Tinder swipes too much personal information, says EU lawmaker

Marc Tarabella wants to swipe left on Tinder's privacy policy.The company's terms of use breach European Union privacy laws, according to Tarabella, a member of the European Parliament.Tarabella particularly dislikes the way the company gives itself the right to swipe the personal information and photos of its users, and to continue using it even if they deactivate their accounts.It's not just Tinder: Tarabella is also unhappy about how much personal information Runkeeper keeps about runners' movements, even when the app is inactive. He has the same concerns about Happn, a sort of missed-connections dating service.The lawmaker wants the European Commission to root out abusive clauses in the terms of use of a number of mobile apps, and to penalize their developers.To read this article in full or to leave a comment, please click here

Black Hat: We need agency focused on fixing internet’s problems

The country needs a federal agency akin to the National Institutes of Health in order to fix the problems with the internet, keynoter Dan Kaminsky yesterday told a record crowd of more than 6,400 at Black Hat 2016.Private companies are dealing with the security problems they face without sharing the solutions or pushing for the underlying engineering changes that are needed to make the internet more secure, says Kaminsky, who famously discovered a serious vulnerability in DNS, which underpins the internet.The solution is a central agency to address those engineering challenges. He says all the money that is spent piecemeal on battling security needs to be channeled to this agency so it has the resources and bureaucratic bulk to escape being derailed by transient public officeholders whose policies can change dramatically and quickly.To read this article in full or to leave a comment, please click here

Black Hat: We need agency focused on fixing internet’s problems

The country needs a federal agency akin to the National Institutes of Health in order to fix the problems with the internet, keynoter Dan Kaminsky yesterday told a record crowd of more than 6,400 at Black Hat 2016.Private companies are dealing with the security problems they face without sharing the solutions or pushing for the underlying engineering changes that are needed to make the internet more secure, says Kaminsky, who famously discovered a serious vulnerability in DNS, which underpins the internet.The solution is a central agency to address those engineering challenges. He says all the money that is spent piecemeal on battling security needs to be channeled to this agency so it has the resources and bureaucratic bulk to escape being derailed by transient public officeholders whose policies can change dramatically and quickly.To read this article in full or to leave a comment, please click here

Do developers really care about security?

Over the years, developers have been dogged by a reputation for placing security as an afterthought. Get a slick, full-featured experience up and running fast, and figure out how to deal with whatever holes crop up once QA gets its hands on the code.Organizations may have had a significant hand in fostering developers' laissez-faire attitude toward security by siloing teams in separate domains and giving development, QA, ops, and security operations isolated opportunities to levy their expertise on the code.[ Learn how to be a more security-minded developer with our 17 security tips for developers. | Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ] But with security and privacy increasingly top of mind among users and with companies moving more toward a devops approach to software development, developers need to shed that reputation and consider security concerns as an integral part of the development process.To read this article in full or to leave a comment, please click here

Do developers really care about security?

Over the years, developers have been dogged by a reputation for placing security as an afterthought. Get a slick, full-featured experience up and running fast, and figure out how to deal with whatever holes crop up once QA gets its hands on the code.Organizations may have had a significant hand in fostering developers' laissez-faire attitude toward security by siloing teams in separate domains and giving development, QA, ops, and security operations isolated opportunities to levy their expertise on the code.[ Learn how to be a more security-minded developer with our 17 security tips for developers. | Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security newsletter. ] But with security and privacy increasingly top of mind among users and with companies moving more toward a devops approach to software development, developers need to shed that reputation and consider security concerns as an integral part of the development process.To read this article in full or to leave a comment, please click here

Microsoft cranks up encryption in .Net Framework

Microsoft has released .Net Framework 4.6.2, tightening security in multiple areas, including the BCL (Base Class Library). The new version also makes improvements to the SQL client, Windows Communication Foundation, the CLR (Common Language Runtime), and the ASP.Net web framework.The security focus in the BCL impacts PKI capabilities, and X.509 certificates now support the FIPS 186-3 digital signature algorithm. "This support enables X.509 certificates with keys that exceed 1024-bit," Microsoft's Stacey Haffner said. "It also enables computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512)."To read this article in full or to leave a comment, please click here

Microsoft cranks up encryption in .Net Framework

Microsoft has released .Net Framework 4.6.2, tightening security in multiple areas, including the BCL (Base Class Library). The new version also makes improvements to the SQL client, Windows Communication Foundation, the CLR (Common Language Runtime), and the ASP.Net web framework.The security focus in the BCL impacts PKI capabilities, and X.509 certificates now support the FIPS 186-3 digital signature algorithm. "This support enables X.509 certificates with keys that exceed 1024-bit," Microsoft's Stacey Haffner said. "It also enables computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512)."To read this article in full or to leave a comment, please click here

What’s in a security score?

