Cybercriminals turn to video ads to plant malware

Cybercriminals have been delivering malware through online display ads for years, but they appear to be making headway with a new distribution method: video advertisements. Both methods of attack, known as malvertising, can have a broad impact and are a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time. Some ad networks and publishers have taken steps to vet their ads more thoroughly, but criminals are constantly on the lookout for weaknesses. An attack detected about two weeks ago shows how cybercriminals are showing more interest in creating malicious video ads.To read this article in full or to leave a comment, please click here

BusyCal and Textual

I wanted to call out a couple of software packages whose vendors I’ve worked with recently that I felt had really good customer service. The software packages are BusyCal (from BusyCal, LLC) and Textual (from Codeux Software, LLC).

As many of you know, the Mac App Store (MAS) recently suffered an issue due to an expired security certificate, and this caused many MAS apps to have to be re-downloaded or, in limited cases, to stop working (I’m looking at you, Tweetbot 1.6.2). This incident just underscored an uncomfortable feeling I’ve had for a while about using MAS apps (for a variety of reasons that I won’t discuss here because that isn’t the focus of this post). I’d already started focusing on purchasing new software licenses outside of the MAS, but I still had (and have) a number of MAS apps on my Macs.

As a result of this security certificate snafu, I started looking for ways to migrate from MAS apps to non-MAS apps, and BusyCal (a OS X Calendar replacement) and Textual (an IRC client) were two apps that I really wanted to continue to use but were MAS apps. The alternatives were dismal, at best.

Continue reading

Robot keeps stores stocked with Doritos

An autonomous robot was unveiled this week that can make sure that when you're hankering for Doritos, there's a bag waiting for you at the market.Simbe Robotics, based in San Francisco, announced its first product, a 30-pound robot called Tally that can move up and down a store's aisles checking inventory. The robot determines what products need restocking and send reports to workers who can add more stock. Tally also is set up to work during normal store hours, alongside employees and customers."Tally performs repetitive and laborious tasks of auditing shelves for out-of-stock items, low stock items, misplaced items, and pricing errors," the company said in a release. "Tally has the ability to audit shelves cheaper, more frequently, and significantly faster than existing processes; and with near-perfect accuracy."To read this article in full or to leave a comment, please click here

Lapsed Apple certificate triggers massive Mac app fiasco

A lapsed Apple digital certificate today triggered a massive app fiasco that prevented Mac users from running software they'd purchased from the Mac App Store. "Whenever you download an app from the Mac App Store, the app provides a cryptographically-signed receipt," explained Paul Haddad, a co-founder of Tapbots, the company behind the popular Tweetbot Twitter client, in an email reply to questions today. "These receipts are signed with various certificates with different expiration dates. One of those is the 'Mac App Store Receipt Signing;' that expires every two years. That certificate expired on 'Nov 11 21:58:01 2015 GMT,' which caused most existing App Store receipts to no longer be considered valid."To read this article in full or to leave a comment, please click here

IDG Contributor Network: How vulnerable are the internet’s undersea cables?

With a recent New York Times article expressing concern from military officials that some undersea internet-carrying cables are susceptible to submarine-attack by Russians, a few questions come to mind:Should we be worried? Just how much data do these cables carry? And where are they anyway?Mariners "Not many people realize that undersea cables transport nearly 100% of transoceanic data traffic," writes Nicole Starosielski in The Conversation.To read this article in full or to leave a comment, please click here

Magic or Curse? World TV day 2015

The Big TVImage by REUTERS/Kim Hong-JiThrough the years television has been celebrated and denounced for its influence. In 1996 the United Nations designated November 21 as World Television Day “not so much a celebration of the tool, but rather the philosophy which it represents. Television represents a symbol for communication and globalization in the contemporary world,” the UN stated. While in the US and other countries TV is decidedly high-tech, other places it is not. Reuters took a look at people watching television all over the world to celebrate World Television Day.To read this article in full or to leave a comment, please click here

Magic or Curse? World TV day 2016

The Big TVImage by REUTERS/Kim Hong-JiThrough the years television has been celebrated and denounced for its influence. In 1996 the United Nations designated November 21 as World Television Day “not so much a celebration of the tool, but rather the philosophy which it represents. Television represents a symbol for communication and globalization in the contemporary world,” the UN stated. While in the US and other countries TV is decidedly high-tech, other places it is not. Reuters took a look at people watching television all over the world to celebrate World Television Day.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco finally updates the CCDA certification

