Top 25 worst-of-the-worst, most common passwords used in 2016

For the sixth year in a year, SplashData has released its list of worst passwords.According to SplashData, the list is based on over five million leaked passwords, which are used by users in North America and Western Europe, that were posted for sale online.I thought it might be interesting to compare SplashData’s newest list with the top 25 most common password list released last week by rival firm Keeper Security. According to the two companies, these were the top 25 worst passwords people used in 2016:To read this article in full or to leave a comment, please click here

Master-Master Replication and Scaling of an Application between Each of the IoT Devices and the Cloud

In this article, I want to share with you how I solved a very interesting problem of synchronizing data between IoT devices and a cloud application.

I’ll start by outlining the general idea and the goals of my project. Then I’ll describe my implementation in greater detail. This is going to be a more technically advanced part, where I’ll be talking about the Contiki OS, databases, protocols and the like. In the end, I’ll summarize the technologies I used to implement the whole system.

Project overview

So, let’s talk about the general idea first.

Here’s a scheme illustrating the final state of the whole system:

I have a user who can connect to IoT devices via a cloud service or directly (that is over Wi-Fi).

Also, I have an application server somewhere in the cloud and the cloud itself somewhere on the Internet. This cloud can be anything — for example, an AWS or Azure instance or it could be a dedicated server, it could be anything :)

The application server is connected to IoT devices over some protocol. I need this connection to exchange data between the application server and the IoT devices.

The IoT devices are connected to each other in Continue reading

Telegraf, InfluxDB, Chronograf, and Kapacitor

The InfluxData TICK (Telegraf, InfluxDB, Chronograf, Kapacitor) provides a full set of integrated metrics tools, including an agent to export metrics (Telegraf), a time series database to collect and store the metrics (InfluxDB), a dashboard to display metrics (Chronograf), and a data processing engine (Kapacitor). Each of the tools is open sourced and can be used together or separately.
This article will show how industry standard sFlow agents embedded within the data center infrastructure can provide Telegraf metrics to InfluxDB. The solution uses sFlow-RT as a proxy to convert sFlow metrics into their Telegraf equivalent form so that they are immediately visible through the default Chronograf dashboards (Using a proxy to feed metrics into Ganglia described a similar approach for sending metrics to Ganglia).

The following telegraf.js script instructs sFlow-RT to periodically export host metrics to InfluxDB:
var influxdb = "http://10.0.0.56:8086/write?db=telegraf";

function sendToInfluxDB(msg) {
if(!msg || !msg.length) return;

var req = {
url:influxdb,
operation:'POST',
headers:{"Content-Type":"text/plain"},
body:msg.join('\n')
};
req.error = function(e) {
logWarning('InfluxDB POST failed, error=' + e);
}
try { httpAsync(req); }
catch(e) {
logWarning('bad request ' + req.url + ' ' + e);
}
}

var metric_names = [
Continue reading

IDG Contributor Network: Public vs. private cloud: Why the public cloud is a real threat to security

The debate on public versus private cloud is a fierce one with advocates on both sides. Security experts, however, consistently fall in the pro-private camp. As a compliance and security expert, I have to agree.First, let’s be clear on the definitions.The public cloud is available to the public—in a free or pay-per-use capacity—and is accessible via the web. Some examples include Google Apps, Office 365, file sharing applications such as Box or Dropbox, and so on. The private cloud, on the other hand, is the same service, but it sits behind your firewall and limits access to your internal departments, employees, customers, etc. in your organization. The private cloud is either run by your IT department or your data center. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Public vs. private cloud: Why the public cloud is a real threat to security

The debate on public versus private cloud is a fierce one with advocates on both sides. Security experts, however, consistently fall in the pro-private camp. As a compliance and security expert, I have to agree.First, let’s be clear on the definitions.The public cloud is available to the public—in a free or pay-per-use capacity—and is accessible via the web. Some examples include Google Apps, Office 365, file sharing applications such as Box or Dropbox, and so on. The private cloud, on the other hand, is the same service, but it sits behind your firewall and limits access to your internal departments, employees, customers, etc. in your organization. The private cloud is either run by your IT department or your data center. To read this article in full or to leave a comment, please click here

Beyond the Net Funding Programmes – Call for Applications

We are happy to announce that Applications for Beyond the Net Medium and Large grants are open until Thursday, 23 March 2017.

