VMware removes hard-coded root access key from vSphere Data Protection

VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.To read this article in full or to leave a comment, please click here

Microsoft launches a Windows error code troubleshooting site

If you have used Windows for any length of time, you've undoubtedly been hit with an error code during an Update that told you absolutely nothing. "Error code: 0x80070422?" What the hell does that mean? If you were industrious, you could Google the code and maybe find a post on a Microsoft forum or elsewhere that offered some kind of clue as to what the error was and perhaps a solution. Now Microsoft has given us something a little more official. It’s a web page on the company’s support site called Fix Windows Update Errors that aims to help Windows users resolve update-related errors.To read this article in full or to leave a comment, please click here

A Very WebP New Year from Cloudflare

A Very WebP New Year from Cloudflare

Cloudflare has an automatic image optimization feature called Polish, available to customers on paid plans. It recompresses images and removes unnecessary data so that they are delivered to browsers more quickly.

Up until now, Polish has not changed image types when optimizing (even if, for example, a PNG might sometimes have been smaller than the equivalent JPEG). But a new feature in Polish allows us to swap out an image for an equivalent image compressed using Google’s WebP format when the browser is capable of handling WebP and delivering that type of image would be quicker.

A Very WebP New Year from Cloudflare CC-BY 2.0 image by John Stratford

What is WebP?

The main image formats used on the web haven’t changed much since the early days (apart from the SVG vector format, PNG was the last one to establish itself, almost two decades ago).

WebP is a newer image format for the web, proposed by Google. It takes advantage of progress in image compression techniques since formats such as JPEG and PNG were designed. It is often able to compress the images into a significantly smaller amount of data than the older formats.

WebP is versatile and able to replace the three main Continue reading

What India’s Banking Industry Breach Can Teach Us About the Importance of Collaboration

Towards the end of October 2016, several Indian banks announced they would be recalling millions of debit cards in the wake of a data breach that affected the backend of software that powered an ATM network there.

It was a situation that could have been better mitigated; a government-sponsored organization tasked with sharing information about data breaches completely missed the warning signs that a breach was taking place. As a result, no one connected the dots until millions of fraud cases had been detected.

Rachel Levy-Sarfin

Dan Geer Revisits 2014 BlackHat Recommendations: More Industry Recognition of the Problem, Much Left To Do

Computer security analyst and risk management specialist Dan Geer used his keynote at the Black Hat conference in 2014 to make 10 policy recommendations for increasing the state of cybersecurity. Among his suggestions: mandatory reporting of cybersecurity failures, product liability for Internet service providers and software companies, and off-the-grid alternative control mechanisms for increasingly Internet-reliant networks like utility grids and government databases.

I caught up with Geer for an update on his proposals, and his views on the current state of cybersecurity.

Jeri Clausing

Princeton’s “War of The Lights” – The Pitfalls of Enterprise-Level IoT Projects

The stadium lights ripped the darkness over an empty field.

They weren’t supposed to be on. The lights at Princeton University’s stadium, recently upgraded, should have followed an automated cycle, reducing the need for human oversight.

Instead, the lights went to war.

That’s how Jay Dominick, the vice president for information technology and the chief information officer for the Office of the Vice President for Information Technology at Princeton University, described to me what happened when I followed-up with him after he spoke at the Conference on Security and Privacy for the Internet of Things, held Oct. 16, 2016 at Princeton University.

Ann Miller

How Microsoft rebounded to outshine Apple

Microsoft claims that more people are switching to Surface devices from Macs than ever before. That's a concept that would have been hard to picture when Microsoft first released the Microsoft Surface RT and Surface Pro in 2012 and 2013, respectively. The Surface RT suffered from a watered-down version of the new -- and generally disliked -- Windows 8 operating system and, while the Surface Pro featured the full desktop version, it came with hardware limitations and a high price tag.To read this article in full or to leave a comment, please click here

Which mobile data provider is best?

