Security an afterthought in connected home, wearable devices

Based on an extensive review of publicly reported internet of things (IoT) device vulnerabilities, the Online Trust Alliance (OTA) today announced that all of the problems could have been easily avoided. "In this rush to bring connected devices to market, security and privacy is often being overlooked," Craig Spiezle, executive director and president of the OTA, said in a statement today. "If businesses do not make a systematic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings."To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For September 9th, 2016

Hey, it's HighScalability time:

 

An alternate universe where Zeppelins rule the sky. 1929. (@AeroDork)

 

If you like this sort of Stuff then please support me on Patreon.
  • 15%: Facebook's reduction in latency using HTTP2's server push; 1.9x: nanotube transistors outperform silicon; 200: projectors used to film a "hologram"; 50%: of people fall for phishing attacks (it's OK to click); 5x: increased engagement using Google's Progressive Web Apps; 115,000+: Cassandra nodes at Apple; $500 million: Pokémon Go; $150M: Delta's cost for datacenter outage; 

  • Quotable Quotes: 
    • Dan Lyons: I wanted to write a book about what it’s like to be 50 and trying to reinvent yourself – that struggle. There are all these books and inspirational speakers talking about being a lifelong learner and it’s so great to reinvent yourself, the brand of you. And I wanted to say, you know, it’s not like that. It’s actually really painful.
    • Engineers & Coffee~ In modern application development everything is a stream now versus historically everything was a transaction. Make a request and the you're done. It's easier to write analytics on top of streams versus using Hive. It's cool Continue reading

Google gets API management tools in Apigee deal

Google plans to acquire API management vendor Apigee in a US$625 million deal that will give the search giant secure and multilanguage API tools used by companies bringing more and more of their services online.The deal, announced Thursday, gives Google access to tools that allow company back-end systems to communicate with mobile and web apps, Diane Greene, senior vice president of Google's cloud business, said in a blog post.APIs are "vital for how business gets done today in the fast-growing digital and mobile marketplace," she wrote. "They're the hubs through which companies, partners, and customers interact, whether it's a small business applying online for a loan or a point of sale system sending your warranty information to the manufacturer."To read this article in full or to leave a comment, please click here

These mundane jobs bots can take in the enterprise

An interventionBots are quickly infiltrating our personal lives and are now beginning to make their way into the enterprise. Inherently more complex than Siri reading you the weather or performing a Google search on IMDB, the enterprise can be a tough nut for bot tech to crack. It has taken some time for technologists to identify the best places to start looking to bot assistance or intervention within the enterprise. The good news is that there are several enterprise tasks that are ripe for bot intervention, and fortunately for end-users they are some of the most painful employee responsibilities within large organizations. Unit4 Chief Architect, Claus Jepsen, details where bots can be most handy.To read this article in full or to leave a comment, please click here

Acer TravelMate 802.11ad notebook: An industry ‘first’ you might never need or use

When I was offered a review unit of the Acer TravelMate P648-MG-789T notebook, it was touted as the “industry’s first notebook with Tri-Band 802.11ad Wireless from Qualcomm”.Sure thing!, I thought, as I always enjoy trying out things that are new, especially ones that are an industry first.But then I went back and looked up 802.11ad - aka “Gigabit Wireless”, aka “60Gig”, and realized that this technology has been touted for about two years without much movement in the space from vendors. At CES earlier this year, Acer announced it was coming out with this notebook, and it’s finally here.Whoo-hoo?Here’s the thing - 802.11ad technology utilizes the 60 GHz wireless spectrum - it’s aimed at short range, high-volume data transfers, especially in smaller spaces. This also gives you some higher bandwidth than you’d get with an 802.11ac system, but you’re also limiting the distance between the client and the receiver in order to get that benefit.To read this article in full or to leave a comment, please click here

Apple won’t reveal first-weekend iPhone 7 sales

Historically, the Monday after each new iPhone launch begins with a press release from Apple where the company boasts about how many new devices it sold over the weekend. And more often than not, each new iPhone release enjoys a more successful launch than the previous launch.But with the iPhone 7, Apple has decided to switch things up. For the first time in history, Apple not be releasing weekend launch sales figures for its new iPhone. In a statement provided to CNBC, Apple explained the rationale behind its somewhat surprising decision. Specifically, Apple believes that its weekend launch sales press release has become outdated, primarily because supply is always an ongoing issue. In other words, even if the iPhone 7 sells out, and Apple believes that it will, sales figures don’t provide a truly accurate or representative gauge as to the true demand for the device.To read this article in full or to leave a comment, please click here

Canada-EU counter-terror data exchange is illegal, says top EU judge

An agreement to send Canadian authorities passenger name record (PNR) data for flights from the European Union cannot be entered into in its current form, a top European Union judge has said.That's because parts of the draft agreement are incompatible with EU citizens' fundamental privacy rights, according to Paolo Mengozzi, Advocate General of the Court of Justice of the EU, in a legal opinion issued Thursday.His opinion, on a case brought by the European Parliament, is only advisory, and it still remains for the CJEU to make a final ruling on the matter.But if the court follows his advice, it could disrupt the European Commission's plans for a new directive on the sharing of PNR data among EU member states and with other countries. To read this article in full or to leave a comment, please click here

