Why we need the FTC to police ISP privacy practices

Critics of the recently scrapped federal privacy regulation for internet service providers (ISPs) argued that the rules were overreaching, and that broadband providers should be held to the same privacy framework as application and content providers.The only catch is, they can't.Terrell McSweeny, a commissioner at the Federal Trade Commission (FTC), laments that her agency lacks the same oversight authority over ISPs that it exerts in the general consumer internet space, where it has brought privacy cases against the likes of Google and Facebook.Then, when Congress moved last month to nullify a privacy rule for ISPs advanced by the FCC, it effectively stripped the market of federal oversight, McSweeny argued at a recent event on privacy policy.To read this article in full or to leave a comment, please click here

Webroot deletes Windows files and causes serious problems for users

Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots.To read this article in full or to leave a comment, please click here

Webroot deletes Windows files and causes serious problems for users

Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots.To read this article in full or to leave a comment, please click here

Chaos for customers: Webroot flags Windows as malware and Facebook as phishing site

A Webroot antivirus signature update, which was supposedly live for only 13 minutes yesterday afternoon, flagged crucial Windows system files as malicious, causing chaos and 15 pages of customer complaints so far.The havoc began after Webroot flagged some Windows system files as the malware Win32.Trojan.Gen and moved key system files to quarantine. As legit files were shuffled around, thousands upon thousands of Webroot customers experienced OS errors or crashed Windows systems.To read this article in full or to leave a comment, please click here

Chaos for customers: Webroot flags Windows as malware and Facebook as phishing site

A Webroot antivirus signature update, which was supposedly live for only 13 minutes yesterday afternoon, flagged crucial Windows system files as malicious, causing chaos and 15 pages of customer complaints so far.The havoc began after Webroot flagged some Windows system files as the malware Win32.Trojan.Gen and moved key system files to quarantine. As legit files were shuffled around, thousands upon thousands of Webroot customers experienced OS errors or crashed Windows systems.To read this article in full or to leave a comment, please click here

Systemic cybersecurity crisis looms

The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security + There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading

Systemic cybersecurity crisis looms

The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security + There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading

16% off MOCACuff Bluetooth Wrist Blood Pressure Monitor, iOS/Android Compatible – Deal Alert

Place MOCACuff on your wrist and let it do all the work, measuring heart rate, systolic and diastolic blood pressure. Results are displayed on-screen with corresponding American Heart Association's blood pressure standards. A simple button press syncs results to your iOS/Android device. Receive expertly curated health recommendations via MOCACARE's app to improve or maintain your health, and visualize health trends and see how your health is improving over time. The device is FDA-cleared, CE certified and comes in a carrying case for convenience and portability. The typical list price of $77.74 has been reduced on Amazon 16% to $64.99, for now. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

Twistlock Closes $17M Funding Round for Container Security

IBM security veteran Brendan Hannigan joined the Twistlock board.

IDG Contributor Network: Twistlock leverages the container opportunity to score big funding

The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day.Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch.+ Also on Network World: Finding and protecting the crown jewels + One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry’s first enterprise security suite for containers. Twistlock's technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock's stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment.To read this article in full or to leave a Continue reading

IDG Contributor Network: Twistlock leverages the container opportunity to score big funding

The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day.Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch.+ Also on Network World: Finding and protecting the crown jewels + One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry’s first enterprise security suite for containers. Twistlock's technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock's stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment.To read this article in full or to leave a Continue reading

DockerCon 2017 Day 1 Highlights

What an incredible DockerCon 2017 we had last week. Big thank you to all of the 150+ confirmed speakers, 100+ sponsors and over 5,500 attendees for contributing to the success of these amazing 3 days in Austin. You’ll find below the videos and slides from general session day 1.All the slides will soon be published on our slideshare account and all the breakout session video recordings available on our DockerCon 2017 youtube playlist.

Here’s what we covered during the day 1 general session:

• 17:00 Developer Workflow improvements and demo
• 37:00 Secure Orchestration and demo
• 59:00 Introducing LinuxKit: a toolkit for building secure, lean and portable linux subsystems
• 1:15 Introducing the Moby Project: a new open source project to advance the software containerization movement

Development workflow Improvements

Solomon’s keynote started by introducing new Docker features to improve the development workflows of Docker users: multi-stage builds and desktop-to-cloud integration. With multi-stage builds you can now easily separate your build-time and runtime container images, allowing development teams to ship minimal and efficient images. It’s time to say goodbye to those custom and non-portable build scripts! With desktop-to-cloud you can easily connect to a remote swarm cluster using your Docker ID for authentication, without having to worry Continue reading

You Don’t Change The World By Thinking like Everyone Else

IDG Contributor Network: How CISOs should address their boards about security

There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat + Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading

IDG Contributor Network: How CISOs should address their boards about security

There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat + Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading

Cisco Jasper Takes its IoT Expertise to the Enterprise

Canadian operator Telus is the first customer to use the new platform.

ONUG gets closer to making SD-WANs talk to each other

A group of networking engineers and vendors is making progress toward an API that would help enterprises merge SD-WANs from different vendors.The Open SD-WAN Exchange (OSE) initiative was launched last year by the Open Networking User Group (ONUG) to solve a shortcoming of software-defined wide-area networks: They often can't talk to each other. On Tuesday at the ONUG Spring 2017 conference in San Francisco, OSE will make public the work it's done so far.SD-WANs control links to branch offices and remote sites with software, which ultimately should eliminate proprietary hardware and dedicated routing schemes. They also allow companies to use regular broadband connections instead of more expensive MPLS (Multiprotocol Label Switching) services.To read this article in full or to leave a comment, please click here

ONUG gets closer to making SD-WANs talk to each other

A group of networking engineers and vendors is making progress toward an API that would help enterprises merge SD-WANs from different vendors.The Open SD-WAN Exchange (OSE) initiative was launched last year by the Open Networking User Group (ONUG) to solve a shortcoming of software-defined wide-area networks: They often can't talk to each other. On Tuesday at the ONUG Spring 2017 conference in San Francisco, OSE will make public the work it's done so far.SD-WANs control links to branch offices and remote sites with software, which ultimately should eliminate proprietary hardware and dedicated routing schemes. They also allow companies to use regular broadband connections instead of more expensive MPLS (Multiprotocol Label Switching) services.To read this article in full or to leave a comment, please click here

What to ask when selecting application security solutions

Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here

What to ask when selecting application security solutions

Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here