IDG Contributor Network: Implementing secure WANs in the cloud age

Over the past few years most organizations have significantly increased their reliance on the Internet, primarily due to the outsourcing of utility applications like email, unified communications, ERP, CRM, etc. to SaaS providers. Cloud-based applications provide IT organizations with an agile and cost effective means for expanding the range of services they provide and delivering new productivity tools requested by teams, departments or lines of business.Despite this growing adoption of cloud services, many enterprises have resisted connecting their remote offices directly to application providers over the public Internet. This is due to the fact that direct access at every branch introduces compliance issues. The only way to mitigate these is by creating extensive security policies at each location. Imagine having 3,000 sites with each requiring its own set of policies that need to be set-up and maintained. This is the definition of a management nightmare.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Implementing secure WANs in the cloud age

Over the past few years most organizations have significantly increased their reliance on the Internet, primarily due to the outsourcing of utility applications like email, unified communications, ERP, CRM, etc. to SaaS providers. Cloud-based applications provide IT organizations with an agile and cost effective means for expanding the range of services they provide and delivering new productivity tools requested by teams, departments or lines of business.Despite this growing adoption of cloud services, many enterprises have resisted connecting their remote offices directly to application providers over the public Internet. This is due to the fact that direct access at every branch introduces compliance issues. The only way to mitigate these is by creating extensive security policies at each location. Imagine having 3,000 sites with each requiring its own set of policies that need to be set-up and maintained. This is the definition of a management nightmare.To read this article in full or to leave a comment, please click here

A USB device is all it takes to steal credentials from locked PCs

Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here

A USB device is all it takes to steal credentials from locked PCs

Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here

IDG Contributor Network: People know they shouldn’t click on links but do it anyway

Blatant nosiness is the reason why email users click on the links embedded within electronic messages, according to university researchers.This new evidence, discovered in a study, throws into question the basic premise behind phishing. That presumption is that when an iffy email looks like it comes from a legitimate organization, but contains a link to a bogus website where financial details are guzzled by bad guys, that gullible people are being bamboozled by the apparent legitimacy of the email.+ Also on Network World: 10 companies that can help you fight phishing +To read this article in full or to leave a comment, please click here

So Your Username and Password Where in a Data Dump. Now What?

Whether it’s Dropbox, LinkedIn, MySpace, PlayStation, or whatever the latest breach happens to be, it’s almost inevitable that you will be caught up in one of these breaches and have your username, password and possibly other information exposed in a data dump. Here’s how to respond when that happens.

How Does This Happen?

A data dump is what often happens after a website has been breached and information about that site’s users/customers is stolen. All that stolen data is often “dumped” on the Internet for all to see. Once the data is dumped, it’s at that point that all this information becomes public and along with it, your information.

Sometimes, as in the case of the Ashely Madison dump, that information can be personally damaging. Other times the information is limited to usernames and passwords.

This article is going to focus on how to respond if your username and password are part of a data dump.

Step 1 – Reset Your Password

This is obvious, but go and change your password. Do it right now, before something comes along and distracts you. Even if you’re a security concious person and you’re using Two-Factor Authentication Continue reading

Ireland to Europe: No, Apple doesn’t owe us

Ireland will join Apple in appealing the European Commission’s finding that Apple owes the country more than US$14 billion in back taxes.The Dail, Ireland’s parliament, voted 93 to 36 late Wednesday night to file an appeal against the ruling, which came out last week. The government is now set to ask the EC to reverse its ruling, which said Ireland’s tax treatment of Apple from 2003 to 2014 was illegal and distorted competition.Ireland could stand to gain €13 billion ($14.5 billion) in tax revenue from the ruling, but government officials and lawmakers said imposing the tax would hurt the country’s reputation as a good place to do business.To read this article in full or to leave a comment, please click here

