Zen and the art of security

I’m a Zen heretic, and so also is my sense of systems security.A very cogent citation describes the folly of it all. The people who install toolbars, click on random stuff and feel like they won something when they downloaded the free app are too plentiful, and security is too tough to understand—even PGP. Bringing up the bottom is as important as extending the top. We don’t ritualize security because that would be too tough, to impolite to do. Your mother did not teach you to use complex passwords and to change them as frequently as your underwear. Given some people I know, it’s a wonder they passed the “p@55w0rd” rubric they were trained to use.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Wi-Fi chip cannibalizes ambient Wi-Fi signals for power

Harvesting electromagnetic energy from thin air to develop self-sustaining Internet of Things (IoT) communications may become reality thanks to a new technology called HitchHike. The goal is to reduce the need for continual maintenance of the expected billions of IoT installations. Researchers say they’re close to the finish line. Worst case scenario, they say they’ll be able to get Wi-Fi chips to run for 10 years on the same, small battery.“HitchHike is the first self-sufficient Wi-Fi system that enables data transmission using just micro-watts of energy, almost zero,” claims Pengyu Zhang, a Stanford researcher, in a recent press release from the school.To read this article in full or to leave a comment, please click here

Netgear starts patching routers affected by a critical flaw

Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.To read this article in full or to leave a comment, please click here

Netgear starts patching routers affected by a critical flaw

Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.To read this article in full or to leave a comment, please click here

Netgear starts patching routers affected by a critical flaw

Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.To read this article in full or to leave a comment, please click here

64% Off Etekcity Lasergrip 1080 Non-contact Digital Laser Infrared Thermometer – Deal Alert

There are some things you just don't need -- until the price plummets to under $20 and then you can't grab your wallet fast enough. The Etekcity Lasergrip 1080 Digital Infrared Thermometer Temperature Gun aims with a laser while instantly measuring the temperature of almost anything you can shoot it at. List price is $49, but with the current 64% off deal you can snag it for just $17.88. The gun gets 4.5 out of 5 stars from over 2,300 reviewers (read reviews). Check electrical components, oven & fridge temps, check for drafts, find a frozen pipe, see if your beer is cold enough (because you can, that's why) -- at $17.88 it might pay for itself in just a few hours of wandering around the house. The Lasergrip 1080 has a measurable range of -58F to 1,022F (can display in celsius as well) and is powered by a 9-volt battery. If you've always wanted to check temps with lasers, see this heavily discounted item now at Amazon.To read this article in full or to leave a comment, please click here

AirMap, DigiCert to issue digital certificates for drones

Drones will start getting digital identification certificates under a new service being launched on Tuesday that hopes to bring trust and verification to the skies.The Drone IDs will be SSL/TLS certificates from DigiCert issued through AirMap, a provider of drone flight information data, and will first be available to users of Intel's Aero drone platform.Under the system, drone owners receive the digital ID in the form of an SSL/TLS certificate when they register for AirMap services. The ID is different from the identification number issued to drone owners by the U.S. Federal Aviation Administration and isn't part of any government scheme.To read this article in full or to leave a comment, please click here

AirMap, DigiCert to issue digital certificates for drones

Drones will start getting digital identification certificates under a new service being launched on Tuesday that hopes to bring trust and verification to the skies.The Drone IDs will be SSL/TLS certificates from DigiCert issued through AirMap, a provider of drone flight information data, and will first be available to users of Intel's Aero drone platform.Under the system, drone owners receive the digital ID in the form of an SSL/TLS certificate when they register for AirMap services. The ID is different from the identification number issued to drone owners by the U.S. Federal Aviation Administration and isn't part of any government scheme.To read this article in full or to leave a comment, please click here

Cloudflare Acquires Eager to Reimagine Apps

In 2011 we launched the Cloudflare Apps platform in an article that described Cloudflare as “not ... the sexiest business in the world.” Sexy or not, Cloudflare has since grown from the 3.5 billion pageviews a month we were doing then to over 1.3 trillion per month today. Along the way, we’ve powered more than a million app installations onto our customer’s websites.

For the last 6 years Cloudflare has been focused on building one of the world’s largest networks. The importance of that work has not left as much time as we would have liked to improve our app platform. With just 21 apps, we knew we were not delivering all that our marketplace could offer.

About six months ago, we were introduced to the team at Eager. Eager was building its own app store for installation onto any website. They impressed us with their ability to enable even the most non-technical website owner to install powerful tools to improve their sites through a slick interface. Eager’s platform included the features we wanted in our marketplace, like the ability to preview an app on a user's site before installing it. Even better, Eager had a powerful app Continue reading

Cybersecurity skills aren’t taught in college

Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren't enough qualified candidates to go around.When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 IT decision makers, 82 percent expressed a concern for the cybersecurity skills shortage. It's reached a point where the government has created the National Initiative for Cybersecurity and Studies (NICS) to help address the growing need for cybersecurity professionals, starting by getting kids introduced to cybersecurity as early as middle school.To read this article in full or to leave a comment, please click here

