Crypto: Nominated to the Cybersecurity Canon

If you are a cybersecurity professional or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon. What is a canon? There are lots of definitions, but the one that applies here is “a sanctioned or accepted group or body of related works.” With this definition in mind, the stated goal of the Cybersecurity Canon is: “To identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”To read this article in full or to leave a comment, please click here

Crypto: Nominated to the Cybersecurity Canon

If you are a cybersecurity professionals or interested in cybersecurity at all, you should be familiar with the Cybersecurity Canon.  Just what is a Canon?  There are lots of definitions but that one that applies here is, “a sanctioned or accepted group or body of related works.”  With this definition in mind, the stated goal of the Cybersecurity Canon is:“To identify a list of must-read books for all cybersecurity practitioners -- be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.”To read this article in full or to leave a comment, please click here

IDG Contributor Network: Mainframes and the API economy

A few weeks ago I found myself in a meeting with the technical team at a major investment company that uses mainframes to support the massive amounts of data they work with every day. I spend just about all of my time talking with mainframers, but this conversation took a bit of an odd twist: they wanted to talk about application programming interfaces (APIs).It wasn’t what I expected, but after thinking about it more, it makes perfect sense. After all, APIs are driving just about everything these days. It’s no wonder so many people are (unironically) talking about the “API economy.”+ Also on Network World: The cloud’s silver lining: the mainframe +To read this article in full or to leave a comment, please click here

Pickup truck plows over ‘Welcome to Fabulous Las Vegas’ sign

So I ask a colleague to name the most famous city “welcome” sign other than Hollywood and he answers without hesitation: “Las Vegas.”Not anymore.The Las Vegas Review-Journal reports that the crash occurred just before 7 a.m. on Sunday and that the driver of the pickup suffered no injuries.The “Welcome to Fabulous Las Vegas” sign did not fare as well, as you can see in this Facebook video: Naturally, the sign has its own Wikipedia page, which has already been updated with news of the accident (I love Wikipedia) and begins:To read this article in full or to leave a comment, please click here

Pickup truck plows over ‘Welcome to Fabulous Las Vegas’ sign

So I ask a colleague to name the most famous city “welcome” sign other than Hollywood and he answers without hesitation: “Las Vegas.”Not anymore.The Las Vegas Review-Journal reports that the crash occurred just before 7 a.m. on Sunday and that the driver of the pickup suffered no injuries.The “Welcome to Fabulous Las Vegas” sign did not fare as well, as you can see in this Facebook video: Naturally, the sign has its own Wikipedia page, which has already been updated with news of the accident (I love Wikipedia) and begins:To read this article in full or to leave a comment, please click here

Worth Reading: Sharing your password is illegal

The United States Court of Appeals for the Ninth Circuit ruled last week in favor of the government’s use of the Computer Fraud and Abuse Act (CFAA) to put away David Nosal, a headhunter who left his job at the firm Korn/Ferry to start his own firm. After leaving, Nosal persuaded a former co-worker still employed by Korn/Ferry to share his login credentials for a database he used for research without the firm’s permission. —The Federalist

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Sharing your password is illegal appeared first on 'net work.

Telcos should only retain metadata to fight serious crime, EU judge says

Governments may order telcos to retain customer data, but only to fight serious crime, a top European Union judge has advised.Lobby groups European Digital Rights (EDRi) and Privacy International welcomed the recommendation, saying it adds to a growing body of legal opinion opposing mass data retention. It could even, said Privacy International, derail the U.K.'s Investigatory Powers Bill, introduced in March by Theresa May, then home secretary and now prime minister.Advocate General Henrik Saugmandsgaard Øe advised that a general obligation to retain data may be compatible with EU law, but cautioned that laws imposing such obligations should respect personal privacy and impose strict controls on access to the retained data, its security, and the period it is kept. Furthermore, such obligations can only be justified when strictly necessary in the fight against serious crime.To read this article in full or to leave a comment, please click here

