Employee-related security risks top the list of concerns for security professionals, but organizations aren't doing enough to prevent negligent employee behavior, according to a new study.Last month, security research firm Ponemon Institute, sponsored by Experian Data Breach Resolution, surveyed 601 individuals at companies with a data protection and privacy training program on the issue of negligent and malicious employee behaviors for the Managing Insider Risk through Training & Culture report.To read this article in full or to leave a comment, please click here
Oracle and Google’s fierce court fight over the code inside Android went to a jury on Monday after closing arguments that sharply differed on the most basic issues.
The federal jury in San Francisco is now deciding whether Google’s use of copyrighted Java code constitutes fair use, an exemption that would free the company from having to pay Oracle damages.
At issue is "declaring code" that's part of 37 Java APIs Google used. Google says it simply used selected parts of Java to create something new in the form of Android.To read this article in full or to leave a comment, please click here
It's been nearly 20 years since Wi-Fi made its debut, and one of its most significant innovations to date is now beginning to spread: MU-MIMO, an optional feature in Wave 2 of the emerging 802.11ac wireless standard.To read this article in full or to leave a comment, please click here(Insider Story)
On Monday, hordes of angry Windows users pelted Microsoft with complaints about being lured into upgrading their PCs over the weekend. For months, Microsoft has been urging users running Windows 7 and Windows 8.1 to upgrade to Windows 10 before the free offer expires on July 29. But the series of dialog boxes and other messages that Microsoft has sent users have become increasingly deceptive, burying the opt-out links amid text that appears to commit users to the upgrade.Normally, closing the dialog box by clicking the red box in the upper righthand corner automatically opted out. Over the weekend, clicking that red box started opting users in to the upgrade.To read this article in full or to leave a comment, please click here
The Internet of Things (IoT) is poised to bring millions of devices online, and as many as a quarter million unique IoT applications will be developed by the year 2020. That means opportunities for skilled developers and technologists will abound. However, there are other, subtler ways the IoT will affect the job market."We're seeing tech companies around the globe getting organized and creating IoT strategies, but where they're struggling is they don't have the processes and talent in-house to make these things happen," says Ryan Johnson, categories director for global freelance marketplace Upwork. By tracking data from Upwork's database, Johnson and his team have identified major technology skills companies need to drive a successful IoT strategy.To read this article in full or to leave a comment, please click here
Two business immigration groups have filed a lawsuit seeking information about how the H-1B visa distribution system -- including the visa lottery -- works. It alleges that the U.S. has no right to keep most of the records secret.It is not surprising that the H-1B distribution system is coming under scrutiny in a lawsuit. The U.S. Citizenship and Immigration Service (USCIS) this year received 236,000 H-1B visa petitions for the 85,000 visas allowed under the current cap. The agency distributes visas each year via a lottery. The odds -- roughly one-in-three -- create a lot of frustration for applicants.To read this article in full or to leave a comment, please click here
Keep the network out of reach of criminalsImage by Susana FernandezAccording to the Verizon data breach investigation report published last month, phishing remains a major data breach weapon of choice. Trend Micro added that ransomware is expected to be one of the biggest threats in 2016 and that a single ransom demand will go much higher, reaching seven figures.To read this article in full or to leave a comment, please click here
Government agencies have done some work to mitigate the danger of electromagnetic threats to the electrical grid, but it’s not enough, says the U.S. Government Accountability Office (GAO).Despite some action by the Department of Homeland Security (DHS)—such as developing a prototype transformer that would significantly speed recovery from a power outage caused by a failed transformer and studying the impacts of severe space weather, such as solar storms—more must be done to protect the grid, Homeland Security News Wire reports on the April-published GAO study (PDF).To read this article in full or to leave a comment, please click here
Technology is transforming the business world, but for many companies, it's happening faster than they can keep up. Gartner released a report on the state of digital business transformation in 2016, polling 396 leaders of large companies in over 30 countries. The research showed that CEOs are generally optimistic about the future of digital transformation. Three quarters of CEOs reported an understanding about the future of digital transformation and that there needs to be a shift in how it's approached -- but just because they understand the implications doesn't mean they've made any moves towards going digital.To read this article in full or to leave a comment, please click here
There’s an inside joke in the software-defined networking industry that “SDN” stands for “still done nothing.” People say that because despite the tremendous hype around SDN, many customers remain confused about what it is, how to deploy it and what the benefits are. This is particularly true in the data center where the stakes are high and any kind of mistake can cost an organization millions of dollars.About 21 months ago, Cisco launched its Application Centric Infrastructure (ACI) solution and threw its hat in the SDN ring. In practicality, ACI is a much broader solution. It uses the principles of SDNs but deals with much more than the network.To read this article in full or to leave a comment, please click here
No one has ever mistaken me for a gadget guy, but the regular author of our “iPhone 7 Rumor Rollup” is unavailable this week so into the breach I step. I do carry an iPhone 5s, but, truth be told, there is close to zero chance that I will be upgrading. Nonetheless, in addition to genuine iPhone 7 rumors I intend to offer here a few suggestions that could conceivably up my upgrade odds.Behold ‘exclusive’ renders
The language used by Apple sites to convey the fruits of their rumor farming is an art form in and of itself. Take this headline from GSM Arena: “Exclusive: Apple iPhone 7 renders appear.” Exclusive is self-explanatory, though at times less than accurate. The interesting use here is “appear,” as in out of thin air. This wasn’t the case at all.To read this article in full or to leave a comment, please click here
