After Mozilla inquiry, Apple untrusts Chinese certificate authority

Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company.Although there is no WoSign root certificate in Apple's trusted certificate store, a WoSign intermediate CA certificate is cross-signed by two other CAs that Apple trusts: StartCom and Comodo. This means that until now Apple products have automatically trusted certificates issued through the WoSign intermediate CA.Because WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA, "we are taking action to protect users in an upcoming security update," Apple said in support notes for both iOS and macOS. "Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA."To read this article in full or to leave a comment, please click here

Level 3 acknowledges network outage

Social networks exploded Tuesday morning with customer inquiries and complaints because of a Level 3 Communications network outage across the United States.Though by noon, reports had started spilling out that service was returning in certain spots.MORE: 2016 Technology Industry GraveyardIt appears the outage started around 11AM EST, and according to the outage tracker Downdetector, hot spots on a heat map appear particularly colorful up and down the east coast and in California. Reports also surfaced of outages at Verizon, AT&T, Sprint and other service providers, possibly because of their use of Level 3 infrastructure, a major Internet backbone.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Automation: Disrupt or be disrupted

IDG Contributor Network: Compuware says there’s life left in mainframes

I spend a lot of time talking to organizations about disruption and the fact that no matter what industry they’re in, there is an equivalent to Uber breathing down their neck just waiting to destroy them. Normally these conversations end up with defensive legacy IT practitioners finding a million reasons why agile and innovative couldn’t happen in their setting—to much compliance, too many core systems, too much of a “slow and steady” business.Don't get me wrong: While I’m a huge fan of webscale approaches to IT, commodity infrastructure, and moving up the value chain, I’m still well aware that many of the world’s most critical systems—from banking to air travel—run on big old traditional mainframes and that forklifting these applications onto new architectures is hard.To read this article in full or to leave a comment, please click here

Worth Reading: Decryption mandates and global internet freedom

The debate over law enforcement and widespread strong encryption implicates powerful competing values. On one side, the liberty, privacy, and cybersecurity of American consumers and companies; on the other, the need to investigate serious crimes and protect the country against terrorism. Should companies be compelled to weaken their products (as most technologists see it)? Does the Fourth Amendment’s “balance” require that law enforcement retain the ability to access data covered by a search warrant? Does law enforcement really need such a mandate to investigate effectively? Does the First Amendment permit Congress to enact a ban on encoding one’s communications? Would such a ban be effective given the proliferation of new, powerful, easily accessible encryption technologies, including many created by foreign companies? —Hoover Institute

The post Worth Reading: Decryption mandates and global internet freedom appeared first on 'net work.

52% off Blitzu Cyborg Ultra Bright USB Rechargable Bike Light – Deal Alert

The Blitzu Cyborg 168T Bike Tail light features 50 micro-LED chips, and emits up to 168 Lumens. It is simple to install and you can mount this rear light anywhere you want in seconds, such as the handlebar, the seat post or anywhere on the frame.Stop wasting your money and never buy batteries again. The Cyborg 168T bicycle rear light charges from your computer or any device with a USB port. It only takes 2 hours to fully charge.  The Blitzu Cyborg 168T Bike Light averages 4.5 out of 5 stars on Amazon (read reviews) from over 1,000 customers.  Amazon indicates that its typical list price of $39.99 has been reduced by 52% to just $18.82. See it now on Amazon.To read this article in full or to leave a comment, please click here

You have one month to buy a Windows 7 (or 8.1) PC

It's time to bow to the inevitable: PC OEMs will cease selling machines pre-loaded with Windows 7 and Windows 8.1 at the end of this month. The only PCs for sale after that will be leftover inventory, and once they are gone, it's an all-Windows 10 world.Microsoft does this with every operating system, and given that Windows 7 is now 7 years old, it was certainly time. It had pushed off its end of life by two years after the Windows 8 disaster, just like it had to extend Windows XP following Vista.Business users will still have the option of downgrading your Windows 10 machine to Windows 7, of course, and Microsoft is committed to supporting Windows 7 until 2020. You need installation media for Windows 7, and you’ll have to activate the system manually, but you probably already knew that.To read this article in full or to leave a comment, please click here

Hackers can remotely exploit insulin pump for unauthorized insulin injections

Rapid7 and Johnson & Johnson disclosed three vulnerabilities in the Animas OneTouch Ping insulin pump system, flaws which could be remotely exploited. However, the attack is sophisticated and both say the risk of exploitation is “relatively low.”OneTouch Ping is a medical device which comes with a wireless remote control that patients can use to deliver insulin instead of accessing the device under their clothes. The Johnson & Johnson Animas device is described as a “two-part system;” the pump and a meter remote which communicates wirelessly via RF communication “to deliver insulin from the pump.”To read this article in full or to leave a comment, please click here

These 5 states account for half of business R&D spending

California, Massachusetts, Michigan, Texas and Washington account for more than half of the $255 billion in corporate R&D paid for and conducted in the United States, according to the National Science Foundation. California alone accounted for 30% of the funding. As with so many government reports, the data in this report is actually based on information a few years old due to the collection and analysis process, so in this case we're talking 2013. You can get into the gory details in the new report from the NSF's National Center for Science and Engineering Statistics. MORE: Microsoft puts AI front and center with research overhaulTo read this article in full or to leave a comment, please click here

