Google patches critical media processing and rooting vulnerabilities in Android

Google has released a new batch of security fixes for its Nexus smartphones and tablets, addressing flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages, and MMS messages.Firmware updates are being rolled out to supported Nexus devices as an over-the-air update and the patches will be added the Android Open Source Project (AOSP) over the next 48 hours. Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level contain these fixes, Google said in its security bulletin.The updates address five vulnerabilities rated as critical, 12 rated as high and two as moderate. A significant number of flaws were again located in the OS' media processing components, which handle audio and video file playback and corresponding file metadata parsing.To read this article in full or to leave a comment, please click here

10 most important networking acquisitions of 2015

Big money2015 was a big year for mergers and acquisitions in the networking industry. Here are the ones that are most likely to have the biggest long-term impact on the industry.Check Point Software acquires Hyperwise and LacoonAlthough these were small acquisitions (both in the $80 million range), they were notable as Check Point rarely makes acquisitions. Check Point has been one of the leaders in combatting threats that go through a firewall, but more hackers are now finding ways to get around perimeter security. These acquisitions help Check Point’s customers fight the security fight on other fronts.To read this article in full or to leave a comment, please click here

10 cool ways tech companies give it up for charity

From Philadelphia to Phoenix and points in between, the Commvault Hockey Team is lacing up their skates this winter to raise awareness and money for children's organizations.The data-management vendor's Hockey Helping Kids program, now in its 16th season, runs hockey events in NHL arenas across the country. Employees, partners, customers and kids have a chance to skate with former NHL and Olympic players. Raffles and auctions are part of each day-long event, and all proceeds go to designated children’s charities.Getting kids, many of whom have disabilities, on the NHL ice with the other players is one of the most rewarding parts of the program, says Randy DeMeno, chief technologist at Commvault.To read this article in full or to leave a comment, please click here

The many faces of tech volunteerism

Techies pitch inTech companies are as creative in their social and charitable works as they are in their businesses. Cleaning up parks, teaching kids about technology, boxing donated food, running races – the projects are too numerous to list. We heard from dozens of tech vendors, big and small, about how they make time for employees to volunteer and participate in fundraising opportunities. While the events are all different, the outcome is universal: Giving back benefits not only the designated recipients but also the tech companies, which find employees are happier and work culture is stronger. Here are some of their firsthand accounts.To read this article in full or to leave a comment, please click here

The Serverless Start-up – Down with Servers!

teletext.io

This is a guest post by Marcel Panse and Sander Nagtegaal from Teletext.io.

In our early Peecho days, we wrote an article explaining how to build a really scalable architecture for next to nothing, using Amazon Web Services. Auto-scaling, merciless decoupling and even automated bidding on unused server capacity were the tricks we used back then to operate on a shoestring. Now, it is time to take it one step further.

We would like to introduce Teletext.io, also known as the serverless start-up - again, entirely built around AWS, but leveraging only the Amazon API Gateway, Lambda functions, DynamoDb, S3 and Cloudfront.

The Virtues of Constraint

We like rules. At our previous start-up Peecho, product owners had to do fifty push-ups as payment for each user story that they wanted to add to an ongoing sprint. Now, at our current company myTomorrows, our developer dance-offs are legendary: during the daily stand-ups, you are only allowed to speak while dancing - leading to the most efficient meetings ever.

This way of thinking goes all the way into our product development. It may seem counter-intuitive at first, but constraints fuel creativity. For example, all Continue reading

Why aren’t you teaching?

There is an old saw about teaching and teachers: “Those who can, do. Those who can’t, teach.” This seems to be a widely believed thought in the engineering world (though perhaps less in the network engineering world than many other parts of engineering) — but is it true? In fact, to go farther, does this type of thinking actually discourage individual engineers teaching, or training, in a more formal way in the networking world? Let me give you my experience.

What I’ve discovered across the years is something slightly different: if you can’t explain it to someone else in a way they can understand it, then you don’t really know it. There are few ways to put this into practice in the real world better than intentionally taking on the task of teaching others what you know. In fact, I’ve probably learned much more in the process of preparing to teach than I ever have in “just doing.” There is something about spending the time in thinking through how to explain something in a number of different ways that encourages understanding. To put it in other terms, teaching makes you really think about how something works.

