The Great Multi-Factor Authentication Debate — PCI Guru

The Council brings back the Assessor Session to this year’s Community Meeting and it takes only one question to get passions flowing. The question was to get a clarification of a comment made by Ralph Poore, Director, Emerging Standards at the Council, about multi-factor authentication (MFA). First a little background to get everyone up to […]

via The Great Multi-Factor Authentication Debate — PCI Guru

Wipro is buying cloud consultant Appirio for $500M

It's India meets Indianapolis: Bangalore-based consulting firm Wipro is buying Appirio for US$500 million to bulk up its cloud applications business.With more resources behind it, cloud services vendor Appirio will be in a better position to fight back against big consulting firms like Accenture and Deloitte, which "have garnered disproportionate market share" in the cloud services market in recent years, Appirio CEO Chris Barbin wrote in a blog post explaining the deal.Appirio, based in Indianapolis, offers a range of cloud applications integration services, many of them built around Salesforce.com -- a logical fit since it grew out of Salesforce's AppExchange startup incubator. The 10-year-old company also partners with Workday, Google and Amazon Web Services, and numbers Facebook, eBay and Coca-Cola among its customers.To read this article in full or to leave a comment, please click here

GuardiCore helps security teams see into apps and networks before they segment

The digital business era has brought with it a number of new tools and technologies, such as software-defined networking (SDN), Internet of Things (IoT), mobility and the cloud. These innovations enable businesses to increase their level of dynamism and be more distributed, but they also increase the complexity of securing the business. Old-school security methods and tools do not work in an environment where the perimeter is eroding and resources are becoming more virtual and cloud-centric.+ Also on Network World: Always be prepared: Monitor, analyze and test your security + To combat this, security professionals have embraced the concept of segmentation. The number of segmentation providers has exploded over the past few years, including VMware repositioning its NSX network virtualization product as a micro-segmentation solution. To read this article in full or to leave a comment, please click here

GuardiCore helps security teams see into apps and networks before they segment

The digital business era has brought with it a number of new tools and technologies, such as software-defined networking (SDN), Internet of Things (IoT), mobility and the cloud. These innovations enable businesses to increase their level of dynamism and be more distributed, but they also increase the complexity of securing the business. Old-school security methods and tools do not work in an environment where the perimeter is eroding and resources are becoming more virtual and cloud-centric.+ Also on Network World: Always be prepared: Monitor, analyze and test your security + To combat this, security professionals have embraced the concept of segmentation. The number of segmentation providers has exploded over the past few years, including VMware repositioning its NSX network virtualization product as a micro-segmentation solution. To read this article in full or to leave a comment, please click here

GuardiCore helps security teams see into apps and networks before they segment

The digital business era has brought with it a number of new tools and technologies, such as software-defined networking (SDN), Internet of Things (IoT), mobility and the cloud. These innovations enable businesses to increase their level of dynamism and be more distributed, but they also increase the complexity of securing the business. Old-school security methods and tools do not work in an environment where the perimeter is eroding and resources are becoming more virtual and cloud-centric.+ Also on Network World: Always be prepared: Monitor, analyze and test your security + To combat this, security professionals have embraced the concept of segmentation. The number of segmentation providers has exploded over the past few years, including VMware repositioning its NSX network virtualization product as a micro-segmentation solution. To read this article in full or to leave a comment, please click here

42% off 17-Piece Precision Smartphone Repair Kit For iPhone, Android, Samsung and Others – Deal Alert

Save money by repairing your own device. This 17-piece tool set averages 4.7 out of 5 stars on Amazon from over 490 people (read reviews), and is discounted 42% off its typical list price. The 17-piece kit works with iPhones, iPads, Android devices, and more. It includes several hard to find tools, constructed of heavy duty materials and lightly magnetized to make the job easier.To read this article in full or to leave a comment, please click here

MDM helps real estate developer mobilize business processes

A few years ago Edward Rose & Sons was suffering from the mother of all business process messes. The real estate developer's business processes had become inefficient. Its four divisions were using different property management, accounting and construction management systems. Employees were forced to shuffle paper for contracts and various other work documents. This made it difficult for management to consolidate and make sense of financial statements as they mulled purchasing more land. Edward Rose & Sons CIO Joe Simpson.To read this article in full or to leave a comment, please click here

3 ways Windows Server 2016 is tackling security

Every version of Windows — client and server — has promised improved security. But with Windows 10 and Windows Server 2016, Microsoft is going beyond the usual incremental improvements and closing of loopholes and giving you the tools to reduce the dangers of phished credentials, over-privileged admins and untrustworthy binaries.To read this article in full or to leave a comment, please click here(Insider Story)

3 ways Windows Server 2016 is tackling security

Every version of Windows — client and server — has promised improved security. But with Windows 10 and Windows Server 2016, Microsoft is going beyond the usual incremental improvements and closing of loopholes and giving you the tools to reduce the dangers of phished credentials, over-privileged admins and untrustworthy binaries.“In the past, security was always something that was part of another technology” says Jeff Woolsey, principal group program manager at Microsoft. “We needed to pull it out.”Security and protecting identity comes up in every conversation Microsoft has with customers, he says. And the scale of attacks means that security isn’t just something for the IT team to worry about any more, adds Jeffrey Snover, lead architect for the enterprise cloud group and the Microsoft Azure stack. “When we asked customers ‘what are your IT concerns?’ there were some messages we heard consistently. There were too many stories about getting hacked and not knowing for months.”To read this article in full or to leave a comment, please click here(Insider Story)

Citrix’s Optimism Continues After a Robust Q3

'Workplace IoT' could be in Citrix's future.