Tight IT job market means employers will pay more

It's common knowledge that an IT career pays well. But if you're an IT pro looking for a new role, your paycheck could get a whole lot heftier.IT staffing company Modis surveyed 500 IT professionals responsible for key decisions, including hiring, between August 1 and August 9, 2016. The research, Tech Trends: IT Leaders and the Employment Market, shows that approximately 32 percent of IT organizations are willing to offer a 10 percent to 15 percent salary increase to currently employed IT professionals in an effort to attract elite talent.To read this article in full or to leave a comment, please click here

Salesforce will buy Krux to expand behavioral tracking capabilities

Salesforce.com has agreed to buy user data management platform Krux Digital, potentially allowing businesses to process even more data in their CRM systems.Krux describes its business as "capturing, unifying, and activating data signatures across every device and every channel, in real time."Essentially, it performs the tracking underlying behavioral advertising, handling 200 billion "data collection events" on three billion browsers and devices (desktop, mobile, tablet and set-top) each month.With that staggering volume of data, "Krux will extend the Salesforce Marketing Cloud’s audience segmentation and targeting capabilities to power consumer marketing with even more precision, at scale," Krux CEO and co-founder Tom Chavez wrote on the company blog.To read this article in full or to leave a comment, please click here

IDG Contributor Network: SoftLayer founder’s new company, StackPath, releases app security product

It’s always interesting to see what happens when a high-profile CEO sells his company and then finishes up his earn-out period. There are a few different models: some individuals go buy an island, start making films or go on permanent vacation. Others take some time to work out what they’re going to do and maybe take an entrepreneur-in-residence position for a time, while others jump straight back into the shark tank.+ Also on Network World: Application-layer DDoS attacks will increase, Kaspersky Labs predicts +To read this article in full or to leave a comment, please click here

Salesforce kicks off its conference with mobile, IoT updates and more

Salesforce's annual Dreamforce mega-conference kicks off in San Francisco on Tuesday morning, and the company will announce a slew of updates to its apps and services. The company is enhancing its mobile apps, launching deeper integrations between Salesforce and Quip and improving its services for processing IoT data. All of these new features are aimed at leveling up Salesforce's feature set at a time when the company faces fierce competition from tech titans like Microsoft and Oracle, along with a fleet of startups. The Salesforce1 app for iOS will be updated to let managers see how their employees are matching up against their quotas and how sales are stacking up against projections and quotas. In addition, companies will be able to pay extra for a My Salesforce1 functionality that lets them deploy their own version of the app with their own branding.To read this article in full or to leave a comment, please click here

Google Touts Its Cloud Network

Review: ADATA’s waterproof SSD is small, rugged — and pricey

ADATA recently launched two new solid-state drives (SSDs): one it claims is the fastest and smallest external SSD, and the other is a new 2.5-in laptop SSD based on 3D NAND.Here, I review ADATA's diminutive external SSD as 2.5-in.At just 2.8-in x 1.7-in x 0.4-in, the ADATA SE730 SSD is not just shirt-pocket friendly, it can practically disappear in your pants pocket among your smartphone and keys. It also comes in a stylish, gold- or red-colored metal case. ADATA ADATA's SE730 external SSD in its packaging.To read this article in full or to leave a comment, please click here

IT Resume Makeover: Don’t downplay your success

In this Resume Makeover, Donald Burns, helps a senior marketing executive, Alice Gaines (name changed for this article), simplify her resume to tell a story about how she earned four major promotions over her 16-year marketing career with one company. The challenge for Burns was to not only list the titles in a way that made sense to hiring managers, but also to demonstrate how each promotion came with new responsibilities and skills.To read this article in full or to leave a comment, please click here(Insider Story)

7 ways DevOps benefits security programs

DevOps can be beneficialImage by ThinkstockOrganizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps.To read this article in full or to leave a comment, please click here

How to get a job in IT services

One of the potential frustrations of working in a corporate IT department is the constant reminder that "IT is not our business; IT is here to serve the business." There's an alternative, of course: You can get a job in IT services, where information technology is the business.Work in IT services is closely related to IT consulting (a field we covered previously), with a few key differences. Although some companies offer both IT consulting and IT services, and both types of businesses are looking to hire highly skilled IT professionals, there's a distinct difference between the two, sources say. That difference is essentially the difference between strategy and tactics: An IT consulting firm plans new systems, while an IT services provider maintains systems after they're deployed.To read this article in full or to leave a comment, please click here

Security for your collaborative software

There’s a gaping hole in your security infrastructure right now. The front door is open, the side window is ajar, and there’s an open safe with a neon sign saying “steal my data” in flashing lights. While you might have locked down the network used for this software, instituted strict usage policies, and insist on having users stick to complex passwords, the data is leaking.To read this article in full or to leave a comment, please click here(Insider Story)

Turn data from risk liability into an asset

Big data has proven to be a big asset for corporations who are trying to collect information and make informed business decisions, but if the proper strategies for protecting that data are not in place, the risks to the enterprise can be costly.Earlier this year Cisco reported that worldwide mobile traffic is expected to grow eightfold from 2015 to 2020 reaching 30.6 exabytes, monthly. Planning for that data inflation raises a very important question: “How can organizations ensure their data is an asset and not a liability?” To read this article in full or to leave a comment, please click here