5 videoconferencing fears (and how to overcome them)

More than half (54 percent) of employees regularly take part in work-related videoconferences, but not all of them are eager participants, according to a recent report. In the survey of more than 230 full-time U.S. workers by West Unified Communications, 23 percent of the respondents said that videoconferencing makes them feel uncomfortable, and three-quarters said they still prefer audio to video. “There’s a definite fear factor among employees when it comes to using videoconferencing,” says Dennis Collins, director of marketing at West. “Just like listening to a recording of your voice makes people uncomfortable, many are uncomfortable with seeing themselves on camera.” To read this article in full or to leave a comment, please click here

Cyber insurance can keep your business afloat after a cyberattack

Technology, social media and transactions over the Internet play key roles in how most organizations conduct business and reach out to prospective customers today. Those vehicles also serve as gateways to cyberattacks. Whether launched by run-of-the-mill hackers, criminals, insiders or even nation states, cyberattacks are likely to occur and can cause moderate to severe losses for organizations large and small. As part of a risk management plan, organizations routinely must decide which risks to avoid, accept, control or transfer. Transferring risk is where cyber insurance comes into play.What is cyber insurance? A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event. With its roots in errors and omissions (E&O) insurance, cyber insurance began catching on in 2005, with the total value of premiums forecasted to reach $7.5 billion by 2020. According to PwC, about one-third of U.S. companies currently purchase some type of cyber insurance.To read this article in full or to leave a comment, please click here

Performance reviews: 10 things to do before, during and after

While many organizations are experimenting with the notion of eliminating traditional performance reviews, most companies are still doing annual or semi-annual reviews. The process can be nerve-wracking and cause anxiety if employees don't know what to expect or aren't prepared, but it doesn't have to be like this."The most important thing to remember is that these reviews are supposed to be a two-way street with communication flowing both ways, between employee and manager or supervisor. And while, yes, it can be an anxious event, in the end, remember that you both want the same thing -- success and productivity within the organization," says Dominque Jones, chief people officer and vice president of HR at Halogen Software. Here, Jones shares her tips for making sure your next performance review process is productive, fulfilling and successful.To read this article in full or to leave a comment, please click here

Windows 10 migration: At least it’s not like last time

Enterprises should have an easier time migrating from Windows 7 to Windows 10 than they did the last go-round when they left behind Windows XP, an analyst said, citing lessons both Microsoft and corporations learned."Microsoft has provided the option to roll out [Windows 10] using most of the same processes you used with Windows 7," said Steve Kleynhans of research firm Gartner in an interview Tuesday. "For that, you get a new OS, but you don't get new capabilities. Later, you can make the decision to, say, turn on the tighter security of Windows 10, or change the way that applications are distributed by turning on the Store."The migrate-but-then-do-more-later plan is one many enterprises will adopt, Kleynhans said, which should make the transition smoother and faster than the one businesses struggled to complete in late 2013 and early 2014 as they purged XP.To read this article in full or to leave a comment, please click here

5 hard truths about employee engagement

A 2013 study from Gallup found that as much as 70 percent of U.S. workers aren't actively engaged in their jobs. Engagement hasn't gotten much better since then, with Gallup's 2015 report showing nearly identical numbers and stagnant growth from 2014, as well as mostly flat growth since 2000. And for new hires, there's an "engagement honeymoon" period, according to another recent report from Gallup -- it found that employees perform the best and are the most engaged within the first six months of starting a new job, and after that there is a fast drop off.To read this article in full or to leave a comment, please click here

World Password Day: Change your shared passwords at Netflix, Prime, HBO Now

Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all of your passwords—a strong and unique password for every site where you login—and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.Intel/McAfee is again trying to persuade people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.World Password Day is as good a day as any to talk about password sharing.To read this article in full or to leave a comment, please click here

World Password Day: Change your shared passwords at Netflix, Prime, HBO Now

Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all your passwords, a strong and unique password for every site where you login, and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.Intel/McAfee is again trying to convince people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.World Password Day is as good a day as any to talk about password sharing.To read this article in full or to leave a comment, please click here

Cool New Networking Products At Interop 2016

Critical flaws in ImageMagick library expose websites to hacking

A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there's no official patch yet and exploits are already available.The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.Furthermore, there is evidence that people aside from security researchers and  ImageMagick developers know about the flaws, which is why their existence was publicly disclosed Tuesday. The flaws can be exploited by uploading specially crafted images to Web applications that rely on ImageMagick to process them.To read this article in full or to leave a comment, please click here

Critical flaws in ImageMagick library expose websites to hacking

A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there's no official patch yet and exploits are already available.The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.Furthermore, there is evidence that people aside from security researchers and  ImageMagick developers know about the flaws, which is why their existence was publicly disclosed Tuesday. The flaws can be exploited by uploading specially crafted images to Web applications that rely on ImageMagick to process them.To read this article in full or to leave a comment, please click here

Yet Another Padding Oracle in OpenSSL CBC Ciphersuites

Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13.

It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the “old days”, it has no name except CVE-2016-2107. (I call it LuckyNegative20¹)

It’s a wonderful example of a padding oracle in constant time code, so we’ll dive deep into it. But first, two quick background paragraphs. If you already know all about Lucky13 and how it's mitigated in OpenSSL jump to "Off by 20" for the hot and new.

If, before reading, you want to check that your server is safe, you can do it with this one-click online test.

