How to make home IoT more secure: Assume the worst

Sometimes the truth hurts but you just have to face it. The internet advisory group BITAG lays it on the line for the IoT industry in a new report: No, consumers aren’t going to update the software on their devices.“It is safe to assume that most end users will never take action on their own to update software,” the Broadband Internet Technology Advisory Group said. Its recommendation: Build in mechanisms for automatic, secure updates.That bit of human nature is just one of the harsh realities BITAG acknowledges in the report, which came out on Tuesday. It also points out that some consumer IoT devices ship with weak built-in usernames and passwords like “admin” and “password,” can’t do authentication or encryption, or can easily be taken over by malware that turns them into bots.To read this article in full or to leave a comment, please click here

How to make home IoT more secure: Assume the worst

Sometimes the truth hurts but you just have to face it. The internet advisory group BITAG lays it on the line for the IoT industry in a new report: No, consumers aren’t going to update the software on their devices.“It is safe to assume that most end users will never take action on their own to update software,” the Broadband Internet Technology Advisory Group said. Its recommendation: Build in mechanisms for automatic, secure updates.That bit of human nature is just one of the harsh realities BITAG acknowledges in the report, which came out on Tuesday. It also points out that some consumer IoT devices ship with weak built-in usernames and passwords like “admin” and “password,” can’t do authentication or encryption, or can easily be taken over by malware that turns them into bots.To read this article in full or to leave a comment, please click here

Using GNOME Keyring for Git Credentials on Fedora 25

In this post, I’m going to show you how to use the GNOME Keyring on Fedora 25 as a credential helper for Git. This post is very closely related to my earlier post on using GNOME Keyring as a Git credential helper on Ubuntu 16.04. As with the earlier Ubuntu-related post, what I’m including here isn’t new or ground-breaking information; I’m posting it primarily to make the information easier to find for others.

Like Ubuntu 16.04, Fedora 25 already has the basis for integrating GNOME Keyring into Git as a credential helper already installed into the /usr/share/doc/git-core-doc/contrib/credential/gnome-keyring directory.

Unlike Ubuntu 16.04, though, Fedora already has a compiled credential helper installed. This Git credential helper is found at /usr/libexec/git-core/git-credential-gnome-keyring. This credential helper is ready to use.

To get GNOME Keyring support for storing Git credentials, then, all one has to do is simply configure Git appropriately (no need to install additional packages or compile anything). You can configure Git via a couple of different ways:

1. You can use the git config command, like this:

    git config --global credential.helper /usr/libexec/git-core/git-credential-gnome-keyring
   

2. You can edit ~/.gitconfig directly, using the text editor of your choice. Add this text:

    [credential]
    helper  Continue reading

AWS is cutting and simplifying its storage prices

Amazon Web Services made a series of price cuts on Tuesday and simplified what customers pay for its storage products. The company's popular Simple Storage Service (S3) has had its six pricing tiers cut down to three, along with a corresponding price cut of roughly 16 percent to 25 percent.Glacier, AWS's storage service for data that doesn't need to be accessed frequently, now has a trio of retrieval options. Companies can have quicker access to their data if they pay more or get cheaper access if they're willing to wait. Glacier users also get a 43 percent price cut.To read this article in full or to leave a comment, please click here

12 tips for safer Black Friday and Cyber Monday shopping

During Black Friday and Cyber Monday 2016, consumers should watch out for scams that come through spam, insecure public networks and apps that might seem legitimate but could be taking over your phones and computers, experts say.+ RELATED: How to dodge Black Friday schemes +Here are a dozen steps you can take to avoid becoming a victim. Only download or buy apps from legitimate app stores. Suspect apps that ask for too many permissions. Check out the reputation of apps and particularly the app publisher. Only enter credit card info on secure shopping portals. Avoid using simple passwords, and use two-factor authentication if you can. Be alert for poisoned search results when using search engines to find products. Don’t install software that sites require before you can shop. Don’t use free pubic Wi-Fi to make purchases. Be suspicious of great deals you learn about via social media or emails and don’t click the links. Turn off location services while shopping to minimize the potential personal data that could be compromised. Make sure the connection to e-commerce sites is secured (HTTPS). Double check the validity of the SSL certificate for the site. To read this article in full or Continue reading

