Worth Reading: Ransomware and backups

Read through the recent Wall Street Journal ransomware article and you’ll find some great stats on the growing threat and cost. One thing you won’t find: the word “backup.” We’re happy to see ransomware finally getting the attention it deserves, but why discuss the problem and leave out the obvious, simple antidote? It’s like an article on a bike theft epidemic that fails to mention that none of the bikes were locked up. —Cloud Security Alliance

The post Worth Reading: Ransomware and backups appeared first on 'net work.

Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON

Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.A month after the conference ended, the results are in: 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.The types of vulnerabilities found ranged from poor design decisions like the use of plaintext and hard-coded passwords to coding flaws like buffer overflows and command injection.Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.To read this article in full or to leave a comment, please click here

Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON

Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.A month after the conference ended, the results are in: 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.The types of vulnerabilities found ranged from poor design decisions like the use of plaintext and hard-coded passwords to coding flaws like buffer overflows and command injection.Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.To read this article in full or to leave a comment, please click here

Apple’s new Bluetooth security hole

When the iPhone7 ships, you’d best have your mobile device management (MDM) on the phone locked down. Apple’s self-described “courageous” move to warrant Bluetooth instead of wired headphone connectivity will give you nightmares. Part of the problem is the Bluetooth protocol itself; the other problem is that civilians leave it on and accessible. But you’ve already buttoned down all of that stuff, right? Like others in the tech press, I’ve taken out my Bluetooth analyzer and watched the count of responding devices in downtown Bloomington, Indiana, near the lab. It’s easy to do. To read this article in full or to leave a comment, please click here

Carnegie Mellon touts increase in incoming women CompSci students

Carnegie Mellon University is boasting that nearly half (48%) of incoming School of Computer Science undergraduates are women, a new diversity record for the institution. This echoes results at another top-notch computer science school, the University of Illinois Urbana-Champaign's College of Engineering, which says 46% of its 190 incoming freshmen CompSci students are women. That's up from 24% the year before. Guy Blelloch, associate dean for undergraduate programs at CMU, says 38% more women applied for admission with SCS as their first choice. The school, which increased its first-year undergrad class in computer science by 30% this fall, says men and women are judged by the same admission standards.To read this article in full or to leave a comment, please click here

New Dockercast Episode with Docker Captain, Nirmal Mehta

In case you missed it, we recently launched Dockercast, the official Docker Podcast including all the DockerCon 2016 sessions available as podcast episodes.

In this podcast I catch up with Nirmal Mehta at Booz Allen Hamilton.  Nirmal has been a big part of the Docker community and is also a Docker Captain.

Nirmal works with some large government organizations and we discussed why these types of institutions seemed to be early adopters of Docker.  As most would answer, speed was an obvious driver, however, we discuss that security was also an early driver.  Turns out due to tighter boundaries of Docker containers some of these organizations felt that the potential security opportunities stretched better than virtualization.  We discuss these ideas as well as what is it like to be a Docker Captain.

You can find the latest #Dockercast episodes on the Itunes Store or via the SoundCloud RSS feed.

New #dockercast episode w/ host @botchagalupe & @normafaults from @BoozAllen as a guest!
Click To Tweet

The post New Dockercast Episode with Docker Captain, Nirmal Mehta appeared first on Docker Blog.

FTC focuses on combating ransomware

Ransomware, where a hacker commandeers a user's computer files and threatens to permanently delete them unless an extortion payment is made, is on a sharp uptick and now ranks "among the most troubling cyberthreats," the head of the Federal Trade Commission is warning.[ Related: The history of ransomware ]FTC Chair Edith Ramirez addressed the issue at a recent forum that the agency convened to examine the spread of ransomware and explore strategies to combat the crime."The spate of ransomware incidents are escalating at an alarming rate," Ramirez says, citing an estimate from the Department of Justice that incidents of ransomware, now averaging some 4,000 a day, have increased 300 percent in the past year.To read this article in full or to leave a comment, please click here