Free tool protects PCs from master boot record attacks

Cisco Systems' Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems.To read this article in full or to leave a comment, please click here

Free tool protects PCs from master boot record attacks

Cisco Systems' Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems.To read this article in full or to leave a comment, please click here

Technology confirms election ballot error is less than .001%

Distrust in the U.S. voting process and the presidential election has reached an all-time high, with many concerned their ballots won’t be counted. Voters can rest easy, though, when it comes to voting technology. Ballot errors are almost non-existent, said the CEO of voting system builder Clear Ballot.+ Also on Network World: Hacking the Election: Myths & Realities + Clear Ballot, a venture-backed company in Boston, builds an end-to-end voting system that includes precinct voting, accessible voting to serve disabled voters, central tabulation, consolidation and reporting, and an election management system, all using commodity off-the-shelf hardware. Most voting systems are built using proprietary hardware and software platforms. Because the voting system relies on commodity hardware, acquiring and setting up a ballot verification system is straightforward.To read this article in full or to leave a comment, please click here

The Age of Real-Time IT

Virtualization can help IT organizations break down the silos that exist between application developers and enable operations teams to deliver real-time IT.

US intelligence targets advanced security management of virtual systems

Looking to lock down government cloud-based resources in particular, researchers from the Intelligence Advance Research Projects Activity this week announced a program that will develop better technology to manage and secure Virtual Desktop Infrastructure environments. +More on Network World: Gartner: Virtual personal health assistants and other technology eliminate the physician for annual exams+ The advanced research arm of the Office of the Director of National Intelligence rolled out the Virtuous User Environment (VirtUE) program which the agency says “is looking to use the federal government’s impending migration to commercial cloud-based IT infrastructures and the current explosion of new virtualization and operating system concepts to create and demonstrate a more secure interactive user computing environment than the government has had in the past or likely to have in the near future.”To read this article in full or to leave a comment, please click here

US intelligence targets advanced security management of virtual systems

Looking to lock down government cloud-based resources in particular, researchers from the Intelligence Advance Research Projects Activity this week announced a program that will develop better technology to manage and secure Virtual Desktop Infrastructure environments. +More on Network World: Gartner: Virtual personal health assistants and other technology eliminate the physician for annual exams+ The advanced research arm of the Office of the Director of National Intelligence rolled out the Virtuous User Environment (VirtUE) program which the agency says “is looking to use the federal government’s impending migration to commercial cloud-based IT infrastructures and the current explosion of new virtualization and operating system concepts to create and demonstrate a more secure interactive user computing environment than the government has had in the past or likely to have in the near future.”To read this article in full or to leave a comment, please click here

Docker Networking Fundamentals

Regaining Control In The Cloud

Windows users face update bloat, and tough choices

Windows 10's cumulative updates have ballooned in size, and a similar bloat will also affect the Windows 7 updates that Microsoft revamped this month.According to data published last month by LANDesk and refreshed by Computerworld with October's numbers, Windows 10 cumulative updates for the three versions of the new OS have surged in size.Updates for Windows 10 version 1507 -- the debut that launched in July 2015 -- have grown 153% (for the 32-bit edition) and 181% (64-bit), from 184MB and 368MB to 466MB and 1,034MB (or over a gigabyte), respectively, in just over a year.Those for version 1511 -- Windows 10's first "feature update," issued in November 2015 -- exploded in comparison: The first 64-bit 1511 update was 49MB, but the cumulative update released earlier this month was a whopping 989MB, for a growth rate of 1,918% in under 12 months.To read this article in full or to leave a comment, please click here

Stupid encryption mistakes criminals make

Writing secure code can be challenging, and implementing cryptography correctly in software is just plain hard. Even experienced developers can get tripped up. And if your goal is to swindle people quickly, not to wow them with the quality of your software, there are sure to be serious crypto mistakes in your code.Malware authors may provide significant lessons in how not to implement cryptography. Such was the upshot of research by Check Point’s Yaniv Balmas and Ben Herzog at the recent Virus Bulletin conference in Denver. Malware authors may be more likely to insert crypto doozies in their code than developers working on legitimate software because they may not care as much about code quality or design, said Balmas and Herzog. These criminals are focused on getting a product that does enough to satisfy their immediate requirements -- and no more.To read this article in full or to leave a comment, please click here