Canada-EU counter-terror data exchange is illegal, says top EU judge

An agreement to send Canadian authorities passenger name record (PNR) data for flights from the European Union cannot be entered into in its current form, a top European Union judge has said.That's because parts of the draft agreement are incompatible with EU citizens' fundamental privacy rights, according to Paolo Mengozzi, Advocate General of the Court of Justice of the EU, in a legal opinion issued Thursday.His opinion, on a case brought by the European Parliament, is only advisory, and it still remains for the CJEU to make a final ruling on the matter.But if the court follows his advice, it could disrupt the European Commission's plans for a new directive on the sharing of PNR data among EU member states and with other countries. To read this article in full or to leave a comment, please click here

Cloud Apps And Pathways

jam

Applications are king. Forget all the things you do to ensure proper routing in your data center. Forget the tweaks for OSPF sub-second failover or BGP optimal path selection. None of it matters to your users. If their login to Seibel or Salesforce or Netflix is slow today, you’ve failed. They are very vocal when it comes to telling you how much the network sucks today. How do we fix this?

Pathways Aren’t Perfect

The first problem is the cloud focus of applications. Once our packets leave our border routers it’s a giant game of chance as to how things are going to work next. The routing protocol games that govern the Internet are tried and true and straight out of RFC 1771(Yes, RFC 4271 supersedes it). BGP is a great tool with general purpose abilities. It’s becoming the choice for web scale applications like LinkedIn and Facebook. But it’s problematic for Internet routing. It scales well but doesn’t have the ability to make rapid decisions.

The stability of BGP is also the reason why it doesn’t react well to changes. In the old days, links could go up and down quickly. BGP was designed to avoid issues with Continue reading

New Apple Watch strikes fine balance between new features and continuity

Apple yesterday announced a whole raft of useful improvements in the Apple Watch Series 2, but the biggest thing it got right may have been what it didn’t change. And while the company addressed many of the issues surrounding its smartwatch, one key limitation remains. First, let’s look at what Apple did to improve the Apple Watch: Made it water resistant to 50 meters, so you can swim and sweat and shower in it (don’t try this with one of the fancy leather bands) Upgraded the CPU to run 50 percent faster and the GPU to run much 100 percent faster Upgraded the display to be twice as bright, critical for use in direct sunlight Added new Siri integrations so you don’t have to mess with the tiny screen and fussy buttons as much Built in GPS, so runners and hikers can use it without being tethered to an iPhone. Introduced a Nike version that appears designed specifically for runners.  To read this article in full or to leave a comment, please click here

Bring on the iPhone 7 parody videos

Apple made it too easy on parody video producers, meme generators and comedians this week in announcing its iPhone 7 and 7 Plus smartphones and boasting of its "courage" in ditching the standard 3.5mm headphone jack in favor of a proprietary Lightning one.Jacksfilms, whose video had racked up more than 400K views as of Thursday morning, goes after Apple and its courage to sell $160 earphones that you need to charge, a typically out-there musical performance by Sia and Apple's special new dongle... The Challenge accurately pokes fun at the "mini hair dryers" that are the new Apple AirPods...To read this article in full or to leave a comment, please click here

IDG Contributor Network: Implementing secure WANs in the cloud age

Over the past few years most organizations have significantly increased their reliance on the Internet, primarily due to the outsourcing of utility applications like email, unified communications, ERP, CRM, etc. to SaaS providers. Cloud-based applications provide IT organizations with an agile and cost effective means for expanding the range of services they provide and delivering new productivity tools requested by teams, departments or lines of business.Despite this growing adoption of cloud services, many enterprises have resisted connecting their remote offices directly to application providers over the public Internet. This is due to the fact that direct access at every branch introduces compliance issues. The only way to mitigate these is by creating extensive security policies at each location. Imagine having 3,000 sites with each requiring its own set of policies that need to be set-up and maintained. This is the definition of a management nightmare.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Implementing secure WANs in the cloud age

Over the past few years most organizations have significantly increased their reliance on the Internet, primarily due to the outsourcing of utility applications like email, unified communications, ERP, CRM, etc. to SaaS providers. Cloud-based applications provide IT organizations with an agile and cost effective means for expanding the range of services they provide and delivering new productivity tools requested by teams, departments or lines of business.Despite this growing adoption of cloud services, many enterprises have resisted connecting their remote offices directly to application providers over the public Internet. This is due to the fact that direct access at every branch introduces compliance issues. The only way to mitigate these is by creating extensive security policies at each location. Imagine having 3,000 sites with each requiring its own set of policies that need to be set-up and maintained. This is the definition of a management nightmare.To read this article in full or to leave a comment, please click here

A USB device is all it takes to steal credentials from locked PCs

Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here