DHS Inspector General lambasts TSA’s IT security flaws

The Transportation Security Administration’s IT department has persistent security problems including unpatched software, inadequate contractor oversight, physical security and inadequate vulnerability reporting.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+Those were the main conclusions outlined in a report this week from the Department of Homeland Security’s Office of Inspector General which specifically took a look at the TSA’s Security Technology Integrated Program (STIP) which it defines as a “mission-essential data management system that connects airport transportation security equipment to servers. Connection to a centralized server allows remote management of passenger and baggage screening equipment and facilitates equipment maintenance, including software changes in response to emerging threats.”To read this article in full or to leave a comment, please click here

Four major trends in enterprise mobility  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  If you want to get some insight to the trends of mobility in the enterprise, the guy to talk to is Ojas Rege, vice president of strategy for MobileIron. I caught up with him recently and he talked about four major trends that will have a big impact in the years ahead.The first trend is what is happening from the application security perspective. Enterprises started to get interested in mobile apps about five or six years ago. The larger screen real estate of the Apple iPad really opened companies' eyes to what could be done with mobile apps. The earliest applications were rather ad hoc, usually project-based. Then organizations began building apps around their business workflow, and security became a bigger issue.To read this article in full or to leave a comment, please click here

WhatsApp finally comes to PC and Mac

Instant messaging between desktops and phones hasn't exactly taken off despite the ubiquity of both. There is Skype. Microsoft has done a good job of making it available everywhere, but most instant messengers are limited to either the PC or mobile phones, and PCs do a surprisingly bad job of supporting SMS texting.Well, things took a step forward now that WhatsApp, a popular smartphone instant messenger, has finally launched on PC and Mac. The smartphone app, which Facebook bought for an incredible $19 billion last year, has over a billion users worldwide.Up to now, if you didn't have it on your smartphone, you had to use the Web site, WhatsApp Web. The desktop app, like the Web site and smartphone app, is designed as "an extension of your phone," as the company put it in announcing the app, synchronizing your conversations and messages between the two devices.To read this article in full or to leave a comment, please click here

Worth Reading: Feinstein-Burr, Encryption, and “The Rule of Law”

There’s a lot to say about the substance of the misguided anti-encryption legislation sponsored by Sens. Dianne Feinstein and Richard Burr, which was recently released as a “discussion draft” after a nearly-identical version leaked earlier this month. I hope to do just that in subsequent posts. But it’s also worth spending a little time on the proposal’s lengthy preamble, which echoes the rhetorical tropes frequently deployed by advocates for mandating government access to secure communications and stored data. -via Just Security

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Feinstein-Burr, Encryption, and “The Rule of Law” appeared first on 'net work.

Microsoft’s fascinating GigJam service is open to anyone who wants an invite

Anyone can get into the private beta of MIcrosoft's new GigJam productivity service, which is aimed at helping teams of people collaborate in real time over the Internet, the company announced Thursday. GigJam combines data from a variety of services including Microsoft's own Office 365, Trello, Dropbox, and Salesforce. Users can then bring that information into a shared workspace, allowing them to quickly work together.Users can easily redact part of the information they're sharing with other people, meaning they can selectively share only what needs to be seen in order to get a job done. There's no way around it: GigJam is a kind of wacky product Microsoft has built to help people get work done together. But what's interesting is that it's emblematic of the company's current approach to the productivity market -- focused on letting people quickly and independently collaborate across different services while maintaining a secure environment. To read this article in full or to leave a comment, please click here

Man who entombed Verizon worker gets probation, anger management

Because no one was physically injured or worse, headline writers such as yours truly felt able to characterize the August 2013 incident thusly: “Verizon worker thankful 911 operator could hear him now.” Today the 73-year-old Massachusetts man who perpetrated the criminal act against that Verizon worker must be equally thankful that a lenient judge has sentenced him to only a year of probation plus an apparently long-overdue anger management class. From a story in the Worcester Telegram & Gazette:To read this article in full or to leave a comment, please click here