Telcos should only retain metadata to fight serious crime, EU judge says

Governments may order telcos to retain customer data, but only to fight serious crime, a top European Union judge has advised.Lobby groups European Digital Rights (EDRi) and Privacy International welcomed the recommendation, saying it adds to a growing body of legal opinion opposing mass data retention. It could even, said Privacy International, derail the U.K.'s Investigatory Powers Bill, introduced in March by Theresa May, then home secretary and now prime minister.Advocate General Henrik Saugmandsgaard Øe advised that a general obligation to retain data may be compatible with EU law, but cautioned that laws imposing such obligations should respect personal privacy and impose strict controls on access to the retained data, its security, and the period it is kept. Furthermore, such obligations can only be justified when strictly necessary in the fight against serious crime.To read this article in full or to leave a comment, please click here

Newest Guccifer 2.0 DNC dump included personal info about celebrities and CEOs

Democratic National Committee hacker Guccifer 2.0 gave The Hill another batch of pilfered DNC documents; these are different than those files which included information on 11,000 donors given to The Hill last week. At that time, Guccifer had claimed that the press had been forgetting about him, that WikiLeaks was “playing for time” and he still had documents to dump.To read this article in full or to leave a comment, please click here

Newest Guccifer 2.0 DNC dump included personal info about celebrities and CEOs

Democratic National Committee hacker Guccifer 2.0 gave The Hill another batch of pilfered DNC documents; these are different than those files which included information on 11,000 donors given to The Hill last week. At that time, Guccifer had claimed that the press had been forgetting about him, that WikiLeaks was “playing for time” and he still had documents to dump.To read this article in full or to leave a comment, please click here

Security software that uses ‘code hooking’ opens the door to hackers

Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.To read this article in full or to leave a comment, please click here

Security software that uses ‘code hooking’ opens the door to hackers

Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.To read this article in full or to leave a comment, please click here

Can’t upgrade your laptop to Windows 10? Microsoft will give you one for free*

With two weeks left before Microsoft’s free upgrade offer for Windows 10 comes to a close, the company is pulling out its biggest gimmick yet. Its latest offer is that they’ll give you a free Dell Inspiron 15 laptop if they can’t update your laptop to Windows 10 with same-day service.And yes, there are some strings. Quite a few. First, your trade-in PC needs to be compatible with Windows 10 in the first place. That should cut out a lot of lame old PCs from the mix. If you don’t have a compatible system, you can earn $150 to the purchase of a new PC.To read this article in full or to leave a comment, please click here

4 numbers that stood out in VMware’s earnings

VMware this week updated investors on the progress of emerging technologies playing an increasingly significant role in the company’s earnings.+MORE AT NETWORK WORLD: EMC targets strategic markets as Dell acquisition looms | Microsoft will miss its 1 billion Windows 10 device target +VMware’s product mix includes not just compute virtualization, but network virtualization, cloud management and end user computing. Below are four numbers that provide a snapshot of VMware’s earnings and a preview of future offerings.To read this article in full or to leave a comment, please click here

Getting a handle on spam emanating from generic top-level domains

Since I posted my tome about the generic top-level domains (gTLDs), I’ve received mostly bouquets. A few brickbats were also metaphorically hurtled through the window. I’m disturbing business models fostered by the new gTLDs.A lawyer who doesn’t want to be named just threw a tort across the transom. It ended up as junk mail, but I fished it out and responded.+ Also on Network World: Best practices for email security +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Stopping ransomware in its tracks

Allowing ransomware to enter a computer and corrupt a few files before being stomped on is the way to arrest the forward march of an attack, say computer scientists.The key is to not to stop ransomware getting into the system, which is hard, but to simply identify when files are beginning to be encrypted, assume something’s amiss, and then kill anything that’s causing the anomaly, researchers from the University of Florida (UF) and Villanova University say.+ Also on Network World: Who is a target for ransomware? Everyone +To read this article in full or to leave a comment, please click here

​EMC targets strategic markets as Dell acquisition looms

EMC has reported encouraging financials ahead of the company’s crucial shareholder vote this week, as the vendor targets strategic markets and profitability ahead of its upcoming acquisition by Dell. With the largest technology merger in history pending approval, the storage giant reported strategic successes during 2Q16 that it can build from as it continues toward its landmark expected integration into Dell. After a full year of bottom-line declines during 2015, EMC notched a second consecutive quarter of year-to-year net income improvements during 2Q16, rising 160 basis points to 9.7 per cent, supported in part by cost restructuring initiatives but also by heightened monetisation of investment in strategic solutions areas.To read this article in full or to leave a comment, please click here

1 2,812 2,813 2,814 2,815 2,816 3,844