TLS, CBC, and Mac-then-Encrypt

Very long story short, the CBC cipher suites in TLS have a design flaw: they first compute the HMAC of the plaintext, then encrypt plaintext || HMAC || padding || padding length using CBC mode. The receiving end is then left with the uncomfortable task of decrypting the message and checking HMAC and padding without revealing the padding length in any way. If they do, we call Continue reading

iPaaS: What this cloud technology is and why it’s important

GameStop operates more than 4,000 stores in the U.S. and another 2,000 abroad. Between paying monthly rent, managing leases and searching for new properties, there’s a lot to keep track of for the company’s commercial real estate team.A few years ago GameStop began using a real estate management software as a service (SaaS), but Vice President of Enterprise Architecture Mark Patton says there was a problem. The software needed data from many of GameStop’s other business apps: ERP systems, financial platforms, etc.“We needed a way to glue these things together,” he says. “You need to be able to get data into and out of apps quickly.”Traditionally, the answer to this problem has been to use integration software on premises. In recent years a market has emerged in the cloud called integration Platform as a Service, or iPaaS, which offers a hosted integration platform that can be a central cloud for connecting many apps and cloud services together. Gartner estimates it could be a $1 billion industry in a few years.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How much will you trust your robot?

Robots will be managed and run by humans, at least to begin with, according an automation expert.And if you're the one controlling them, it begs questions such as how are you going to get along with these contraptions? It also prompts concerns such as how one stops the machine from misunderstanding, says Thomas B. Sheridan, a professor at the Massachusetts Institute of Technology who studies humans and automation.Researchers need to become more active in addressing these kinds of questions rather than skimming over potential challenges, says Sheridan. He’s been reading up on the scientific consensuses on the subject and says his peers aren't doing enough research.To read this article in full or to leave a comment, please click here

On Star Wars Day, Japan’s ANA gives new flight to franchise’s iconic theme song

Star Wars Day – May 4th – brings out the creative sides of those who love the cinematic series and marketers who recognize a viral opportunity when they see one.Today, Japan’s ANA (All Nippon Airways) joins the fun with an innovative rendition of the classic opening theme song. A site called Luxury Launches (new to me) offers this description: As seen in the video below it is a very thoughtful and beautiful compilation of sights and sounds which includes take offs, printing of the boarding pass, luggage on the conveyor belt, engine coming to life, air hostesses on the moving walkway and more of the typical activities you and me face and see on a flight. There is also a guest appearance by the newest member of the franchisee the BB-8 robot. The video is shot across 10 locations which include Tokyo’s Narita airport, maintenance centers, hangars and training facilities of ANA.To read this article in full or to leave a comment, please click here

Sci-Fi Wars: May The 4th Be With You

4 IT companies allowed to use commercial drones

The Federal Aviation Administration has granted approval for more than 5,000 so-called Section 333 exemptions to operate commercial drones over the past year, and among those getting the go ahead are familiar names in the enterprise IT and networking market. Apple, Microsoft, Motorola Solutions and Qualcomm are among those tech vendors we found in the approved petitions database, with stated operations/missions for commercial drones -- also known as unmanned aircraft systems (UAS) or unmanned aerial vehicles (UAV) -- that include  photography/videography, aerial mapping/surveying, research and development, and security.To read this article in full or to leave a comment, please click here

Infographic: Commercial drones by the numbers

Here are the latest numbers on commercial drones, including FAA Section 333 exemptions and venture funding. Thanks to CB Insights for its data. MORE: Coolest drone projects from big enterprise IT players | Commercial drones gaining altitude with enterprise IT vendors | Meet Cisco's go-to guy on commercial dronesTo read this article in full or to leave a comment, please click here

Meet Cisco’s go-to guy on commercial drones

Cisco’s Biren Gandhi hasn’t played around with drones as much as he’d like to, but it looks as though he’s going to have lots of chances to do so given the company’s growing interest in these high-flying Internet of Things devices.  Cisco increasingly has made its presence felt within the commercial drone/unmanned aerial vehicle (UAV)/unmanned aircraft system (UAS) community, with Gandhi and others speaking at and attending industry conferences such as InterDrone (see video below) and NASA events. The company is also working with startups, carriers and others making up the burgeoning commercial drone ecosystem, and of course has been pushing hard into the broader Internet of Everything, such as through its $1.4B purchase of Jasper Technologies. Gandhi, a distinguished engineer & strategist within Cisco’s Corporate Strategic Innovation Group who early in his career worked as an R&D engineer at the Indian Space Research Organization, has also blogged about Cisco’s beliefs about drones over the past year.To read this article in full or to leave a comment, please click here

Coolest drone projects at big enterprise IT companies

High flying ideas Drone-related projects by enterprise IT and networking vendors are all over the map, which isn’t surprising since unmanned aerial vehicles (UAV) are so useful for flying from here to there. Here’s a whirlwind tour of commercial drone-related projects discussed publicly by familiar enterprise IT and networking vendors.RELATED: Commercial drones gaining altitude with enterprise IT vendorsTo read this article in full or to leave a comment, please click here

4 IT companies allowed to use commercial drones

The Federal Aviation Administration has granted approval for more than 5,000 so-called Section 333 exemptions to operate commercial drones over the past year, and among those getting the go ahead are familiar names in the enterprise IT and networking market. Apple, Microsoft, Motorola Solutions and Qualcomm are among those tech vendors we found in the approved petitions database, with stated operations/missions for commercial drones -- also known as unmanned aircraft systems (UAS) or unmanned aerial vehicles (UAV) -- that include  photography/videography, aerial mapping/surveying, research and development, and security.To read this article in full or to leave a comment, please click here