Web inventor Berners-Lee adds Turing Award to prize collection

Sir Tim Berners Lee, deservingly among the most decorated of technology professionals for his invention of the world wide web, has now been honored with the 50th edition of the ACM A.M. Turing Award (a.k.a., the Nobel Prize of Computing).The MIT and University of Oxford professor is being recognized with the $1M Association for Computing Machinery (ACM) prize, funded by Google, for inventing the web, coming up with the first browser and working on the protocols and algorithms that have allowed the web to scale.MORE: Whirlwind tour of computing and telecom's top honors, awards & prizesTo read this article in full or to leave a comment, please click here

Web inventor Berners-Lee adds Turing Award to prize collection

Sir Tim Berners Lee, deservingly among the most decorated of technology professionals for his invention of the world wide web, has now been honored with the 50th edition of the ACM A.M. Turing Award (a.k.a., the Nobel Prize of Computing).The MIT and University of Oxford professor is being recognized with the $1M Association for Computing Machinery (ACM) prize, funded by Google, for inventing the web, coming up with the first browser and working on the protocols and algorithms that have allowed the web to scale.MORE: Whirlwind tour of computing and telecom's top honors, awards & prizesTo read this article in full or to leave a comment, please click here

Trump ‘actively’ considering new H-1B spouse work rule

President Donald Trump's administration has decided to "actively reconsider" an Obama-era rule allowing certain H-1B spouses to hold jobs, according to court documents filed Monday. It is asking the court to give it until September to consider changing the H-4 work authorization rule.This is becoming a high-stakes case for approximately 180,000 spouses of H-1B visa holders who gained the right to work in 2014. These are spouses of H-1B visa holders who are seeking a green card.+ RELATED: Trump reviews right of H-1B spouses to work +To read this article in full or to leave a comment, please click here

Justice Dept. says replacing U.S. workers may bring lawsuit

Critics of the H-1B program have little to celebrate, so far, from President Donald Trump. He promised reforms of the visa program during the campaign, but nothing has happened of consequence -- at least until Monday.The U.S. Department of Justice (DOJ) issued a warning to H-1B employers not to use the visa program to discriminate against U.S. workers. And it promised to investigate and prosecute employers who do so.[ Further reading: 4 high-growth tech fields with top pay ] By itself, the Justice Department notice may be a poor consolation prize to critics who wanted more. But if the DOJ files a lawsuit alleging discrimination against U.S. workers "because of their citizenship or national origin in hiring, firing and recruiting" it may be breaking ground.To read this article in full or to leave a comment, please click here

Application Rule Manager (ARM) Practical Implementation – Healthcare

This post originally appears as part of a series of VMware NSX in Healthcare blogs on Geoff Wilmington’s blog, vWilmo. To read more about VMware NSX and its applications in healthcare, check out Geoff’s blog series.

Originally this series on Micro-segmentation was only going to cover Log Insight, vRealize Network Insight (vRNI), and VMware NSX.  With the release of VMware NSX 6.3, there is a new toolset within NSX that can be leveraged for quick micro-segmentation planning The Application Rule Manager (ARM) within NSX, provides a new way to help create security rulesets quickly for new or existing applications on a bigger scale than Log Insight, but smaller scale than vRNI.   With that in mind, we’re going to take the previous post using Log Insight, and perform the same procedures with ARM in NSX to create our rulesets using the same basic methodologies.

The Application Rule Manager in VMware NSX leverages real-time flow information to discover the communications both in and out, and between an application workload so a security model can be built around the application.  ARM can monitor up to 30 VMs in one session and have 5 sessions running at a time.  Continue reading

5 Practical Cloud Tips for SMBs

How to rescue your PC from ransomware

With  nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware is so difficult.You can remove many ransomware viruses without losing your files, but with some variants that isn’t the case. In the past I’ve discussed general steps for removing malware and viruses, but you need to apply some specific tips and tricks for ransomware. The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.To read this article in full or to leave a comment, please click here

How to rescue your PC from ransomware

With  nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware is so difficult.You can remove many ransomware viruses without losing your files, but with some variants that isn’t the case. In the past I’ve discussed general steps for removing malware and viruses, but you need to apply some specific tips and tricks for ransomware. The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. I categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.To read this article in full or to leave a comment, please click here

Here’s where to buy the Bitcoins to pay a ransom

Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy.Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do?First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong.Instead, go to a reputable exchange.To read this article in full or to leave a comment, please click here

Here’s where to buy the Bitcoins to pay a ransom

Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy.Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do?First of all, get the ball rolling on improving your security. Second, if the ransomware includes a recommendation for where to buy the Bitcoins, take it with a grain of salt. These guys are, after all, criminals. They might steer you wrong.Instead, go to a reputable exchange.To read this article in full or to leave a comment, please click here

