despite the fact that it’s been spelled with only one since the bridge opened in 1964.To read this article in full or to leave a comment, please click here
Here's a Facebook hack straight from the pages of the novel 1984: A way to rewrite the record of the past."Who controls the past controls the future: who controls the present controls the past," went the ruling party's slogan in George Orwell's dystopian novel.Security researchers have found a way to control the past, by altering Facebook's logs of online chats conducted through its website and Messenger App.Such modified logs could be used to control the future, the researchers suggest, by using them to commit fraud, to falsify evidence in legal investigations, or to introduce malware onto a PC or phone.Roman Zaikin of Check Point Software Technologies discovered a flaw in Facebook's chat system that made it possible for an attacker to modify or remove any sent message, photo, file or link in a conversation they were part of.To read this article in full or to leave a comment, please click here
According to a recent Aberdeen report, marketers who use video see much faster revenue growth (49 percent) than those who do not. However, video has become more than just a marketing tool. With their capability to visually explain and demonstrate things and concepts, videos can help businesses not only showcase their products and services, attracting new customers, but they can help companies attract new employees and even make workers more productive.Here are six cases where video can be beneficial.1. Explaining your value proposition/what you do
Why tell people what you do when you can show them?To read this article in full or to leave a comment, please click here
It's not every day I come across positive sentiments about Comcast, so I thought I'd share this example that I stumbled upon in a local blog focused on, of all things, ghost stories.Author Liz Sower writes realistic but fictional accounts of the paranormal at "Ghosts in the Burbs," and she caught my eye with this recent headline: Xfinity vs. Verizon. I thought for sure she was going to dive into haunted DSL or eerie broadband experiences.To read this article in full or to leave a comment, please click here
Many organizations that run industrial control systems strive to isolate them from the Internet, but sometimes forget to disallow Domain Name System (DNS) traffic, which provides a stealthy way for malware to exfiltrate data.Sometimes referred to as supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS) are notoriously insecure. Not only is their firmware full of flaws, but the communication protocols many of them use lack authentication or encryption.Since most ICS systems are typically meant to last over a decade once deployed, they're not easily replaceable without considerable costs. As such, ICS operators tend to focus on securing the perimeter around control systems instead of patching the devices themselves, which is not always possible. This is done by isolating ICS environments from corporate networks and the larger Internet, an action sometimes referred to as airgapping.To read this article in full or to leave a comment, please click here
My colleagues Doug Cahill, Kyle Prigmore and I recently completed a research project on next-generation endpoint security. We determined that there are actually two distinct product categories within next-generation endpoint security: advanced prevention and advanced detection and response (EDR). While most firms seem to be gravitating toward advanced prevention, massive enterprise organizations tend to move in the opposite direction by evaluating, testing and deploying EDR products. Why? These organizations have large cybersecurity teams with lots of experience, so they are willing to dedicate resources toward more complex projects.Furthermore, many of these enterprise organizations are already investing in security analytics by collecting, processing and analyzing data from numerous disparate sources (i.e., network forensics, events/logs, threat intelligence, etc.). Endpoint forensic data is a natural extension of these cybersecurity analytics efforts. To read this article in full or to leave a comment, please click here
U.S. plans to transfer the oversight of key technical Internet functions to an international multi-stakeholder governance model have run into hurdles with two bills being introduced on Wednesday that would require the government to first take the approval of Congress for the transition.A bill proposed in the Senate by Ted Cruz, a Republican from Texas, called the Protecting Internet Freedom Act, would prohibit any transfer of Internet domain name system functions except if expressly allowed under a federal statute passed after the new legislation has been enacted.To read this article in full or to leave a comment, please click here
As deadlines go, Jan. 1, 2017, isn’t far away, yet many organizations still haven’t switched their digital certificates and signing infrastructure to use SHA-2, the set of cryptographic hash functions succeeding the weaker SHA-1 algorithm. SHA-1 deprecation must happen; otherwise, organizations will find their sites blocked by browsers and their devices unable to access HTTPS sites or run applications.7. Get the new certificateTo read this article in full or to leave a comment, please click here(Insider Story)
A modern car has dozens of computers with as much as 100 million lines of code -- and for every 1,000 lines there are as many as 15 bugs that are potential doors for would-be hackers.With vehicles becoming more automated and connected to the Internet, to other cars and even roadway infrastructure, the number of potential intrusion points is growing exponentially, according to Navigant Research.While cybersecurity became a top priority for carmakers after a 2015 Jeep Cherokee was hacked last year, the lead time for developing a new car is three to five years and with a service life of 20 years or more, most vehicles have systems that bare vastly outdated compared to the latest consumer electronics devices.To read this article in full or to leave a comment, please click here
Let that vulnerability sit for a bitImage by ThinkstockThe word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.To read this article in full or to leave a comment, please click here