12 tips for safer Black Friday and Cyber Monday shopping

During Black Friday and Cyber Monday 2016, consumers should watch out for scams that come through spam, insecure public networks and apps that might seem legitimate but could be taking over your phones and computers, experts say.+ RELATED: How to dodge Black Friday schemes +Here are a dozen steps you can take to avoid becoming a victim. Only download or buy apps from legitimate app stores. Suspect apps that ask for too many permissions. Check out the reputation of apps and particularly the app publisher. Only enter credit card info on secure shopping portals. Avoid using simple passwords, and use two-factor authentication if you can. Be alert for poisoned search results when using search engines to find products. Don’t install software that sites require before you can shop. Don’t use free pubic Wi-Fi to make purchases. Be suspicious of great deals you learn about via social media or emails and don’t click the links. Turn off location services while shopping to minimize the potential personal data that could be compromised. Make sure the connection to e-commerce sites is secured (HTTPS). Double check the validity of the SSL certificate for the site. To read this article in full or Continue reading

How to dodge Black Friday and Cyber Monday shopping hackers

Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.Bad actors are stealing personal information like passwords and credit card numbers, compromising computers and phones, and blackmailing retailers with hopes of lining their pockets, researchers say.For example, researchers at RiskIQ found frequent cases of criminals linking the names of legitimate brands to sketchy applications and Web sites in order to lure unsuspecting shoppers.They looked at five popular e-commerce brands to see how often their names appeared along with the term Black Friday in the titles or descriptions of black-listed applications. The research didn’t reveal the names of the retailers, but found that they lined up with bogus apps from 8.4% to 16% of the time.To read this article in full or to leave a comment, please click here

Micro services: Breaking down software monoliths

Micro services: Breaking down software monoliths

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. Amazon was the first company to take a large monolithic system and deconstruct it into micro services. Netflix was next, deconstructing its behemoth software stack, seeking a more agile model that could keep up with 2 million daily API requests from more than 800 different device types. Forward-thinking companies like Google, eBay, Uber and Groupon soon followed. Today, enterprises are abandoning monolithic software architectures to usher in the latest era in systems architecture: micro services.To read this article in full or to leave a comment, please click here

How to dodge Black Friday and Cyber Monday shopping hackers

Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts.Bad actors are stealing personal information like passwords and credit card numbers, compromising computers and phones, and blackmailing retailers with hopes of lining their pockets, researchers say.For example, researchers at RiskIQ found frequent cases of criminals linking the names of legitimate brands to sketchy applications and Web sites in order to lure unsuspecting shoppers.They looked at five popular e-commerce brands to see how often their names appeared along with the term Black Friday in the titles or descriptions of black-listed applications. The research didn’t reveal the names of the retailers, but found that they lined up with bogus apps from 8.4% to 16% of the time.To read this article in full or to leave a comment, please click here

Virtually trampling over Black Friday 2016

We've done more than our fair share of Black Friday, Black November, pre-Black Friday, Cyber Monday and other tech bargain roundups, including looks at virtual reality systems such as HTC Vive and Samsung Gear VR that can be had for less this holiday shopping season.MORE: 50+ Black Friday 2016 tech dealsNow a comedy website dubbed Above Average, which has SNL and 30 Rock blood in its veins, brings us a beautiful (and only slightly NSFW) mashup of Black Friday deals and virtual reality systems that's just a little too real.To read this article in full or to leave a comment, please click here

World’s geekiest license plates

Geeky platesThe geeky license plates continue to pop up as those who are not afraid to proclaim their nerdiness on their car. Here are the latest and greatest. Send any entries you might have to [email protected]: The world's geekiest license plates To read this article in full or to leave a comment, please click here

