Archive for June 2016
How like me

How like me

8:29 AM Add Comment




























Apple on Monday tapped its Push Notifications mechanism to remind users that they can donate money to (RED) charity by purchasing (RED)-branded iPhone and iPad apps.
The company has also created a donation page in the App Store (the first banner below ‘Games for (RED)’ section) for simple, convenient and frictionless donations of $5, $10, $25, $50, $100 or $200.
A dedicated donation webpage is available at RED.org, but it requires you to use a web browser and type in your credit card information, as opposed to the simplicity of iTunes billing.
Reminding folks to “get great apps and help (RED) fight AIDS” via a push alert did not sit well with some nit-picky watchers. I’m talking about Instapaper and Tumblr creator Marco Arment whose blog post insists Apple broke its own rule about using Push Notifications for promotions.
Some people piggy-backed on Marco’s blog post and tweeted out their disdain because the App Store sent them the (RED) notification, twice.
“This is clearly a promotion, will annoy thousands or millions of people and is in direct violation of the least-enforced rule in the App Store,” Arment wrote explaining his first-world problem with Apple’s promo alert.
Claiming Apple broke its own rule is something of an exaggeration. Who’s to say that App Store rules must apply to Apple? Just because a rule exist for third-party apps doesn’t mean Apple itself should abide to it.
Just for u

Just for u

8:21 AM Add Comment




























Apple on Monday tapped its Push Notifications mechanism to remind users that they can donate money to (RED) charity by purchasing (RED)-branded iPhone and iPad apps.
The company has also created a donation page in the App Store (the first banner below ‘Games for (RED)’ section) for simple, convenient and frictionless donations of $5, $10, $25, $50, $100 or $200.
A dedicated donation webpage is available at RED.org, but it requires you to use a web browser and type in your credit card information, as opposed to the simplicity of iTunes billing.
Reminding folks to “get great apps and help (RED) fight AIDS” via a push alert did not sit well with some nit-picky watchers. I’m talking about Instapaper and Tumblr creator Marco Arment whose blog post insists Apple broke its own rule about using Push Notifications for promotions.
Some people piggy-backed on Marco’s blog post and tweeted out their disdain because the App Store sent them the (RED) notification, twice.
“This is clearly a promotion, will annoy thousands or millions of people and is in direct violation of the least-enforced rule in the App Store,” Arment wrote explaining his first-world problem with Apple’s promo alert.
Claiming Apple broke its own rule is something of an exaggeration. Who’s to say that App Store rules must apply to Apple? Just because a rule exist for third-party apps doesn’t mean Apple itself should abide to it.
How like

How like

7:14 PM Add Comment

@tittytwerk

A video posted by BOOTY VIDEOS 🎥 (@booty.videos) on





























Apple on Monday tapped its Push Notifications mechanism to remind users that they can donate money to (RED) charity by purchasing (RED)-branded iPhone and iPad apps.
The company has also created a donation page in the App Store (the first banner below ‘Games for (RED)’ section) for simple, convenient and frictionless donations of $5, $10, $25, $50, $100 or $200.
A dedicated donation webpage is available at RED.org, but it requires you to use a web browser and type in your credit card information, as opposed to the simplicity of iTunes billing.
Reminding folks to “get great apps and help (RED) fight AIDS” via a push alert did not sit well with some nit-picky watchers. I’m talking about Instapaper and Tumblr creator Marco Arment whose blog post insists Apple broke its own rule about using Push Notifications for promotions.
Some people piggy-backed on Marco’s blog post and tweeted out their disdain because the App Store sent them the (RED) notification, twice.
“This is clearly a promotion, will annoy thousands or millions of people and is in direct violation of the least-enforced rule in the App Store,” Arment wrote explaining his first-world problem with Apple’s promo alert.
Claiming Apple broke its own rule is something of an exaggeration. Who’s to say that App Store rules must apply to Apple? Just because a rule exist for third-party apps doesn’t mean Apple itself should abide to it.
Boys like this

Boys like this

5:15 PM Add Comment





























Apple on Monday tapped its Push Notifications mechanism to remind users that they can donate money to (RED) charity by purchasing (RED)-branded iPhone and iPad apps.
The company has also created a donation page in the App Store (the first banner below ‘Games for (RED)’ section) for simple, convenient and frictionless donations of $5, $10, $25, $50, $100 or $200.
A dedicated donation webpage is available at RED.org, but it requires you to use a web browser and type in your credit card information, as opposed to the simplicity of iTunes billing.
Reminding folks to “get great apps and help (RED) fight AIDS” via a push alert did not sit well with some nit-picky watchers. I’m talking about Instapaper and Tumblr creator Marco Arment whose blog post insists Apple broke its own rule about using Push Notifications for promotions.
Some people piggy-backed on Marco’s blog post and tweeted out their disdain because the App Store sent them the (RED) notification, twice.
“This is clearly a promotion, will annoy thousands or millions of people and is in direct violation of the least-enforced rule in the App Store,” Arment wrote explaining his first-world problem with Apple’s promo alert.
Claiming Apple broke its own rule is something of an exaggeration. Who’s to say that App Store rules must apply to Apple? Just because a rule exist for third-party apps doesn’t mean Apple itself should abide to it.
Samsung Answers Android Ad-Blocking Call

