Yahoo reportedly to confirm massive data breach

Following reports that Yahoo will confirm a data breach that affects hundreds of millions of accounts, some users reported Thursday on Twitter and elsewhere that they were prompted to change their email password when trying to log in.Yahoo launched an investigation into a possible breach in early August after someone offered to sell a data dump of over 200 million Yahoo accounts on an underground market, including usernames, easy-to-crack password hashes, dates of birth and backup email addresses.The company has since determined that the breach is real and that it's even worse than initially believed, news website Recode reported Thursday, citing unnamed sources familiar with the investigation.To read this article in full or to leave a comment, please click here

Keeping up with incident response

A fire department in a large city certainly has a difficult job, but its mission is fairly straightforward. When a fire is detected, the fire department dispatches an appropriately sized staff to assess, contain and put out the fire, clean up, investigate what happened, and prepare themselves for the next blaze.Yup, it's a pretty simple process when a manageable number of fires are burning. But what would happen if there were hundreds or thousands of simultaneous infernos?My guess is that a senior fire chief (and perhaps other participants from local government and law enforcement) would have to make decisions on which blazes to resource and which to ignore. These decisions would certainly be based upon information analysis and best practices, but there is still some risk that the disregarded fires would end up being far worse than expected, turn into disasters, and call into question the judgement of all involved.To read this article in full or to leave a comment, please click here

Fixing the mixed content problem with Automatic HTTPS Rewrites

CloudFlare aims to put an end to the unencrypted Internet. But the web has a chicken and egg problem moving to HTTPS.

Long ago it was difficult, expensive, and slow to set up an HTTPS capable web site. Then along came services like CloudFlare’s Universal SSL that made switching from http:// to https:// as easy as clicking a button. With one click a site was served over HTTPS with a freshly minted, free SSL certificate.

Boom.

Suddenly, the website is available over HTTPS, and, even better, the website gets faster because it can take advantage of the latest web protocol HTTP/2.

Unfortunately, the story doesn’t end there. Many otherwise secure sites suffer from the problem of mixed content. And mixed content means the green padlock icon will not be displayed for an https:// site because, in fact, it’s not truly secure.

Here’s the problem: if an https:// website includes any content from a site (even its own) served over http:// the green padlock can’t be displayed. That’s because resources like images, JavaScript, audio, video etc. included over http:// open up a security hole into the secure web site. A backdoor to trouble.

Web browsers have known this was a problem Continue reading

IDG Contributor Network: AT&T’s AirGig shows wireless internet over power lines is possible

High-speed wireless internet could soon be delivered over power lines, according to a major mobile network operator that announced positive test results of a proposed system.AT&T says its project, called AirGig, will deliver multiple gigabit-speed wireless internet by creating broadband signals that will emanate from the power lines crossing the country and beyond.The company says it won’t actually connect its equipment directly to the powerline cables but will simply use the wires as way to send modulated radio signals to individuals’ homes, smartphones, tablets and so on. The equipment sits atop the utility poles and uses the existing wires for transmitting and receiving.To read this article in full or to leave a comment, please click here

SourceFire & AMP showing up on CCNP: Security

Looks like the SITCS Exam, that is part of the CCNP: Security exam is going from v1.0 to v1.5. SITCS is the exam oriented around ‘Implementing Cisco Threat Control Soluation’. Now, it only makes sense as the original version of this exam was more geared towards Cisco IPS & CX which has since been EoX’ed some time […]

Google’s Allo is an early personal assistant, not a late-to-market messaging app

Allo is a child that Google just sent to school to become your personal assistant. The first release looks like a messenger app because it is a common user interface (UI) that almost all smartphone users know, and it is conversational. Like a child learns to speak through conversation with adults, Allo will learn to be a personal assistant through quadrillions of messaging conversations if it succeeds as the next big platform.Google Now and Apple’s Siri are rudimentary compared to the personal assistant that Google Allo could become. Google Now’s and Siri’s voice to text is pretty accurate, but the user is limited to a fixed set of commands, navigate, play music, search, etc.To read this article in full or to leave a comment, please click here

Plan now for the EU’s privacy regulation revolution, says HPE exec

The cost of complying with the European Union's General Data Protection Regulation might seem like something best deferred until it enters force in 2018 -- but working on compliance just might boost profit, not reduce it.The GDPR, the EU's latest rewrite of its data privacy laws, doesn't enter effect until May 25, 2018, but already IT companies are talking up their software and services for complying with the new rules.It's not just an issue for EU enterprises: Any company processing the personal information of EU citizens is affected.To read this article in full or to leave a comment, please click here

Visit Docker @ Microsoft Ignite – Booth #758

 

Next week Microsoft will host over 20,000 IT executives, architects, engineers, partners and thought-leaders from around the world at Microsoft Ignite, September 25th-30th at the Georgia World Congress Center in Atlanta, Georgia.

Visit the Docker booth #758 to learn how developers and IT pros can build, ship, and run any application, anywhere, across both Windows and Linux operating systems with Docker. By transforming modern application architectures for Linux and Windows applications, Docker allows business to benefit from a more agile development environment with a single journey for all their applications.

Don’t miss out! Docker experts will be on-hand to for in-booth demos to help you:

  •       Deploy your first Docker Windows container
  •       Learn about Docker containers on Windows Server 2016
  •       Manage your container environment with Docker Datacenter on Windows

Calling all Microsoft MVPs!

Attend our daily in booth theater session “Docker Containers for Linux and Windows” with Docker evangelist Mike Coleman in the Docker booth @ 2PM every day. Session attendees will receive exclusive Docker and Microsoft swag.

