Trump cybersecurity dos and don’ts

President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49 percent of cybersecurity professionals said cybersecurity is a critical issue and should be the top national security priority for the next President, while 45 percent said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front line see cybersecurity as a major priority, this should speak volumes to the President-elect. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cloud isn’t easy, but it needs to be

Over the past decade, I've witnessed a constant stream of IT executives and technology professionals view cloud as a threat to their careers. The business side of the organization has always been a captive customer of IT's services, and now IT feels threatened by the litany of low-cost solutions readily available in the public cloud.  Every once in a while IT begrudgingly agrees to implement a public cloud solution.  When the do, they carefully fence it off from the rest of IT—nominally to protect the company from hackers, but equally to protect the purity of IT. Treating cloud as a standalone point solution enables them to create a self-fulfilling prophecy, using the mixed results to demonstrate that cloud just can’t hack it in the real world. To read this article in full or to leave a comment, please click here

‘Distributed guessing’ attack lets hackers verify Visa card details

Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here

‘Distributed guessing’ attack lets hackers verify Visa card details

Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here

28% off Bushbox Titanium Outdoor Pocket Stove – Deal Alert

This Bushbox is an ultra light Titanium multi-fuel pocket stove for the great outdoors. It can be used with wood, organic material, a standard alcohol burner or esbit tabs, and folds down so small and lightweight that you could fit it in your pocket (or a Christmas stocking!). It comes with two trivets for any pot size, and comes with an ash pan for soil/ground protection. It averages 4.5 out of 5 stars on Amazon, where its list price of $69 has been reduced to $49.90. See the discounted titanium Bushbox on Amazon.To read this article in full or to leave a comment, please click here

How to find out if your iPhone 6s is eligible for free battery replacement

When my iPhone 6s started shutting down earlier this month even though it still had 20% or 30% battery life showing, I suspected maybe it was just getting too cold. After all, I've seen my iPhones be temperature sensitive in the past.But it turns out that the problem really stemmed from a bug in version 10.1 or 10.1.1 of Apple iOS, and now Apple is offering free battery replacement by those affected. The weird thing that those of us affected by this have experienced is that after charging the phone back in, it almost immediately turns back on, back at its 20% or 30% battery level.MORE: Best Black Friday 2016 deals on Apple iPhones, Macs & MoreTo read this article in full or to leave a comment, please click here

Windows 10 posts user-share gains after multi-month stall

After a two-month stretch of no growth, Windows 10 in November gained user share, powering more than a quarter of all Windows PCs for the first time, data published today showed.According to U.S. metrics vendor Net Applications, Windows 10 gained 1.1 percentage points of user share last month, ending with 23.7% of all personal computers. Windows 10 ran 26.1% of all Windows machines: The difference between the user share of all PCs and only those running Windows stemmed from the fact that Windows powered 91% of all personal computers, not 100%.User share is an estimate of the proportion of all personal computer users who run a device powered by a specific operating system. The analytics company measures OS user share by counting devices whose browsers reach websites of Net Applications' clients.To read this article in full or to leave a comment, please click here

Western Digital releases series of Raspberry Pi disk drives

Western Digital (WD) today introduced a new series of storage devices designed specifically for use with Raspberry Pi, a single-board micro PC.The WD PiDrive Foundation Edition drives include a microSD card preloaded with the custom New Out of Box Software OS installer.Raspberry Pi's official OS, Raspbian PIXEL, can be installed directly from WD's microSD card without an Internet connection, the company stated. In addition, the drives include Project Spaces, independent partitions of the drive with Raspbian Lite, which allows up to five separate projects to be developed on a single drive.To read this article in full or to leave a comment, please click here

22 wildly imaginative PCs that don’t look like PCs at all

More than meets the eyeImage by Anshel SagFor many people, PCs are just a tool; a bland beige or black box shoved underneath a desk and physically ignored except for when you press the power button. But not for everyone. In the right hands, PCs can be transformed into works of art inside and out.To read this article in full or to leave a comment, please click here

