Home Depot will pay up to $19.5 million for massive 2014 data breach

Home Depot has agreed to pay as much as $19.5 million to remedy the giant data breach it suffered in 2014, the company confirmed on Tuesday.Included in that figure is a reported $13 million to reimburse customers for their losses and $6.5 million to provide them with one and a half years of identity protection services.Home Depot was not required to admit any wrongdoing."We’re working to put the litigation behind us," spokesman Stephen Holmes said via email. "This was the most expeditious path, but it’s not an admission of liability."Customers "were not responsible for fraudulent charges, and they’ve been our primary focus throughout," he said.To read this article in full or to leave a comment, please click here

Leaders’ STEM education determines stance on iPhone encryption case

Robert Hannigan head of Britain’s NSA equivalent agency the GCHQ, finally stopped asking for a backdoor to encrypted devices. Instead he called for an end to what he called the “abuse of encryption” by ISIS and other terrorists and criminals at the MIT Internet Policy Research Initiative, according to a report by the MIT Technology Review.Hannigan wasn’t getting what he wanted by calling it a backdoor so he changed the name for building flawed encryption that law enforcement can exploit to “ending the abuse of encryption.” Hannigan’s attempt to use speechwriters and political spin to solve a mathematical problem is a fool’s errand.To read this article in full or to leave a comment, please click here

Cisco security chief: How to beat back security system complexity

Cisco has aggressively bought up security vendors and worked on integrating their software protections into existing Cisco gear, making for a simpler, more secure and flexible network, says Cisco’s security chief. David Goeckeler “The customers we talk to have an average of somewhere around 50 to 60 different vendors in their network to deliver their security posture,” says David Goeckeler, senior vice president and general manager of Cisco’s security business. “What’s happening in the industry is the complexity of managing all those different products is overwhelming the effectiveness of them.”To read this article in full or to leave a comment, please click here

Cisco security chief: How to beat back security system complexity

Cisco has aggressively bought up security vendors and worked on integrating their software protections into existing Cisco gear, making for a simpler, more secure and flexible network, says Cisco’s security chief. David Goeckeler “The customers we talk to have an average of somewhere around 50 to 60 different vendors in their network to deliver their security posture,” says David Goeckeler, senior vice president and general manager of Cisco’s security business. “What’s happening in the industry is the complexity of managing all those different products is overwhelming the effectiveness of them.”To read this article in full or to leave a comment, please click here

Microsoft released 13 security bulletins, 5 rated critical but 8 patching RCE bugs

For March 2016 Patch Tuesday, Microsoft released 13 security bulletins and rated five of those as critical.Critical patches for RCE flawsMS16-023 is the cumulative patch for IE to stop remote code execution flaws and correct 13 memory corruption vulnerabilities that have not been publicly disclosed.MS16-024 is the monthly fix for Microsoft Edge; it patches 10 memory corruption flaws that could lead to remote code execution and one information disclosure bug – none of which have been publicly disclosed.To read this article in full or to leave a comment, please click here

RPKI ARIN Agreement Update

In December of 2014 I wrote an article about  a legal agreement that was discouraging network operators from implementing an important Internet security function.  I am happy to report, the situation has improved: ARIN no longer requires operators explicitly accept a click-through agreement in order to access the Trust Anchor Locator (TAL). Resource Public Key […]

The post RPKI ARIN Agreement Update appeared first on Packet Pushers.

RPKI ARIN Agreement Update

In December of 2014 I wrote an article about  a legal agreement that was discouraging network operators from implementing an important Internet security function.  I am happy to report, the situation has improved: ARIN no longer requires operators explicitly accept a click-through agreement in order to access the Trust Anchor Locator (TAL). Resource Public Key […]

The post RPKI ARIN Agreement Update appeared first on Packet Pushers.

Reaction: BGP convergence, divergence & the ‘net

Let’s have a little talk about BGP convergence.

We tend to make a number of assumptions about the Internet, and sometimes these assumptions don’t always stand up to critical analysis. . . . On the Internet anyone can communicate with anyone else – right? -via APNIC

Geoff Huston’s recent article on the reality of Internet connectivity—no, everyone cannot connect to everyone—prompted a range of reactions from various folks I know.

For instance, BGP is broken! After all, any routing protocol that can’t provide basic reachability to every attached destination must be broken, right? The problem with this statement is it assumes BGP is, at core, a routing protocol. To set the record straight, BGP is not, at heart, a routing protocol in the traditional sense of the term. BGP is a system used to describe bilateral peering arrangements between independent parties in a way that provides loop free reachability information. The primary focus of BGP is not loop free reachability, but policy.

After all, BGP convergence is a big deal, right? Part of the problem here is that we use BGP as a routing protocol in some situations (for instance, on data center fabrics), so we have a hard time adjusting our thinking Continue reading

French legislators want to compel companies to decrypt data, because terrorism

Legislators in France are trying to make the U.S. Federal Bureau of Investigation jealous of its French counterparts.The poor old FBI has to rely on a loosely drafted law two centuries old in its effort to compel Apple to help it unlock data held in a dead terrorist's smartphone.In France, refusing to hand over encrypted information in terrorism cases could lead to a fine of €350,000 (US$385,000) and five years in prison, under proposed legislation.To read this article in full or to leave a comment, please click here

Cisco containing clouds, enterprises

Cisco will soon unveil a container “stack” for developers of cloud applications and services, and expects to have one for enterprises over time as well. The Cloud Native Platform will emerge in April, according to Yvette Kanouff, Cisco senior vice president and general manager, Cloud Solutions. It will be delivered as a SaaS model with continuous integration/continuous delivery, and include containerized automated infrastructure as its base, policy-based management and orchestration as a middle layer, and analytics, development tools, and initial hybrid cloud applications in its framework.To read this article in full or to leave a comment, please click here

Seagate reveals world’s fastest SSD

Seagate today announced what it's calling the world's fastest enterprise-class, solid-state drive (SSD), one that can transfer data at rates up to 10 gigabytes per second (GBps), some 6GBps faster than its previously fastest SSD.While there were no specifics with regard to the SSD's read/write rates, capacities or pricing, the company did say the new drive meets the Open Compute Project (OCP) specifications. The OCP was launched in 2011 to allow the sharing of data center designs among IT vendors -- including Facebook, Intel, Apple, and Microsoft -- as well as financial services companies such as Bank of America and Fidelity.To read this article in full or to leave a comment, please click here

MapR delivers support for containers, security

MapR Technologies today announced the general availability of the MapR Converged Data Platform, which brings Hadoop together with Spark, Web-scale storage, NoSQL and streaming capabilities in a unified cluster, designed to support customers deploying real-time global data applications. The Converged Data Platform features security, data governance and performance features enhancements built to meet enterprise requirements, and adds support for containers, including persistent storage and integrated resource management. + ALSO ON NETWORK WORLD MapR Aims to Take SQL-on-Hadoop to Next Level +To read this article in full or to leave a comment, please click here

IoT makes security and privacy top challenges for wearables

From fitness trackers to connected headwear for soldiers on the battlefield, wearable devices stand as one of the fastest-growing segments of the tech industry.[ Related: Consumers are buying millions and millions of wearable devices ]But with those always-on devices come a slew of considerations for policy makers, in particular the concern that device manufacturers aren't implementing appropriate security and privacy measures.Those worries got an airing at a recent House hearing, where industry witnesses urged lawmakers to tread lightly before developing stringent new privacy rules, while at the same time acknowledging that device and application makers need to be vigilant in how they are handling the data collected from users.To read this article in full or to leave a comment, please click here

1 3,104 3,105 3,106 3,107 3,108 3,841