Baidu Android app component puts 100 million devices at risk

A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.The SDK is called Moplus and while it's not open to the public, it was integrated in more than 14,000 apps, of which only around 4,000 were created by Baidu, security researchers from Trend Micro said in a blog post Sunday.The company estimates that the affected apps are used by over 100 million users.To read this article in full or to leave a comment, please click here

IEEE plugs into Smart Cities movement

Guadalajara, Mexico -- Smart Cities are the best response to the global urban future, according to the IEEE, which bills itself as “the world's largest professional association for the advancement of technology.”Gilles Betis, IEEE Smart City Initiative Chair, said the population in cities will grow from 3.5 billion today to 7.2 billion by 2050.“Doubling the number of people in cities is not an adjustment, this is a transition,” he said.Betis made the remarks in his keynote speech at the first IEEE Smart Cities Conference last week in Guadalajara, “the Silicon Valley of Mexico.”The city was the first of five “core cities” the association is focusing on for research grants and development projects.To read this article in full or to leave a comment, please click here

Review: The Art of the Humble Inquiry

humble-inquiryHumble Inquiry: The Gentle Art of Asking Instead of Telling
Edgar H Schein

Edgar Schein says we have a cultural issue. We like to tell people what we think, rather than asking them what they’re trying to tell us. Overall, especially in the world of information technology, I tend to agree. To counter this problem, he suggests that we perfect the art of the humble inquiry — redirecting our thinking from the immediate solution that comes to mind, or even from the question that was asked, and trying to get to the what the person we’re talking to is actually asking.

He gives numerous examples throughout the book; perhaps my favorite is of the person who asked stopped their car while he was doing yard work to ask directions to a particular street. Rather than answering, he asked where they were trying to get to. They were, in fact, off course for their original plan, but he directed them down a different path that got them there faster than if they’d turned around and found their way back to that original path. This is a perfect example of asking returning a specific question with a larger question — an authentic Continue reading

New products of the week 11.02.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FullContactPricing: FullContact is free to download and use. FullContact Premium is available by subscription — two subscription options:  FullContact Premium monthly for $9.99; FullContact Premium annually for $99.99To read this article in full or to leave a comment, please click here

New products of the week 11.02.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FullContactPricing: FullContact is free to download and use. FullContact Premium is available by subscription — two subscription options:  FullContact Premium monthly for $9.99; FullContact Premium annually for $99.99To read this article in full or to leave a comment, please click here

LightCyber game lets IT pros become the attacker

It’s only a game, but LightCyber hopes its Cyber Attack Training System (CATS) helps IT folks think like attackers in order to better defend their networks.The online game sets players up with stolen login credentials for a networked machine and turns them loose with Metasploit tools. The idea is for security pros to discover and compromise other devices on the network with the goal of capturing a specific file.Public access to CATS is available for 12 hours only on Nov. 10 and is open to anyone who can provide a legitimate corporate email address. The first 100 players who successfully find the target file win a black hoodie.The game will give network security pros who spend their days searching logs for indicators of compromise the chance to better understand the mindset of attackers so they are better prepared to search for their footprints.To read this article in full or to leave a comment, please click here

Stretched Firewalls across Layer-3 DCI? Will the Madness Ever Stop?

I got this question from one of my readers (and based on these comments he’s not the only one facing this challenge):

I was wondering if you can do a blog post on Cisco's new ASA 5585-X clustering. My company recently purchased a few of these with the intent to run their cross data center active/active firewalls but found out we cannot do this without OTV or a layer 2 DCI.

A while ago I expressed my opinion about these ideas, but it seems some people still don’t get it. However, a picture is worth a thousand words, so maybe this will work:

Read more ...

IDG Contributor Network: 3 ways you can sell your own personal data

It's not just the lowlifes and thieves making money from stolen data; you might be able to make a few bucks selling your own personal data, too.Now, I'm not suggesting you place an ad for your Personally Identifiable Information (PII) on Craigslist, but there are actually outlets that will let you, or plan to let you, sell some of your data. It's used for marketing.Personal data marketplace One such company is the U.S.-based Datacoup, which says it lets you connect your apps and services via APIs in order to sell data. Datacoup pitches itself as the world's first personal data marketplace.To read this article in full or to leave a comment, please click here

Robots invade the real world

From C-3PO to the Terminator to Star Trek’s Data, robots have entertained us on the big screen for years. But, unlike our cinematic cyborg heroes, the real thing has been something of a disappointment because the technology has failed to live up to the Hollywood hype. But this is not true anymore. Robots have arrived.To read this article in full or to leave a comment, please click here(Insider Story)

10 real-world robots

Robots have arrivedFrom C-3PO to the Terminator to Star Trek’s Data, robots have entertained us on the big screen for years. But, unlike our cinematic cyborg heroes, the real thing has been something of a disappointment because the technology has failed to live up to the Hollywood hype. But this is not true anymore. Robots have arrived. Here are examples of robots being deployed in the real world. (Read the full story.)To read this article in full or to leave a comment, please click here

CISA won’t do much to turn threat intelligence into action

With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents and find which ones need to be checked out.And deciding what data to share, what threat intelligence feeds to subscribe to and what tools are needed to turn potentially valuable information into action takes sizeable resources, experts say.To read this article in full or to leave a comment, please click here

CloudFlare is now PCI 3.1 certified

PCI Certified badge

The Payment Card Industry Data Security Standard (PCI DSS) is a global financial information security standard that keeps credit card holders safe. It ensures that any company processing credit card transactions adheres to the highest technical standards.

PCI certification has several levels. Level one (the highest level) is reserved for those companies that handle the greatest numbers of credit cards. Companies at level one PCI compliance are subject to the most stringent checks.

CloudFlare’s mission leads it to provide security for some of the most important companies in the world. This is why CloudFlare chose to be audited as a level one service provider. By adhering to PCI’s rigorous financial security controls, CloudFlare ensures that security is held to the highest standard and that those controls are validated independently by a recognised body.

If you are interested in learning more, see these details about the Payment Card Industry Data Security Standard.

This year’s update from PCI 2.0 to 3.1 was long overdue. PCI DSS 2.0 was issued in October 2010, and the information security threat landscape does not stand still—especially when it comes to industries that deal with financial payments or credit cards. New attacks are almost Continue reading

Apple users having trouble auto-updating QuickTime on Windows 8, 10

A glitch with Apple's QuickTime multimedia program has left some Windows users wondering why they're having trouble updating to the latest version.QuickTime has an auto-update mechanism, but it appears to not work on Windows 8 and 10, wrote Alton Blom, a Sydney-based security researcher, in a blog post.Blom wrote that he found inconsistencies in how QuickTime and Apple's Software Update tool interacted with each other depending on the versions of Windows and QuickTime installed.For example, on Windows 8, QuickTime reported that it was up to date, but Apple's Software Update tool said the application needed to be upgraded to 7.7.8, which is the latest version, Blom wrote.To read this article in full or to leave a comment, please click here

1 3,119 3,120 3,121 3,122 3,123 3,696