Don’t get Continue reading

Vulnerabilities found in Lenovo, Toshiba, Dell support software

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.To read this article in full or to leave a comment, please click here

French police want to ban Tor, public Wi-Fi

French police have made their Christmas wish-list, and it includes banning Tor and public Wi-Fi.As legislators debate new antiterrorism laws, police and security services have been studying how technology hinders their enquiries, according to French newspaper Le Monde.In the hours following the Nov. 13 terrorist attacks in Paris the French government declared a state of emergency, granting police sweeping powers to impose curfews and conduct warrantless searches.A week later, legislators voted to extend the state of emergency from 12 days to three months, and extended police power of search to include the contents of electronic devices and cloud services accessible from them.To read this article in full or to leave a comment, please click here

US cyber criminal underground a shopping free-for-all

According to a new report by Trend Micro, the North American cyber criminal underground isn't buried as deep as in other geographies."It doesn't exist in the dark web as much as other undergrounds do, or practice as much security," said Tom Kellermann, chief cybersecurity officer at Trend Micro. "Essentially, it's become a gun show for everyone as long as they can participate and are willing to pay."In addition to offering guns, as well as murder for hire, there's also drugs, money laundering, bullet-proof hosting, and hacking services available.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers It's a bonanza of services and capabilities, he said, allowing traditional criminals and organized crime groups to become cyber-capable.To read this article in full or to leave a comment, please click here

VMware NSX and vRealize Automation Overview – Part 1

VMware NSX network virtualization and vRealize Automation deliver a feature rich, dynamic integration that provides the capability to deploy applications along with network and security services at provisioning time while maintaining compliance with the required security and connectivity policies. This native integration highlights the value of NSX when combined with automation and self-service and shows how VMware brings together compute, storage, network and security virtualization to provide a comprehensive software-based solution. Continue reading

New payment card malware hard to detect and remove

FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove. The cybercriminal group behind the malware, which FireEye nicknamed "FIN1," is suspected of being in Russia and has been known to target financial institutions. The malware, which FIN1 calls Nemesis, infected an organization that processes financial transactions, which FireEye did not identify. Payment card data is highly sought after by cybercriminals, who have in recent years targeted very large organizations that handle card data. Target, Home Depot and many others have reported large data breaches over the years. Some payment processors were also hit.To read this article in full or to leave a comment, please click here

Review: Best password managers for the enterprise

The password is ....Image by ThinkstockPassword managers are an important first step for organizations that want to strengthen their security by helping users cope with multiple logins. In this review, we looked at 10 tools: Dashlane for Business, Keeper Security Enterprise, LastPass Enterprise (now part of LogMeIn), Lieberman Enterprise Random Password Manager, LogMeOnce Enterprise Edition, Manage Engine Password Pro, Agilebits1Password for Teams, StickyPassword, SplashID TeamsID, and SingleID. Here are the individual reviews. See the full review along with a related story on how to evaluate password managers.To read this article in full or to leave a comment, please click here

Review: Password managers help keep hackers at bay

In 2013, we reviewed six password managers, some suitable for enterprises and some primarily for consumers. The field has exploded and today there are more than two dozen products on the market. Even the popular TV show “Shark Tank” recently evaluated a password manager startup.But this level of activity doesn’t necessarily indicate quality. We found that some of the products we reviewed two years ago haven’t improved as much as they could have. And some of the newer products are still a work in progress.Password managers are an important first step for organizations that want to strengthen their security by helping users cope with multiple logins. While browsers have gotten more intelligent about storing passwords and synchronizing them across different platforms, you might want to have more control over the way your users manage passwords, which is where these tools come into play. Password managers are often seen as a less expensive and easier to implement solution than single sign-on products, which we’ve also reviewed.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 12.07.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.OOB Console Access & Remote 240VAC RebootKey features: Out-of-Band access to console ports plus OOB reboot control for managing network applications at inaccessible equipment sites.  Features dual power inlets and built in ATS, plus monitoring and alarm functions. More info.To read this article in full or to leave a comment, please click here

New products of the week 12.07.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.OOB Console Access & Remote 240VAC RebootKey features: Out-of-Band access to console ports plus OOB reboot control for managing network applications at inaccessible equipment sites.  Features dual power inlets and built in ATS, plus monitoring and alarm functions. More info.To read this article in full or to leave a comment, please click here

1 3,156 3,157 3,158 3,159 3,160 3,773