I have been waiting years for Cisco Systems to refresh their popular Design Associate certification, and that day has finally come! The new exam number is 200-310. The old exam, 640-846, features a last day to test of December 14, 2015. The great news is the new exam is live right now and you can start studying for it immediately. In order to obtain the CCDA, you do need to meet an important prerequisite. You must possess a valid CCENT or a valid CCNA Routing and Switching. Of course, you can also have any CCIE certification act as a prerequisite.To read this article in full or to leave a comment, please click here

EU wants US companies to report intelligence agency data access requests

The European Union wants U.S. businesses to report when U.S. intelligence agencies request access to data they hold about Europeans; the reporting is one of the conditions EU negotiators are imposing for signature of a new Safe Harbor agreement. Since Edward Snowden's revelations about the U.S. surveillance of Internet traffic, European Commission officials have been negotiating better privacy protection for Europeans' personal information transferred to the U.S. But since the Court of Justice of the EU struck down the 2000 Safe Harbor data transfer agreement last month, the negotiations have become more urgent. More than 4000 U.S. companies relied on the agreement to process Europeans' data, either for their own use or in order to deliver services to European businesses, and although other legal mechanisms exist allowing them to continue operations, those mechanisms are also increasingly falling under suspicion.To read this article in full or to leave a comment, please click here

Half of U.S. businesses have no formal BYOD policy for security

Years after the widespread adoption of workplace smartphones, more than half of U.S. companies said they have no formal BYOD (bring your own device) policy to safeguard their enterprises, according to a survey. The survey of 447 businesses of all sizes was conducted over the summer by systems integrator Champion Solutions Group. It found that 53% of those businesses haven't implemented a formal BYOD policy, while more than one-fourth confessed they have no systematic security approach, much less a formal policy. The survey findings are "ridiculous … surprising," said Champion CEO Chris Pyle, in an interview. Mobile security best practices have been promulgated by analysts and security firms for more than a decade to protect sensitive corporate data, but there is apparently widespread variation about how companies implement security for BYOD workers.To read this article in full or to leave a comment, please click here

Juniper Networks taps new security CTO

Juniper Networks this week said it named former Walmart information security executive Kevin Walker as its new security CTO, replacing Christofer Hoff, who left last June.Walker will report to Jonathan Davidson, executive vice president and general manager of Juniper Development and Innovation. He will help lead the security strategy within Juniper and guide the company’s security product roadmap.To read this article in full or to leave a comment, please click here

Juniper’s Second Run up the Open Networking Mountain

Juniper’s announcement last week that it was launching Junos Software Disaggregation reflects a customer drive towards separating networking software and hardware, one that it was first evident Juniper was listening to with its OCX1100 announcement in early 2015. While the OCX announcement introduced this as a possibility, Juniper’s latest announcement ups the game, pointing out that customers are requiring the ability to procure networking hardware from sources other than Juniper.

Gartner agrees. In their recent report (Brite-Box and SDN Are Driving Innovation and Data Center Network Savings, 2015), the disaggregation benefits were highlighted as “enterprises to standardize network operations”, where organizations can “achieve life cycle savings of 25% to 50%”.

Cumulus Networks kick started this revolution in partnership with industry leading brite-box providers such as Dell, HP, and Quanta, with over 2 million ports in production. So while we are excited to have Juniper join the Open Networking revolution, a closer look suggests this could be another half-hearted attempt.

Based on the launch references, here are a few questions to ask your Juniper rep:

  1. Juniper says its disaggregated Junos software can run on “Open Network Install Environment (ONIE) compliant third-party switches.” Without a third party Continue reading

Self-encrypting drives are hardly any better than software-based encryption

Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees' laptops should be aware that this technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday.Self-encrypting drives perform the data encryption and decryption operations on a dedicated crypto processor that is part of the drive controller. That gives them several, mainly performance-related, benefits compared to software-based encryption products which rely on the CPU.To read this article in full or to leave a comment, please click here

Patch Tuesday Windows security update rendered Outlook unusable for many

Users of Microsoft Outlook for Windows reportedly ran into numerous problems on Wednesday, after Microsoft issued a buggy—but critical—security patch. As noted by ZDNet, users reported that the program became crash-prone after installing update KB3097877, particularly when loading HTML messages. In some cases users would see only a black screen when trying to log in. The problems reportedly occurred in all versions of Outlook on Windows 7 and Windows 8.1, but Windows 10 appeared to be unaffected. “Had a fleet of mission-critical tablets break today because of this,” one system administrator wrote on Reddit. “Was not a fun morning.”To read this article in full or to leave a comment, please click here

1 3,181 3,182 3,183 3,184 3,185 3,773