SD-WAN: What it is and why you’ll use it one day

Managing the Wide Area Network (WAN) for Redmond Inc., a supplier of industrial and commercial products – from salt that’s used to protect winter roadways to organic dairy products and health items – is an easier job today for the company’s technical project manager Aaron Gabrielson than it was a year ago.Redmond manages a phone system, point of sale and fax centrally out of headquarters in Heber City, Utah, which means each of Redmond’s 10 branch sites across the Midwest need a reliable connection back to headquarters in Utah. That’s easier for some sites, like those in Salt Lake City, than others, such as rural areas where there may only be a handful of workers on a farm.To read this article in full or to leave a comment, please click here

Android root malware widespread in third-party app stores

Four third-party app stores for Android have apps with a malicious component that seeks root access to devices, according to Trend Micro. The security company found 1,163 Android application packages containing the malware, which it calls ANDROIDOS_ LIBSKIN.A, wrote Jordan Pan, a mobile threats analyst with Trend. The malware obtains root access to the phone, the highest level of access and privilege. The apps containing the component were downloaded across 169 countries between Jan. 29 and Feb. 1 from marketplaces called Aptoide, Mobogenie, mobile9 and 9apps.To read this article in full or to leave a comment, please click here

Hackers aren’t smart — people are stupid

The cliche is that hackers are geniuses. That's not true, hackers are generally stupid.

The top three hacking problems for the last 10 years are "phishing", "password reuse", and "SQL injection". These problems are extremely simple, as measured by the fact that teenagers are able to exploit them. Yet they persist because, unless someone is interested in hacking, they are unable to learn them. They ignore important details. They fail at grasping the core concept.


Phishing

Phishing happens because the hacker forges email from someone you know and trust, such as your bank. It appears nearly indistinguishable from real email that your bank might send. To be fair, good phishing attacks can fool even the experts.

But when read advice from "experts", it's often phrased as "Don't open emails from people you don't know". No, no, no. The problem is that emails appear to come from people you do trust. This advice demonstrates a lack of understanding of the core concept.

What's going on here is human instinct. We naturally distrust strangers, and we teach our children to distrust strangers.Therefore, this advice is wired into our brains. Whatever advice we hear from experts, we are likely to translate it Continue reading

So, You Want To Be A Manager

And so it was as a young man that I aspired to be a manager. Management looked like control to me. After all, I thought that as I acquired technical expertise in operating systems, security, and networking, I should be the one holding the reins. That’s logical, perhaps. But it’s naive.

Nothing says “establishment” as Vox’s attack on Trump

I keep seeing this Ezra Klein Vox article attacking Donald Trump. It's wrong in every way something can be wrong. Trump is an easy target, but the Vox piece has almost no substance.

Yes, it's true that Trump proposes several unreasonable policies, such as banning Muslims from coming into this country. I'll be the first to chime in and call Trump a racist, Nazi bastard for these things.

But I'm not sure the other candidates are any better. Sure, they aren't Nazis, but their politics are just as full of hate and impracticality. For example, Hillary wants to force Silicon Valley into censoring content, brushing aside complaints from those people overly concerned with "freedom of speech". No candidate, not even Trump, is as radical as Bernie Sanders, who would dramatically reshape the economy. Trump hates Mexican works inside our country, Bernie hates Mexican workers in their own countries, championing punishing trade restrictions.

Most of substantive criticisms Vox gives Trump also applies to Bernie. For example, Vox says:
His view of the economy is entirely zero-sum — for Americans to win, others must lose. ... His message isn't so much that he'll help you as he'll hurt them... 
That's Bernie's Continue reading

Bill filed in Congress would ban encryption backdoors

Four Congressmen are proposing that states be forbidden to ask manufacturers to install encryption backdoors on their products outfitted with the technology. U.S. Rep. Ted Lieu The four filed a short bill this week that would deny states or parts of states from seeking alterations to products for the purpose of enabling surveillance of the user. It would also block them from seeking the ability to decrypt information that is otherwise unintelligible. The representatives filing the bill are Rep. Ted Lieu (D-Calif.), Rep. Blake Farenthold (R-Texas), Suzan DelBene (D-Wash.) and Mike Bishop (R-Mich.).To read this article in full or to leave a comment, please click here

U.S. intelligence chief touts IoT as a spying opportunity

In a brief aside during a Senate testimony on overall national security this week, U.S. director of national intelligence James Clapper justified the privacy and security advocates who have warned of the implications of the Internet of Things (IoT) since before it was a buzzword."In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," Clapper said, according to The Guardian.To read this article in full or to leave a comment, please click here

Don’t touch the malware at this museum

Malware moments you wish to forgetImage by Jelene Morris (modified)Jason Scott, archivist and software curator for the Internet Archive, and Mikko Hypponen, chief research officer of F-Secure, have brought together this group of malware to mark some of the early viruses. Here are only a few, with another batch to be displayed soon.To read this article in full or to leave a comment, please click here

Underhanded C contest winner’s code fools nuke inspectors into destroying fake nukes

What if Alice and Bob represented countries that agreed to a nuclear disarmament treaty, but neither trusted the other enough to scan a warhead and observe the test results because the scans revealed sensitive information about their nuclear program? In the end, the countries agree to build a fissile material detector that would output only a “yes” or “no” as to if each country dismantled real warheads and not fakes.In essence, that was the scenario for the annual Underhanded C Contest which tasked programmers with solving “a simple data processing problem by writing innocent-looking C code, while covertly implementing a malicious function. This type of malicious program, in the real world, could let states take credit for disarmament without actually disarming.”To read this article in full or to leave a comment, please click here

Healthcare CIO: Legal issues are most difficult cloud migration challenge

Boston healthcare organization CIO and longtime technology standards leader John Halamka has been quite open over the years about his organization's technology efforts and challenges. Back in 2002 he shared his hospital's 3-day struggle with network slowdowns. Last Year,  the Beth Israel Deaconess Medical Center CIO sounded the alarm that an FDA warning about a compromised medical device wouldn't be the last.To read this article in full or to leave a comment, please click here

CSO Online’s 2016 data breach blotter

Another day, another data breachImage by ThinkstockThere were 736 million records exposed in 2015 due to a record setting 3,930 data breaches. 2016 has only just started, and as the blotter shows, there are a number of incidents being reported in the public, proving that data protection is still one of the hardest tasks to master in InfoSec.To read this article in full or to leave a comment, please click here

How to build your Property Management System integration using Microservices

This is a guest post by Rafael Neves, Head of Enterprise Architecture at ALICE, a NY-based hospitality technology startup. While the domain is Property Management, it's also a good microservices intro.

In a fragmented world of hospitality systems, integration is a necessity. Your system will need to interact with different systems from different providers, each providing its own Application Program Interface (API). Not only that, but as you integrate with more hotel customers, the more instances you will need to connect and manage this connection. A Property Management System (PMS) is the core system of any hotel and integration is paramount as the industry moves to become more connected.

 

To provide software solutions in the hospitality industry, you will certainly need to establish a 2-way integration with the PMS providers. The challenge is building and managing these connections at scale, with multiple PMS instances across multiple hotels. There are several approaches you can leverage to implement these integrations. Here, I present one simple architectural design to building an integration foundation that will increase ROI as you grow. This approach is the use of microservices.

What are microservices? 

1 3,000 3,001 3,002 3,003 3,004 3,696