10 AWS security blunders and how to avoid them

The cloud has made it dead simple to quickly spin up a new server without waiting for IT. But the ease of deploying new servers -- and the democratic nature of cloud management -- can be a security nightmare, as a simple configuration error or administrative mistake can compromise the security of your organization's entire cloud environment.With sensitive data increasingly heading to the cloud, how your organization secures its instances and overall cloud infrastructure is of paramount importance. Cloud providers, like Amazon, secure the server hardware your instances run on, but the security of the cloud infrastructure your organization sets up on that infrastructure is all on you. A broad array of built-in security services and third-party tools are available to secure practically any workload, but you have to know how to use them. And it all starts with proper configuration.To read this article in full or to leave a comment, please click here

10 AWS security blunders and how to avoid them

The cloud has made it dead simple to quickly spin up a new server without waiting for IT. But the ease of deploying new servers -- and the democratic nature of cloud management -- can be a security nightmare, as a simple configuration error or administrative mistake can compromise the security of your organization's entire cloud environment.With sensitive data increasingly heading to the cloud, how your organization secures its instances and overall cloud infrastructure is of paramount importance. Cloud providers, like Amazon, secure the server hardware your instances run on, but the security of the cloud infrastructure your organization sets up on that infrastructure is all on you. A broad array of built-in security services and third-party tools are available to secure practically any workload, but you have to know how to use them. And it all starts with proper configuration.To read this article in full or to leave a comment, please click here

Ex-Facebook, Dropbox engineers offer debugging as a service

A group of former Facebook and Dropbox engineers is developing a service for debugging complex systems and answering ad hoc questions in real time.Honeycomb, currently in an open beta cycle, is a SaaS platform that reduces MTTR (mean time to repair) for outages and degraded services, identifies bugs and performance regressions, isolates contributing factors to failures, and reproduces user bug reports.[ Find out how to get ahead with our career development guide for developers. | The art of programming is changing rapidly. We help you navigate what's hot in programming and what's going cold. | Keep up with hot topics in programming with InfoWorld's Application Development newsletter. ] The collective debugging skills of teams would be captured and preserved, according to the project website. Rather than relying on a dashboard, Honeycomb is for interactive debugging.To read this article in full or to leave a comment, please click here

Ex-Facebook, Dropbox engineers offer debugging as a service

A group of former Facebook and Dropbox engineers is developing a service for debugging complex systems and answering ad hoc questions in real time.Honeycomb, currently in an open beta cycle, is a SaaS platform that reduces MTTR (mean time to repair) for outages and degraded services, identifies bugs and performance regressions, isolates contributing factors to failures, and reproduces user bug reports.[ Find out how to get ahead with our career development guide for developers. | The art of programming is changing rapidly. We help you navigate what's hot in programming and what's going cold. | Keep up with hot topics in programming with InfoWorld's Application Development newsletter. ] The collective debugging skills of teams would be captured and preserved, according to the project website. Rather than relying on a dashboard, Honeycomb is for interactive debugging.To read this article in full or to leave a comment, please click here

Battling gender bias in IT

Kate Flathers was having a bad day. Between meetings, phone calls and projects going off the rails, the last thing she wanted to do was a candidate interview. So her first thought when she glanced at the résumé and cover letter that crossed her desk was, “Whew — I’m glad I don’t have to get involved in this one.”In her role as director of product development at DrugDev, a provider of a clinical trials operations platform, Flathers was pulled into the interviewing process only after the first few rounds, when things were going well and a candidate had passed a number of initial screenings. And the candidate she was looking at certainly didn’t fit the usual profile of a software developer: A woman in her 40s who was making a late-stage career change.To read this article in full or to leave a comment, please click here

How secure are home robots?

They have blinking lights and tend to chirp constantly. One of them can vacuum your living room carpet on a schedule. Another can play games with the kids using artificial intelligence.Yet, for homeowners (and security professionals) there’s a question about whether home robots could become an attack vector for hackers. Tapping into a live webcam feed and recording it? Stealing Wi-Fi information from an unprotected signal so you can transmit illegal wares? What makes a home robot such an ingenious ploy is that few of us think a vacuum could possibly become anything remotely viable for criminal use. Yet, that’s exactly the danger.“Homeowners never change the default passwords or use simple passwords which can be broken thus allowing hackers to leverage their way onto a home network and use the robot as a pivot point for further exfiltration of sensitive data or plant malware,” says Kevin Curran, a senior lecturer in computer science at the University of Ulster and IEEE member.To read this article in full or to leave a comment, please click here(Insider Story)

How secure are home robots?

They have blinking lights and tend to chirp constantly. One of them can vacuum your living room carpet on a schedule. Another can play games with the kids using artificial intelligence.To read this article in full or to leave a comment, please click here(Insider Story)

Twitter’s impact on 2016 presidential election is unmistakable

Twitter has played an outsized role in a 2016 presidential election that continues to test the electorate. Despite Twitter's ongoing business problems, the ability of a single tweet to shape political conversation and drive media coverage has never been greater. A marked contrast exists between Twitter's business acumen (or lack thereof) and the sometimes seemingly unintentional influence it wields on the current election.The leading candidates for America's next presidency use Twitter to energize their supporters and draw citizens who wouldn't otherwise follow political discourse. Twitter's simple and personal messages resonate in a way that more traditional means of communication — mail robocalls and yard signs — no longer can.To read this article in full or to leave a comment, please click here

Flood of threat intelligence overwhelming for many firms

Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.To read this article in full or to leave a comment, please click here

