11 theatrical security measures that don’t make your systems safer

Theater of the absurdImage by REUTERS/Mario AnzuoniThe term "security theater" was coined to describe the array of security measures at U.S. airports -- taking off shoes, patting down children and the elderly -- that project an image of toughness without making commercial aviation any safer. But the man who came up with the phrase is famous cybersecurity expert Bruce Schneier, and it could just as easily apply to a number of common tech security measures. We talked to an array of tech experts to discover what security technologies are often just for show.To read this article in full or to leave a comment, please click here

11 theatrical security measures that don’t make your systems safer

Theater of the absurdImage by REUTERS/Mario AnzuoniThe term "security theater" was coined to describe the array of security measures at U.S. airports -- taking off shoes, patting down children and the elderly -- that project an image of toughness without making commercial aviation any safer. But the man who came up with the phrase is famous cybersecurity expert Bruce Schneier, and it could just as easily apply to a number of common tech security measures. We talked to an array of tech experts to discover what security technologies are often just for show.To read this article in full or to leave a comment, please click here

Blockchain’s hype exceeds its grasp – for now

Blockchain has been touted by venture capitalists, technophiles and pundits as the Next Big Thing in computer science. The reality, however, is that the digital ledger software at the heart of Bitcoin and other cryptocurrencies has a long way to go before it gains mainstream adoption.That was a key takeaway from a blockchain panel at last month’s MIT Sloan CIO Symposium. Noting that blockchain enables parties to ferry financial transactions, contracts and other digital records over the Internet, MIT professor Christian Catalini asked the panel about potential enterprise applications for the technology.To read this article in full or to leave a comment, please click here

Blockchain’s hype exceeds its grasp – for now

Blockchain has been touted by venture capitalists, technophiles and pundits as the Next Big Thing in computer science. The reality, however, is that the digital ledger software at the heart of Bitcoin and other cryptocurrencies has a long way to go before it gains mainstream adoption.That was a key takeaway from a blockchain panel at last month’s MIT Sloan CIO Symposium. Noting that blockchain enables parties to ferry financial transactions, contracts and other digital records over the Internet, MIT professor Christian Catalini asked the panel about potential enterprise applications for the technology.To read this article in full or to leave a comment, please click here

Apple shouldn’t go slow on iPhone tempo

Apple would be making a mistake slowing down the cadence of major upgrades to its iPhone, said a pair of analysts today, who argued that the company should instead try to speed up the pace.Their comments were sparked by a Nikkei Asian Review report last week that asserted Apple was shifting to a three-year interval between significant iPhone upgrades. The business paper's proof was thin: That the upcoming iPhone 7 will "look almost identical to the current iPhone 6."If accurate, Apple would abandon its two-year rhythm that debuted a form factor change in even years, followed by nearly identical models that retained the exterior look in odd years, designated with an "S" appended to the label.To read this article in full or to leave a comment, please click here

Walks like a Black Duck: Docker’s security teaseware tool unmasked

I read of Docker’s announcement June 6, about a new security vetting online tool for its containers. Yes, it’s a step forward. But it’s not Docker’s.Last week, I received a briefing and did a proof-of-concept test on another SaaS container-checking tool, Black Duck’s Security Checker.  Hmmmm. Docker’s tool quacks like a Black Duck.After some quick queries, I confirmed that these tools are indeed the same.The short of it is this: there are two SaaS front ends pointing to the same tool—Black Duck’s Hub product, which vets, among other things, Docker containers. You get three free tests at Black Duck. However, at Docker, it’s FREE-AS-IN-BEER until Aug. 1, 2016. You pick. It’s subscription-only afterwards, unless the model changes. To read this article in full or to leave a comment, please click here