Beyond the Net seeks to improve the quality of people’s lives in all parts of the world by providing them meaningful access to an open, trusted and global Internet.

Do you have a project that can promote the development of your community, but you don’t have the economic resources to implement it? 

Beyond the Net provides funding up to $30,000 USD for one or two years’ projects.

Projects must focus in one or more of the following categories:

Ilda Simao

Avaya, in no-brainer, pulls $1 billion IPO in wake of bankruptcy filing

Avaya Holdings has withdrawn the $1 billion IPO offering it filed more than 5 years ago in the wake of last week's filing for Chapter 11 bankruptcy by principal U.S. subsidiary Avaya, Inc. Avaya was taken private in 2007 after being acquired by two private equity firms for $8.2 billion. Enterprise networking and collaboration vendor Avaya said last week that its Chapter 11 filing is part of its transition from a hardware to software and services company. The company, which is looking to shed its $6 billion debt load, last week reported decreased revenue and an operating loss for its fiscal year ended Sept. 30.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Data center managers, it’s time to commit to those New Year’s resolutions

Whether it’s a new exercise program, volunteering for charitable causes or deciding to go gluten-free, studies have shown that nearly half of people who fully commit to New Year’s resolutions were over 10 times more likely to succeed at realizing real change as compared to 4 percent who do not.The concept of New Year’s resolutions dates back to the Babylonians, who at the start of each year made promises to their gods to return borrowed objects and pay their debts. Romans, too, would begin each year by making promises to Janus, the god of beginnings and transitions, for whom the month of January is named.+ Also on Network World: More proof the cloud is winning big + But wait, dear data center manager. You say you don’t have time to do gut-crunchers every morning and balk at the prospect of giving up bread and pasta? To be perfectly clear, I understand but do not condone your lack of commitment. Change is difficult. And besides, some who follow cultural trends claim that dad bods are slowly coming into fashion.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Data center managers, it’s time to commit to those New Year’s resolutions

Whether it’s a new exercise program, volunteering for charitable causes or deciding to go gluten-free, studies have shown that nearly half of people who fully commit to New Year’s resolutions were over 10 times more likely to succeed at realizing real change as compared to 4 percent who do not.The concept of New Year’s resolutions dates back to the Babylonians, who at the start of each year made promises to their gods to return borrowed objects and pay their debts. Romans, too, would begin each year by making promises to Janus, the god of beginnings and transitions, for whom the month of January is named.+ Also on Network World: More proof the cloud is winning big + But wait, dear data center manager. You say you don’t have time to do gut-crunchers every morning and balk at the prospect of giving up bread and pasta? To be perfectly clear, I understand but do not condone your lack of commitment. Change is difficult. And besides, some who follow cultural trends claim that dad bods are slowly coming into fashion.To read this article in full or to leave a comment, please click here

Many organizations still opt for ‘good enough’ cybersecurity

Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents, so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here

Many Organizations Still Opt for “Good Enough” Cybersecurity

Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA).  As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here

Many Organizations Still Opt for “Good Enough” Cybersecurity

Late last year, ESG published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA).  As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that: 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers. 27% of organizations experienced one or several incidents of ransomware. 20% of organizations experienced one or several incidents resulting in the disruption of a business application. 19% of organizations experienced one or several incidents resulting in the disruption of a business process. It should be noted that between 23% and 30% of the survey population responded “don’t know” or “prefer not to say” when asked about different types of security incidents so the percentages represented above are likely much higher.To read this article in full or to leave a comment, please click here

