EU wants US companies to report intelligence agency data access requests

The European Union wants U.S. businesses to report when U.S. intelligence agencies request access to data they hold about Europeans; the reporting is one of the conditions EU negotiators are imposing for signature of a new Safe Harbor agreement. Since Edward Snowden's revelations about the U.S. surveillance of Internet traffic, European Commission officials have been negotiating better privacy protection for Europeans' personal information transferred to the U.S. But since the Court of Justice of the EU struck down the 2000 Safe Harbor data transfer agreement last month, the negotiations have become more urgent. More than 4000 U.S. companies relied on the agreement to process Europeans' data, either for their own use or in order to deliver services to European businesses, and although other legal mechanisms exist allowing them to continue operations, those mechanisms are also increasingly falling under suspicion.To read this article in full or to leave a comment, please click here

Half of U.S. businesses have no formal BYOD policy for security

Years after the widespread adoption of workplace smartphones, more than half of U.S. companies said they have no formal BYOD (bring your own device) policy to safeguard their enterprises, according to a survey. The survey of 447 businesses of all sizes was conducted over the summer by systems integrator Champion Solutions Group. It found that 53% of those businesses haven't implemented a formal BYOD policy, while more than one-fourth confessed they have no systematic security approach, much less a formal policy. The survey findings are "ridiculous … surprising," said Champion CEO Chris Pyle, in an interview. Mobile security best practices have been promulgated by analysts and security firms for more than a decade to protect sensitive corporate data, but there is apparently widespread variation about how companies implement security for BYOD workers.To read this article in full or to leave a comment, please click here

Juniper Networks taps new security CTO

Juniper Networks this week said it named former Walmart information security executive Kevin Walker as its new security CTO, replacing Christofer Hoff, who left last June.Walker will report to Jonathan Davidson, executive vice president and general manager of Juniper Development and Innovation. He will help lead the security strategy within Juniper and guide the company’s security product roadmap.To read this article in full or to leave a comment, please click here

Juniper’s Second Run up the Open Networking Mountain

Juniper’s announcement last week that it was launching Junos Software Disaggregation reflects a customer drive towards separating networking software and hardware, one that it was first evident Juniper was listening to with its OCX1100 announcement in early 2015. While the OCX announcement introduced this as a possibility, Juniper’s latest announcement ups the game, pointing out that customers are requiring the ability to procure networking hardware from sources other than Juniper.

Gartner agrees. In their recent report (Brite-Box and SDN Are Driving Innovation and Data Center Network Savings, 2015), the disaggregation benefits were highlighted as “enterprises to standardize network operations”, where organizations can “achieve life cycle savings of 25% to 50%”.

Cumulus Networks kick started this revolution in partnership with industry leading brite-box providers such as Dell, HP, and Quanta, with over 2 million ports in production. So while we are excited to have Juniper join the Open Networking revolution, a closer look suggests this could be another half-hearted attempt.

Based on the launch references, here are a few questions to ask your Juniper rep:

  1. Juniper says its disaggregated Junos software can run on “Open Network Install Environment (ONIE) compliant third-party switches.” Without a third party Continue reading

Self-encrypting drives are hardly any better than software-based encryption

Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees' laptops should be aware that this technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday.Self-encrypting drives perform the data encryption and decryption operations on a dedicated crypto processor that is part of the drive controller. That gives them several, mainly performance-related, benefits compared to software-based encryption products which rely on the CPU.To read this article in full or to leave a comment, please click here

Patch Tuesday Windows security update rendered Outlook unusable for many

Users of Microsoft Outlook for Windows reportedly ran into numerous problems on Wednesday, after Microsoft issued a buggy—but critical—security patch. As noted by ZDNet, users reported that the program became crash-prone after installing update KB3097877, particularly when loading HTML messages. In some cases users would see only a black screen when trying to log in. The problems reportedly occurred in all versions of Outlook on Windows 7 and Windows 8.1, but Windows 10 appeared to be unaffected. “Had a fleet of mission-critical tablets break today because of this,” one system administrator wrote on Reddit. “Was not a fun morning.”To read this article in full or to leave a comment, please click here

PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood

On this Packet Pushers Priority Queue, we interview Rob Sherwood, CTO of Big Switch Networks, to gain an alternate view on OpenFlow TTPs (table type patterns). We first talked about TTPs in Weekly 220 in a discussion with Curt Beckmann back in January 2015. While Curt was fairly enthused that TTPs were going to move the ball forward, Rob is not convinced that TTPs are the long-term answer to make it easier for OpenFlow controllers and switches to share capabilities.

The post PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood appeared first on Packet Pushers.

PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood

On this Packet Pushers Priority Queue, we interview Rob Sherwood, CTO of Big Switch Networks, to gain an alternate view on OpenFlow TTPs (table type patterns). We first talked about TTPs in Weekly 220 in a discussion with Curt Beckmann back in January 2015. While Curt was fairly enthused that TTPs were going to move the ball forward, Rob is not convinced that TTPs are the long-term answer to make it easier for OpenFlow controllers and switches to share capabilities.

The post PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood appeared first on Packet Pushers.

Are vendors on the wrong path where smart plant security is concerned?

As the number of smart plants that use M2M, sensors, and other ICT continue to rise, so too does the lure for attackers. Manufacturing, energy, and utilities sectors are reportedly spending a combined 206.51 billion Euros globally on ICT in 2019, says Shuba Ramkumar, senior research analyst, Frost & Sullivan. Organizations are connecting systems to the Internet that they once kept purposely siloed for safety. “Smart plants face new challenges due to the ever-expanding connectivity of their control systems as they link into and rely on business operations and remote monitoring and management,” says Graham Speake, lead trainer at the SANS Institute and a 30-year cyber security industry veteran.To read this article in full or to leave a comment, please click here(Insider Story)

Governments Want Cheap Interception and Cheap Politics

The US, UK and Australian governments have all introduced legislation that effectively co-opts Internet Providers/Carriers to become legal surveillance arms for secret services. Why are governments pushing forward to use private companies to perform activities that were previously restricted to secret services such as the NSA, GCHQ and DSD ?

The post Governments Want Cheap Interception and Cheap Politics appeared first on EtherealMind.

Get Coding!

So lets start off with I am an old dog and I am learning new tricks.  My entire career I have avoided the dreaded programing.  In college I slid by my degree requirement for a coding class by taking Visual Basic for Industrial applications.  I hated it.  Debugging drove me nuts and there is still …

A tale of two women: same birthday, same Social Security number, same big-data mess

It's a case that would seem to defy the odds many times over: Two Florida women born on the same day, in the same state, and given almost the same name. Though no one realized it at the time, it turns out they were also given the same Social Security number.Joanna Rivera and Joannie Rivera only recently discovered the problem, according to a report this week, but in the meantime it's caused no end of trouble for them. Credit applications have been denied; tax returns have been rejected.Identity theft might have been a likely assumption, but in this case, it was something different.To read this article in full or to leave a comment, please click here

1 3,182 3,183 3,184 3,185 3,186 3,773