Google's Project Ara modular smartphone is coming to developers soon, but it's lost a key part of its customization vision along the way. Developers will be able to get their hands on an early release version of Ara by the end of this year, to begin building custom hardware modules for the device, Google announced at its I/O conference Friday. The modules will allow users to customize their phones with hardware like cameras, speakers, and even a rear-facing display. Ara's initial philosophy was to serve as a wholly modular smartphone, which would allow users to customize all of the phone's components, including its processor, battery, network connectivity, and screen. Now, many of those components will be integrated into the Ara "frame," which will still retain space for some customization. To read this article in full or to leave a comment, please click here
Financial transaction network SWIFT called on its customers Friday to help it end a string of high-profile banking frauds perpetrated using its network.The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of its customers have suffered security breaches in their own infrastructure, allowing attackers to fraudulently authorize transactions and send them over the SWIFT network, it said.That's the best explanation so far for how authenticated instructions were sent from Bangladesh Bank to the U.S. Federal Reserve Bank of New York over the SWIFT network, ordering the transfer of almost US$1 billion. The Fed transferred around $101 million of that before identifying an anomaly in one of the instructions. Only $20 million of that has so far been recovered.To read this article in full or to leave a comment, please click here
It’s easy to forget that home automation is about more than just gadgets. After all, almost every product you can think of is getting the smart home treatment—from the highly useful, such as automated locks, to the slightly less necessary: smart fridges that solve the formidable problem of telling you when you’re out of milk. But for the elderly, smart tech means more than just a few new toys. It holds the promise of autonomy—being able to stay in homes longer and more safely, which can be completely game-changing.Institutional elderly care, as it currently stands, is imperfect at best. Most pressingly, it’s not affordable. HUD reports that costs for elderly care can range anywhere from $900 to over $5,000 per month. But for all that money, it’s not really all that effective, either. Initial studies indicate that staying in the home—or aging in place, as it’s called—results in remarkably better health outcomes than moving to a care facility, especially when it comes to cognitive ability and depression rates.To read this article in full or to leave a comment, please click here
Once again a job posting has tipped the hand of a company's product plans. This time it was Microsoft who gave away its intentions. The company appears to be working on an assistant bot that looks an awful lot like Google's new Assistant bot.All due credit goes to Mary Jo Foley at ZDNet for catching it first. The project is called the "Bing Concierge Bot." Unlike Cortana, it makes heavy use of messaging apps, both Microsoft and third-party apps. That's the emphasis from the job posting, which has been removed since Foley discovered it:To read this article in full or to leave a comment, please click here
Companies are under constant threat from cyberattacks and the situation is only getting worse with the rise of ransomware and whaling scams as a variant of phishing, according to recent cybersecurity reports. Yet the shortage of seasoned CISOs, inconsistent policies around compensation and a lack of proper metrics means some companies are under-investing in cybersecurity.To read this article in full or to leave a comment, please click here
Microsoft yesterday said it will introduce changes in this summer's Windows 10 Anniversary Update to simplify switching from Internet Explorer 11 (IE11) to Edge, and back.The changes will be aimed at enterprises, the only customer group Microsoft recommends running IE11 in the new operating system."We recognize that some enterprise customers have line-of-business applications built specifically for older web technologies, which require Internet Explorer 11," the company said in a Thursday post.INSIDER Review: Enterprise guide to Windows 10
Previously, Microsoft included "Enterprise Mode" in Windows 10, a feature that lets an IT staff limit IE11's operation to specific legacy websites or web apps.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The Ponemon Institute published a report called The Cost of Malware Containment that reveals some interesting statistics—none of which will surprise the people in the trenches who work hard every day to protect their organizations' networks.Ponemon surveyed 630 IT and IT security practitioners who have responsibility for detecting, evaluating and/or containing malware infections within their organization. According to the research, organizations receive an average of nearly 17,000 malware alerts a week. Of these, fewer than 20% (3,218) are considered reliable, meaning the malware poses a genuine threat and should be investigated. And even though more than 3,200 alerts are worthy of investigation, only 4% (705) actually do get investigated.To read this article in full or to leave a comment, please click here
Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3).The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program.The UPenn project is developing defenses against distributed denial of service attacks that target specific protocols and their logic. These attacks are often difficult to diagnose and stop because the total volume of malicious traffic may be very low. The UPenn project attempts to pinpoint the specific protocol component that is under attack and then massively replicate that component to blunt the effects of the attack, DARPA stated.To read this article in full or to leave a comment, please click here
A secret FBI hacking tool, used to compromise the Tor anonymous browser in one investigation, is facing challenges from criminal defendants, perhaps putting its future in doubt.Defendants have demanded to see details of the FBI network investigative technique (NIT), the agency's name for the relatively recent hacking tool, in a handful of criminal cases, but the agency has refused to disclose the information.A judge in a high-profile child pornography case, in which a website called Playpen was accessible only through Tor, is trying to decide whether the FBI should disclose the NIT"s source code to the defendant.If the FBI shares the source code, its hacking tools may be compromised in future cases, but the U.S. Constitution's Sixth Amendment gives the defendant a right to confront his accusers and challenge their investigation.To read this article in full or to leave a comment, please click here