Lights out! Why IT shops are disabling wireless AP LEDs

Having seen all sorts of makeshift fixes – from post-it notes to bandages to condom wrappers – used to block wireless access point LEDs from beaming and sometimes blinking, some IT shops have begun turning off the lights altogether even though it can make their jobs a little tougher. Lively discussion broke out online this week among a forum of university IT pros after one member inquired about this “first-world problem,” as he contemplates whether to disable LEDs on APs across the board in an effort to improve dorm residents’ quality of life (i.e., help them grab more shuteye by reducing in-room light pollution). More than a dozen peers replied that they have indeed turned off the lights, some doing so in a wholesale manner, others taking it case by case. They say technicians can re-enable LEDs temporarily if need be for troubleshooting.To read this article in full or to leave a comment, please click here

Rugged devops: Build security into software development

Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.To read this article in full or to leave a comment, please click here(Insider Story)

Rugged devops: Build security into software development

Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.But such an accelerated workflow has the potential to bypass secure coding practices, which developers often find difficult to incorporate in the first place. If devops is to continue its momentum, developers need to integrate security testing earlier in the software delivery lifecycle.To read this article in full or to leave a comment, please click here(Insider Story)

The 15 highest-performing PC components you can buy today

The best gear money can buyImage by Rob SchultzOne of the PC’s greatest strengths is its extreme flexibility. There’s a vast selection of hardware out there, of all different shapes and sizes and makes and models—so much so that even if your budget’s not a concern, buyer’s paralysis very well could be.To read this article in full or to leave a comment, please click here

How iris scanning improves smartphone security

You hold your smartphone in front of your face, the angle and distance guided by on-screen feedback. It flashes near-infrared (NIR) light into your eyes -- a brief dull-red glow. Your smartphone recognizes one or both of your irises, and unlocks itself.At least, that's the new smartphone login scenario. Previously seen mostly in military devices and fixed installations, iris scanning is joining other biometric authentication methods (such as fingerprint scanning, facial recognition and voice recognition) intended to move mobile devices beyond the limitations of password-based security.To read this article in full or to leave a comment, please click here

What’s your IT department’s strategy for website downtime?

Website disruptions are more than a mere annoyance. They can quickly add up, leading to declines in productivity and revenue. These website errors not only affect your end-users, they also pull key players away from other projects to help put out the fire to avoid major profit losses."Latencies and inconsistent website behaviors doesn't only damage the customer experience and deter consumers away from your site; it can also lead to drastic revenue loss. In fact, Amazon calculated that a one-second delay costs up to $1.6 billion per year in sales," says Mike Kane, senior product marketing manager at Dyn, an internet performance management company.To read this article in full or to leave a comment, please click here

What’s your IT department’s strategy for website downtime?

Website disruptions are more than a mere annoyance. They can quickly add up, leading to declines in productivity and revenue. These website errors not only affect your end-users, they also pull key players away from other projects to help put out the fire to avoid major profit losses."Latencies and inconsistent website behaviors doesn't only damage the customer experience and deter consumers away from your site; it can also lead to drastic revenue loss. In fact, Amazon calculated that a one-second delay costs up to $1.6 billion per year in sales," says Mike Kane, senior product marketing manager at Dyn, an internet performance management company.To read this article in full or to leave a comment, please click here

How identity management helps protect what ails patients

Empowering the patientImage by ThinkstockThere is serious personal risk associated with a healthcare data breach, especially with multiple connected devices and health record systems generating and storing a patient’s sensitive health data. Every person interacting with an online system needs a digital identity, and it should be authenticated in real time, so that unusual behavior can be detected at any time, whether at login or midway through a session.To read this article in full or to leave a comment, please click here

How identity management helps protect what ails patients

Empowering the patientImage by ThinkstockThere is serious personal risk associated with a healthcare data breach, especially with multiple connected devices and health record systems generating and storing a patient’s sensitive health data. Every person interacting with an online system needs a digital identity, and it should be authenticated in real time, so that unusual behavior can be detected at any time, whether at login or midway through a session.To read this article in full or to leave a comment, please click here

Hack the vote: Experts say the risk is real

You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results.Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos.This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry.Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so.To read this article in full or to leave a comment, please click here

Hack the vote: Experts say the risk is real

You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results.Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos.This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry.Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so.To read this article in full or to leave a comment, please click here

1 2,654 2,655 2,656 2,657 2,658 3,809