Cybersecurity skills aren’t taught in college

Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren't enough qualified candidates to go around.When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 IT decision makers, 82 percent expressed a concern for the cybersecurity skills shortage. It's reached a point where the government has created the National Initiative for Cybersecurity and Studies (NICS) to help address the growing need for cybersecurity professionals, starting by getting kids introduced to cybersecurity as early as middle school.To read this article in full or to leave a comment, please click here

5 tips to stay ahead of ransomware threats

The incidents of ransomware -- especially crypto-ransomware, in which cybercriminals hack vulnerable systems, encrypt the data and hold it for ransom -- saw a huge spike in 2016, and the practice shows no signs of slowing down.According to Symantec's 2016 Internet Security Threat Report (ISTR), there were more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase over 2015, which saw an average 1,000 attacks per day, according to the ISTR.While organizations can't ever be completely protected, there are a number of steps you can take to minimize the risk and potential fallout from a ransomware attack, says Scott Millis, CTO at mobile security and secure device management platform Cyber adAPT.To read this article in full or to leave a comment, please click here

5 tips to stay ahead of ransomware threats

The incidents of ransomware -- especially crypto-ransomware, in which cybercriminals hack vulnerable systems, encrypt the data and hold it for ransom -- saw a huge spike in 2016, and the practice shows no signs of slowing down.According to Symantec's 2016 Internet Security Threat Report (ISTR), there were more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase over 2015, which saw an average 1,000 attacks per day, according to the ISTR.While organizations can't ever be completely protected, there are a number of steps you can take to minimize the risk and potential fallout from a ransomware attack, says Scott Millis, CTO at mobile security and secure device management platform Cyber adAPT.To read this article in full or to leave a comment, please click here

Review: Microsoft Teams tries to do Slack one better

While it's become the standard productivity suite for many businesses, Microsoft Office has lacked a tool specifically built for group communication and collaboration.Office integrationTo read this article in full or to leave a comment, please click here(Insider Story)

8 ways companies can manage risks brought on by the SaaS Tsunami

Shadow ITImage by ThinkstockEvery employee is on a mission to find the next SaaS application that will make their job easier. With nothing more than a credit card and an expense report, anyone within the organization can sign-up for a new application in minutes.The problem is that employees are signing-up for SaaS apps without the knowledge or permission of their IT administrator. According to Gartner and Cisco, IT pros only know about 7% of the apps in use. Meaning, within any given organization, there are hundreds of unsecured SaaS apps, each a potential entry point for hackers to access your corporate data.To read this article in full or to leave a comment, please click here

Expect a new Swift upgrade this spring

Swift 3.1, a limited-focus upgrade to Apple's general purpose systems language, is due next spring, with a few enhancements to the language itself as well as to the Swift Package Manager and Swift on Linux. Source compatibility with Swift 3.0 also is a key goal.Apple detailed goals for the language in a recent bulletin, but the company already is looking past this upgrade to Swift 4, which is planned for late 2017, according to Apple's Ted Kremenek, release manager for Swift 3.1.[ InfoWorld's quick guide: Digital Transformation and the Agile Enterprise. | Download InfoWorld’s essential guide to microservices and learn how to create modern web and mobile applications that scale. ] "To meet this goal, Swift 3.1 will include changes in mainline development, i.e. the master branch, only until January 16," Kremenek said. "After that date, there will be a 'bake' period in which only select, critical fixes will go into the swift-3.1-branch and move master on to Swift 4 development."To read this article in full or to leave a comment, please click here

8 ways companies can manage risks brought on by the SaaS Tsunami

Shadow ITImage by ThinkstockEvery employee is on a mission to find the next SaaS application that will make their job easier. With nothing more than a credit card and an expense report, anyone within the organization can sign-up for a new application in minutes.The problem is that employees are signing-up for SaaS apps without the knowledge or permission of their IT administrator. According to Gartner and Cisco, IT pros only know about 7% of the apps in use. Meaning, within any given organization, there are hundreds of unsecured SaaS apps, each a potential entry point for hackers to access your corporate data.To read this article in full or to leave a comment, please click here

Nearly half of all websites pose security risks

According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here

Nearly half of all websites pose security risks

According to a new study of the top one million domains, 46 percent are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months.The big problem is that even when a website is managed by a careful company, it will often load content from other sites, said Kowsik Guruswamy, CTO at Menlo Park, Calif.-based Menlo Security, which sponsored the report, which was released this morning.For example, news sites -- 50 percent of which were risky -- typically run ads from third-party advertising networks.To read this article in full or to leave a comment, please click here

The latest ransomware is pure evil genius

Ransomware is always nasty business, but the latest variant discovered by the MalwareHunterTeam takes the nastiness to a whole ‘nother level.Turning victims into criminals Apparently, the latest Popcorn Time ransomware adds a new twist to the standard M.O. of demanding payment from their victims or permanently lose access to their files. In what seems like a brilliant if seriously messed up maneuver, if victims don’t want to pay the Bitcoin ransom “the fast and easy way,” the program gives victims the option of paying up “the nasty way”—by sending the ransomware link on to others. To read this article in full or to leave a comment, please click here