AWS looks to take the drudge work out of data analysis

Amazon Web Services is looking to make it easier, and more efficient, for enterprises to analyze their data in the cloud."Eighty percent of what we call analytics is not analytics at all but just hard work," said Werner Vogels, chief technology officer at Amazon.com, speaking during a keynote speech this morning at the AWS re:Invent cloud conference in Las Vegas.Instead of digging down into a company's data to find patterns and insights that will give an enterprise a competitive advantage, too much time is spent on indexing, storage, security, and making sure the right access is set up.+ MORE FROM AWS RE:INVENT: Cool tech at AWS re:Invent +To read this article in full or to leave a comment, please click here

The Daily DDoS: Ten Days of Massive Attacks

Back in March my colleague Marek wrote about a Winter of Whopping Weekend DDoS Attacks where we were seeing 400Gbps attacks occurring mostly at the weekends. We speculated that attackers were busy with something else during the week.

This winter we've seen a new pattern, and attackers aren't taking the week off, but they do seem to be working regular hours.

CC BY 2.0 image by Carol VanHook

On November 23, the day before US Thanksgiving, our systems detected and mitigated an attack that peaked at 172Mpps and 400Gbps. The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours stopping at 0300 UTC. It felt as if an attacker 'worked' a day and then went home.

The very next day the same thing happened again (although the attack started 30 minutes earlier at 1800 UTC).

On the third day the attacker started promptly at 1800 UTC but went home a little early at around 0130 UTC. But they managed to peak the attack over 200Mpps and 480Gbps.

And the attacker just kept this up day after day. Right through Thanksgiving, Black Friday, Cyber Monday and into this week. Night after night attacks were peaking Continue reading

Face-off: New Relic vs. AppDynamics for APM

Application performance management (APM) software must serve multiple masters -- developers, IT and business managers -- all of whom want visibility into the performance of corporate software to make sure it produces a great, reliable experience for the end-user.To read this article in full or to leave a comment, please click here(Insider Story)

How Windows 10 data collection trades privacy for security

Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features.[ InfoWorld’s deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality.To read this article in full or to leave a comment, please click here

How Windows 10 data collection trades privacy for security

Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features.[ InfoWorld’s deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality.To read this article in full or to leave a comment, please click here

AI will take some jobs, but no need to worry

The capabilities of artificial intelligence and machine learning are accelerating, and many cybersecurity tasks currently performed by humans will be automated. There will still be plenty of work to go around so job prospects should remain good, especially for those who keep up with technology, broaden their skill sets, and get a better understanding of their company's business needs.Cybersecurity jobs won't go the way of telephone operators. Take, for example, Spain-based antivirus company Panda Security. When the company first started, there were a number of people reverse-engineering malicious code and writing signatures.To read this article in full or to leave a comment, please click here

China cracks down on fake news

The current debate over fake online news has one country feeling vindicated: China. For years, its controversial censorship system has been cracking down on so-called "online rumors," and last week a state-controlled newspaper essentially told the U.S., "I told you so.""China’s crackdown on online rumors a few years ago was harshly condemned by the West,” wrote the Global Times. “Things changed really quickly, as the anxiety over internet management has been transferred to the U.S."To be sure, the two are very different.In the U.S., it’s private citizens and internet companies that are questioning the role of fake news while acknowledging freedom of speech. In China, the government itself is arresting people as part of its concerted effort to maintain control over all corners of the internet.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How we got our tattered IoT insecurity blanket

In my last post—Your network, IoT, cloud computing and the future—I introduced a few trends that appear to be shaping the Internet we have today. This post is the first of two that detail my observations on the large-scale security picture on the Internet and what companies, network professionals and individuals need to take into consideration when addressing the new challenges presented by expanding trends such as the cloud and the Internet of Things (IoT).Today’s installment outlines some fundamental architectural underpinnings of the security vulnerabilities we all face. The next installment will outline some near-term suggestions for things we each might do, as well as suggest some overall architectural moves that may make things safer for all users of the InternetTo read this article in full or to leave a comment, please click here

1 2,338 2,339 2,340 2,341 2,342 3,696