Why you need a bug bounty program

Every business needs to have a process in place for handling security vulnerability reports, but some organizations take a much more proactive approach to dealing with security researchers.To read this article in full or to leave a comment, please click here(Insider Story)

Renewed effort begins to save Calif. university’s IT jobs

At least 10 U.S. lawmakers have written University of California officials about their plan to move IT jobs offshore. It has been called it "ill-advised" and "dangerous," and some have demanded its reversal. But the letters have had no apparent impact, and employees are slated to be laid off Feb. 28.The next step in the fight is legislation.[ Join our H-1B/Outsourcing group on Facebook to discuss this story. ] California Assembly member Kevin McCarty, (D-Sacramento), introduced a bill (AB 848) Thursday in the state legislature that's backed by university unions. It would require the University of California and California State University to certify that any contracted work "will be performed solely with workers within the United States."To read this article in full or to leave a comment, please click here

Intel’s mobile future is in blazing modems as it buries Atom failure

Apple's iPhone has twice been linked to Intel's mobile future. The chip maker bungled it up once, but is coming on strong the second time.Intel passed on the opportunity to make chips for the first iPhone, and in May discontinued Atom smartphone chips after wasting billions trying to get them in handsets. The chip company instead started building a new mobile identity around its modems and wireless connectivity assets.Intel's had success, and some iPhone 7 smartphones are already using the chip maker's modem. The company is now building faster modems, and carrying out trials for future 5G wireless networks.To read this article in full or to leave a comment, please click here

Would killing Bitcoin end ransomware?

Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.One question this raises is whether ransomware attacks would decrease if Bitcoin ceased to exist? Security experts answer that question with a resounding “no”, indicating that cybercriminals would just move on to another anonymous payment method to continue their extortion."Getting rid of Bitcoin to stop ransomware would be like the U.S. Government getting rid of $100 bills to try to stop drug dealers from laundering their dirty money. It’s not the right solution. Would it momentarily create a bump in the road for cyber attackers who are making millions off of ransomware? Absolutely, but only for a fleeting moment,” said Richard Henderson, global security strategist at Absolute.To read this article in full or to leave a comment, please click here(Insider Story)

Would killing Bitcoin end ransomware?

Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency – usually Bitcoin – in exchange for providing a decryption key.To read this article in full or to leave a comment, please click here(Insider Story)

8 steps to regaining control over shadow IT

A dangerous practice on the riseImage by Pexels“Shadow IT” refers to the too-common practice whereby managers select and deploy cloud services without the consent or even the knowledge of the IT department. These services act as extensions of the corporation but are steered entirely by groups that lack the knowledge or process to ensure they follow necessary guidelines, introducing security, compliance, and brand risk throughout the enterprise. Gartner predicts that by 2020, one-third of security breaches will come in through shadow IT services.To read this article in full or to leave a comment, please click here

8 steps to regaining control over shadow IT

A dangerous practice on the riseImage by Pexels“Shadow IT” refers to the too-common practice whereby managers select and deploy cloud services without the consent or even the knowledge of the IT department. These services act as extensions of the corporation but are steered entirely by groups that lack the knowledge or process to ensure they follow necessary guidelines, introducing security, compliance, and brand risk throughout the enterprise. Gartner predicts that by 2020, one-third of security breaches will come in through shadow IT services.To read this article in full or to leave a comment, please click here

Intel takes on IoT complexity with carrier-approved boards

Getting cellular devices certified for carriers’ networks is an expensive, complicated process that’s even harder in the new field of IoT.Smartphone and tablet makers have been dealing with certification for years, spending as much as US$1 million on the process for just one device, GlobalData analyst Avi Greengart says. It’s gotten harder as carriers add new frequency bands.But at least phone makers have been through this before. When enterprises have new ideas about how to use the internet of things, and when manufacturers try to turn those ideas into reality, they're new to the process. Certification delays can hold up devices and IoT rollouts.To read this article in full or to leave a comment, please click here

Kubernetes is now generally available on Azure Container Service

Microsoft and Google don’t get along all that often, but they do agree on using Kubernetes for cloud container orchestration.Kubernetes is generally available for use with Azure Container Service, Microsoft’s managed cloud container hosting offering, as of Tuesday. ACS support for Kubernetes comes along with the service’s existing support for the Apache Mesos-based DC/OS and Docker Swarm.Containers provide an isolated, portable and consistent runtime for applications that’s particularly well-suited to deployment in a cloud environment. Orchestrators like Kubernetes help manage groups of containers. Many cloud providers like Microsoft offer services that help simplify the management of that whole system even further. ACS is one such service.To read this article in full or to leave a comment, please click here

The Danger of Giving Up Social Media Passwords – So Many Other Services Are Connected

"What's the harm in giving up my Twitter password?", you might say, "all someone can do is see my direct messages and post a tweet from me, right?"

Think again. The reality today is that social media services are used for far more than just posting updates or photos of cats. They also act as "identity providers" allowing us to easily login to other sites and services. 

We've all seen the "Login with Twitter" or "Continue with Facebook" buttons on various sites. Or for Google or LinkedIn. These offer a tremendous convenience. You can rapidly sign into sites without having to remember yet-another-password.