Open-source hardware makers unite to start certifying products

Four years ago, Alicia Gibb was trying to unite a fragmented open-source hardware community to join together to create innovative products.So was born the Open Source Hardware Association, which Gibb hoped would foster a community of hardware "hackers" sharing, tweaking, and updating hardware designs. It shared the ethics and ethos of open-source software and encouraged the release of hardware designs -- be it for it processors, machines, or devices -- for public reuse.Since then, OSHWA has gained strength, with Intel, Raspberry Pi, and Sparkfun endorsing the organization. Its growth has coincided with the skyrocketing popularity of Arduino and Raspberry Pi-like developer boards -- many of them open source -- to create gadgets and IoT devices.To read this article in full or to leave a comment, please click here

Worth Reading: Backdoor in Android phones

For about $50, you can get a smartphone with a high-definition display, fast data sendee and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence. —NY Times

The post Worth Reading: Backdoor in Android phones appeared first on 'net work.

10 considerations for running WebRTC services on AWS

10 considerations for running WebRTC services on AWS

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.You want to embed real-time communications features into your website or mobile application for direct peer-to-peer communication and you’ve landed on WebRTC. That’s a great start.Now you realize that backend services are critical for building a robust solution. You are thinking about hosting your solution in the cloud, using an Infrastructure-as-a-Service (IaaS) environment built on top of Amazon Web Services (AWS). Again, good choice. AWS is an obvious first place to look as they’re a leader in the cloud services space.To read this article in full or to leave a comment, please click here

The end of net neutrality may begin in June of 2017

Yesterday, President-elect Donald Trump announced the appointment of Jeff Eisenach and Mark Jamison to the agency landing team responsible for the Federal Communication Commission (FCC). Fortune called Eisenbach and Jamison staunch opponents of net neutrality, and Re/Code said these appointments may end net neutrality. In addition, Jamison asked, “Do we need the FCC?” in an October 2016 blog post.To read this article in full or to leave a comment, please click here

Introducing the Docker Community Directory and Docker Community Slack

Today, we’re thrilled to officially introduce the Docker Community Directory and Slack to further enable community building and collaboration. Our goal is to give everyone the opportunity to become a more informed and engaged member of the community by creating sub groups and channels based on location, language, use cases, interest in specific Docker-centric projects or initiatives.

Sign up for the Docker Community Directory and Slack

Docker Community Directory

Members who join the Docker Community Directory will benefit from the following:

• Latest product updates and release notes
• Targeted invitations and promo codes for Docker community events (DockerCon, Docker Summits, Meetups, Docker Partner events, trainings, workshops and hackathons)
• Ability to participate in raffles for Docker Swag
• Chance to get priority access to product betas
• Opportunity to get involved as a user and/or customer reference, meetup organizer, mentor, speaker, etc.
• Be listed on the Docker Community Directory without sharing your email (built in direct messaging system)
• Access to the Docker Community Slack

The Docker Community Directory is a tool for community members to collaborate. Everyone should use it respectfully, with genuine and specific Docker-centric messages. It should not be used to send messages that could be qualified as spam or otherwise violate Continue reading

Google acquires AWS training vendor Qwiklabs

Google is acquiring Qwiklabs, a company that helps people learn how to use public cloud services to run applications without operating a data center.It's a helpful move for Google, which is trying to expand the use of its cloud platform and stands to gain when developers and IT professionals get a handle on making applications run in the cloud. The company will create tools to help get people up to speed on the Google Cloud Platform and G Suite productivity service, Jason Martin, the director of professional services for Google Cloud, said in a blog post.But there's a wrinkle to the acquisition, announced Monday: Qwiklabs's existing portfolio is entirely focused on educating people about offerings from Amazon Web Services, including Alexa skills. For the time being, those offerings will still be available.To read this article in full or to leave a comment, please click here

Tuning OpenStack Hardware for the Enterprise

Advanced networking technologies for OpenStack could optimize the cloud environment for service providers – as well as enterprise.