Here’s how businesses can prevent point-of-sale attacks

Retailers, hotels and restaurants have all been victimized through the same Achilles' heel that cybercriminals continue to attack: the point-of-sale system, where customers' payment data is routinely processed.  These digital cash registers are often the target of malware designed to steal credit card numbers in the thousands or even millions. This year, fast food vendor Wendy's, clothing retailer Eddie Bauer and Kimpton Hotels have all reported data breaches stemming from such attacks.Security experts, however, are encouraging a variety of approaches to keep businesses secure from point-of-sale-related intrusions. Here are a few to consider:To read this article in full or to leave a comment, please click here

Hewlett Packard Enterprise and Mirantis cut OpenStack staff

Hewlett Packard Enterprise and Mirantis - two of the most instrumental companies in the open source cloud computing project OpenStack - have each laid off employees in recent weeks, according to the companies.The full extent of the layoffs at HPE is unknown but ComputerWorldUK last week quoted Canonical founder Mark Shuttleworth as saying that HPE had laid off their “entire OpenStack team.” An official with HPE confirmed there has been a restructuring but would not say how many OpenStack workers were cut, adding that Shuttleworth’s statement is exaggerated.To read this article in full or to leave a comment, please click here

Migrating To A Software-Defined World

BGP Security: Mitigating Route Leaks

IDG Contributor Network: Is your personal relevance gap growing faster than your waistline?

In a previous series of blogs, I talked about why your network is the critical foundation of the digital transformation and of the business benefits of moving to a new IP network architecture. I talked about how networks help you control time, how the effects of Metcalfe’s and Reed’s Laws result in wealth creation, and why there is such a tension between your dumb pipes and your smart business. But it’s not just the technology that matters in this coming digital transformation; it’s also your skills and ultimately your career.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Is your personal relevance gap growing faster than your waistline?

In a previous series of blogs, I talked about why your network is the critical foundation of the digital transformation and of the business benefits of moving to a new IP network architecture. I talked about how networks help you control time, how the effects of Metcalfe’s and Reed’s Laws result in wealth creation, and why there is such a tension between your dumb pipes and your smart business. But it’s not just the technology that matters in this coming digital transformation; it’s also your skills and ultimately your career.To read this article in full or to leave a comment, please click here

First Speakers in the Spring 2017 Data Center Course

It’s only two weeks since the last live session of the Autumn 2016 Data Center course in which Mitja Robas did a fantastic job describing a production deployment of VMware NSX on top of Cisco Nexus 9000 network, and we already have the first speakers for the Spring 2017 event:

• Scott Lowe (now at VMware) will talk about the role of open source in data center infrastructure;
• Thomas Wacker (UBS AG) will talk about their fully automated data center deployments;
• Andrew Lerner and Simon Richard (Gartner) will participate in a panel discussion on data center and networking trends.

IDG Contributor Network: Apcera rolls out its container management platform

Apcera is an interesting company. Its founder, Derek Collison, was one of the key people behind Cloud Foundry back when it was a small platform project within VMware. Since then Cloud Foundry has gone on to become, arguably, the most important platform as a service (PaaS) organization on earth.+ Also on Network World: PaaS vendors draw battle lines over containers + Collison has moved on as well and founded Apcera, a company focused on giving large enterprises the certainty that comes from using a platform with security and policy baked in. In a world were organizations are hearing more and more about containers and cloud-native applications, having a platform that allows them to use these technologies within the context of tight policy is an attractive proposition.To read this article in full or to leave a comment, please click here

Google clashes with Microsoft over Windows flaw disclosure

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw."This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.To read this article in full or to leave a comment, please click here

Google clashes with Microsoft over Windows flaw disclosure

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw."This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.To read this article in full or to leave a comment, please click here

Broadcom May Be Considering a Purchase of Brocade

Or perhaps Broadcom is being used as a stalking horse.

Improve IT security: Start with these 10 topics

You want to be more responsible about IT security in your organization, but where do you start? May I suggest your first step be understanding these topics more thoroughly. This is list isn’t exhaustive. It’s only a beginning:1. DNS and DNSSEC: The biggest games in cyber war are hitting DNS providers. DNS can be compromised in many simple ways, but Domain Name System Security Extensions (DNSSEC) thwarts these—at the cost of understanding how it works, how to deploy it and how it’s maintained. There are ways to understand if your own organization is threatened with DDoS attacks. Study them. To read this article in full or to leave a comment, please click here

Improve IT security: Start with these 10 topics

You want to be more responsible about IT security in your organization, but where do you start? May I suggest your first step be understanding these topics more thoroughly. This is list isn’t exhaustive. It’s only a beginning:1. DNS and DNSSEC: The biggest games in cyber war are hitting DNS providers. DNS can be compromised in many simple ways, but Domain Name System Security Extensions (DNSSEC) thwarts these—at the cost of understanding how it works, how to deploy it and how it’s maintained. There are ways to understand if your own organization is threatened with DDoS attacks. Study them. To read this article in full or to leave a comment, please click here

