Google offers app to help companies assess their vendors’ security

Google has published an interactive questionnaire that companies can use to assess the security practices of their suppliers or to review and improve their own security programs.The Vendor Security Assessment Questionnaire (VSAQ) is a Web-based application and was released under an open-source license on GitHub. It contains a collection of questionnaires that Google itself uses to review multiple aspects of a vendor's security.The application has templates for Web application security, infrastructure security, physical and data center security and an organization's overall security and privacy program. The questions cover everything from whether the vendor has processes in place for external researchers to report vulnerabilities to HTTPS implementation details and internal data handling policies.To read this article in full or to leave a comment, please click here

Worth Reading: Mobile is not everything

The industry is now maturing, and is well past its glory days of early growth. We have 4G widely deployed, and 5G is in the wings. Both are incremental rather than revolutionary changes. The retail market for “minutes, messages and megabytes” is saturating. . . . The high revenue and profit growth has shifted to devices (notably Apple’s) and online services (Google, Amazon, Alibaba, et al). The centre of power has inexorably moved towards platforms that manage and mine the flow of information. -via CircleID

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Mobile is not everything appeared first on 'net work.

Multi-factor authentication goes mainstream

Fingerprints, rather than passwords, are what more than a million financial services customers at USAA use to get online. Part of a trend toward multi-factor authentication (MFA), there is no stored list of passwords for hackers to steal.In 2014, San Antonio-based USAA became the first financial institution to roll out facial and voice recognition on a mobile app, says Gary McAlum, USAA's chief security officer. Thumbprint recognition followed a few months later. A year after that, USAA had 1.1 million enrolled MFA users, out of a target population of 5 million mobile banking app users.To read this article in full or to leave a comment, please click here(Insider Story)

Reviewing incident response plans for data risk preparedness

Incident response plan reviews are growing in importance with the rapidly increasing numbers and types of information security incidents that enterprises must face. The enterprise must approach these reviews with a view toward effective event response.Yet more than one-quarter of IR professionals (26 percent) are dissatisfied with their current organization’s IR capabilities, calling them ineffective, according to a SANS Institute survey on the state of IR. After initial plan creation, the review is the opportunity to correct that ineffectiveness.To read this article in full or to leave a comment, please click here(Insider Story)

China is working on a big data Minority Report system

Think there’s a limit to how far countries can go to monitor their citizens? Think again. China’s new plan to create software to track a wide variety of data to predict who might commit terrorist acts pushes the envelop into the realm of science fiction, a la Minority Report.Last December, I wrote about China's planned Social Credit System, which takes invasion of privacy to terrifying new levels by going well beyond Western-style credit scores to create a mandatory scheme to "rate the trustworthiness of citizens in all facets of life, from business deals to social behavior,” according to the New Republic. The national database will combine records of Internet data with financial information and government data into a score designed to determine eligibility for all kinds of things, including credit, employment and access to social benefits.To read this article in full or to leave a comment, please click here

Making Sense of Broadband networks: PPPoE Explained

A bit of background First .. PPPoE stands for Point to Point over Ethernet and is the successor of PPPoA. PPPoE is simply a method of encapsulating PPP packets into Ethernet frames. The standard is defined in RFC2516 . IPoE is growing very quickly but as far as I can tell PPPoE is still very widely deployed model […]
Related posts:
  1. Making sense of Broadband networks – Part 1
  2. Making sense of Broadband networks – VLAN Model
  3. What you need to know about ADSL (broadband Networks #1)
YARPP powered by AdBistro
Powered by

DOJ appeals New York court order in favor of Apple

The U.S. Department of Justice has appealed an order by a court in New York that turned down its request that Apple should be compelled to extract data from the iPhone 5s of an alleged drug dealer.The case in New York is seen as having a bearing on another high-profile case in California where Apple is contesting an order that would require the company to assist the FBI, including by providing new software, in its attempts at cracking by brute force the passcode of an iPhone 5c running iOS 9. The phone was used by one of the two terrorists in the San Bernardino killings on Dec. 2 and the FBI wants Apple to disable the auto-erase feature on the phone, which would erase all data after 10 unsuccessful tries of the passcode, if the feature was activated by the terrorist.To read this article in full or to leave a comment, please click here

Google patches remote execution flaws in Android

Google has released 16 patches for Android, including one for a critical remote execution vulnerability in the operating system's mediaserver.The company's Nexus devices will receive an over-the-air update. Google's partners were notified no later than Feb. 1 of the fixes, giving them more than a month to prepare.The vulnerabilities in mediaserver could be exploited if malicious content is displayed or played on a device, such as an MMS, email, or if the browser plays some type of media, Google's advisory said.A string of vulnerabilities has been found in media playback software since last year, most notably the Stagefright bug. To read this article in full or to leave a comment, please click here

Security, encryption experts: Congress is the answer to Apple v. FBI

The world’s top security and encryption experts who spent time last week at RSA Conference 2016 trying to figure out how to keep devices and communications secure yet also enable criminal investigations came up with nothing except to punt the issue to the U.S. Congress.And Congress will take up the issue this week with Attorney General Loretta Lynch scheduled to testify to the Senate Judiciary Committee. The panel is looking into the Justice Department in general, but the topic is expected to come up.+More on Network World: Hot security products at RSA 2016+To read this article in full or to leave a comment, please click here

Boeing’s self-cleaning aircraft bathroom lets you use loo without touching anything (mostly)

Boeing is looking to clean up one of the smallest and dirtiest component of travel—the commercial airplane toilet.With barely enough space to um, sit, and with high capacity usage, the commercial airline toilet perhaps is an engineering marvel but little else. Boeing however is looking to that notion with a self-cleaning aircraft bathroom– known as the Fresh Lavatory -- that the company says uses ultraviolet (UV) light to kill 99.99% of germs in the loo – and even puts down the toilet seat lid.+More on Network World: NASA: “Wild” technology will transform aviation+To read this article in full or to leave a comment, please click here

Boeing’s self-cleaning aircraft bathroom lets you use loo without touching anything (mostly)

Boeing is looking to clean up one of the smallest and dirtiest component of travel—the commercial airplane toilet.With barely enough space to um, sit, and with high capacity usage, the commercial airline toilet perhaps is an engineering marvel but little else. Boeing however is looking to that notion with a self-cleaning aircraft bathroom– known as the Fresh Lavatory -- that the company says uses ultraviolet (UV) light to kill 99.99% of germs in the loo – and even puts down the toilet seat lid.+More on Network World: NASA: “Wild” technology will transform aviation+To read this article in full or to leave a comment, please click here

New Juniper Security CTO promises open framework for software defined network security

The new Juniper Networks liaison between the company’s engineering team and its customers says it will take time, but Juniper’s software defined security networking (SDSN) will eventually support third-party devices to help build security into the network fabric itself.It’s part of a shift from network security to a secure network that is flexible thanks to software defined networking, says Kevin Walker, Juniper’s Security CTO.The SDSN framework is designed to leverage the capabilities of the entire network to detect and assess threats, and enforce security policies across switches, routers and firewalls. Recently Juniper CEO Rami Rahim referred to this framework as “the rolling thunder of security enhancements.”To read this article in full or to leave a comment, please click here

1 3,059 3,060 3,061 3,062 3,063 3,794