Smart refrigerator hack exposes Gmail login credentials

A team of hackers recently discovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that can be exploited to steal Gmail users' login credentials, The Register reported this week.Hackers from security company Pen Test Partners discovered the flaw while participating in an Internet of Things (IoT) hacking challenge at the Def Con security conference earlier this month. The smart refrigerator, Samsung model RF28HMELBSR, is designed to integrate the user's Gmail Calendar with its display. Samsung implemented SSL to secure the Gmail integration, but the hackers found that the device does not validate SSL certificates, opening the opportunity for hackers to access the network and monitor activity for the user name and password used to link the refrigerator to Gmail.To read this article in full or to leave a comment, please click here

Worth Reading: Open Source (Part 1)

How is the Internet Engineering Task Force (IETF) broken? Can you count the ways? The process is too slow, the standards are often opaque, the results are often complex and difficult to deploy; any engineer who’s been in the networking field long enough most likely can recite a litany of complaints. via network computing


This is the first of a four part series on open source versus open standards.

The post Worth Reading: Open Source (Part 1) appeared first on 'net work.

7 Strategies for 10x Transformative Change

Peter Thiel, VC, PayPal co-founder, early Facebook investor, and most importantly, the supposed inspiration for Silicon Valley's intriguing Peter Gregory character, argues in his book Zero to One that a successful business needs to make a product that is 10 times better than its closest competitor

The title Zero to One refers to the idea of progress as either horizontal/extensive or vertical/intensive. For a more detailed explanation take a look at Peter Thiel's CS183: Startup - Class 1 Notes Essay.

Horizontal/extensive progress refers to copying things that work. Observe, imitate, and repeat.  The one word summary for the concept is  "globalization.” For more on this PAYPAL MAFIA: Reid Hoffman & Peter Thiel's Master Class in China is an interesting watch.

Vertical/intensive progress means doing something genuinely new, that is going from zero to one, as apposed to going from one to N, which is merely globalization. This is the creative spark. The hero's journey of over coming obstacles on the way to becoming the Master of the Universe you were always meant to be.

We see this pattern with Google a lot. Google often hits scaling challenges long before anyone else and because they have a systematizing culture they Continue reading

Uncontaina-bull: The love for Ansible + Docker

Untitled_design

Here at Ansible, we normally leave it up to our good friend @Ansibull to deploy the puns. But having just joined Ansible in the past few weeks, I’ve been spending some time getting acquainted with the vast quantity of Ansible resources produced by the lovely folks in the community, and I have to say, the amount of great content out there is just…

In-cow-cula-bull.

This is especially great for those of us looking how to do Ansible + $justaboutanything: Ansible + OpenStack, Ansible + Drupal, Ansible + CoreOS, or, as you may have guessed, Ansible + Docker.

Of course, Ansible has some useful resources for how to use Docker with Ansible. But the beautiful thing about what all of our friends in the community are writing is that they’re sharing all the things they learned along the way, how it helped out their company or workplace, what puzzles they had to solve; basically, things you may run into yourself, or ideas that may be inspiring to you that you hadn’t thought of just yet.

And to not share those things with everyone else? That would be, ahem, unthinka-bull. So without further ado: Here’s just a little bit of the latest Continue reading

STEM fields dominate ranking of college majors

Petroleum engineering majors earn the highest mid-career salaries, followed by nuclear engineering majors, according to a new ranking from PayScale.The research company, which specializes in compensation data, ranked 319 majors at the bachelor level based on how much money graduates in each field are making. The top 25 bachelor-level majors all have mid-career median pay numbers above $100,000, and the vast majority of them are STEM majors. RELATED STORIES: Not your father's computer science building Computer science surge sparks campus building boom Maker spaces boost student tech innovation Among many disciplines in the compsci arena, graduates who earn a bachelor’s degree in computer science and engineering were ranked highest (6th place), reporting a median mid-career salary of $115,000. Computer science majors (ranked 18th) earn a median mid-career salary of $105,000. (See also: Top 25 computer science colleges)To read this article in full or to leave a comment, please click here