Man who entombed Verizon worker gets probation, anger management

Because no one was physically injured or worse, headline writers such as yours truly felt able to characterize the August 2013 incident thusly: “Verizon worker thankful 911 operator could hear him now.” Today the 73-year-old Massachusetts man who perpetrated the criminal act against that Verizon worker must be equally thankful that a lenient judge has sentenced him to only a year of probation plus an apparently long-overdue anger management class. From a story in the Worcester Telegram & Gazette:To read this article in full or to leave a comment, please click here

IDG Contributor Network: Artificial intelligence will revolutionize Wi-Fi

Wi-Fi has moved from a nascent technology to one that is widely accepted and become so commonplace that we wonder how we ever functioned without it.It started from autonomous access points and was followed up by controller-based architecture (with a centralized controller and thin access points). And, as we learned from the challenges in deploying Wi-Fi and the ability of the environment to impact user experience, companies have constantly tried to innovate. Some focused on building dynamic channel or power planning, some built controller-less networks, and others tried to make it work in single channel. (Don't deploy single channel until you have read the challenges here.)To read this article in full or to leave a comment, please click here

Dangerous 7-Zip flaws put many other software products at risk

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco's Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.To read this article in full or to leave a comment, please click here

Dangerous 7-Zip flaws put many other software products at risk

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco's Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.To read this article in full or to leave a comment, please click here

Microservices Network Architecture 101

A new god is rising in the world of application development – Microservices

The new god promises if not happiness in the next life, scalability, agility and fault tolerance in this life. At the heart of all this, is a simple, age-old axiom that is a key design goal of Unix: do one thing, and do it well. In the evolution of application architectures, single monolithic applications made way for client-server applications, which in turn made the way for microservices. The upending of the old world continues in data centers.

Communication is at the heart of this new religion (one popular theory of the etymology of the word religion is the word “religio” which means “to reconnect”). Every religion and every new technology introduces its own new vocabulary.

Microservices are no different!

In the domain of communications, the new lingo involves things such as MacVlan, IPVlan, Weave, Flannel and Swarm, to just name a few. What are they ? How are they connected ? Is IPVlan a new encapsulation format ? If it’s not a new encapsulation format, what is it ? If it is a new encapsulation format, how is it related to VxLAN ? Why were they invented ? Which one should I use ? What Continue reading

Lawmakers probe large data breaches at US bank insurance agency

The personal banking information of about 160,000 U.S. residents walked out the door of the federal government's bank insurance agency on removable media of employees departing in recent months.During the last seven months, seven departing employees at the Federal Deposit Insurance Corporation (FDIC) have left with personal banking information on thumb drives and other removable media, agency officials told a congressional subcommittee Thursday.The FDIC, which provides deposit insurance to U.S. bank accounts, considered the data breaches as "inadvertent" copying of personal banking information that happened when departing employees were copying personal information to removable media, Lawrence Gross Jr., the FDIC's CIO, told the House of Representatives Science, Space, and Technology Committee's oversight subcommittee.To read this article in full or to leave a comment, please click here

Lawmakers probe large data breaches at US bank insurance agency

The personal banking information of about 160,000 U.S. residents walked out the door of the federal government's bank insurance agency on removable media of employees departing in recent months.During the last seven months, seven departing employees at the Federal Deposit Insurance Corporation (FDIC) have left with personal banking information on thumb drives and other removable media, agency officials told a congressional subcommittee Thursday.The FDIC, which provides deposit insurance to U.S. bank accounts, considered the data breaches as "inadvertent" copying of personal banking information that happened when departing employees were copying personal information to removable media, Lawrence Gross Jr., the FDIC's CIO, told the House of Representatives Science, Space, and Technology Committee's oversight subcommittee.To read this article in full or to leave a comment, please click here

1 2,895 2,896 2,897 2,898 2,899 3,767