Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Trump Hotel Chain Fined Over Data Breaches

itwbennett writes: Trump Hotel Collection has agreed to pay $50,000 in penalties over hacks that are said to have led to the exposure of over 70,000 credit card numbers and other personal data. The key charges apparently against Trump Hotel Collection (THC) are that it didn’t have adequate protection and even after the attacks became known, did not quickly inform the people affected, in breach of New York law.

Submission + - Russia Has Previously Tried To Influence US Elections, Says Spy Chief (csoonline.com)

itwbennett writes: Without quite suggesting that Russia could be involved in recent hacks of Democratic party organizations, U.S. Director of National Intelligence James R. Clapper said Tuesday in an interview with the Washington Post that 'there’s a tradition in Russia of interfering with elections, their own and others' going back to the 1960s and the Cold War. What's not clear, Clapper said, is the reason for the interference — whether it has been to cast doubt on the democratic process or to favor a particular candidate.

Submission + - Industrial IoT Is Inching Toward A Consensus On Security (csoonline.com)

itwbennett writes: The Industrial Internet Consortium (IIC), a group formed in 2014 by IBM, Cisco, GE, AT&T and Intel, this week released an IoT security framework that, lays out 'a systematic way to implement security in IoT and a common language for talking about it,' writes Stephen Lawson. 'The framework prescribes best practices in four areas: endpoints, communications, monitoring and configuration. They’re addressed to component builders, system builders and users. IIC plans to use the best practices in testbed projects.'

Submission + - VCs Investment In Cybersecurity Is Slowing (csoonline.com)

itwbennett writes: In 2015, $3.8 billion in venture funding went into cybersecurity companies — a 235% increase over 2011. But now the market is cooling just a little: The first 2 quarters of this year showed a slowdown and CB Insights expects funding for cybersecurity companies to surpass $3 billion by the end of 2016. The reason for this: 'VCs are holding out for companies that are merging to offer more unified-security platforms,' says William Altman, tech industry analyst at CB Insights.

Submission + - Investment Fund Loses $6 Million In BEC Scam, Suspends Operations (csoonline.com)

itwbennett writes: In March, Wall Street technology firm SS&C started receiving fraudulent transfer requests targeting its client Tillage Commodities Fund. What happened next defied common sense and corporate policy. Over twenty-one days, SS&C processed six fraudulent transactions, draining the Tillage fund of $5.9 million. Tillage is now seeking $10 million in damages in a lawsuit filed late last week.

Submission + - Chrome OS Gets Cryptographically Verified Enterprise Device Management (csoonline.com)

itwbennett writes: Google took another step forward in its push for business use of Chrome OS devices with the announcement on Thursday of a new API that provides cryptographic guarantees about the identify and security state of those devices. The new API, called Verified Access, will allow companies to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies. Lucian Constantin gets into how it works in an article on CSO.

Submission + - SPAM: 7 ways to avoid alert fatigue

An anonymous reader writes: Almost like hitting the snooze button over and over on your alarm clock, you become immune to the noise after a while. That is what can happen to network security managers who can hear false positives quite often. Here is how to avoid those.
Link to Original Source

Submission + - MySQL Zero-Day Puts Servers At Risk, Offers Lesson In Privilege Assignments (csoonline.com)

itwbennett writes: According to the researcher who found the vulnerability, it affects 'all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions,' as well as the MySQL-derived databases MariaDB and Percona DB. Lucian Constantin explains that the flaw 'can be exploited to modify the MySQL configuration file (my.cnf) and cause an attacker-controlled library to be executed with root privileges.' MariaDB and Percona DB have received patches, but Oracle, which has known about the flaw since July 29, has not yet released a patch for MySQL. CSO's Steve Ragan takes the view held by some in the security community that the flaw has more to do with permissions than with remote code execution. 'While the flaw is a bit over-hyped, the underlying problems are legit concerns for organizations that just slap a web server together and toss it into production,' says Ragan

Submission + - UK Police Listened In On 9% More Calls Last Year (csoonline.com)

itwbennett writes: While UK lawmakers are still debating a new Investigatory Powers Bill, a report compiled by the Interception of Communications Commissioner's Office (IOCCO) finds that warrants for the interception of communications rose 9 percent last year and that authorities continued to hoover up communications metadata. One-ninth of the metadata collection was approved without any paperwork, an option that is only available 'where there is an immediate threat to life or an urgent operational requirement and there is no time to complete the normal written process,' according to the report. 'That could be a sign that the other eight-ninths of the collections aren't exactly helping them figure out what's going on,' writes Peter Sayer. 'The report minimizes the impact of the surveillance, using innocuous terms like 'item of communications data' to refer to a whole month of incoming and outgoing call records for a mobile phone.'

