To beat cyber extortionists, enterprises need to punch above their weight class

There are only two types of enterprises it seems. Enterprises who have paid cyber extortionists to recover data, and those that have not yet paid.The outlook is bad and getting worse According to IBM Security’s report on Ransomware (pdf – sign in required): “Almost one in two executives (46 percent) has some experience with ransomware attacks in the workplace, and 70 percent of that 46 percent have paid to get data back."To read this article in full or to leave a comment, please click here

Tech companies like Privacy Shield but worry about legal challenges

Privacy Shield, the new international framework allowing companies to transfer customer data between the EU and the U.S., is getting good reviews so far, but some companies aren't betting on it for the long term.Companies using Privacy Shield worry that it may face the same fate as long-used predecessor the Safe Harbor Framework, which was overturned by the European Court of Justice in October 2015 after revelations of mass surveillance by the U.S National Security Agency. Digital Rights Ireland and French civil liberties group La Quadrature du Net have also challenged Privacy Shield in court, saying the new framework doesn't adequately protect Europeans' privacy.To read this article in full or to leave a comment, please click here

Google sued by employee for confidentiality policies that ‘muzzle’ staff

A product manager at Google has sued the company for its allegedly illegal confidentiality agreements, policies and practices that among other things prohibit employees from speaking even internally about illegal conduct and dangerous product defects for fear that such statements may be used in legal discovery during litigation or sought by the government.The alleged policies, which are said to violate California laws, restrict employees' right to speak, work or whistle-blow, and include restrictions on speaking to the government, attorneys or the press about wrongdoing at Google or even “speaking to spouse or friends about whether they think their boss could do a better job,” according to a complaint Tuesday in the Superior Court of California for the city and county of San Francisco.To read this article in full or to leave a comment, please click here

Congressional report sides with Apple on encryption debate

The U.S. is better off supporting strong encryption that trying to weaken it, according to a new congressional report that stands at odds with the FBI’s push to install backdoors into tech products.On Tuesday, a bipartisan congressional panel published a year-end report, advising the U.S. to explore other solutions to the encryption debate.“Any measure that weakens encryption works against the national interest,” the report said.The congressional panel formed back in March, amid the FBI’s public battle with Apple over trying to gain access to a locked iPhone belonging to the San Bernardino shooter.To read this article in full or to leave a comment, please click here

Opening Web Internet Location Files on Ubuntu

As part of my effort to make myself and my workflows more “cross-platform friendly,” I’ve been revisiting certain aspects of how I do things. One of the things I’m reviewing is how I capture—and later review—posts or articles on the web. On OS X, I would run an AppleScript that generated a .webloc file (aka an Internet location file). This is an XML file that OS X understands. However, Linux doesn’t natively understand these files, so today I came up with a solution to reading .webloc files with Ubuntu and Firefox.

The solution to the file involves the use of xmllint, a tool that you can install on Ubuntu as part of the “libxml2-utils” package. Using xmllint, you can easily extract a single XML element from an XML file—and .webloc files are just XML files. For the sake of illustration, here’s the contents of a .webloc file generated on OS X:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>URL</key>
    <string>http://blog.fntlnz.wtf/post/systemd-nspawn/</string>
</dict>
</plist>

Using xmllint, you can extract the URL value, and then pass Continue reading

Tim Cook reaffirms Apple’s commitment to the Mac, in response to growing doubt

The Mac Pro and Mac mini have languished for years. The iMac faces increased competition from rivals like Microsoft’s Surface Studio. The MacBook is thinner and lighter than ever, but not more powerful. Critics say it’s clear that Apple has put the Mac on the back burner. In a memo to employees, CEO Tim Cook said nothing could be further from the truth: “We have great desktops in our roadmap,” he wrote, according to TechCrunch. “Nobody should worry about that.”To read this article in full or to leave a comment, please click here

Worth Reading: Information paralysis

Modern Western man is suffering from an information overload. There are now over one million new books published each year in just the U.S., large newspapers publish anywhere from 1,000 to 5,000 pieces of content per week, and it’s now reported that 3 million blog posts are written every day. The exponential amount of information produced today is no doubt impressive. But it’s also paralyzing. And it’s also harmful for a culture. —Intellectual Takeout

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Information paralysis appeared first on 'net work.

How Rackspace will stay alive in cloud: Stop competing with Amazon, start partnering

In August, 2016 months of speculations ended when Rackspace announced that an investment management group would purchase the 18-year-old company. Rumors have been swirling that the company may be acquired, but instead Rackspace took the route that Dell, Riverbed and BMC have and went private.To read this article in full or to leave a comment, please click here

Google researchers help developers test cryptographic implementations

Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.The company's Project Wycheproof, which was released on GitHub, contains more than 80 test cases for widely used cryptographic algorithms, including RSA, AES-GCM, AES-EAX, Diffie-Hellman, Elliptic Curve Diffie-Hellman (ECDH), and the digital signature algorithm (DSA).Google's researchers have developed these tests by implementing some of the most common cryptographic attacks. So far, the tests have helped them uncover more than 40 security bugs in cryptographic libraries, and they have been reported to affected vendors.To read this article in full or to leave a comment, please click here

Use virtual containers to isolate ransomware

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Keeping internal networks safe from the ravages of the Internet is increasingly hard, but virtual container solutions allow users to function normally while preventing the “deplorables” of the Internet– malware, exploits, and other negative phenomena – from reaching files and sensitive data.

Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you a great deal of trouble and expense.

To read this article in full or to leave a comment, please click here

Use virtual containers to isolate ransomware

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Keeping internal networks safe from the ravages of the Internet is increasingly hard, but virtual container solutions allow users to function normally while preventing the “deplorables” of the Internet– malware, exploits, and other negative phenomena – from reaching files and sensitive data.Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you a great deal of trouble and expense.To read this article in full or to leave a comment, please click here

High-demand cybersecurity skills in 2017

As I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today. Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats. Yikes!So, the skills deficit is clear, but which types of cybersecurity skills are in the highest demand? In the recently published ESG/ISSA research report, Through the Eyes of Cybersecurity Professionals, 371 cybersecurity professionals were asked to identify areas where the organizations they worked for had the biggest skills gaps. The results are as follows:To read this article in full or to leave a comment, please click here

High Demand Cybersecurity Skills in 2017

As I’ve written many times, the cybersecurity skills shortage is the biggest cybersecurity issue we face today.  Not only are there too few bodies to fill the cybersecurity jobs, but a recent series of research reports from ESG and the Information Systems Security Association (ISSA) indicates that many currently employed cybersecurity professionals are overworked, not managing their careers proactively, and not receiving the proper amount of training to stay ahead of increasingly dangerous threats.  Yikes!So, the skills deficit is clear but which types of cybersecurity skills are in the highest demand?  In the recently published ESG/ISSA research report title, Through the Eyes of Cybersecurity Professionals, 371 cybersecurity professionals were asked to identify areas where the organizations they worked for had the biggest skills gaps.  The results are as follows:To read this article in full or to leave a comment, please click here

1 2,360 2,361 2,362 2,363 2,364 3,763