But...

... if you give your passwords to your social media accounts to someone, they could potentially[1]:

Dan York

LuaJIT Hacking: Getting next() out of the NYI list

At Cloudflare we’re heavy users of LuaJIT and in the past have sponsored many improvements to its performance.

LuaJIT is a powerful piece of software, maybe the highest performing JIT in the industry. But it’s not always easy to get the most out of it, and sometimes a small change in one part of your code can negatively impact other, already optimized, parts.

One of the first pieces of advice anyone receives when writing Lua code to run quickly using LuaJIT is “avoid the NYIs”: the language or library features that can’t be compiled because they’re NYI (not yet implemented). And that means they run in the interpreter.

CC BY-SA 2.0 image by Dwayne Bent

Another very attractive feature of LuaJIT is the FFI library, which allows Lua code to directly interface with C code and memory structures. The JIT compiler weaves these memory operations in line with the generated machine language, making it much more efficient than using the traditional Lua C API.

Unfortunately, if for any reason the Lua code using the FFI library has to run under the interpreter, it takes a very heavy performance hit. As it happens, under the interpreter the FFI is usually Continue reading

Aliens ate my laptop

To misquote The Hitchhiker’s Guide to the Galaxy: Space is big. Really big. You just won't believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it's a long way down the road to the Apple Genius Bar, but that's just peanuts to space.And out there, in the vast reaches of the cosmos, continuously streaming towards Earth are what are called cosmic rays which are  protons and atomic nuclei theorized to come from both supernovae explosions and probably the centers of galaxies. The earth is continuously bombarded by these alien particles which, in turn, collide with the atmosphere and generate a whole range of secondary particles including neutrons, muons, pions and alpha particles. To read this article in full or to leave a comment, please click here

Aliens ate my laptop

To misquote The Hitchhiker’s Guide to the Galaxy: Space is big. Really big. You just won't believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it's a long way down the road to the Apple Genius Bar, but that's just peanuts to space.And out there, in the vast reaches of the cosmos, continuously streaming towards Earth are what are called cosmic rays which are  protons and atomic nuclei theorized to come from both supernovae explosions and probably the centers of galaxies. The earth is continuously bombarded by these alien particles which, in turn, collide with the atmosphere and generate a whole range of secondary particles including neutrons, muons, pions and alpha particles. To read this article in full or to leave a comment, please click here

Changes to Windows 10’s data-gathering not enough to satisfy EU privacy watchdog

European Union privacy watchdogs are still not happy with Windows 10's gathering of data about its users, over a year after they first wrote to Microsoft to complain.While the company has developed ways to give users more control over what data is collected, their consent to its collection cannot be valid without further explanation, according to the Article 29 Working Party, an umbrella body for the EU's national privacy regulators.The working party welcomed Microsoft's introduction of five new options in Windows 10 to limit or switch off certain kinds of data processing, but said they provided insufficient information about their operation.To read this article in full or to leave a comment, please click here

Changes to Windows 10’s data-gathering not enough to satisfy EU privacy watchdogs

European Union privacy watchdogs are still not happy with Windows 10's gathering of data about its users, over a year after they first wrote to Microsoft to complain. While the company has developed ways to give users more control over what data is collected, their consent to its collection cannot be valid without further explanation, according to the Article 29 Working Party, an umbrella body for the EU's national privacy regulators. The working party welcomed Microsoft's introduction of five new options in Windows 10 to limit or switch off certain kinds of data processing, but said they provided insufficient information about their operation.To read this article in full or to leave a comment, please click here

Add Bluetooth 5 to Raspberry Pi 3 or create gadgets with this new chip

One of Raspberry Pi's weaknesses is a lack of wireless technologies, which limits its communications capabilities with other devices. One new chipset from Qualcomm could help fill that gap.The QCA4020 chipset packs in Bluetooth Low Energy 5, ZigBee 3.0, WiFi 802.11n, and OpenThread wireless communications protocols.The chipset is like a mini-developer board -- an integrated chipset with an ARM-based CPU. It can be used to create smart home or industrial devices.It can also serve as a wireless access point for Raspberry Pi and other developer boards used to make smart gadgets, drones, robots, and industrial devices. It has a number of connector protocols and can work with Arduino boards.To read this article in full or to leave a comment, please click here

Add Bluetooth 5 to Raspberry Pi 3 or create gadgets with this new chip

One of Raspberry Pi's weaknesses is a lack of wireless technologies, which limits its communications capabilities with other devices. One new chipset from Qualcomm could help fill that gap.The QCA4020 chipset packs in Bluetooth Low Energy 5, ZigBee 3.0, WiFi 802.11n, and OpenThread wireless communications protocols.The chipset is like a mini-developer board -- an integrated chipset with an ARM-based CPU. It can be used to create smart home or industrial devices.It can also serve as a wireless access point for Raspberry Pi and other developer boards used to make smart gadgets, drones, robots, and industrial devices. It has a number of connector protocols and can work with Arduino boards.To read this article in full or to leave a comment, please click here

1 2,148 2,149 2,150 2,151 2,152 3,696