Submission + - What If You Could Fire Your CEO? (cio.com)

itwbennett writes: Three years ago, talent management and human resources company Haufe U.S. created a workplace democracy, in which C-level leadership is elected by the employees for a one-year term. In an interview with CIO.com's Sharon Florentine, Kelly Max, who is currently serving as CEO, explains how the company got to this point and what they've learned from the experience. 'If you're going to talk about how your employees 'own' the company, if you're going to tout how they all have a voice, why not go all the way and see what happens? Because why not? You already have people working for and with you who elect you every day, who either agree or disagree with you and follow you, so we wanted to make it very transparent,' says Max. Could your organization work as a democracy? Would your CEO still have a job?

Submission + - iPhone 6 Users Sue Apple Over 'Touch Disease' Defect (cio.com)

itwbennett writes: A group of iPhone users claim Apple has refused to fix a defect in its iPhone 6 and 6s phones that causes displays to die, and the frustrated customers took legal action in California this week. 'The complaints started to appear more than a year ago, but they went mostly unnoticed until iFixit, a site that "tears down" devices to see what makes them tick, interviewed repair technicians who have repeatedly seen the problem,' writes CIO.com's Bill Snyder. 'Just days after touch disease — as named by iFixit — made news in the blogosphere, Apple was hit with a related lawsuit, and the attorneys who filed it plan to make it a class action suit.'

Submission + - The cloud just cost 5,500 Cisco workers their jobs (networkworld.com)

Miche67 writes: Cloud computing offers many benefits, but not everyone profits equally from the changes--as witnessed by Cisco's announcement that it is laying off 5,500 workers.

Basically, Cisco is trying to keep up with fundamental changes in the world of infrastructure, writes Fredric Paul, the biggest of which is the rise of cloud computing.

"Not surprisingly, that epic shift is having a profound effect on the types of networking equipment that companies buy from vendors such as Cisco, as well as the kinds of companies that make up the switching giant’s customer base," he writes.

So, while cloud computing has many benefits, it also has a downside. And the pain of those laid off workers is very real. Because of that, Paul urges everyone to think about how they can help those Cisco workers.

Because while the cloud is clearly today’s red-hot trend, no one knows what tomorrow’s technology innovations will bring, and any one of us could be the one in need of a helping hand in a couple years.


Submission + - Alleged NSA Data Dump Contains Sophisticated Hacking Tools (csoonline.com)

itwbennett writes: Brendan Dolan-Gavitt, an assistant professor at New York University’s school of engineering, is one of the researchers going over the samples from the stolen cache of files that may belong to the National Security Agency, after an anonymous group called the Shadow Brokers posted them online. What he's finding is genuine hacking tools that not only work, but show a level of sophistication rarely seen, including malware that can infect a device’s firmware and persist, even if the operating system is reinstalled. 'It's terrifying because it demonstrates a serious level of expertise and technical ability,' said Dolan-Gavitt. But the hacks, which target firewall and router products, may not be as dangerous as researchers initially feared. For example, the exploits found within the samples rely on having direct access to the firewall’s interface, which is normally restricted from outside Internet users, said Brian Martin, a director at Risk Based Security, who has been studying the sample files as well.

Submission + - Private Cloud Is As Good As Dead, Proponents Just Don't Know It Yet (cio.com)

itwbennett writes: Analyst firm Wikibon 'believes that leading vendors are currently at or below a $100M/yr run-rate for OpenStack-related business (hardware, software, services),' writes John Furrier on LinkedIn. This means, 'the sum total of all [OpenStack] vendors has to be less than $2 billion,' says Bernard Golden, who foretells the death of private cloud in a recent article. Meanwhile, in public cloud land, Amazon Web Services posted $2.88 billion in revenue in Q2 2016, and Azure revenues, which are harder to figure because Microsoft includes services like Office 365 in its 'cloud business' numbers were about $800 million in the quarter ending June 30, writes Golden. The numbers don't tell the whole story, of course, but that's not good news either, because, as Golden puts it, 'While private cloud proponents have spent the last five years focusing on getting their IaaS offerings working, Amazon, Microsoft and Google have moved way beyond core computing services.'

Submission + - 10 Year-Old Teaches Hackers a Valuable Lesson In Privacy (csoonline.com)

itwbennett writes: At r00tz Asylum, a kids-only gathering at DEF CON, 10-year-old Evan Robertson presented his first-place winning school science fair project, which showed how quickly people will hand over their privacy for a little free Wi-Fi. Robertson set up a Wi-Fi hotspot with terms-of-service that would allow him to access or modify connecting devices 'in any way.' In his science fair experiment, 76 people at local malls and stores connected to his hotspot, and 40 of them (52%) accepted the TOS to gain access. And, proving that security pros aren't all quite as privacy-minded as you might expect them to be, Robertson later set up his hotspot at BSides San Antonio, where 41 people connected to his hotspot, and 20 of them accepted the TOS.

Slashdot Top Deals

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold

Working...