IDG Contributor Network: Lax IoT device security threatens to pollute the internet

DVRs, IP cameras and other smart products could become the next wave of pollutants that threaten how we live if the security issues around Internet of Things (IoT) devices aren’t addressed.We’ve already seen that too much IoT pollution can wreck our computing environment. The October DDoS attack that brought down Twitter, Netflix and other major websites for a large portion of the U.S. was launched by a botnet comprised of Web cameras, printers and other IoT devices.+ Also on Network World: 2017 security predictions + And while having those sites offline was an inconvenience, the results of that attack weren’t devastating. But future DDoS attacks that throw terabits of data at servers could have more disastrous results. Instead of going after an internet traffic management company, the attackers could target a hospital or a utility provider. Not being able to binge-watch Netflix shows pales in seriousness when compared to cities not having electricity or a doctor being unable to access electronic medical records.To read this article in full or to leave a comment, please click here

IDG Contributor Network: This holiday, design your cloud for data

It’s that time of the year. Ready, set, shop. Whether it's an iPad, a new car or a big egg with a light-up bird inside—like this year’s Hatchimals—every holiday season is filled with the must-have gifts that send consumers into a shopping frenzy.For retailers, the good news is consumers are in the mood to spend during the holiday season. The challenge is meeting consumer demands and battling intensifying competition.The National Retail Federation (NRF) expects retail sales in November and December (excluding autos, gas and restaurants) to reach $655.8 billion. Online sales are forecasted to reach $117 billion this season. And, of course, Cyber Monday plays a huge role in online sales.To read this article in full or to leave a comment, please click here

Worth Reading: The spillover effect

At the same time that default and end-to-end encryption enables dissidents to communicate, it also enables terrorists and other criminals to plot and plan without fear of detection. It means that even when a judge signs off on a warrant based on probable cause to believe that a particular device or account contains evidence of a crime that has been or is about to be committed, law enforcement cannot unlock the smartphone or obtain the relevant data in readable form. The concern is that criminals may go free, and dangerous plots may be left undetected. Comey and other law enforcement officials want US-based companies to provide sought-after data in readable form and to maintain the technological capacity to do so. But the approach is controversial; a powerful coalition of companies, civil liberties groups, and many others decries such efforts at mandated access as undercutting security for us all. —The Hoover Institution

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The spillover effect appeared first on 'net work.

VMware removes hard-coded root access key from vSphere Data Protection

VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.To read this article in full or to leave a comment, please click here

Microsoft launches a Windows error code troubleshooting site

If you have used Windows for any length of time, you've undoubtedly been hit with an error code during an Update that told you absolutely nothing. "Error code: 0x80070422?" What the hell does that mean? If you were industrious, you could Google the code and maybe find a post on a Microsoft forum or elsewhere that offered some kind of clue as to what the error was and perhaps a solution. Now Microsoft has given us something a little more official. It’s a web page on the company’s support site called Fix Windows Update Errors that aims to help Windows users resolve update-related errors.To read this article in full or to leave a comment, please click here

A Very WebP New Year from Cloudflare

A Very WebP New Year from Cloudflare

Cloudflare has an automatic image optimization feature called Polish, available to customers on paid plans. It recompresses images and removes unnecessary data so that they are delivered to browsers more quickly.

Up until now, Polish has not changed image types when optimizing (even if, for example, a PNG might sometimes have been smaller than the equivalent JPEG). But a new feature in Polish allows us to swap out an image for an equivalent image compressed using Google’s WebP format when the browser is capable of handling WebP and delivering that type of image would be quicker.

A Very WebP New Year from Cloudflare CC-BY 2.0 image by John Stratford

What is WebP?

The main image formats used on the web haven’t changed much since the early days (apart from the SVG vector format, PNG was the last one to establish itself, almost two decades ago).

WebP is a newer image format for the web, proposed by Google. It takes advantage of progress in image compression techniques since formats such as JPEG and PNG were designed. It is often able to compress the images into a significantly smaller amount of data than the older formats.

WebP is versatile and able to replace the three main Continue reading

What India’s Banking Industry Breach Can Teach Us About the Importance of Collaboration

Towards the end of October 2016, several Indian banks announced they would be recalling millions of debit cards in the wake of a data breach that affected the backend of software that powered an ATM network there.

