HP study finds smartwatches could do more to keep user data safe

Smartwatches are failing people at keeping their data safe and protecting them from hackers.Those are the findings of a study from Hewlett-Packard, whose Fortify on Demand security division tested 10 popular smartwatches. The company is in the process of alerting vendors about the flaws and can’t disclose the watches it tested, said Daniel Miessler, practice principal at HP.HP also examined the security around the Web interfaces and mobile apps that accompany smartwatches and allow a person to access the device as well as how data gathered by watch apps is protected and used.The study found vulnerabilities with each of the watches and raised concerns over user authentication methods, data encryption and data privacy, among other issues.To read this article in full or to leave a comment, please click here

Datanauts 004 – The Silo Series – Provisioning Perspectives

Chris Wahl and Ethan Banks bust IT silos by walking through a service request at a fictional corporation. They outline the steps required from network and server domains, providing context to help each group understand what the other is trying to accomplish. The result? A more effective team.

The post Datanauts 004 – The Silo Series – Provisioning Perspectives appeared first on Packet Pushers.

YouTube cofounder endorses paid version

As Google prepares to launch a subscription version of YouTube, the move has been endorsed by at least one interested party: YouTube cofounder Chad Hurley.YouTube has grown massively since its launch in 2005 and its acquisition a year later by Google. But to support its continued growth, the site needs to provide the right tools for people to create and post videos, even if that might result in a cost to users, Hurley said.“You have different forms of [video on demand],” he said, suggesting that some might be worth paying for. YouTube needs tools to help people create better content, determine how to make money from their video, and charge subscribers, he said.To read this article in full or to leave a comment, please click here

Blackberry delves deeper into security with AtHoc purchase

BlackBerry continues to shift its focus from selling mobile phones to securing them—as well as other portable devices, and increasingly connected items that are part of the Internet of things.“All of our investments and acquisitions go to one thing, to make the most secure mobile platform that the industry has to offer,” said John Chen, BlackBerry executive chairman and CEO, kicking off a morning of presentations at the company-sponsored BlackBerry Security Summit, held Thursday in New York.BlackBerry still sells handsets, but, to judge from the day’s presentations, it clearly sees a brighter future now in enterprise mobile security, where it can best leverage its remaining strengths in the market.To read this article in full or to leave a comment, please click here

Datanauts 004 – The Silo Series – Provisioning Perspectives

Chris Wahl and Ethan Banks bust IT silos by walking through a service request at a fictional corporation. They outline the steps required from network and server domains, providing context to help each group understand what the other is trying to accomplish. The result? A more effective team.

Author information

Drew Conry-Murray

I'm a tech journalist, editor, and content director with 17 years' experience covering the IT industry. I'm author of the book "The Symantec Guide To Home Internet Security" and co-author of the post-apocalyptic novel "Wasteland Blues," available at Amazon.
TwitterLinkedIn

The post Datanauts 004 – The Silo Series – Provisioning Perspectives appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.

Threat or menace?: Gaging electromagnetic risks to the electric grid

The United States is sorely unprepared for electromagnetic threats – which could originate in space from the Sun or a terrorist nuclear device exploded in the atmosphere -- to the nation’s electric grid.That was the main conclusion from a number of experts testifying before a Senate committee hearing entitled “Protecting the Electric Grid from the Potential Threats of Solar Storms and Electromagnetic Pulse” this week.+More on Network World: NASA’s cool, radical and visionary concepts+To read this article in full or to leave a comment, please click here

Introducing Partner Analytics

CloudFlare has over 5,000 partner hosting providers. Every day, thousands of our partners' customers take advantage of CloudFlare to help them be faster and more secure. The benefits to our partners aren't just happier customers, they also translate into real savings. In the last month, for instance, we saved our partners more than 25 Petabytes in aggregate bandwidth. In addition to bandwidth savings, in that same period, we stopped more than 65 billion malicious requests that would have otherwise impacted our partners' infrastructure. Now we've broken out the bandwidth and performance data by partners so they can see the savings and protection we're delivering.

