How a mobile app company found the XcodeGhost in the machine

Nick Arnott couldn't figure out recently why Apple kept rejecting an update to a mobile app his company developed.It turned out the problem was a ghost in the machine.His company, Possible Mobile, is well versed in the App Store submission rules and has built apps for JetBlue, Better Homes & Gardens and the Major League Soccer.The rejection came after it was discovered in mid-September that thousands of apps in the App Store had been built with a counterfeit version of an Apple development tool, Xcode.The fake version, dubbed XcodeGhost and probably developed in China, had been downloaded by many developers from third-party sources, apparently because getting the 4GB code from Apple took too long.To read this article in full or to leave a comment, please click here

007 Tips for keeping your business as secure as MI6

As James Bond has shown, even a sophisticated MI6 operative with a nearly limitless budget and an array of hi-tech gadgets has to take into account existing security measures when formulating a plan to infiltrate a building or system. And while online criminal organizations don’t have Bond’s resources, they are sophisticated and well funded, which means you have to continually up your efforts to reduce the threat surface of your business.As you begin planning for 2016, here are 007 tips for bringing your business closer to an MI6 level of security, without a nation-state budget:1. Auto expiring credentials for new recruits: While we hope your corporate hiring process isn’t as intense as that of a secret agent, at the end of the day not everyone who signs up ends up making the final cut. To minimize your risk of rogue access, implement a policy that requires system admins to always create expiring credentials for new hires. It’s best practice to implement this for any temporary hires, but if your company offers an employment grace period, consider applying the expiration for the end of that time period, just in case. It’s always easier to re-implement than revoke once things Continue reading

Worth Reading: Alphabet and Anti-trust

What we have learned in the last two months is that Google is much more worried than it says about the risks it faces from a variety of real structural changes it may have to make in its core business overseas in the months and years ahead — where the vast majority of Google’s users are, and from where over 50% of its revenues come. Google apparently foresees a coming brand winter of antitrust/privacy structural enforcement actions hanging over Google around the world. via somewhat reasonable

The post Worth Reading: Alphabet and Anti-trust appeared first on 'net work.

Five things you should know about unlicensed LTE

1. It's the spectrum that's unlicensed, not the LTE.The acronyms are flying: LTE-U, LAA, MuLTEfire. They're all forms of LTE tweaked to send signals over unlicensed frequencies, which are open to Wi-Fi, Bluetooth, and any other technology that plays fair. Carriers could use it as soon as 2016 to add frequencies without spending billions to license them. At first, unlicensed LTE will only be used to supplement a carrier's own bands to make downloads faster. Later, it might send traffic both directions and even be used by enterprises that have no licensed spectrum.To read this article in full or to leave a comment, please click here

Five things you should know about unlicensed LTE

Here are five things you should know about unlicensed LTE, the concept of sending 4G cell traffic over channels also used by Wi-Fi and other networks.1. It's the spectrum that's unlicensed, not the LTE.The acronyms are flying: LTE-U, LAA, MuLTEfire. They're all forms of LTE tweaked to send signals over unlicensed frequencies, which are open to Wi-Fi, Bluetooth, and any other technology that plays fair. Carriers could use it as soon as 2016 to add frequencies without spending billions to license them. At first, unlicensed LTE will only be used to supplement a carrier's own bands to make downloads faster. Later, it might send traffic both directions and even be used by enterprises that have no licensed spectrum.To read this article in full or to leave a comment, please click here

14 strange but true tech facts you (probably) don’t know

Hardly trivialImage by Mahender G/FlickrAs computers grow ever more powerful, we humans have to figure out where we still remain superior. Here's one suggestion: although the Internet is full of endless reams of data, it takes a human mind to suss through it all and determine what qualifies as interesting to other humans. Thus, we at ITworld present you with the following anecdotes about technology and the Internet, guaranteed to have been selected by the human hand and eye to pique your interest. Hopefully robots won't take this job for another few years.To read this article in full or to leave a comment, please click here

Automating a Multi-Platform World

Just because your organization has a multi-OS strategy should not automatically increase the complexity of your environment management. Each OS vendor likely drags along its own ecosystem of partners, development platforms, support and capability matrixes, and for the most part, once a system is developed on a particular OS platform, it tends to stay there.