Fair Isaac Corp., the company that issues credit scores for individuals, was tired of other analytics companies developing security scoring tools for businesses and then proclaiming themselves “the FICO of security scores.”So in May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and security risk assessment tools to issue scores and predict a company’s likelihood of a significant breach compared to other firms within the next 12 months.“Our own cyber breach insurance underwriters commented how great it would be if there was really a FICO score on this for the underwriting process,” says Doug Clare, vice president of cybersecurity solutions. The company had already invested in cybersecurity detection technology that assesses network traffic, and it saw the addition of QuadMetrics as “the right opportunity at the right time,” he adds.To read this article in full or to leave a comment, please click here

What’s in a security score?

Fair Isaac Corp., the company that issues credit scores for individuals, was tired of other analytics companies developing security scoring tools for businesses and then proclaiming themselves “the FICO of security scores.”So in May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and security risk assessment tools to issue scores and predict a company’s likelihood of a significant breach compared to other firms within the next 12 months.“Our own cyber breach insurance underwriters commented how great it would be if there was really a FICO score on this for the underwriting process,” says Doug Clare, vice president of cybersecurity solutions. The company had already invested in cybersecurity detection technology that assesses network traffic, and it saw the addition of QuadMetrics as “the right opportunity at the right time,” he adds.To read this article in full or to leave a comment, please click here

57% off Executive Office Solutions Portable Adjustable Laptop Desk/Stand/Table – Deal Alert

The Executive Office Solutions Portable Adjustable Laptop Desk/Stand/Table is designed to allow you to set up an office anywhere! It is easy to carry, with a light weight aluminum frame. This device makes a perfect desk for your laptop.  The adjustable legs allow you to rotate 360 degrees and lock it in place at various angles. This desk is also vented and connects to your computer via the  included USB cord to power two quiet CPU cooling fans.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Is outdated legislation holding back the gig economy?

We are in the midst of a dramatic shift in the way we work. In the new gig economy, some 40 percent of the American workforce consists of contingent workers: contract workers, part-time workers, independent contractors and those who freelance.The U.S. government doesn’t currently collect much data on the many American contingent workers, which means it can’t keep up with their needs. Recognizing this, the Department of Labor is introducing the Contingent Worker Supplement in its next population survey in 2017.To read this article in full or to leave a comment, please click here

Drones have potential for industrial sabotage

Industrial facilities should be on guard against drones. Even off-the-shelf versions of the unmanned aircraft could be used to disrupt sensitive systems. On Wednesday, Jeff Melrose, a presenter at Black Hat 2016, showed how consumer drones could do more than just conduct aerial spying. The flying machines can also carry a transmitter to hack into a wireless keyboard or interfere with industrial controls, he said. It’s not enough to place a fence around a building to keep intruders out, according to Melrose, who is a principal tech specialist at Yokogawa, an industrial controls provider. These days, some consumer drones can travel up to 3 miles (4.8 kilometers) or more.To read this article in full or to leave a comment, please click here

Drones have potential for industrial sabotage

Industrial facilities should be on guard against drones. Even off-the-shelf versions of the unmanned aircraft could be used to disrupt sensitive systems. On Wednesday, Jeff Melrose, a presenter at Black Hat 2016, showed how consumer drones could do more than just conduct aerial spying. The flying machines can also carry a transmitter to hack into a wireless keyboard or interfere with industrial controls, he said. It’s not enough to place a fence around a building to keep intruders out, according to Melrose, who is a principal tech specialist at Yokogawa, an industrial controls provider. These days, some consumer drones can travel up to 3 miles (4.8 kilometers) or more.To read this article in full or to leave a comment, please click here

1 2,720 2,721 2,722 2,723 2,724 3,793