Microsoft expands laptop trade-in program to cover Macs

Perhaps Microsoft smells blood in the water because it's getting more aggressive with its laptop trade-in program. A while back it launched a program to trade in old laptops incapable of being upgraded to Windows 10. Now it has a new program, this time targeting old MacBooks.According to the trade-in page, users can send in almost any type of MacBook Air or MacBook Pro and they will be eligible for the discount. You might not get very much, and you might be better off selling the thing yourself on Craigslist. Then again, a lot of people are nervous about doing sales like that.To read this article in full or to leave a comment, please click here

Reaction: DevOps and Security

Over at TechBeacon, my friend Chris Romeo has an article up about DevOps and security. It’s interesting to me because this is actually an area I’d never thought about before, even though it makes sense. Given DevOps is essentially writing software to control infrastructure (like routers, compute, and storage), and software needs to be written in a way that is secure, then it should be obvious that DevOps software should be developed with good security principles gleaned from software development as part of the foundation.

And here we face a challenge, as Chris says—

There is no standard that defines security for DevOps, and the chances of a standard ever developing is small because different organizations are doing things their own way, and can’t even agree on a standard name. And while there is a standard for the secure development lifecycle (ISO/IEC 27034-1), few organizations are ever validated against it.

The key point in here is that every organization is doing things their own way. This isn’t wrong, of course, because every organization must have some “snowflakiness” to justify its existence, and that “snowflakiness” is often likely to show up, in a large way, in something like handling resources within Continue reading

DoJ: What does it take to prosecute federal computer crimes?

The need for vigorous criminal enforcement of cybercrime laws will only become more important as networked computers and the criminals who target them grow.That was how the Department of Justice started a blog post this week that defined how it decides whether or not to prosecute a federal computer-related crime.+More on Network World:  Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes+To read this article in full or to leave a comment, please click here

IDG Contributor Network: Residential routers easy to hack

The infamous “admin” user ID and hackable, weak passwords are prevalent on large numbers of home routers, says a security firm. That’s despite the public's increasing awareness of vulnerabilities and associated hacking.Researchers at ESET recently tested more than 12,000 home routers and found that many of the devices are insecure. Firmware was flawed in some cases.+ Also on Network World: Answers to ‘Is the internet broken?’ and other Dyn DDoS questions +“Approximately 7 percent of the routers tested show vulnerabilities of high or medium severity,” ESET says in an article on its Welivesecurity editorial website. “Fifteen percent of the tested routers used weak passwords, with ‘admin’ left as the username in most cases.”To read this article in full or to leave a comment, please click here

Robocall Strike Force set to take wraps off battle plan

Two months after accepting its marching orders, the federal Robocall Strike Force chaired by AT&T CEO Randall Stephenson and featuring industry heavyweights such as Verizon, Google and Apple, will tomorrow make public its plan for dramatically reducing the torrent of automated phone calls.“The Robocall Strike Force is an industry-led group which has been working to develop comprehensive solutions to prevent, detect, and filter unwanted robocalls,” says the FCC.  “Robocalls and telemarketing calls are the number one source of consumer complaints received by the FCC.  However, giving consumers meaningful control over the calls and texts they receive requires collective action by the industry.”To read this article in full or to leave a comment, please click here

Robocall Strike Force set to take wraps off battle plan

Two months after accepting its marching orders, the federal Robocall Strike Force chaired by AT&T CEO Randall Stephenson and featuring industry heavyweights such as Verizon, Google and Apple, will tomorrow make public its plan for dramatically reducing the torrent of automated phone calls.“The Robocall Strike Force is an industry-led group which has been working to develop comprehensive solutions to prevent, detect, and filter unwanted robocalls,” says the FCC.  “Robocalls and telemarketing calls are the number one source of consumer complaints received by the FCC.  However, giving consumers meaningful control over the calls and texts they receive requires collective action by the industry.”To read this article in full or to leave a comment, please click here

Workstation software flaw exposes industrial control systems to hacking

The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes -- spinning motors, opening and closing valves, etc. -- inside factories, power stations, gas refineries, public utilities and other industrial installations.Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.To read this article in full or to leave a comment, please click here

Workstation software flaw exposes industrial control systems to hacking

The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes -- spinning motors, opening and closing valves, etc. -- inside factories, power stations, gas refineries, public utilities and other industrial installations.Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.To read this article in full or to leave a comment, please click here

Critical account creation flaws patched in popular Joomla CMS

The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.To read this article in full or to leave a comment, please click here

Critical account creation flaws patched in popular Joomla CMS

The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.To read this article in full or to leave a comment, please click here

Microsoft wants to bring machine learning into the mainstream

Microsoft just released the open-source licensed beta release of the Microsoft Cognitive Toolkit on Github. This announcement represents a shift in Microsoft’s customer focus from research to implementation. It is an update to the Computational Network Toolkit (CNTK). The toolkit is a supervised machine learning system in the same category of other open-source projects such as Tensorflow, Caffe and Torch.  Microsoft is one of the leading investors in and contributors to the open machine learning software and research community. A glance at the Neural Information Processing Systems (NIPS) conference reveals that there are just four major technology companies committed to moving the field of neural networks forward: Microsoft, Google, Facebook and IBM.To read this article in full or to leave a comment, please click here

ARM builds up security in the tiniest IoT chips

IoT is making devices smaller, smarter, and – we hope – safer. It’s not easy to make all those things happen at once, but chips that can help are starting to emerge.On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company’s TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust.It’s designed to prevent devices from being hacked and taken over by intruders, a danger that’s been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.To read this article in full or to leave a comment, please click here

ARM builds up security in the tiniest IoT chips

IoT is making devices smaller, smarter, and – we hope – safer. It’s not easy to make all those things happen at once, but chips that can help are starting to emerge.On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company’s TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust.It’s designed to prevent devices from being hacked and taken over by intruders, a danger that’s been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.To read this article in full or to leave a comment, please click here

Google is trying to reinvent the whiteboard

What's big, red, and supposed to be the next big thing in workplace collaboration? Google's new Jamboard, a massive touch display and accompanying cloud service that's supposed to help business users brainstorm together. Jamboard works like a digital whiteboard, letting users sketch out ideas, attach digital sticky notes, plus bring in content from the web into a single, constantly updating workspace. People can use Jamboard to collaborate both on the 55-inch mega-display of the same name, or using accompanying tablet and smartphone apps for iOS and Android. The Jamboard is available in private beta for business customers of Google's G Suite productivity service offering starting Tuesday. The company expects to make it generally available early next year.To read this article in full or to leave a comment, please click here

Google buys eye-tracking VR firm Eyefluence

Google has acquired a 3-year-old eye-tracking company for virtual and augmented reality headsets, signaling the tech giant's interest in the immersive technologies.Eyefluence, founded in 2013 by serial entrepreneurs Jim Marggraff and David Stiehr, develops eye-interaction technologies to control VR and AR headsets. "Eyes can instantaneously transform intent into action, enabling communication as fast as you can see," the company says. The deal with Google was announced Tuesday. "With our forces combined, we will continue to advance eye-interaction technology to expand human potential and empathy on an even larger scale," Eyefluence said in a blog post.To read this article in full or to leave a comment, please click here

1 2,428 2,429 2,430 2,431 2,432 3,696