Tor security concerns prompt largest dark market to suspend operations

Agora, the Tor network's largest black marketplace, has been temporarily shut down because its administrators worry the website is vulnerable to recent methods of exposing Tor Hidden Services.Hidden services are websites that can only be accessed from within the Tor network, which is specifically designed to hide the IP address of both servers and users. The built-in anonymity safeguards have made Tor Hidden Services the preferred method for running online marketplaces that allow buying and selling illegal goods like drugs, guns, stolen credit card details and more.The largest of these so-called dark markets was Silk Road, which was eventually shut down by the FBI in 2013. Many similar websites have appeared since then and some were targeted in subsequent international law enforcement raids, but Agora survived and surpassed even Silk Road in size and popularity.To read this article in full or to leave a comment, please click here

Recap: Docker 1.8 Online Meetup Series

Missed our three-part series of Docker Online Meetups on the Docker 1.8 release? Don’t worry! We recorded each session and posted the videos for you to watch.   Our series of Docker Online Meetups on the Docker 1.8 release started with Core Maintainer David Calavera presenting … Continued

Worth Reading: Micromanaging Compute

In people management, it’s generally accepted that micromanaging a person is often a bad idea. Micromanagement removes the opportunity for the individual to find a better path than originally conceived. It also often focuses on the specific steps of a process, but unfortunately removes the context that would help someone understand how to improve the process. via infoworld

The post Worth Reading: Micromanaging Compute appeared first on 'net work.

Real-time computing: Gateway to the Internet of Things?

Real-time computing means much more than getting a seemingly immediate response after hitting Enter. In fact, its real meaning involves interfacing to real machines doing real things in, well, their own real time.Take, for example, the Gleason 600HTL Turbo Lapper, whose controller was designed by Viewpoint Systems in Rochester, N.Y. Basically, it laps beveled gears (that is, polishes them by grinding an abrasive slurry between them) until they mesh so perfectly they purr rather than clatter -- an attribute important to the car makers that use the beveled gears in car differentials, explains John Campbell, vice president at Viewpoint.To read this article in full or to leave a comment, please click here

4 security metrics that matter

As security gains greater visibility in boardrooms and C-suites, security professionals are increasingly asked to provide metrics to track the current state of a company's defenses. But which numbers really matter?More often than not, senior management doesn't know what kind of questions it should be asking -- and may concentrate too much on prevention and too little on mitigation. Metrics like the mean cost to respond to an incident or the number of attacks stopped by the firewall seem reasonable to a nonsecurity person, but they don't really advance an organization's security program.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Instead, experts recommend focusing on metrics that influence behavior or change strategy.To read this article in full or to leave a comment, please click here

Why the world’s top computing experts are worrying about your data

It would be difficult to come up with a better illustration of the profound effect data can have on people's lives than the Ashley Madison hack, which has not only sparked numerous lawsuits but also been associated with several suicides.On Tuesday, many of the world's experts in computer science and mathematics spent an afternoon at the Heidelberg Laureate Forum in Germany trying to figure out how the widespread collection of data about consumers can be prevented from causing more harm in the future.MORE ON NETWORK WORLD: Big data's biggest challenges "In the U.S., there are now states where jail sentencing guidelines are being set by data," said Jeremy Gillula, a staff technologist with the Electronic Frontier Foundation. "Data has a huge impact on people's lives, and that's only going to increase."To read this article in full or to leave a comment, please click here

When to host your Website’s security

Managing the daily updates and upgrades needed to keep the website secure demands a highly skilled administration team. A third party website management company provides both managed hosting and security, but the security of the site depends largely upon the provider.Larger enterprises come to website hosting providers because they have regulatory requirements that they can’t meet on their own. Commodity providers from AWS to Azure and Rackspace, provide infrastructure, but the enterprise monitors the security of the site themselves.Self-monitoring with a highly skilled team can be as reliable as entrusting their site to the security team of a web hosting provider, but not every organization has a staff with the expertise and flexibility needed to build a strong security platform program.To read this article in full or to leave a comment, please click here

Most corporate risk due to just 1% of employees

Just 1 percent of employees are responsible for 75 percent of cloud-related enterprise security risk, and companies can dramatically reduce their exposure at very little additional cost by paying extra attention to these users.According to newly-released research by CloudLock, which analyzed the behavior of 10 million users during the second quarter of this year, these users are sending out plain-text passwords, sharing files, accidentally downloading malware, clicking on phishing links, using risky applications, reusing passwords, and engaging in other types of dangerous behaviors.MORE ON CSO: The things end users do that drive security teams crazy These users include both rank-and-file employees as well as super-privileged users, software architects, and non-human accounts used to perform automated tasks.To read this article in full or to leave a comment, please click here

1 3,282 3,283 3,284 3,285 3,286 3,779