Samsung Answers Android Ad-Blocking Call

5:05 PM Add Comment


Samsung on Sunday released a version of its mobile browser that supports applications that block advertising on Web pages.
The browser upgrade can be applied to devices running Android Lollipop and higher.
Apple released similar support for the Safari mobile browser last year, but this is the first time a major maker of Android hardware has supported ad blocking.
Within hours of the announcement, two ad-block app makers, Crystal and Adblock Fast, had already released versions of their software for the Samsung browser.
The most popular browser in the Android world is Google's Chrome, which doesn't support ad blocking.
However, the default browser on Samsung phones -- which have 22 percent of the global smartphone market, according to Strategy Analytics -- is Samsung's browser, so the company may be hoping ad-blocking support will help it cut into Chrome's market share.


Faster Page Loads

Ad blockers have started to gain popularity among mobile users for a number of reasons.
"With mobile devices, all those calls, links and tech used to pull ads into a mobile browser can take awhile. By stripping those out, consumers see the pages load faster," said Lauren Fisher, an analyst with eMarketer.
"If you're on your desktop computer, advertising can be easier to deal with," she told the E-Commerce Times. "With a mobile device, once that page is shrunk and you're still seeing ads everywhere, it can make it harder to read and do what you want to do."

Pros and Cons

Ad blockers have other benefits, too.
"They block annoying ads, protect users from ad-served malware, allow users to have control over privacy settings, cut down the time it takes to load pages, and decrease the amount of data people have to pay for," Ben Williams, the comms/ops manager for Eyeo, maker of Adblock Plus, told the E-Commerce Times.
There's also a big downside to the apps, especially for content makers.
"They deprive publishers of revenue and may harm the content economy over time," said Greg Sterling, vice president of strategy and insight for the Local Search Association.
Blocking advertising in a browser, whether it's Samsung's or Apple's, can have an impact on businesses that depend on advertising to pay the bills, but it's not as serious a challenge as it is on the desktop.
"Mobile users spend about 80 percent of their time inside mobile apps," said John Carroll, a mass communications professor at Boston University.
"From that standpoint, ads on the mobile Web are only a small slice of overall mobile usage," he told the E-Commerce Times.

Long-Term Solution Needed

That's important because Web pages aren't the only place mobile jockeys see advertising.
"You have to keep in mind that there isn't any ad blocking going on in apps, which is where a lot of consumers spend their time," eMarketer's Fisher said.
"We can't say with confidence that ad blocking will never happen in apps, but there are a lot more obstacles there to get ad blocking implemented from a technical perspective," she added.
"Most -- though not all -- ad blockers focus on the mobile Web, so in-app ads are substantially immune from blocking today," LSA's Sterling told the E-Commerce Times.
"But the root consumer dissatisfaction that's causing adoption of ad blockers must be addressed as a long-term solution," he continued.

Stage 1 Cancer

As ad blockers have grown in popularity, some advertisers and content providers have taken measures to preserve their revenue streams.
"There are various strategies and tactics being developed to combat ad-blocking software. There are emerging software solutions that thwart ad blockers, and publishers can also detect ad blockers and deny access to content unless they're disabled," Sterling said.
"Everyone in the digital content ecosystem -- including advertisers -- should be concerned about the potential impact of ad blocking. It's not yet a crisis, but it's a significant problem that needs to be addressed now," he added.
"It's like stage 1 cancer," Sterling continued. "Advertisers and publishers can't let it get to stage 4 before acting."
GoPro Shooters Can Send Live Streams Up Periscope

GoPro Shooters Can Send Live Streams Up Periscope

5:04 PM Add Comment

on Monday announced an integration with Twitter's Periscope app that allows live streaming from a GoPro Hero4 camera.
Periscope users can switch between broadcasting from their iPhone's camera to their GoPro directly from the phone screen with the touch of a button, GoPro said.
The feature allows GoPro shooters to use the Periscope interface like a production switchboard. They can toggle between their iPhone and GoPro cameras on the fly, adding variety to video of a live event.
Thanks to the Periscope integration, the GoPro can take the risks that accompany shooting live-action video, while the iPhone can remain safely in a user's pocket, Periscope said. A screen-lock button prevents accidental camera switching while the iPhone is pocketed.

its Business Strategies

Twitter's teaming with GoPro fits in with both companies' business strategies.
"Twitter wants to become a more media-rich environment," said Ross Rubin, senior director for industry analysis at App Annie.
"It's one of the ways that it's looking to go beyond the 140 characters that have defined the service for much of its existence," he told TechNewsWorld.
"The GoPro footage is often very exciting, and it makes for a more dynamic Twitter experience," Rubin said. "It will get people thinking about Twitter in a new way. Instead of just news updates or short missives, it will be thought of as more of an entertainment brand."