Flood of threat intelligence overwhelming for many firms

Three years after Target missed alerts warning them about a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, according to new reports, due to a lack of expertise and integration issues.Seventy percent of security pros said that their companies have problems taking actions based on threat intelligence because there is too much of it, or it is too complex, according to a report by Ponemon Research released on Monday. In particular, 69 percent said that their companies lacked staff expertise. As a result, only 46 percent said that incident responders used threat data when deciding how to respond to threats, and only 27 percent said that they were effective in using the data.To read this article in full or to leave a comment, please click here

A second Privacy Shield legal challenge increases threat to EU-US data flows

The Privacy Shield transatlantic data transfer deal is now caught in a pincer action: A week after it emerged that Irish digital rights activists had filed suit to annul the deal come reports that a French campaign group has begun its own legal action.French civil liberties campaign group La Quadrature du Net filed suit against the European Commission, the European Union's executive body, on Oct. 25.Although the Court of Justice of the EU has not yet published details of the complaint, Brussels-based news agency Euractiv reported Thursday that La Quadrature's goal is to annul the Commission's decision that Privacy Shield provides adequate protection under EU law when the personal information of EU citizens is transferred to the U.S. for processing.To read this article in full or to leave a comment, please click here

Building The Stack Above And Below OpenStack

It has been six years now since the “Austin” release of the OpenStack cloud controller was released by the partnership of Rackspace Hosting, which contributed its Swift object storage, and NASA, which contributed its Nova compute controller. NASA was frustrated by the open source Eucalyptus cloud controller, which was not completely open source and which did not add features fast enough, and Rackspace was in a fight for mindshare and marketshare against much larger cloud rival Amazon Web Services and wanted to leverage both open source and community to push back against its much larger rival.

OpenStack may not have

Building The Stack Above And Below OpenStack was written by Timothy Prickett Morgan at The Next Platform.

IDG Contributor Network: The day the 911 network stood still

In the early morning hours of Wednesday, Oct. 26, 2016, an apparent Telephony Denial of Service (TDoS) attack was brought against several cities that brought 911 to a grinding halt.The incident triggered a response from the Department of Homeland Security's National Cybersecurity & Communications Integration Center National Coordinating Center for Communications (NCIC/NCC) and a Watch Advisory for a TDoS attack on public-safety answering points (PSAP) was issued just after lunch.Investigators were led to a web page created by 18-year-old, Phoenix-based Meetkumar Hiteshbhai Desai. Desai said he was merely looking for bugs in Apple's iOS in an attempt to capture a reward from Apple as part of its bug bounty program. Apple launched this long-awaited program in September, and the company is offering five different categories of reward prizes:To read this article in full or to leave a comment, please click here

IDG Contributor Network: The day the 911 network stood still

In the early morning hours of Wednesday, Oct. 26, 2016, an apparent Telephony Denial of Service (TDoS) attack was brought against several cities that brought 911 to a grinding halt.The incident triggered a response from the Department of Homeland Security's National Cybersecurity & Communications Integration Center National Coordinating Center for Communications (NCIC/NCC) and a Watch Advisory for a TDoS attack on public-safety answering points (PSAP) was issued just after lunch.Investigators were led to a web page created by 18-year-old, Phoenix-based Meetkumar Hiteshbhai Desai. Desai said he was merely looking for bugs in Apple's iOS in an attempt to capture a reward from Apple as part of its bug bounty program. Apple launched this long-awaited program in September, and the company is offering five different categories of reward prizes:To read this article in full or to leave a comment, please click here

Uber faces lawsuit from courier claiming employee status

Taking a cue from Uber drivers, a ‘foot and bike’ courier has filed a proposed class-action lawsuit against the ride-hailing company and a subsidiary, demanding minimum wages, and reimbursement of tools-of-the-trade expenses and gratuities as would be typically provided to regular employees.Uber has introduced its delivery services, called UberEats and UberRush, in some cities in the U.S. and other countries.In a proposed class action lawsuit on behalf of himself and other Uber couriers in New York, Matthew B. Burgos, claims that among other things, Uber circumvents its duty of supplying safety gear by misclassifying its couriers as independent contractors. Couriers are also required to purchase their own ‘tools of the trade’ including their own bicycles, helmets and reflectors in making deliveries for Uber.To read this article in full or to leave a comment, please click here

Running a standalone OpenStack Neutron server

One of the great advantage for an OpenStack developer is the ease with which a dev environment can be created. I cannot say enough good things about devstack. Devstack is a tool that provides a very flexible way of creating development environment for OpenStack. Devstack is very flexible and can be configured using simple config … Continue reading Running a standalone OpenStack Neutron server

In which I have to debunk a second time

So Slate is doubling-down on their discredited story of a secret Trump server. Tip for journalists: if you are going to argue against an expert debunking your story, try to contact that expert first, so they don't have to do what I'm going to do here, showing obvious flaws. Also, pay attention to the data.


The experts didn't find anything

The story claims:
"I spoke with many DNS experts. They found the evidence strongly suggestive of a relationship between the Trump Organization and the bank".
No, he didn't. He gave experts limited information and asked them whether it's consistent with a conspiracy theory. He didn't ask if it was "suggestive" of the conspiracy theory, or that this was the best theory that fit the data.

This is why "experts" quoted in the press need to go through "media training", to avoid getting your reputation harmed by bad journalists who try their best to put words in your mouth. You'll be trained to recognize bad journalists like this, and how not to get sucked into their fabrications.


Jean Camp isn't an expert

On the other hand, Jean Camp isn't an expert. I've never heard of her before. She gets details wrong. Continue reading
1 2,389 2,390 2,391 2,392 2,393 3,680