Hugo Barra quits Chinese phone maker Xiaomi to return to Silicon Valley

Hugo Barra is returning to Silicon Valley, just over three years after he left Google to help turn Chinese smartphone maker Xiaomi into a global company.During Barra's time in Beijing, Xiaomi has grown far beyond its home market with its strategy of selling stylish Android phones on thin profit margins. In January, it made a splash at the CES trade show in Las Vegas, capping a series of international launches that had taken the company into over 20 countries, including India, Indonesia, Singapore, Malaysia, Russia, Mexico and Poland.To read this article in full or to leave a comment, please click here

IDG Contributor Network: New game, new rules: 3 steps to secure your bank in the digital age

Banks all around the world are re-imagining their businesses to put customer demands front and center. They are undergoing massive digital transformation processes to do so; however, these transformations, coupled with an always-connected, digitally savvy customer and an emerging “hacker industry,” create new and heightened security risks that banks must deal with immediately.This is a new normal for banks, as evidenced by recent attacks such as the SWIFT hack, and maintaining the security of their systems and customer data will require them to follow new rules and regulations.To read this article in full or to leave a comment, please click here

IDG Contributor Network: New game, new rules: 3 steps to secure your bank in the digital age

Banks all around the world are re-imagining their businesses to put customer demands front and center. They are undergoing massive digital transformation processes to do so; however, these transformations, coupled with an always-connected, digitally savvy customer and an emerging “hacker industry,” create new and heightened security risks that banks must deal with immediately.This is a new normal for banks, as evidenced by recent attacks such as the SWIFT hack, and maintaining the security of their systems and customer data will require them to follow new rules and regulations.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Tricentis scoops up mega cash to help enterprises test software

Software testing has always been “a thing.” It has always been necessary to test the various aspects of the software solutions that enterprises create before putting them out in the wild.But the thing that has changed is that software is now incredibly more pervasive than it has ever been before. There are orders of magnitude more software solutions than at any time in the past. Add to that the fact that the complexity of software is always increasing, and you have a real challenge from the perspective of testing.So, it should come as no surprise to see an increasing number of tools and solutions that aim to solve the testing issue—from crowd-sourcing platforms that allow the “wisdom of the masses” to help worth an organization’s testing process to platforms that offer to “automate” all or part of the testing process.To read this article in full or to leave a comment, please click here

6 EMM predictions for 2017

With an increased focus on wearables, the IoT, machine learning and virtual reality, CIOs will need to ensure their enterprise mobility management (EMM) strategies can scale. Mobile devices aren't going away, and they're only getting more difficult to manage. Whether it's employees or customers, the number of potential hardware and software exchanging corporate data day in and day out can be staggering."If EMM is managing millions of devices today it will manage billions of other assets in the future," says Clare Grant, general manager of Red Hat Mobile.To read this article in full or to leave a comment, please click here

10 new AWS cloud services you never expected

In the beginning, life in the cloud was simple. Type in your credit card number and—voilà—you had root on a machine you didn’t have to unpack, plug in, or bolt into a rack.That has changed drastically. The cloud has grown so complex and multifunctional that it’s hard to jam all the activity into one word, even a word as protean and unstructured as “cloud.” There are still root logins on machines to rent, but there are also services for slicing, dicing, and storing your data. Programmers don’t need to write and install as much as subscribe and configure.[ Download the public cloud megaguide PDF: Amazon, Microsoft, Google, IBM, and Joyent compared. | Stay up on the cloud with InfoWorld’s Cloud Computing Report newsletter. ] Here, Amazon has led the way. That’s not to say there isn’t competition. Microsoft, Google, IBM, Rackspace, and Joyent are all churning out brilliant solutions and clever software packages for the cloud, but no company has done more to create feature-rich bundles of services for the cloud than Amazon. Now Amazon Web Services is zooming ahead with a collection of new products that blow apart the idea of the cloud as a blank Continue reading