Trouble in Twitter City

Integration with Periscope furthers GoPro's strategy to integrate content created with its cameras with more service providers.
"GoPro has also been trying to drive its own media effort," Rubin explained.
"Being able to broadcast GoPro content in real time and spontaneously via Twitter and Periscope is a good complement to some of the on-demand and edited footage that it's been developing," he said.
Building excitement around its products and services is important to Twitter right now, as some of its top brass have left the company. Its stock has been steadily declining for months, as Wall Street has been disappointed with Twitter's ability to generate money and grow its membership.

Bot Woes

"Twitter doesn't make as much money from its advertising as Microsoft and Google do with their search engines," noted Darren Hayes, an associate professor atPace University.
Twitter's portfolio isn't as diversified as its competitors either.
"Facebook has purchased many different companies and facilitates many other services," Hayes told TechNewsWorld. "Twitter has done some of that -- but not to the same extent as companies like Facebook do."
Attracting new users has been a problem for Twitter, as is getting a handle on how many flesh-and-blood members it has.
"Twitter has a problem with the number of bots using it. There's a huge number of followers who are just bots. People don't realize how big that number is," Hayes said.
"Twitter tries to adjust that. I've heard of people who have lost tens of thousands of followers in an hour because Twitter was going through and clearing out bots that were using the service," he continued. "So their membership numbers may be inflated."

Money Generator?

Integrating Periscope with GoPro could have an impact on Twitter's revenue stream.
"There are monetization options available, but only if this app really takes off," said Andreas Scherer, managing partner at Salto Partners.
"For example, celebrity athletes who are into action sports -- such as snowboarders, extreme alpine skiers, X Games players -- could potentially create huge numbers of followers," he told TechNewsWorld.
"That crazy ride down the mountain, the double back flip -- all these experiences can be shared in real time. The audience for those video streams are a great platform for targeted ads. It's easy to imagine a shared revenue model between Twitter, the brand and the athlete," Scherer continued.
"Similar business models work today on YouTube," he pointed out. "It takes millions of followers per athlete to really make sense, though."
Any revenues garnered from targeted advertising will be a plus for Twitter, but they won't address the company's biggest problem, noted Brian Blau, a research director at Gartner.
"Twitter has to do a lot more with making the service more appealing to users," he told TechNewsWorld. "I don't think adding GoPro is going to add the tens if not hundreds of millions of users Twitter needs to make the business viable long term." 

Carnegie Museum of Art connects food and art for a feast

Carnegie Museum of Art connects food and art for a feast

5:04 PM Add Comment


Fine dining and art. It’s a match made in Pittsburgh.

The Steel City’s Carnegie Museum of Art is welcoming art patrons and foodies to immerse themselves in a multimedia installation by artists from The Propeller Group while they chow down on a six-course meal by renowned chef Michael Gulotta.
“It will be a cultural immersive dining experience,” Laura Zorch McDermit, the museum’s social experiences manager, said of the Feast Series, which opens on Feb. 12.

The museum’s current featured exhibit is a video installation with surround sound that documents traditional Vietnamese funeral traditions. When museum curators noticed that the brass bands and colorful processions were similar to those in New Orleans, the idea came to combine the exhibit with the cuisine of the Big Easy in an effort to attract new patrons.
Just as artists get inspiration from poetry, culture and music, chefs create works of art inspired by spices and local ingredients, McDermit said.

The best of MOPHO shows off the parallels of New Orleans and Vietnamese cuisine. It links the two cultures.”

Creating the menu came naturally for the Feast Series’ first guest chef, Gulotta, a native of New Orleans who serves up Southeast Asian food with a Southern flair at his trendy restaurant, MOPHO.
“The best of MOPHO shows off the parallels of New Orleans and Vietnamese cuisine. It links the two cultures,” said Gulotta, who trained with Emeril Lagasse and lived in Italy and Germany before returning home and opening up MOPHO.
“I think of myself as a good craftsman first,” he said. “Being able to do the same dish over and over to make people happy is more of a craftsman. I’d love to think we are artists, but we are great craftsmen.” 