It was a situation that could have been better mitigated; a government-sponsored organization tasked with sharing information about data breaches completely missed the warning signs that a breach was taking place. As a result, no one connected the dots until millions of fraud cases had been detected.

Rachel Levy-Sarfin

Dan Geer Revisits 2014 BlackHat Recommendations: More Industry Recognition of the Problem, Much Left To Do

Computer security analyst and risk management specialist Dan Geer used his keynote at the Black Hat conference in 2014 to make 10 policy recommendations for increasing the state of cybersecurity. Among his suggestions: mandatory reporting of cybersecurity failures, product liability for Internet service providers and software companies, and off-the-grid alternative control mechanisms for increasingly Internet-reliant networks like utility grids and government databases.

I caught up with Geer for an update on his proposals, and his views on the current state of cybersecurity.

Jeri Clausing

Princeton’s “War of The Lights” – The Pitfalls of Enterprise-Level IoT Projects

The stadium lights ripped the darkness over an empty field.

They weren’t supposed to be on. The lights at Princeton University’s stadium, recently upgraded, should have followed an automated cycle, reducing the need for human oversight.

Instead, the lights went to war.

That’s how Jay Dominick, the vice president for information technology and the chief information officer for the Office of the Vice President for Information Technology at Princeton University, described to me what happened when I followed-up with him after he spoke at the Conference on Security and Privacy for the Internet of Things, held Oct. 16, 2016 at Princeton University.

Ann Miller

How Microsoft rebounded to outshine Apple

Microsoft claims that more people are switching to Surface devices from Macs than ever before. That's a concept that would have been hard to picture when Microsoft first released the Microsoft Surface RT and Surface Pro in 2012 and 2013, respectively. The Surface RT suffered from a watered-down version of the new -- and generally disliked -- Windows 8 operating system and, while the Surface Pro featured the full desktop version, it came with hardware limitations and a high price tag.To read this article in full or to leave a comment, please click here

Which mobile data provider is best?

That thing you carry in your pocket may be called a smartphone, but its main purpose isn’t to talk to other people — it’s a tiny computer you use to connect to the internet, get information and find and use apps. So, for the fourth year in a row we’ve gone on a mission to find out which mobile service provider gives you the most comprehensive and reliable data network coverage, the fastest upload and download speeds, and the most bang for the buck.To do it, we turned to the experts — you and other Computerworld readers. We conducted an 8-week-long online survey this summer asking smartphone users to rate providers in multiple categories: average upload speeds, average download speeds, availability of connection, reliability of connection, performance relative to cost, technical support, selection of phone models, customer service/billing and more.To read this article in full or to leave a comment, please click here

5 rock-solid Linux distros for developers

Developers love things their way and no other way. To that end, Linux stands to be the ultimate developer’s desktop environment. Linux is endlessly customizable, and it provides easy access to nearly all the software a developer might need. But a good Linux for developers must have other key attributes—like a comfortable work environment, good documentation, and useful features that a developer can benefit from generally.To read this article in full or to leave a comment, please click here(Insider Story)

Q&A: Puppet CEO sees devops going mainstream

Puppet has become synonymous with devops, and Sanjay Mirchandani, CEO of Puppet since late September, says the Puppet Enterprise platform for automating software delivery is now being used in more than 70 percent of the Fortune 100. InfoWorld Editor at Large Paul Krill recently spoke with Mirchandani about where the company is headed and devops' progress these days.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] InfoWorld: Does the company still find a need to define devops and its importance to prospective clients?To read this article in full or to leave a comment, please click here

Obama White House’s final tech recommendation: Invest in A.I.

One of the most important things that the U.S. can do to improve economic growth is to invest in artificial intelligence, or A.I., said the White House, in a new report. But there's a dark side to this assessment as well.A.I.-driven, intelligent systems have the potential to displace millions, such as truck drivers, from their jobs. But potential negative impacts can be offset by investments in education as well as by ensuring there is a safety net to help affected people, the White House argued, in what will likely be the Obama administration's final report on technology policy.Some of the report's recommendations, which include expanded unemployment help and access to healthcare, may be anathema to a Republican-controlled Congress with a focus on tax reductions and spending cuts. But this report -- "Artificial Intelligence, Automation, and the Economy" (PDF) -- which was in the works well before election day, also describes broader, technological-driven changes that will impact jobs and may pose issues for President-elect Donald Trump.To read this article in full or to leave a comment, please click here

1 2,403 2,404 2,405 2,406 2,407 3,808