Walks like a Black Duck: Docker’s security teaseware tool unmasked

I read of Docker’s announcement June 6, about a new security vetting online tool for its containers. Yes, it’s a step forward. But it’s not Docker’s.Last week, I received a briefing and did a proof-of-concept test on another SaaS container-checking tool, Black Duck’s Security Checker.  Hmmmm. Docker’s tool quacks like a Black Duck.After some quick queries, I confirmed that these tools are indeed the same.The short of it is this: there are two SaaS front ends pointing to the same tool—Black Duck’s Hub product, which vets, among other things, Docker containers. You get three free tests at Black Duck. However, at Docker, it’s FREE-AS-IN-BEER until Aug. 1, 2016. You pick. It’s subscription-only afterwards, unless the model changes. To read this article in full or to leave a comment, please click here

IDG Contributor Network: LinkedIn data breach still causing problems

Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification and use stronger passwords.Four years later, and the passwords of 117 million accounts were compromised.Worryingly, this came to light only when a hacker put them up for sale, offering data from 167 million accounts in total. If you haven’t changed your LinkedIn password since 2012, you could be at risk. Tech savvy is no protection, as evidenced by the fact that a hacker group used the LinkedIn password dump to hack Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts.To read this article in full or to leave a comment, please click here

IDG Contributor Network: LinkedIn data breach still causing problems

Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification and use stronger passwords.Four years later, and the passwords of 117 million accounts were compromised.Worryingly, this came to light only when a hacker put them up for sale, offering data from 167 million accounts in total. If you haven’t changed your LinkedIn password since 2012, you could be at risk. Tech savvy is no protection, as evidenced by the fact that a hacker group used the LinkedIn password dump to hack Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts.To read this article in full or to leave a comment, please click here

Worth Reading: Encryption is a red herring

Spooky rhetorical flourishes have become commonplace in the debate about encrypted communications. We are told that the FBI is “going dark;” that “warrant-proof” communications are proliferating; and that terrorists and criminals are operating en masse and with impunity. But are evildoers really foiling law enforcement’s ability to investigate their crimes? Real Clear Policy

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Encryption is a red herring appeared first on 'net work.

Millions of sensitive services exposed on the internet reveal most hackable countries

There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on the internet reveal most hackable countries

There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on internet reveal most hackable countries

There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on internet reveal most hackable countries

There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

To Wave 2 or not to Wave 2?

The second wave of wireless networking gear based on the 802.11ac standard – collectively, “wave 2” – is the current cutting edge of Wi-Fi technology. Boasting multi-user MIMO (meaning that it can service multiple client devices using its multiple antennae), wider channels, and a number of other bells and whistles, wave 2 hardware offers more throughput and better handling of multiple connections. But is it really necessary? Generally, connection speeds are limited by other parts of the infrastructure, not the wireless connection. Cutting-edge gear, obviously, comes at a premium price. If the improvements over 802.11ac wave 1 aren’t crucially important to you, some argue, you might be better off skipping wave 2 and waiting for the next wireless standard – 802.11ax – to make it onto shelves.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Troubleshooting Cisco’s ISE without TAC

One thing I have been very passionate about is making secure network access deployments easier, which includes what we like to call serviceability. Serviceability is all about making a product easier to troubleshoot, easier to deploy and easier to use. Ultimately the goal is always customer success.There is a distinct correlation between visibility and success of any NAC project. If you are blind to what's happening, and if you can't easily get to the information that helps figure out what's wrong, it can be very frustrating and also gives the appearance of a poor deployment.My goal of this post is to highlight a lot of the serviceability items Cisco has put into ISE that you may not be aware of. I'll do my best to not only call out the feature or function that was added, but explain why it matters and what version it was added in. To read this article in full or to leave a comment, please click here

HPE invites open-source developers to pitch in on ‘The Machine’

Hewlett Packard Enterprise on Tuesday stepped up its efforts to develop a brand-new computer architecture by inviting open-source developers to collaborate on the futuristic device it calls "The Machine."Originally announced in 2014, The Machine promises a number of radical innovations, including a core design focus on memory rather than processors. It will also use light instead of electricity to connect memory and processing power efficiently, HPE says.A finished product won't be ready for years still, but HPE wants to get open-source developers involved early in making software for it. Toward that end, it has released four developer tools.To read this article in full or to leave a comment, please click here

1 2,924 2,925 2,926 2,927 2,928 3,855