Microsoft has a shot at saving what remains of its smartphone strategy, but the pivot toward the enterprise must be quick, an analyst said today."They're essentially starting over from scratch," John Delaney, an IDC analyst who covers mobility in Europe, said in an interview. "By the end of the year, they must show commitment from major ISVs and some really good mobile apps."Last week, Microsoft announced it would take another $950 million charge against earnings for the failure of its smartphone group to meet expectations, and lay off another 1,850 employees, two thirds of them former workers at Nokia, which Microsoft acquired two years ago.To read this article in full or to leave a comment, please click here
Intel has doubled down on servers as it looks to shed its reliance on PCs, but the chip maker's ARM competitors are ready to challenge it.New server and appliance chips based on the ARM architecture were announced at Computex in Taipei this week. ARM-based chips dominate smartphone and tablets, but the new chips from Cavium and Marvell show the processors are maturing quickly for use in servers.ARM servers are seen as a power-efficient alternative to Intel's x86-based systems, with companies looking to cut electric bills in data centers. ARM server chips have been around for years but have failed to register an impact because of hardware and software problems.To read this article in full or to leave a comment, please click here
The typo itself – an Associated Press story reported that Abraham Lincoln was assassinated in 1965 instead of 1865 – was just that, a typo, as even a middle-schooler knows our 16th president never lived to hear the Beatles.However, among journalists of a certain age (mine), the distressing though not unexpected aspect of the miscue was that the erroneous date made it onto so many prestigious news sites. As a 1970s-era college friend of mine put it in an email subject line: “Copy editing was a fine profession ...”Meaning that back before the near-extinction of copy editors, it would have been unlikely that the Associated Press would have allowed such a gaffe, never mind that it would have gone unnoticed by so many AP-subscriber news organizations.To read this article in full or to leave a comment, please click here
Triggered NetFlow: A Woland-Santuka Pro-Tip
Vivek Santuka, CCIE #17621, is a consulting systems engineer at Cisco Systems who focuses on ISE for Cisco’s largest customers around the world. He and I devised, tested and deployed the methodology discussed in this blog entry, which we like to call “Triggered NetFlow.”NetFlow is an incredibly useful and under-valued security tool. Essentially, it is similar to a phone bill. A phone bill does not include recordings of all the conversations you have had in their entirety; it is a summary record of all calls sent and received.Cisco routers and switches support NetFlow, sending a “record” of each packet that has been routed, including the ports and other very usable information.To read this article in full or to leave a comment, please click here
PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.
The vulnerable tool is called Lenovo Accelerator Application and is designed to speed up the launch of other Lenovo applications. It was preinstalled on more than 100 laptop and desktop models shipped with Windows 10, but not those from the ThinkPad and ThinkStation lines.
The flaw was discovered by researchers from security firm Duo Security as part of an analysis of OEM software update tools from five PC manufacturers. The company found that a process called LiveAgent, apparently the update component of the Lenovo Accelerator Application, does not use encrypted connections when checking and downloading updates. LiveAgent also does not validate the digital signatures of the downloaded files before running them, the researchers said.To read this article in full or to leave a comment, please click here
Developers specifically design apps natively for the cloud with the expectation that they will achieve massive scale with millions or billions of concurrent users. While many aspire to be the next Facebook, Twitter, Snapchat or Uber, plenty of app developers for banks, ecommerce sites or SaaS companies design for scale that is still far beyond what was even imagined a decade ago.Monitoring the performance of cloud applications with this kind of scale, however, is daunting, and the traditional approach of doing periodic collection and analysis of statistics is simply impractical. Only machine learning techniques, applied to intelligent performance data collection, can reduce data loads without inadvertently omitting context- and performance-sensitive data.To read this article in full or to leave a comment, please click here
At the recent OpenStack summit in Austin, Texas, infrastructure company CoreOS demonstrated Stackanetes, a new initiative it dreamed up that is designed to make it easier for organizations to utilize applications sitting on top of Kubernetes.Kubernetes is, of course, the open source container management initiative that was borne out of the internal systems that Google uses to manage its own infrastructure.Stackanetes came from CoreOS's focus on delivering what it calls GIFEE (Google's Infrastructure for Everyone). The idea is that currently only massive organizations like Google have the ability to run these highly efficient platforms. CoreOS wants to democratize that ability.To read this article in full or to leave a comment, please click here
The U.S. Federal Reserve, the nation's central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage.The Fed's Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters.The breaches reported include only those at the Fed's Washington location and don't include any at its 12 privately owned regional branches.To read this article in full or to leave a comment, please click here
On the surface, Microsoft has yielded to turns in the market more rapidly. But now they’ve blown it, pushing back increased trust and credibility, perhaps years, and for an inane reason: shoving Windows 10 down user’s throats.It’s a fine operating system. It has the madness of near-malware ads now sewn into it, and damnable tracking—with no publicly vetted method of preventing adware malware. Yet it’s more stable than Windows 7, it’s nicer to use than Windows 8-something, and it’s a great price model.That is, it’s a great price model until you get to this point: allowing users to reject it, for whatever reason they want. Foisting it upon them is boorish. Citations of “quit bitching” don’t acknowledge that the current trust for Microsoft is still really tenuous.To read this article in full or to leave a comment, please click here
