Adobe fixes flaws in Flash Player and Adobe Connect

Adobe Systems has released scheduled security patches for its widely used Flash Player software as well as the Adobe Connect web conferencing platform, which is  popular in enterprise environments.The Flash Player security updates fix nine critical vulnerabilities that could be exploited remotely to execute malicious code on computers. All of them were privately reported by researchers through Trend Micro's Zero Day Initiative, an exploit acquisition program.Users should upgrade to Flash Player 23.0.0.207 for Windows and Mac and to Flash Player 11.2.202.644 for Linux. The Flash Player builds bundled with Google Chrome, Microsoft Edge and Internet Explorer 11 will be upgraded automatically through those browsers' update mechanisms.To read this article in full or to leave a comment, please click here

15% off LifeStraw Personal Water Filter – Deal Alert

Having a LifeStraw Personal Water Filter at hand provides access to clean, safe drinking water whenever needed.  Weighing only 2 oz. (54g), LifeStraw is the perfect water filter for hiking and camping. LifeStraw uses advanced 0.2 micron hollow fiber membrane technology.  This highly efficient method of filtration requires no chemicals, batteries, or moving parts and can be easily backflushed to clean the filter. Perfect for a vehicle or home emergency kit.  The LifeStraw averages 4.7 out of 5 stars from over 5,200 people (read reviews). Its typical list price of $20 has been reduced to $17.To read this article in full or to leave a comment, please click here

Carnegie Mellon researchers visualize way to fend off DDoS attacks

Following the massive DDoS attack that last month that targeted DNS provider Dyn and temporarily knocked Twitter, Netflix and other big names off the Internet, we were bombarded with pitches from vendors begging to offer their expert opinions on the matter while extolling the virtues of their solutions that naturally would have safeguarded organizations.Now, a couple of weeks later, Carnegie Mellon's CyLab Security and Privacy Institute too is touting research that it says shows that the tools really needed to stymie such attacks are on the way. Somehow, this seems more believable than some of the all-to-eager vendor claims, though it doesn't appear the tools will quite be ready to fly for imminent DDoS attack candidates, such as 2016 U.S. Presidential Election-related sites and Black Friday 2016 websites.To read this article in full or to leave a comment, please click here

Carnegie Mellon researchers visualize way to fend off DDoS attacks

Following the massive DDoS attack that last month that targeted DNS provider Dyn and temporarily knocked Twitter, Netflix and other big names off the Internet, we were bombarded with pitches from vendors begging to offer their expert opinions on the matter while extolling the virtues of their solutions that naturally would have safeguarded organizations.Now, a couple of weeks later, Carnegie Mellon's CyLab Security and Privacy Institute too is touting research that it says shows that the tools really needed to stymie such attacks are on the way. Somehow, this seems more believable than some of the all-to-eager vendor claims, though it doesn't appear the tools will quite be ready to fly for imminent DDoS attack candidates, such as 2016 U.S. Presidential Election-related sites and Black Friday 2016 websites.To read this article in full or to leave a comment, please click here

After protest, Lenovo brings Linux compatibility to Yoga 900 and 900S

Lenovo created a stir when it said the Yoga 900 and 900S hybrids would work only with Windows, not Linux. The company has now changed its stance, bringing Linux support to those PCs.The PC maker earlier this month issued a BIOS update so Linux can be loaded on Yoga 900, 900S and IdeaPad 710 models.The BIOS update adds an AHCI (Advance Host Controller Interface) SATA controller mode so users can load Linux on the laptops.This is a Linux-only BIOS, meaning it should be used only by those who want to load the OS. If you want to continue with Windows, do not load the firmware.To read this article in full or to leave a comment, please click here

Android patches fix Drammer RAM attack, but not Dirty Cow exploit

Google released a new monthly batch of security patches for Android, fixing a dozen critical vulnerabilities that could allow attackers to compromise devices. One of the mitigated issues is a bit-flipping attack against memory chips that could lead to privilege escalation, but a more widespread rooting vulnerability in the Linux kernel remains unpatched.While Google releases firmware updates for its Nexus and Pixel devices on the first Monday of every month, the security patches are shared with third-party device manufacturers one month in advance and are also contributed later to the Android Open Source Project to benefit the entire ecosystem.To read this article in full or to leave a comment, please click here

Android patches fix Drammer RAM attack, but not Dirty Cow exploit

Google released a new monthly batch of security patches for Android, fixing a dozen critical vulnerabilities that could allow attackers to compromise devices. One of the mitigated issues is a bit-flipping attack against memory chips that could lead to privilege escalation, but a more widespread rooting vulnerability in the Linux kernel remains unpatched.While Google releases firmware updates for its Nexus and Pixel devices on the first Monday of every month, the security patches are shared with third-party device manufacturers one month in advance and are also contributed later to the Android Open Source Project to benefit the entire ecosystem.To read this article in full or to leave a comment, please click here

IDG Contributor Network: CloudMunch delivers its DevOps insights

Pretty much every large enterprise, at least those that realize the world is kind of in a state of change, is thinking about how to make their organization more agile. They’re also quickly reading Marc Andreessen’s famous Wall Street Journal piece from a few years ago, "Why Software Is Eating The World."Hopefully, they’re then putting these two themes, agility and innovation, through software together and deciding that key to remaining competitive is arming their technology teams with the tools, processes, freedoms and cultures to do good stuff.To read this article in full or to leave a comment, please click here