FTC focuses on combating ransomware

Ransomware, where a hacker commandeers a user's computer files and threatens to permanently delete them unless an extortion payment is made, is on a sharp uptick and now ranks "among the most troubling cyberthreats," the head of the Federal Trade Commission is warning.[ Related: The history of ransomware ]FTC Chair Edith Ramirez addressed the issue at a recent forum that the agency convened to examine the spread of ransomware and explore strategies to combat the crime."The spate of ransomware incidents are escalating at an alarming rate," Ramirez says, citing an estimate from the Department of Justice that incidents of ransomware, now averaging some 4,000 a day, have increased 300 percent in the past year.To read this article in full or to leave a comment, please click here

Tech companies want ICANN transition to happen as planned

The U.S. government's plan to end its oversight of the internet's domain name system should move forward as promised, despite last-minute efforts by some Republican lawmakers to derail the process, a coalition of tech companies and trade groups said.The U.S. National Telecommunications and Information Administration (NTIA) should end its supervision of the Internet Corporation for Assigned Names and Numbers (ICANN) on Oct. 1 as planned, said a letter signed by Google, Facebook, Twitter, Yahoo, Amazon and more than 20 other companies and trade groups.To read this article in full or to leave a comment, please click here

Tech companies want ICANN transition to happen as planned

The U.S. government's plan to end its oversight of the internet's domain name system should move forward as promised, despite last-minute efforts by some Republican lawmakers to derail the process, a coalition of tech companies and trade groups said.The U.S. National Telecommunications and Information Administration (NTIA) should end its supervision of the Internet Corporation for Assigned Names and Numbers (ICANN) on Oct. 1 as planned, said a letter signed by Google, Facebook, Twitter, Yahoo, Amazon and more than 20 other companies and trade groups.To read this article in full or to leave a comment, please click here

40% off HooToo 64GB Lightning Connector USB 3.0 Drive for iOS – Deal Alert

This small, rugged and blazing fast USB 3.0 key features 64GB of storage and an extended lightning connector that will fit all of your iOS devices, even with their cases attached. Quickly move files between your devices. Pack it with audio and video files and HooToo's built-in media app effortlessly plays them directly to your iPhone or iPad in most major formats including .mkv, .avi, and .mp4. Its aluminum alloy design is roughly the size of a house key and weighs only .25oz. This Amazon #1 best seller averages 4.5 out of 5 stars on Amazon from over 100 people (87% rate 5 stars: read reviews). Its typical list price of $99.99 has been reduced 40% to $59.99. To read this article in full or to leave a comment, please click here

This Week: Solarwinds ThwackCamp 2016

Solarwinds ThwackCamp 2016 begins tomorrow, Wednesday September 14th.

I’m sharing this information in case it’s of interest, so here are some questions and answers in case you are curious.

What is ThwackCamp?

ThwackCamp is an annual, online, free training event offered by Solarwinds. It is organized into two streams, a “How-To” track which is more technical, and an “IT Industry” track which offers training with a slightly more holistic twist to it. There are 10 sessions offered over two days, and although my registrations are mostly How-To sessions, I did find an IT Industry session slipping in there; you can mix and match as you please.

How do I sign up for ThwackCamp?

Register on the Solarwinds ThwackCamp home page. Disclosure: I get 25% commission on every dollar you spend on ThwackCamp registrations using this link. You need to register for a free Solarwinds account if you don’t already have one, and you have to be logged in before you can register for the sessions you want to attend. Emails will arrive shortly thereafter with meeting invites attached so you can populate your calendar easily with session reminders. Remember: there are no travel costs involved, no registration cost and no hotel required. I mean, if you want to fly somewhere Continue reading

22% off Jaybird X2 Sport Wireless Bluetooth Headphones – Deal Alert

With a regular list price of $149.99, the current discount makes the Jaybird X2 Sport is now available with a 22% discount for this deal. Features include: Premium Bluetooth Audio For Skip-Free Music Outdoors 8 Hours of Music + Calls With Complete Remote Controls Secure Over/Under-Ear Fit Options Lifetime Sweat proof Warranty Includes Comply Premium Sport Memory Foam Ear Tips, Patented Secure-Fit Ear Fins, Friction-Fit Silicone Sport Carrying Case, Silicone Ear Tips, Charging Cable & Cord Management Clips. Jump to Amazon now for additional details, and to explore buying options.To read this article in full or to leave a comment, please click here

