Hipchat resets user passwords after possible breach

HipChat has reset all its users' passwords after what it called a security incident that may have exposed their names, email addresses and hashed password information.In some cases, attackers may have accessed messages and content in chat rooms, HipChat said in a Monday blog post. But this happened in no more than 0.05 percent of the cases, each of which involved a domain URL, such as company.hipchat.com.HipChat didn't say how many users may have been affected by the incident. The passwords that may have been exposed would also be difficult to crack, the company said. The data is hashed, or obscured, with the bcrypt algorithm, which transforms the passwords into a set of random-looking characters. For added security, HipChat "salted" each password with a random value before hashing it.To read this article in full or to leave a comment, please click here

Revisiting CentOS Atomic Host

A couple years ago, I wrote an article about how I was choosing CoreOS over Project Atomic based on some initial testing with CentOS Atomic Host builds. As it turns out—and as I pointed out in the “Update” section of that article—the Atomic Host builds I was using were pre-release builds, and therefore it wasn’t really appropriate to form an assessment based on pre-release builds. Now that both CentOS Atomic Host and CoreOS Container Linux have both grown and matured, I thought I’d revisit the topic and see how—if at all—things have changed.

In my original post, there were 4 major issues I identified (not necessarily in the same order as the original post):

  • Lack of container-specific cloud-init extensions
  • Difficulty customizing Docker daemon
  • Odd issues with cloud-init
  • Stability of the distribution

So how do these areas look now, 2 years later?

  • Container-specific cloud-init extensions: Upon a closer examination of this issue, I realized that the cloud-init extensions were actually specific to CoreOS projects, like etcd and fleet. Thus, it wouldn’t make sense for these sorts of cloud-init extensions to exist on Atomic Hosts. What would make sense would be extensions that help configure Atomic Host-specific functionality, though (to be honest) Continue reading

Microsoft finds another use for LinkedIn with CRM integration

The moment Salesforce CEO Marc Benioff was dreading has arrived: Microsoft is wielding LinkedIn against Salesforce in the battle for the CRM market. Starting Tuesday, salespeople will get LinkedIn Sales Navigator data alongside other information in the Dynamics 365 Sales dashboard.Users who have both systems will see information from LinkedIn profiles inside the lead, contact, account and opportunity pages of Dynamics 365 Sales. Dynamics and LinkedIn Sales Navigator will sync their information every day so that LinkedIn’s system is up to date on activity from Microsoft’s CRM and vice versa.To read this article in full or to leave a comment, please click here

Customers roast Microsoft over security bulletins’ demise

When Microsoft asked customers last week for feedback on the portal that just replaced the decades-long practice of delivering detailed security bulletins, it got an earful from unhappy users."Hate hate hate the new security bulletin format. HATE," emphasized Janelle 322 in a support forum where Microsoft urged customers to post thoughts on the change. "I now have to manually transcribe this information to my spreadsheet to disseminate to my customers. You have just added 8 hours to my workload. Thanks for nothing."To read this article in full or to leave a comment, please click here

Customers roast Microsoft over security bulletins’ demise

When Microsoft asked customers last week for feedback on the portal that just replaced the decades-long practice of delivering detailed security bulletins, it got an earful from unhappy users."Hate hate hate the new security bulletin format. HATE," emphasized Janelle 322 in a support forum where Microsoft urged customers to post thoughts on the change. "I now have to manually transcribe this information to my spreadsheet to disseminate to my customers. You have just added 8 hours to my workload. Thanks for nothing."To read this article in full or to leave a comment, please click here

7 patch management practices guaranteed to help protect your data

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

We’re in an era in which pre-packaged exploit services make it possible for the average Joe, with no technological experience or prowess, to launch intricate attacks on our environments. So, what can be done? Patching operating systems and applications is a surefire way to block some attacks.  But you need to do more than blast out auto updates.

Here are seven patch management best practices that take your organization’s cybersecurity to the next level:

#1 Use a proper discovery service

You can’t secure what you don’t know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network. Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it’s important to inventory your network on a regular basis. If one computer Continue reading

7 patch management practices guaranteed to help protect your data

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.We’re in an era in which pre-packaged exploit services make it possible for the average Joe, with no technological experience or prowess, to launch intricate attacks on our environments. So, what can be done? Patching operating systems and applications is a surefire way to block some attacks.  But you need to do more than blast out auto updates.Here are seven patch management best practices that take your organization’s cybersecurity to the next level:#1 Use a proper discovery service You can’t secure what you don’t know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network. Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it’s important to inventory your network on a regular basis. If one computer Continue reading

7 patch management practices guaranteed to help protect your data

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.We’re in an era in which pre-packaged exploit services make it possible for the average Joe, with no technological experience or prowess, to launch intricate attacks on our environments. So, what can be done? Patching operating systems and applications is a surefire way to block some attacks.  But you need to do more than blast out auto updates.Here are seven patch management best practices that take your organization’s cybersecurity to the next level:#1 Use a proper discovery service You can’t secure what you don’t know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network. Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it’s important to inventory your network on a regular basis. If one computer Continue reading