French plan for biometric database of 60 million people sparks outcry

When the French government quietly announced, in the middle of a holiday weekend, the merging of two files to create a megadatabase holding the biometrics of almost 60 million French citizens, it was clearly hoping to avoid an outcry. It failed. Among those lining up to criticize the government's move are its own minister of state for the Digital Sector and Innovation, and the National Digital Council, a body created by the government to provide independent recommendations on all matters relating to the effect of digital technologies on society and the economy. Minister of State Axelle Lemaire told French journalists the megadatabase used 10-year-old technology and had real security problems.To read this article in full or to leave a comment, please click here

French plan for biometric database of 60 million people sparks outcry

When the French government quietly announced, in the middle of a holiday weekend, the merging of two files to create a megadatabase holding the biometrics of almost 60 million French citizens, it was clearly hoping to avoid an outcry. It failed. Among those lining up to criticize the government's move are its own minister of state for the Digital Sector and Innovation, and the National Digital Council, a body created by the government to provide independent recommendations on all matters relating to the effect of digital technologies on society and the economy. Minister of State Axelle Lemaire told French journalists the megadatabase used 10-year-old technology and had real security problems.To read this article in full or to leave a comment, please click here

At campaign’s end, Trump takes a swipe at IBM

In Minnesota on Sunday, Republican presidential nominee Donald Trump added IBM to the list of companies he criticizes for moving jobs offshore or to Mexico. Trump's line was a one sentence throwaway at the Twin Cities rally, but it may have resonated with this rally crowd.In Rochester, Minn., IBM created a massive operation. In 1956, it broke ground on what would become a 32-building, 3.5-million-square-foot complex that employed 8,100 workers at its peak in 1991. It made punch card systems and later became widely known for its AS/400 system development work.IBM created a stable workforce, and by 1988 was able to point out that the average Rochester employee was 39.5 years old and a 14-year IBM veteran. Nearly 40% of those workers were engineers or programmers, according to IBM's official history.To read this article in full or to leave a comment, please click here

Make your emails more trusted with DKIM

The war against spam has been a long one. Just as we get better filtering, spammers and phishers turn to more sophisticated techniques. We are even seeing ransomware attacks like Cryptolocker and Cryptowall become commonly spread over email. There must be a technical way to stop some of this, right?There is an Internet authentication system -- DomainKeys, and its successor, DKIM -- that tries to mitigate some of the risk of trusting that emails are actually from who they say they are from. Strangely, though, this technology has not made its way into Microsoft Exchange. In this piece, I want to open the curtains on DomainKeys and DKIM, show how they work and why what they do is important, and then demonstrate how to use a free utility to set up DKIM on your on-premises Exchange servers.To read this article in full or to leave a comment, please click here(Insider Story)

Make your emails more trusted with DKIM

The war against spam has been a long one. Just as we get better filtering, spammers and phishers turn to more sophisticated techniques. We are even seeing ransomware attacks like Cryptolocker and Cryptowall become commonly spread over email. There must be a technical way to stop some of this, right?Getting DKIM set up with Microsoft Exchange ServerTo read this article in full or to leave a comment, please click here(Insider Story)

Make your emails more trusted with DKIM

The war against spam has been a long one. Just as we get better filtering, spammers and phishers turn to more sophisticated techniques. We are even seeing ransomware attacks like Cryptolocker and Cryptowall become commonly spread over email. There must be a technical way to stop some of this, right?Getting DKIM set up with Microsoft Exchange ServerTo read this article in full or to leave a comment, please click here(Insider Story)

Grassley criticizes university over its IT offshoring

A political backlash is growing over a plan by the University of California, San Francisco, to shift IT jobs overseas. The school is hiring an India-based IT services contractor, and IT workers are expecting to train their foreign replacements.Several lawmakers have written letters questioning the university's plan, including Sen. Charles Grassley (R-Iowa), chairman of the Senate Judiciary Committee, which oversees immigration."It is clear that the University is seeking to replace American workers with lower-cost foreign workers abroad and potentially also in the United States," wrote Grassley, in a letter to Janet Napolitano, the president of the University of California system. The letter, which was sent in late September, has not been made public, but a copy was obtained by Computerworld.To read this article in full or to leave a comment, please click here

AI makes security systems more flexible

Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.Machine learning, and artificial intelligence, has been getting a lot of attention lately and there's a lot of justified excitement about the technology.One of the side effects is that pretty much everything is now being relabeled as "machine learning," making the term extremely difficult to pin down. Just as the word "cloud" has come to mean pretty much anything that happens online, so "artificial intelligence" is rapidly moving to the point where almost anything involving a computer is getting that label slapped on it.To read this article in full or to leave a comment, please click here

AI makes security systems more flexible

Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.Machine learning, and artificial intelligence, has been getting a lot of attention lately and there's a lot of justified excitement about the technology.One of the side effects is that pretty much everything is now being relabeled as "machine learning," making the term extremely difficult to pin down. Just as the word "cloud" has come to mean pretty much anything that happens online, so "artificial intelligence" is rapidly moving to the point where almost anything involving a computer is getting that label slapped on it.To read this article in full or to leave a comment, please click here

7 steps to start a bug bounty program

A new approachImage by ThinkstockVulnerability assessment and identification strategies have evolved to include the concept of crowd sourced security testing through bug bounty programs. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. The bug bounty path, paved by tech giants, is widening, enabling security teams of all sizes to create and manage robust security assessment programs, get ahead of adversaries, and level the cybersecurity playing field. As we are clearly still in the early- to mid-adopter phase of this new market, Paul Ross, senior vice preside of marketing at Bugcrowd, breaks down how to get started with a bug bounty program, and how to prepare your organization for this new approach to vulnerability testing.To read this article in full or to leave a comment, please click here