Keith Ohlfs, man behind macOS pinwheel & much more, passes away at 52

Ohlfs family Keith Ohlfs Keith Ohlfs, a talented software UX designer whose claims to fame included working on the operating system at the heart of Steve Jobs' NeXT Computer systems, has died at the age of 52 from a heart attack.Ohlfs five years ago posted the video seen below in which NeXT Computer debuts in 1988, 8 years before Apple bought the company and adopted many of its concepts in OS X/macOS. Ohlfs created the animation that the computer used to introduce itself and Jobs wrote the text. "Steve was a huge inspiration in my life and his passion was for uncompromising form and function that has shaped my vision for the future of design and technology," Ohlfs wrote.To read this article in full or to leave a comment, please click here

Microsoft cleans house at the Windows Store

Microsoft announced earlier this year that it would remove applications from the Windows Store that do not comply with the age rating policies the company had adopted. The age rating policy is based on appropriate age and content ratings administered by the International Age Ratings Coalition (IARC) rating system. Microsoft said these ratings are about the suitability of the content in the app, rather than the age of the target audience for your app.  Well, it meant what it said. A large number of applications have been removed from the Windows Store, with reports ranging from 90,000 apps and games to more than 100,000. Given the Windows Store has (or had) 329,000 apps, that's about one-third of the total apps. To read this article in full or to leave a comment, please click here

System76 brings Ubuntu to $699 laptop with Kaby Lake chips

If Windows 10 isn't your cup of tea, System76 has a new Ubuntu laptop with Intel's Kaby Lake chip that won't burn your wallet.The 14-inch Lemur laptop starts at $699, a more affordable price for cost-sensitive users than Dell's Ubuntu-based XPS 13 Developer Edition, which starts at $949."We don't have any Mac tax or Windows tax that goes into [Lemur]," said Ryan Sipes, community manager at System76.Despite having a free OS, Dell's XPS 13 laptop has been criticized for being more expensive than the XPS 13 with Windows 10, which starts at $799.99. The Lemur is has many features in common with the XPS 13 DE, though it isn't as slick-looking.To read this article in full or to leave a comment, please click here

Mozilla plans to rejuvenate Firefox in 2017

Mozilla last week named its next-generation browser engine project and said it would introduce the new technology to Firefox next year.Dubbed Quantum, the new engine will include several components from Servo, the browser rendering engine that Mozilla has sponsored, and been working on, since 2013. Written with Rust, Servo was envisioned as a replacement for Firefox's long-standing Gecko engine. Both Servo and Rust originated at Mozilla's research group."Project Quantum is about developing a next-generation engine that will meet the demands of tomorrow's web by taking full advantage of all the processing power in your modern devices," said David Bryant, the head of Firefox engineering, in a piece published Thursday on Medium.To read this article in full or to leave a comment, please click here

Worth Reading: Dyn’s DDoS Reveals IoT Weak Points

The massive internet outage last Friday that took out Twitter, GitHub, Spotify and others, was caused by a tsunami of incoming requests to Dyn, the DNS service provider supporting these companies. Where did all these requests pour in from? Hacked CCTV video cameras, digital video recorders and other IoT devices. The Internet of Things has arrived. And it brings huge security issues. —The New Stack

The post Worth Reading: Dyn’s DDoS Reveals IoT Weak Points appeared first on 'net work.

IBM deploys machine learning to bolster online banking security program

Behavioral biometrics that uses machine learning is behind new features being added to IBM’s Trusteer Pinpoint Detect platform, which financial institutions use to head off crooks who may have stolen the username and password of legitimate account holders.The new feature looks for anomalies between legitimate users’ normal mouse gestures and those of the current user, and over time refines the accuracy of its analysis, says Brooke Satti Charles, Financial Crime Prevention Strategist for IBM Security.That analysis creates a risk score that banks can use to decide whether an ongoing transaction is fraudulent and trigger an alert. The institutions have to decide what to do about the alerts, but they could cut off the transaction or require further ID before the customer is allowed to continue, she says.To read this article in full or to leave a comment, please click here

IBM deploys machine learning to bolster online banking security program

Behavioral biometrics that uses machine learning is behind new features being added to IBM’s Trusteer Pinpoint Detect platform, which financial institutions use to head off crooks who may have stolen the username and password of legitimate account holders.The new feature looks for anomalies between legitimate users’ normal mouse gestures and those of the current user, and over time refines the accuracy of its analysis, says Brooke Satti Charles, Financial Crime Prevention Strategist for IBM Security.That analysis creates a risk score that banks can use to decide whether an ongoing transaction is fraudulent and trigger an alert. The institutions have to decide what to do about the alerts, but they could cut off the transaction or require further ID before the customer is allowed to continue, she says.To read this article in full or to leave a comment, please click here