BrandPost: Automating Business Intent with an SD-WAN

I love to drink a latte (or three) in the morning. To get it, I rely on a “super-automatic” espresso machine.Just a single button press, and all the grinding, dosing, tamping, pre-brewing, etc. are done for me, the way I like it, every morning.Automation in the WAN is a much more powerful tool for an enterprise. It is one of the revolutionary ideas embodied in SD-WAN. Today I’ll outline the relationship between automation and business intent.In my last blog, I discussed the complexity inherent in the legacy WAN today, and how the move to cloud applications is forcing businesses to rethink their WANs. For instance, an assumption embedded firmly in the legacy WAN is that configuration happens at the device level—and that networking professionals must focus their skills and time on learning and applying complicated CLI commands, device by device.To read this article in full or to leave a comment, please click here

How to track and secure open source in your enterprise

Recently, SAS issued a rather plaintive call for enterprises to limit the number of open source projects they use to a somewhat arbitrary percentage. That seems a rather obvious attempt to protest the rise of the open source R programming language for data science and analysis in a market where SAS has been dominant. But there is a good point hidden in the bluster: Using open source responsibly means knowing what you’re using so you can track and maintain it.To read this article in full or to leave a comment, please click here(Insider Story)

Deep dive on AWS vs. Azure vs. Google cloud storage options

One of the most common use cases for public IaaS cloud computing is storage and that’s for good reason: Instead of buying hardware and managing it, users simply upload data to the cloud and pay for how much they put there.+MORE AT NETWORK WORLD: Battle of the clouds: AWS vs. Azure vs. Google Cloud Platform | Interactive map of public cloud regions around the world +To read this article in full or to leave a comment, please click here

AMD shows off Vega’s ability to handle 8K graphics at NAB

AMD is giving a demonstration of the brute force of its upcoming Vega GPU, showing its ability to handle 4K and 8K graphics.The company is showing off its next-generation Radeon Pro professional graphics card based on the Vega GPU at the NAB show in the Las Vegas this week.One demonstration has the Vega GPU handling 8K video processing in Adobe Premiere Pro CC 2017. The other focuses on 4K post-processing with Radeon ProRender, which renders high-end graphics.The NAB show is targeted at the TV and film industry, in which 8K is a growing trend. AMD has been wooing the industry to adopt its GPUs.To read this article in full or to leave a comment, please click here

Riding The Virtual SAN Gravy Train

Being the first mover in establishing a new technology in the enterprise is important, but it is not more important than having a vast installed base and sales force peddling an existing and adjacent product set in which to sell a competing and usually lagging technology.

VMware can’t be said to have initially been particularly enthusiastic about server-SAN hybrids like those created by upstart Nutanix, with its Acropolis platform, or pioneer Hewlett Packard Enterprise, which bought into the virtual SAN market with its LeftHand Networks acquisition in October 2008 for $360 million and went back to the hyperconverged well

Riding The Virtual SAN Gravy Train was written by Timothy Prickett Morgan at The Next Platform.

IDG Contributor Network: Industry 4.0 is the blueprint for the future of IT

When you think about the digital future, you probably think about self-driving cars, disruptors like Uber and Airbnb, and artificial intelligence. What you probably do not think about, however, is factories.Despite their outwardly staid appearance, the industrial and manufacturing industries have been at the forefront of the practical application of technology and automation for decades. This evolution has culminated in what is called Industry 4.0—a vision of the smart factory and the Industrial Internet of Things (IoT).And, I believe, it may be a blueprint for the future of IT across all industries.To read this article in full or to leave a comment, please click here

App time! Rounding up two new mobile and desktop apps

The main goal of the column has always focused on gizmos and gadgets, but on occasion I still discover some non-gizmo goodies – aka software or apps. So here are two quick apps that have spent some time on my phone and computer:Moodelizer: If you’ve always wanted to add a soundtrack to your mobile phone videos, but didn’t want to take the time to grab some royalty-free music and open up a video editor after the fact, Moodelizer should help. Think of this app like an Instagram filter, but for audio. The app provides you with a selection of audio clips, with names like “Arcade, Sitcom, Horror, Bride, Cartoon, etc.” A box that takes up the majority of the screen lets you film from either of the phone’s camera (rear camera or ‘selfie’ camera). When you choose your audio style, a button inside the box lets you choose different zones within the camera frame – when you move around, you get a different sound as part of the “soundtrack”. You can rehearse what you want to do, or you can tap a button and start recording.To read this article in full or to leave a comment, Continue reading

Get 20% off BeatsX Wireless In-Ear Headphones – Deal Alert

BeatsX wireless in-ear headphones are currently discounted 20% on Amazon. BeatsX features Fast Fuel charging (5 mins of charge = 2 mins of playback), multiple tips for a personalized fit, and seamless setup & connection with iOS devices via class 1 Bluetooth. The public list price of $149.95 on Amazon will be reduced to $119.99 when you add the item to your cart. See the discounted BeatsX wireless in-ear headphones now on Amazon.To read this article in full or to leave a comment, please click here