Back when we launched the CloudFlare Partner Program four years ago, we periodically distributed these figures as high level summaries of bandwidth saved, threats blocked, and number of domains protected and accelerated via each partnership. Our partners knew anecdotally from their own logs and operating expenditures that CloudFlare was reducing their costs and greatly improving their customers’ experiences, but we did not yet have the tools to help demonstrate these benefits on a repeatable and granular basis.

It wasn’t that we didn’t want to provide this data, it was that our tremendous growth rate had stretched Continue reading

Researchers disclose four unpatched vulnerabilities in Internet Explorer

Security researchers published limited details about four unpatched vulnerabilities in Internet Explorer because Microsoft has not moved quickly enough to fix them.The flaws could potentially be exploited to execute malicious code on computers when users visit compromised websites or open specially crafted documents. They were reported through Hewlett-Packard’s Zero Day Initiative (ZDI) program.HP’s TippingPoint division, which sells network security products, pays researchers for information on unpatched high-risk vulnerabilities in popular software. The company uses the information to create detection signatures, giving it a competitive advantage, but also reports the flaws to the affected vendors so they can be fixed.To read this article in full or to leave a comment, please click here

Google lures businesses to Nearline with 100 PB of free cloud storage

Google had its sights fixed firmly on Amazon Thursday as it launched its new, low-cost Nearline cloud storage service out of beta and into general availability.Originally introduced to much fanfare in March, Cloud Storage Nearline now promises 99 percent uptime, on-demand I/O, lifecycle management and a broadly expanded partner ecosystem. Aiming to further sweeten the deal for companies currently using other providers, Google is now offering the service with 100 free petabytes of storage—equivalent to 100 million gigabytes—for new users for up to six months.To read this article in full or to leave a comment, please click here

Google: Users still aren’t getting message about online security

Google researchers say that experts and non-experts go about protecting their digital privacy in very different ways, according to survey results they plan to present at the upcoming Symposium on Usable Privacy and Security.The importance of regular software updates is apparently lost on a large proportion of Internet users who aren’t security experts, the survey found. Just 2% of non-experts said that routinely patching software was high on their list of security priorities, compared to 35% of experts.+ ALSO ON NETWORK WORLD: Hacker: 'Hundreds of thousands' of vehicles are at risk of attack | How to check if you've been attacked by Hacking Team intrusion malware +To read this article in full or to leave a comment, please click here

Simplify the process and cut the cost of data migration and data acceleration

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  From time to time, companies must undertake a data migration project for one reason or another. Perhaps it's to consolidate data onto a single platform after a merger or acquisition, or to accommodate an application upgrade or consolidation. Migrating away from legacy systems is another popular reason to move data around. Whatever the motivation, a data migration project is no fun.In the years 2000, 2007 and 2011, Bloor Research undertook research studies on the costs and challenges of data migrations. Their 2011 study showed that the average budget for a data migration project is $875,000. Despite spending that kind of money, only 62% of such projects were brought in "on time and on budget." The average cost of budget overruns is $268,000. One of Bloor's recommendations for achieving the greatest chance of success with a project is to have a dedicated internal competency center or team specializing in data migration. Even with that, success is not guaranteed.To read this article in full or to leave a comment, please click here

WordPress gets patch for critical XSS flaw

Developers of the popular WordPress blogging platform have released a critical security update to fix a vulnerability that can be exploited to take over websites.WordPress 4.2.3, released Thursday, resolves a cross-site scripting (XSS) vulnerability that could allow users with the Contributor or Author roles to compromise a website, said Gary Pendergast, a member of the WordPress team, in a blog post.While this is not as critical as a flaw that can be exploited without authentication, it still poses a high risk for many websites because the compromise of a single non-administrator user account can turn into a complete website takeover.To read this article in full or to leave a comment, please click here

FCC ruling could finally make telecoms eradicate ‘robocalls’

