What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned.CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken. Here is a hypothetical Q&A between a CEO or board member and the CISO. Lucas Moody, vice president and CISO at Palo Alto Networks, and Dottie Schindlinger, Governance Technology Evangelist at Diligent, provided insight with these interactions.CEO: Why are we getting more phishing attacks? And what are we doing about all these phishing attacks?To read this article in full or to leave a comment, please click here
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned.CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken. Here is a hypothetical Q&A between a CEO or board member and the CISO. Lucas Moody, vice president and CISO at Palo Alto Networks, and Dottie Schindlinger, Governance Technology Evangelist at Diligent, provided insight with these interactions.CEO: Why are we getting more phishing attacks? And what are we doing about all these phishing attacks?To read this article in full or to leave a comment, please click here
In just a few days, Google will kick off its annual I/O conference and the year of Android will finally begin in earnest. The company has been busy, but until Sundar Pichai takes the stage at the Shoreline Amphitheater, we won’t know for sure what Google has in store for the rest of 2017.Last year we met a new Google Assistant, Daydream, Home, Allo, Duo, and, of course, Android N, and we can’t wait to see what Google rolls out this year. Google usually keeps a pretty tight lid on its biggest announcements, but it seems like it’s doubled-down on security leaks this year. The rumor mill has been oddly quiet with the show mere days away from starting, and we’re on pins and needles waiting to see what Google has to show us. So here’s what we think and hope we’re going to see:To read this article in full or to leave a comment, please click here
When it comes to rock-solid proof of responsibility or fault, few pieces of evidence are as useful—or indisputable—as a photograph. That’s why restaurants, auto insurers, apartment management companies and health inspectors take millions of photographs every year. In case of a dispute or lawsuit they want to mitigate their risk by being able to prove they were in compliance with all relevant laws and codes.Despite the value of photographs, however, most companies haven’t integrated image management into their IT systems. This not only makes it difficult, if not impossible, to provide potentially exculpatory evidence, but it is also a significant barrier to establishing formal protocols for using photographs in existing inspection workflows.To read this article in full or to leave a comment, please click here
EDITOR’S NOTE: This is the third in a series on smart home networking: Our introductory article set the decor for this series, and the second one focuses on home hubs.To read this article in full or to leave a comment, please click here(Insider Story)
As enterprises start to think about building Internet of Things (IoT) networks, the key question becomes: What’s happening on the standards front?To read this article in full or to leave a comment, please click here(Insider Story)
New products of the weekImage by ArrayOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FastCollect for Archives Commvault EditionImage by archive360To read this article in full or to leave a comment, please click here
New products of the weekImage by ArrayOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FastCollect for Archives Commvault EditionImage by archive360To read this article in full or to leave a comment, please click here
Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.Referring to the attack as a “wake-up call,” Microsoft’s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have "to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."The ransomware, also called WannaCry or Wana Decryptor, works by exploiting a vulnerability in some older versions of Windows. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet. WannaCry is said to take advantage of a NSA hacking tool, called EternalBlue, that can make it easy to hijack unpatched older Windows machines.To read this article in full or to leave a comment, please click here
Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.Referring to the attack as a “wake-up call,” Microsoft’s President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have "to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."The ransomware, also called WannaCry or Wana Decryptor, works by exploiting a vulnerability in some older versions of Windows. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet. WannaCry is said to take advantage of a NSA hacking tool, called EternalBlue, that can make it easy to hijack unpatched older Windows machines.To read this article in full or to leave a comment, please click here
Over the years I've been tempted to buy all sorts of ridiculous things from sites such as Recycled Goods and eBay and, for various reasons such as lacking enough room (and spousal approval) to get a rotovap setup going in the kitchen, I've managed to restrict myself to a few small, reasonably sane acquisitions. Other people, for example, Connor Krukosky, not only laugh at temerity such as mine but go big with hardly a second thought.A couple of years ago, at the age of 18, Krukosky who has what we'll call "a passion" for collecting and restoring vintage computers, spotted a posting on a mailing list announcing that an decade-old IBM Z890 mainframe was being sold by Rutgers University and the bidding was at a measly $100. Krukosky was immediately interested and bid, winning the beast for the handsome sum of $237.39.To read this article in full or to leave a comment, please click here
Enough with the iPhone 8 (or iPhone X) rumors: News about the 10th anniversary Apple iPhone seems to be getting real...PROCESSOR IN PRODUCTION
Much of the speculation about the expected 5.8-inch iPhone 8 of late has been about delays and more delays, but a report from DigiTimes that has been picked up by a slew of others states that Taiwan Semiconductor Manufacturing Company (TSMC) has started cranking out the main processors for the much anticipated iOS device. The presumed 10nm A11 system-on-chips would likely show up in the iPhone 8 as well as expected iPhone 7s and 7s Plus phones. While Apple uses multiple suppliers for other components, such as modems, TSMC is believed to be the only A11 supplier.To read this article in full or to leave a comment, please click here
Amazon is cranking out new products as fast as it can, such as the new Alexa-powered Echo Show device with a screen, but SNL has an even more practical idea.The SNL spoof ad, from the minds of Amazon and AARP, addresses the unique needs of older people unable to quite get the latest gadgets. It even includes Uh Huh mode to deal with those situations where people make a short story longer...
MORE: Most memorable SNL tech bits and skitsTo read this article in full or to leave a comment, please click here
Monday is going to suck for some folks, those who run old, unsupported Windows systems which are vulnerable to WannaCry ransomware, if they didn’t put in some weekend time applying security updates.In response to the massive global ransomware attack on Friday, Microsoft took the “highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.” Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrived for work on Monday morning.”To read this article in full or to leave a comment, please click here
Monday is going to suck for some folks, those who run old, unsupported Windows systems which are vulnerable to WannaCry ransomware, if they didn’t put in some weekend time applying security updates.In response to the massive global ransomware attack on Friday, Microsoft took the “highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.” Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrived for work on Monday morning.”To read this article in full or to leave a comment, please click here