H-1B bill advances in House — as does anxiety about it

The U.S. House Judiciary Committee on Wednesday will vote on H-1B legislation aimed at closing a loophole that has made it inexpensive to replace U.S. workers with visa holders.But the bill, introduced by Rep. Darrell Issa (R-Calif.), and Scott Peters (D-Calif.), is worrisome, as well. It may do little to protect U.S. workers from displacement, say critics, who fear the legislation -- if approved -- could be used as a cudgel against more comprehensive H-1B reforms.The “Protect and Grow American Jobs Act,” (HR 5801) is intended to tighten, but not eliminate, a 1998 loophole in the law.To read this article in full or to leave a comment, please click here

25 iOS 10 features that will change your life

Dive into the feature-packed iOS 10Packed with new features, hidden functionalities, and third-party app integrations, iOS 10 has plenty to explore. Here are our favorite bells and whistles you can try for yourself once the official release is finally out.Facial recognition that's not creepyImage by AppleTo read this article in full or to leave a comment, please click here

6 questions to ask about containers

Shoring up containersImage by ThinkstockContainer technology promises greater agility and efficiency when it comes to building and deploying applications, a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. But with any new technology comes new risk, and security professionals must be able to accurately determine the risk-reward balance of containers for their organizations. Lars Herrmann, general manager, Integrated Solutions Business Unit at Red Hat, poses six questions CISOs must ask when evaluating container platforms.To read this article in full or to leave a comment, please click here

Is your security awareness training program working?

Employees at Axe Investment, the fictional firm of biollionaire Bobby Axelrod in Showtimes new series, Billions, were downright angry when they learned that surprise SEC raid was only a test. Axelrod, though, found the mock raid fruitful as it revealed the internal weak links of his organization.These are metrics that enterprises should be using to evaluate the success of their security awareness programs. In order for awareness training to work, it has to keep everyone in the enterprise, well, aware. A recent Wombat report revealed that in addition to the ever growing problem of phishing, employees across industries struggle with oversharing on social media, unsafe use of WiFi, and company confidential data exposure. Those ubiquitous posts pose serious risks.To read this article in full or to leave a comment, please click here

Should you upgrade to iOS 10?

Let’s cut right to the chase: iOS 10 looks great, works really well, and does more to freshen up the iOS experience than any update before it. It brings some pretty significant changes like the all-new lock screen behaviors, but iOS 10 still feels familiar enough that the new gestures become old hat after just a few days.The apps that got the biggest overhauls are, frankly, the apps that needed them: Music and Maps. The former is less of a mess in general, and the latter is easier to use en route especially, with big easy-to-tap buttons to change the view, toggle the audio cues on and off, or just find a darn cup of coffee or gas station along the way.To read this article in full or to leave a comment, please click here

Aerohive introduces the software-defined LAN

The term “software-defined” has been applied to a number of technologies, including networking, WAN, security, storage and data center. One area it has yet to be associated with is the local area network (LAN). But what exactly does “software-defined” mean and should it extend to the LAN? Just because something runs in software, it doesn’t make it any different than running in hardware.That’s just one component of being software-defined. Other factors including having centralized control, being programmable and agile, and providing visibility to gain new insights. Most important, a software-defined system should be able to automate configuration changes as the applications’ needs change. To read this article in full or to leave a comment, please click here

Aerohive introduces the software-defined LAN

The term “software-defined” has been applied to a number of technologies, including networking, WAN, security, storage and data center. One area it has yet to be associated with is the local area network (LAN). But what exactly does “software-defined” mean and should it extend to the LAN? Just because something runs in software, it doesn’t make it any different than running in hardware.That’s just one component of being software-defined. Other factors including having centralized control, being programmable and agile, and providing visibility to gain new insights. Most important, a software-defined system should be able to automate configuration changes as the applications’ needs change. To read this article in full or to leave a comment, please click here