Paul Stone and Alex Chapman of Context Information Security in the U.K. took a long look at the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL. While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could with some work tamper with the unencrypted communication and inject a malicious homegrown update.
Silent Circle is all about security, but security is about more than just a phone that features encryption. There is an entire ecosystem in place starting with the secure PrivatOS 1.1. The latest upgrade to the operating system introduces a feature called Spaces which allows for OS-level virtualization and the ability to keep work and personal apps and data completely separate from each other. These features are also due to rollout to first generation Blackphones through an upcoming update.
In the enterprise sector the promise of wearables is increased efficiency by speeding up the dissemination/capture of information to staff out in the field, or who are in the midst of work or customer engagement. So Glass just becomes another tool for a particular type of worker.
Given Glass’ visibility, it is perhaps especially suited for workers in a position of authority, who may already be marked out by their uniform (fluorescent jackets in the case of Schiphol’s authority officers), becoming another ‘badge of office’.
The plan calls for IBM will resell Apple devices with its software pre-installed. IBM activation, management and security software are also involved in the deal. The partnership aims to give Apple the credibility it still has not quite achieved in IT departments and bring IBM into a popular mobile ecosystem.
The data collection does not happen automatically. There is a several-step process for team owners to request access, which includes sending a signed letter on company letterhead to Slack stating that the company’s policies allow that kind of access. Each request is reviewed by Slack for approval, the company says.
Once granted, workers on the team are notified of the data access, which includes all messages from that point forward. The feature is not retroactive.
From: Slack: Be less busy.
Slack is a platform for team communication: everything in one place, instantly searchable, available wherever you go.
Apple and IBM will collaborate on building a new class of applications specifically tailored for certain industries, including retail, health care, banking, travel and transportation. The first of those applications will be available in the fall and will be released into next year.
IPMI runs regardless of the underlying operating system and operates on UDP port 623 through a server’s network port or its own Ethernet port. It runs continuously, Farmer said, unless the plug is literally pulled. Moore’s scan pulled up 230,000 responses over port 623, an admittedly tiny slice of the overall number of implementations. Yet Farmer concludes that 90 percent of BMCs running IPMI could be compromised because of default or weak passwords or weaknesses in the protocol, not only implicating the host server but others in the same management group because, as he discovered, some vendors share common passwords.
BMC = Baseboard Management Controller, a separate device attached to motherboards for management purposes. This isn’t the first article to point out vulnerabilities in IPMI. It has been noted that IPMI should run on its own intranet and not the public internet. Providing another layer of security to this interface may mitigate any problems. IPMI can’t be any less secure than SNMP.
Media, content creation, and life sciences struck Stitt as good examples for where OpenStack enjoys stronger greenfield adoption. Those areas revolve around the generation of entirely new data, rather than the manipulation of existing data; everything newly created can simply be deployed fresh into OpenStack.
It’s hard to ignore the overall enthusiasm around OpenStack — the near-doubling of attendance to 4,500 at this year’s summit is a sign of how interest is mushrooming. And the overarching presence of Red Hat shows how it’s working to make itself as synonymous with OpenStack as it did with Linux — but the existence of other vendors all vying for attention also raises a cautionary note that, open source notwithstanding, the OpenStack market runs the risk of becoming as fragmented and contentious as Linux itself.
Many corporations altogether forbid the use of Dropbox (including Bloomberg LP, parent of Bloomberg Businessweek). Security software maker Symantec (SYMC) posts online instructions on how clients can block Dropbox, while Citrix (CTXS), which provides a competing product, found Dropbox to be one of the most blacklisted applications by companies in a 2012 report. Even businesses that use Dropbox often do so with caution. “It’s extremely convenient to share marketing materials,” says Markus Ament, chief product officer of Taulia, a five-year old cloud-computing startup. “We try to avoid using Dropbox for sensitive data. Right now, we’re not taking any chances.”
Following list contains criteria we use to evaluate whether we use an open source or not
- Is product sponsored by a company? It is a critical criterion if a product plays a critical role in your application and you do not have an alternative choice for it.
- Is open source license suitable for your product? It is illegal for you to deliver a commercial and closed source product include an open source library has a license is GPL
- Does open source product has good quality?
- Is open source product still be supported by adding new features, bug fix?
Grammar a bit bad but advice seems well grounded. All the above answers should be Yes.