I don't want to seem cranky or brash, but I really wish "Rachel" would stop calling me. Remember Rachel? That feminine voice on the other end of those "robocalls," telling you she's from cardholder services, a non-existent outfit that tries to scam the unsuspecting? Despite millions of complaints from consumers on the receiving end of unwanted telemarketing calls, the big phone companies are unwilling to use readily available technology to block them. This week, the attorneys general (AGs) of 44 states and Washington D.C. wrote a letter to the CEOs of five major telecommunications companies (AT&T, CenturyLink, Sprint, T-Mobile and Verizon) to tell them to cut off Rachel and her obnoxious cohorts.To read this article in full or to leave a comment, please click here

Getting serious about portfolio and program management

It's been 10 years since Johanna Rothman co-authored 'Behind Closed Doors: Secrets of Great Management’ with Esther Derby. In the time since, Rothman has become known as the Pragmatic Manager, served as Program Chair of the Agile 2009 conference and wrote the Jolt Award-winning "Manage It!," a guide to pragmatic management. Most recently, Rothman has been focused on dealing with management problems in larger organizations, which led to two books, “Manage Your Project Portfolio” in 2009, and, more recently, “Agile and Lean Program Management.”To read this article in full or to leave a comment, please click here(Insider Story)

IDG Contributor Network: 4 steps to make DevOps safe, secure, and reliable

DevOps is one of the hottest trends in software development. It's all about helping businesses achieve agile service delivery – that is, moving applications from development to test to deployment as quickly as possible.Fast application deployment may seem at odds with robust security practices, which often take a go-slow approach to new or changed applications in order to verify that the applications are safe before letting them touch live data or business networks — or be exposed to the Internet or customers.Fortunately, there's nothing inherently risky or dangerous about DevOps and agile service delivery, as long as the right security policies are created and followed, and if automation eliminates unnecessary delay in ensuring compliance.To read this article in full or to leave a comment, please click here

Tower 2.2 is Here

We’re happy to announce that Ansible Tower 2.2 is now available.

Ansible Tower is the console and service that builds on the solid foundation of Ansible’s simple automation to bring the control, security, and delegation you need to spread automation across your IT infrastructure. We’ve worked hard to update Tower to bring new capabilities to our users.  I’ve talked about these some when I discussed how Tower 2.2 was coming soon - now I’d like to go into a little more detail.

Refreshed UI with Setup Mode

dashboard.png

We’ve talked to many of our customers who use Tower on an everyday basis. And the continuing refrain is:

“Foreground the stuff we need every day. Background what we don’t.”

We’ve started that process with Tower 2.2.  First, you’ll notice the changes on the dashboard, where we’ve removed extraneous graphs so you can concentrate on the important information - are your hosts OK, and are your jobs succeeding. Plus, you’ll see lists of both recent completed jobs, and recently used playbooks.

We’ve also added sparklines to the display of job templates so that wherever you’re seeing your job templates, you have an easy visual display of how that job Continue reading

ONF Announces SDN Certification Specifications

The Open Networking Foundation (ONF) announced their intent to create an SDN certification program back in September ‘14. The message since that time has been that they’re working on it. In June, at the ONS15 conference, the ONF showed a few more details, and now the ONF web site lists plenty of details about their new certification program. Today’s post kicks off what will likely be a few posts working through what the ONF has posted about their new certification exams.

Big Picture Overview

The official name of the program - ONF Certified Professional Program - begins its history with two certifications:

The two certifications separates the conceptual (the first certification) from the hands-on skills requirements (the second certification).

The Exams

Each certification requires that you pass a single exam, with the exam names being obvious as to which certification they apply.

CSDNA-110

CSDNE-111

The exams have a few key differences from what you may be used to seeing with vendor-focused exams. The big differences is that the exams will be offered online, with an honor system to prove that it’s you taking the exam. Obviously that’s a Continue reading

1 3,161 3,162 3,163 3,164 3,165 3,616