Enter cloud. With growing abstraction of the infrastructure layer, cloud has done a great job of providing enterprise IT organizations with a level of control and flexibility once only available to the most advanced of greenfield deployments.

Even in a cloud-deployed environment, there is still a lot of potential baggage based on your particular cloud vendor, let alone your entire development suite and application platform.  In nearly all cases, once an app is written for a particular platform, it stays on that platform for the entirety of its lifecycle. If your primary cloud vendor doesn’t provide you an easy way to deploy-- in a supported manner-- your preferred application platform, customers face yet another area of complexity. Just like that, you could be stuck with few choices.

This is precisely why the joint Red Hat/Microsoft announcement today is a huge win for customers, and further Continue reading

Your Docker Agenda for November

  DockerCon EU 2015 is definitely a main highlight for Docker events in November, but there are so many other awesome events scheduled this month in Docker communities all over the world and online! From meetups to conference talks, webinars to workshops, … Continued

IT Vendor Risk Management: Improving but Still Inadequate

One of the fundamental best practices of cyber supply chain security is IT vendor risk management.  When organizations purchase and deploy application software, routers, servers, and storage devices, they are in essence placing their trust in the IT vendors that develop and sell these products. Unfortunately, this trust can be misplaced.  Some IT vendors (especially startups) focus on feature/functionality rather than security when they develop products resulting in buggy vulnerable products.  In other cases, hardware vendors unknowingly build systems using malicious components sourced through their own supply chain.  IT products are also often purchased through global networks of third-party distributors that have ample opportunity to turn innocent IT products into malicious confederates for cybercrime.To read this article in full or to leave a comment, please click here

Heat map to show where burning need is for cybersecurity pros

The National Institute of Standards and Technology (NIST) is funding creation of a heat map visualization tool that will show where cybersecurity jobs are open across the country. The first rendition should be out late next year.The project, funded through NIST’s National Initiative for Cybersecurity Education (NICE), will provide data to help employers, job seekers, policy makers and others sync up. NETWORK JOBS ARE HOT: Salaries expected to rise in 2016Some 230,000 cybersecurity jobs are open across the U.S., according to the Department of Commerce, and the number of openings has roughly doubled over the past 4 or 5 years.To read this article in full or to leave a comment, please click here

Living in a virtualized world …

Gamers are used to living in a virtualized world. Battling imaginary villains and taking castle towers. However, this is not the only virtualized world that exists today. Our computer addicted world is going virtualized in virtual machines. Like with any...

New ransomware program Chimera threatens to leak user files

Ransomware creators have taken their extortion one step further: in addition to encrypting people's private files and asking for money before releasing a key, they now threaten to publish those files on the Internet if they're not paid.This worrying development has recently been observed in a new ransomware program dubbed Chimera that was documented by the Anti-Botnet Advisory Centre, a service of the German Association of the Internet Industry.The attackers behind this new threat target mainly businesses by sending rogue emails to specific employees that masquerade as job applications or business offers. The emails contain a link to a malicious file hosted on Dropbox.To read this article in full or to leave a comment, please click here

Cyber liability from perspective of board members and execs

Companies are increasingly reliant on digital spaces and the continuing stream of high-profile data breaches means cybersecurity topics – often in the form of cyber liability questions – are now a part of board and senior management discussions instead of only being discussed at the IT level. Security, following “ethical issues,” is the second-leading risk to a company’s brand.Although getting hacked has a huge impact on the bottom line, NYSE Governance Services and Vercode found that “the extent of the brand damage caused by breaches is often linked to boards’ level of preparedness. It is therefore a board’s fiduciary duty to ask the right questions to ensure due care has been followed.”To read this article in full or to leave a comment, please click here

1 3,251 3,252 3,253 3,254 3,255 3,835