To learn more about how Docker powers Windows containers, add these key Docker sessions to your Ignite agenda:

GS05: Reinvent IT infrastructure for business agility

Microsoft’s strategy Continue reading

IDG Contributor Network: MacOS Sierra: The day nothing happened

I was notified that a software update was available for a few of my systems. An update to macOS Sierra was available for my main production system, a MacBook Pro, and my travel system, a MacBook Air. My personal work environment also includes a cloud-based storage service, several Linux servers for local file and print services as well as a lonely, old Windows-based laptop to execute a single application to support a long-term consulting contract.Living with an electronic tower of potential trouble Since my production environment is made up of systems from different vendors, purchased at different times, and software from different vendors, the prospect of updating anything, much less the operating system on one of my production machines, is scary.To read this article in full or to leave a comment, please click here

Lockdown! Harden Windows 10 for maximum security

You may have heard that Microsoft has made Windows 10 more secure than any of its predecessors, packing it with security goodies. What you might not know is that some of these vaunted security features aren’t available out of the box or they require additional hardware -- you may not be getting the level of security you bargained for.Features such as Credential Guard are available for only certain editions of Windows 10, while the advanced biometrics promised by Windows Hello require a hefty investment in third-party hardware. Windows 10 may be the most secure Windows operating system to date, but the security-savvy organization -- and individual user -- needs to keep the following hardware and Windows 10 edition requirements in mind in order to unlock the necessary features to achieve optimum security.To read this article in full or to leave a comment, please click here

Investigating Cybersecurity Incidents — a free course

One of the biggest mistakes companies make when responding to a cybersecurity incident is taking well-meaning steps to “clean up the mess” that actually ruin the digital evidence needed to investigate and prosecute the case.Learning to securely preserve that forensic evidence is key to a successful legal case. In partnership with IDG Enterprise, training company Logical Operations Inc. presents a free online course on this timely topic: Investigating Cybersecurity Incidents.In three video sessions, you’ll learn skills such as how to plan the forensic investigation; collect, protect and analyze the evidence; write an investigation report; work with law enforcement; comply with relevant laws; and prepare for case for court.To read this article in full or to leave a comment, please click here(Insider Story)

Were Apple’s ‘leaked’ iPhone 7 tweets really a mistake?

Apple hasn't embraced social media the way its tech rivals have, but the company appears to have warmed to the medium. Today Apple uses its @AppleSupport account on Twitter as a customer service and outreach tool, and the company also maintains Twitter accounts for some of its most popular services, including Apple Music, the App Store, iTunes and Beats1. Apple also finally started to use its main @Apple Twitter account in the days leading up to the iPhone 7 launch earlier this month. But things got off to a bit of a rocky start. During the company's presentation, the company published and then immediately deleted at least three tweets to the @Apple account that revealed details and key features of the iPhone 7 — before it was officially announced.To read this article in full or to leave a comment, please click here

6 tips for managing a global workforce

Technology has drastically changed the role of management in the enterprise, as teams, and even entire companies, grow more disperse. In fact, it's not out of the realm of possibility that you could eventually work for a company with an entirely remote workforce.While technology has brought plenty of positives to the corporate world, it's also made managers' jobs more difficult. How do you effectively measure engagement and performance if you have a team of workers sprinkled across the country or even the globe?Phil Shawe, Co-CEO of TransPerfect manages over 4,000 employees across 100 countries -- and he's learned a lot from the experience. He's had to get creative to make it work, but based on lessons learned growing his company from an NYU dorm room in 1992 to a global operation, he has six tips to offer for effectively managing remote teams.To read this article in full or to leave a comment, please click here

Does Oracle have a shot in the public cloud vs. Amazon and Microsoft?

Larry Ellison has voiced fighting words at Oracle’s OpenWorld conference this week, announcing that Amazon Web Services’ lead in the IaaS market is over and that AWS will have “serious competition going forward.”But does Oracle actually have a shot versus AWS and the company many see as the second place vendor, Microsoft?“It depends,” says Gartner distinguished analyst Lydia Leong, author of the annual Magic Quadrant benchmark report for the public Infrastructure-as-a-Service cloud market.+MORE AT NETWORK WORLD: Oracle CEO Mark Hurd says he has the whole cloud stack +To read this article in full or to leave a comment, please click here

A Cisco-Salesforce deal means collaboration will come to you

The hardest thing about adopting an enterprise collaboration platform can be adoption itself – getting employees to actually start up the new software and then turn to it whenever they need to communicate.Putting the software inside something that workers already use is one way to drive adoption and also make the communication tools more valuable. Cisco Systems knows this, and on Thursday the company announced a strategic alliance with Salesforce, its second big partnership in that direction after its headline-grabbing Apple iOS integration.To read this article in full or to leave a comment, please click here

Sneak peek: 15 gadgets to put on your holiday wish list

Start making the list and checking it twiceThe calendar may say it’s the beginning of fall, but that won’t prevent us from giving you a sneak peek at some of the hottest devices and gadgets that will top your holiday wish list. Here’s a bunch of cool stuff that we’re hoping to get our hands on to present in our 17th annual Cool Yule Tools holiday gift guide (coming Nov. 14). Keep in mind that these devices are not yet reviewed, so we’re not giving these our official seal of approval for cool yule goodness, but rather an indication of some things that could be in the final guide.To read this article in full or to leave a comment, please click here

1 2,425 2,426 2,427 2,428 2,429 3,613