That thing you carry in your pocket may be called a smartphone, but its main purpose isn’t to talk to other people — it’s a tiny computer you use to connect to the internet, get information and find and use apps. So, for the fourth year in a row we’ve gone on a mission to find out which mobile service provider gives you the most comprehensive and reliable data network coverage, the fastest upload and download speeds, and the most bang for the buck.To do it, we turned to the experts — you and other Computerworld readers. We conducted an 8-week-long online survey this summer asking smartphone users to rate providers in multiple categories: average upload speeds, average download speeds, availability of connection, reliability of connection, performance relative to cost, technical support, selection of phone models, customer service/billing and more.To read this article in full or to leave a comment, please click here

5 rock-solid Linux distros for developers

Developers love things their way and no other way. To that end, Linux stands to be the ultimate developer’s desktop environment. Linux is endlessly customizable, and it provides easy access to nearly all the software a developer might need. But a good Linux for developers must have other key attributes—like a comfortable work environment, good documentation, and useful features that a developer can benefit from generally.To read this article in full or to leave a comment, please click here(Insider Story)

Q&A: Puppet CEO sees devops going mainstream

Puppet has become synonymous with devops, and Sanjay Mirchandani, CEO of Puppet since late September, says the Puppet Enterprise platform for automating software delivery is now being used in more than 70 percent of the Fortune 100. InfoWorld Editor at Large Paul Krill recently spoke with Mirchandani about where the company is headed and devops' progress these days.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] InfoWorld: Does the company still find a need to define devops and its importance to prospective clients?To read this article in full or to leave a comment, please click here

Obama White House’s final tech recommendation: Invest in A.I.

One of the most important things that the U.S. can do to improve economic growth is to invest in artificial intelligence, or A.I., said the White House, in a new report. But there's a dark side to this assessment as well.A.I.-driven, intelligent systems have the potential to displace millions, such as truck drivers, from their jobs. But potential negative impacts can be offset by investments in education as well as by ensuring there is a safety net to help affected people, the White House argued, in what will likely be the Obama administration's final report on technology policy.Some of the report's recommendations, which include expanded unemployment help and access to healthcare, may be anathema to a Republican-controlled Congress with a focus on tax reductions and spending cuts. But this report -- "Artificial Intelligence, Automation, and the Economy" (PDF) -- which was in the works well before election day, also describes broader, technological-driven changes that will impact jobs and may pose issues for President-elect Donald Trump.To read this article in full or to leave a comment, please click here

How to improve your security grade in 2017

The City of San Diego seems to have all the building blocks in place to make the smart city an exceptionally safe one when it comes to cyber attacks. Deputy director and CISO Gary Hayslip has built out the city’s security operations center, he’s partnering with innovative security vendors and startups, and conferring with law enforcement to keep up with the latest threats. He has the backing of the mayor and city executives, with plenty of funding, and he’s hiring more staff.Yet when asked how he would grade his organization’s ability to detect and mitigate cyber threats, he offered a sobering assessment.“I would probably say about a C+,” Hayslip says. “I’m realistic. There’s a lot of risk out there. We’re dealing with about a million attacks a day on our networks. I’ve got 40 departments, 24 networks and 40,000 endpoints” to protect. As the smart city adds more IoT devices connecting streetlights, stoplights and HVAC systems to the network, the threat surface will only grow.To read this article in full or to leave a comment, please click here

The best Android apps of 2016

These are the best new apps of the yearImage by Ryan WhitwamTrying to keep track of every app that comes to the Play Store would be a complete impossibility. There are so many apps being uploaded every day that it can be easy to miss the good stuff hidden by all the mediocrity. We pay close attention to the Play Store, so here's your chance to catch up on all the best apps to hit Android in 2016. Every app on this list is worth trying—they're the best of the best.To read this article in full or to leave a comment, please click here

2016: The year of augmented reality

Over the past decade as virtual reality (VR) and augmented reality (AR) have matured, VR has overshadowed its cousin, AR. Media coverage and public interest favored VR, hailing it as the next big tech breakthrough. At the outset of 2016, the narrative looked no different: VR would continue to dominate. VR headsets such as the Oculus Rift and the HTC Vive were poised to hit the market in 2016. At the same time, the Samsung Gear VR made its public debut at the end of 2015 to make VR accessible through mobile. Despite these releases, the content, accessories and consumer readiness weren’t quite there. VR’s move to the mainstream faltered this year, as it now sits in a holding pattern waiting for the other pieces to mature.To read this article in full or to leave a comment, please click here

1 2,444 2,445 2,446 2,447 2,448 3,849