Enterprises using Microsoft's Office 365 have a new security product that they can use to better lock down their organizations -- for a price. The company introduced a new Advanced Security Management service on Wednesday that gives companies a trio of tools aimed at helping detect security threats, provide granular controls and let IT administrators track if people in their organization are using unauthorized services.It's another part of Microsoft's push to lure businesses over to its subscription-based productivity suite. By providing more advanced security capabilities, Microsoft may be able to convince security-conscious businesses to buy into Office 365, rather than avoid a subscription or choose one of Office's competitors like Google Apps for Work.To read this article in full or to leave a comment, please click here
An IoT solution isn't the first idea that comes to mind when you're standing in the African heat, thinking of ways to empower a village. But that's exactly what happened.Brandi DeCarli and Scott Thompson had been building a Youth Empowerment Center from a modified shipping container in Kisumu, Kenya, as part of the UN Habitat Program. While doing this work, they realized that the local community lacked basic necessities, such as access to fresh and healthy food. They thought, why not use a modified shipping container to provide a plug-and-play farming unit?To read this article in full or to leave a comment, please click here
Net neutrality—the idea that carriers should not be allowed to provide preferential treatment to certain kinds of content—is a heavily politicized topic. With patriotic fervor on both sides of the aisle, last year’s FCC Open Internet rules pleased proponents and enraged opponents of the concept. (Several groups of carriers are suing the FCC over the rules, but the cases have yet to be resolved.)Zero ratings and usage caps
But the reality seems to be that clever moves and creative definitions by carriers and content providers are increasingly making the FCC rules moot. While making efforts to avoid technically or obviously breaking the letter of the law, carriers and content providers are combining zero ratings and usage caps—neither expressly outlawed by the FCC—to get around the intent of net neutrality regulations.To read this article in full or to leave a comment, please click here
The 200 applications reviewed by Black Duck Software for its "State of Open Source Security in Commercial Applications" report used an average of 105 open source components, comprising 35% of the code. That's twice as much open source as the companies participating in Black Duck's audits were aware they used, according to the report.To read this article in full or to leave a comment, please click here(Insider Story)
Technology vendors love to grab terms that are hot and then overuse them to the point where no one really understands what it means any more. I understand the desire to catch a market trend and have the “rising tide” lift the vendors along with a number of others. But the overuse of terms tends to confuse buyers while they are trying to figure out what’s what.This is one reason why Gartner’s Hype Cycle has the phases it does. While I think some of the terms are a little silly, the fact is that the first upslope creates vendor overhype and then technology goes into a lull while users do their own research. Gartner
If you’ve been around the network industry for a while, you probably remember the days when the term “stacking” became such a term. There’s some debate as to who invented stacking.To read this article in full or to leave a comment, please click here
Don’t disturb Eric Poirier between 6 p.m. and 8 p.m. -- he’s spending time with his family. Poirier, the CEO of Addepar, a Silicon Valley investment management software startup, makes it a point to block out “Eric time” on the firm’s publicly accessible calendar, and encourages the rest of the company to do the same.It’s one example of a growing trend in Silicon Valley; using family-friendly and work-life balance-focused benefits and perks to attract, retain, engage and motivate the workforce, says Lissa Minkin, Addepar’s vice president of people. As IT talent becomes more difficult to find and even harder to retain, many IT companies are focusing on what’s truly important to their employees, and that means offering more family-friendly benefits instead of flashy perks like free lunch, dry cleaning, massage, ping-pong tables or yoga, according to Minkin.To read this article in full or to leave a comment, please click here
Putting away the carrots and breaking out the sticks appears to be paying off for Microsoft, at least in raw market share.After pushing Windows 10 onto legions of Windows 7 and 8 PCs as a Recommended update, Windows 10 saw its largest-ever surge in month-to-month usage share in May, according to Net Applications. Windows 10’s usage share jumped by 2.09 percent between April and May, to 17.43 percent overall. That may not sound like much, but it’s a huge leap in such a short time. The only other month that even comes close is January, which saw Windows 10 usage spike by 1.89 percent after the holiday season.To read this article in full or to leave a comment, please click here
I’ve written about SDPs a few times as I think this model is a strong fit today’s IT cocktail made up of mobile applications, public cloud infrastructure, and pervasive security threats. Just what is an SDP anyway? The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis. Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings while Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly-visible. While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly. SDP is clearly associated with numerous innovations and initiatives of the past including next-generation firewalls, network access control (NAC), and even 802.1X so there are plenty of SDP-like solutions from vendors like Cisco, HP (Aruba), and Pulse Secure (formerly part of Juniper). While definitions vary slightly, SDP is also closely aligned with concepts like attribute-based authentication so SaaS providers like Microsoft (Azure AD), Okta, and Continue reading
Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here
On the Russian underground forum exploit.in, seller “BuggiCorp” has a zero-day for sale that purportedly works against all versions of Windows. The price tag is $90,000.In the words of the email alerting me to this zero-day, this vulnerability “could affect almost all Windows machines on the planet.” If the local privilege escalation (LPE) vulnerability truly does exit in all versions of Microsoft Windows, from Windows 2000 up to Windows 10, then it could potentially impact “over 1.5 billion Windows users.”According to SpiderLabs security researchers at Trustwave, who found the post on a cybercriminal underground forum, “It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering. One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum's admin as the escrow.”To read this article in full or to leave a comment, please click here
Larry Wall, the original author of the Perl programming language, once said that great programmers have three virtues: laziness, impatience and hubris.To read this article in full or to leave a comment, please click here(Insider Story)