Old attack code is new weapon for Russian hackers

Attackers prefer to reuse code and tools for as long as they keep working. In that tradition, researchers have found evidence suggesting a cyberespionage group is still successfully using tools and infrastructure that was first deployed in attacks 20 years ago.The Moonlight Maze refers to the wave of attacks that targeted U.S. military and government networks, universities, and research institutions back in the mid-to-late 1990s. While the Moonlight Maze disappeared from the radar after the FBI and Department of Defense investigation became public in 1999, there were whispers within the security community that the cyberespionage group never entirely went away. Turla, a Russian-speaking attack group that's also known as Venomous Bear, Uroburos, and Snake, was floated as a possibility, but until recently, all links were guesswork and speculation.To read this article in full or to leave a comment, please click here

Old attack code is new weapon for Russian hackers

Attackers prefer to reuse code and tools for as long as they keep working. In that tradition, researchers have found evidence suggesting a cyberespionage group is still successfully using tools and infrastructure that was first deployed in attacks 20 years ago.The Moonlight Maze refers to the wave of attacks that targeted U.S. military and government networks, universities, and research institutions back in the mid-to-late 1990s. While the Moonlight Maze disappeared from the radar after the FBI and Department of Defense investigation became public in 1999, there were whispers within the security community that the cyberespionage group never entirely went away. Turla, a Russian-speaking attack group that's also known as Venomous Bear, Uroburos, and Snake, was floated as a possibility, but until recently, all links were guesswork and speculation.To read this article in full or to leave a comment, please click here

After political Twitter bot revelation, are companies at risk?

With reports of Russia using social media and bots to push fake news to influence the 2016 U.S. presidential election, questions are arising over how these same tactics could be used against an enterprise."Twitter bots could absolutely be used against a company," said Dan Olds, an analyst with OrionX. "Someone using bots could manufacture a fake groundswell of opinion against a company or a product."The subject of Twitter bots has made headlines since federal investigations into Russia's interference with the presidential election unearthed evidence that the Kremlin used chatbots, particularly on Twitter, to seed fake news stories in order to confuse discussions and taint certain candidates, especially Democratic candidate Hillary Clinton.To read this article in full or to leave a comment, please click here

After political Twitter bot revelation, are companies at risk?

With reports of Russia using social media and bots to push fake news to influence the 2016 U.S. presidential election, questions are arising over how these same tactics could be used against an enterprise."Twitter bots could absolutely be used against a company," said Dan Olds, an analyst with OrionX. "Someone using bots could manufacture a fake groundswell of opinion against a company or a product."The subject of Twitter bots has made headlines since federal investigations into Russia's interference with the presidential election unearthed evidence that the Kremlin used chatbots, particularly on Twitter, to seed fake news stories in order to confuse discussions and taint certain candidates, especially Democratic candidate Hillary Clinton.To read this article in full or to leave a comment, please click here

What makes a good application pen test? Metrics

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here

What makes a good application pen test? Metrics

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here

What makes a good application pen test? Metrics

When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here

5 ways data classification can prevent an insurance data breach

Insuring that your data is safeImage by Yohan CreemersInsurance firms collect and process large amounts of policyholder data including personally identifiable information (PII) and protected health information (PHI), as well as sensitive employee and company information that must be protected. Confidential data is the core of the business, and companies that collect and analyze it more effectively have a competitive advantage. And with the cost of file sharing and synchronization technology decreasing, actuaries are able to analyze and share data in real time. However, this also increases the number of unnecessary copies of sensitive business and consumer data.To read this article in full or to leave a comment, please click here

5 ways data classification can prevent an insurance data breach

Insuring that your data is safeImage by Yohan CreemersInsurance firms collect and process large amounts of policyholder data including personally identifiable information (PII) and protected health information (PHI), as well as sensitive employee and company information that must be protected. Confidential data is the core of the business, and companies that collect and analyze it more effectively have a competitive advantage. And with the cost of file sharing and synchronization technology decreasing, actuaries are able to analyze and share data in real time. However, this also increases the number of unnecessary copies of sensitive business and consumer data.To read this article in full or to leave a comment, please click here

How IT can foster innovation from within

Entrepreneurship is typically associated with startup companies, and the eager, driven and innovative minds that start them. But there's another type of entrepreneurship, and it lives inside established organizations.Intrapreneurs are already employed in your organization -- they're workers with progressive ideas that will benefit the company. The only problem is, these intrapreneurs often struggle to find the right channels to see their ideas realized."These are the employees who want to get their hands dirty and are often the first people to volunteer for a job. Intrapreneurs are not content with the status quo. They often see how things could be part of a bigger picture and come up with ideas to realize this new vision," says Tim Beerman, CTO at Ensono, a company that offers mainframe and hybrid IT solutions.To read this article in full or to leave a comment, please click here