The Feast Series is a far cry from a wine-and-cheese happy hour at your local museum. Diners will be seated for the six-course meal in the museum’s hall of sculptures, which resembles the Parthenon and is filled with plaster statues from the Greek and Roman eras. The menu includes syrup-lacquered duckling, gumbo with blue crab, shrimp with roasted okra and a whole roast hog.
In collaboration with the Pittsburgh Vietnamese Association, there will be a lion dance to celebrate the Lunar New Year. And, of course, there will be a brass band.  
And there’s more to come. The museum’s second Feast Series, in November, will pair Brazilian cuisine with the exhibit Hélio Oiticica: To Organize Delirium. 
The dinner starts at 6 p.m. and costs $150. At 9 p.m., there’s an after-party where guests can enjoy Vietnamese street food and a cash bar. Tickets are $40 and $35 for members
Europe, US Cut 11th Hour Safe Harbor Deal

Europe, US Cut 11th Hour Safe Harbor Deal

5:04 PM Add Comment


Europe and the United States on Tuesday announced a new Safe Harbor agreement that neutralizes the threat of enforcement actions against domestic companies handling overseas data.
Europe, US Cut 11th Hour Safe Harbor Deal
Called the "EU-US Privacy Shield," the agreement aims to protect the privacy of data belonging to European citizens when it's handled by U.S. companies.
"The new EU-US Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies," said Vera Jourová, the European Union's commissioner for justice, consumers and gender equality.
"For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms," she continued.
"Also for the first time," Jourová added, "EU citizens will benefit from redress mechanisms in this area. In the context of the negotiations for this agreement, the U.S. has assured that it does not conduct mass or indiscriminate surveillance of Europeans. We have established an annual joint review in order to closely monitor the implementation of these commitments."

Fines Averted

Without a new Safe Harbor agreement to protect U.S. companies handling the data of European citizens from EU privacy restrictions, enforcement actions would have begun immediately, noted Neil Stelzer, general counsel for Identity Finder.
"There's no talking of a grace period or a deadline extension," he told TechNewsWorld.
That would have meant European regulators would have pursued high-profile targets that handle lots of data belonging to their citizens -- companies like Google and Facebook.
"Regulators have limited resources, so what they will do is go after big names that will make the papers and try to get big fines issued against them," Stelzer said.
"Those fines in Europe are quite substantial, so they're something you're going to want to avoid," he added.

Safe Harbor Unsafe for Europeans

The European Court of Justice last year ruled illegal an agreement between the United States and the European Union that created a Safe Harbor for U.S. companies handling personal data of overseas citizens.
Under the agreement, essentially the word of a U.S. company that it had adequate safeguards in place to protect the data of Europeans was all that was needed when overseas data was transferred to American service providers.
The agreement was an act of convenience by the European Union to accommodate the discrepancy between strong privacy protections found overseas and weaker ones in United States.
The United States and Europe had until Jan. 31 to forge a new Safe Harbor agreement that could pass court muster. That deadline passed, but they managed to craft an agreement two days later.

Ukraine Power Outage

In December, attackers installed malware on the systems of a power company in western Ukraine. The malicious program, called BlackEnergy3, prevented malware fighters from detecting the attack while the intruders remotely tripped breakers that cut power to anywhere from 80,000 to 700,000 homes for six hours, according to reports.
It's believed to be the first time a cyberattack caused a power outage.
Field staff eventually restored power by resetting the breakers by hand at the targeted substations.
The speed at which power was restored suggests that the role BlackEnergy3 played in the attack has been overblown.
"It is technically possible, but highly improbable, that the BlackEnergy3 malware was used as the direct cyberthreat that led to any denial of service or other consequences to the industrial control systems associated with the Ukrainian power systems," said ICS security expert Joel Langill.
"I do believe, however, that other unrelated cyber events such as communication buffer overflows, network issues, and potential software bugs were in fact key factors that led to the inability of the industrial control system to perform as intended, resulting in the widespread outage," he added.

Old Vulnerability

In another interesting twist about the use of BlackEnergy, the malware was using an attack vector Microsoft patched in 2014, SentinelOne CSO Udi Shamir said.
Patched systems would have alerted a user of the malware and prevent it from infecting a system without user intervention, he told TechNewsWorld.
That means that in order to trigger the malware, a user needed to intervene, either accidentally or deliberately.
"The third option is the malware was resident for many, many months or years, and when zero hour arrived, it just began executing," Shamir said.

Bad Patching

There's fourth possibility, too. The versions of Microsoft Office, which is the entry point for BlackEnergy, weren't patched at all, leaving them even more vulnerable to attack.
"You can't always install the latest patches," Shamir explained. "Most of these SCADA systems are working with legacy software, such as Windows XP."
SCADA -- supervisory control automation and data acquisition -- systems enable the monitoring and automation of physical systems, such as oil and gas pipeline valves, temperature monitoring and cooling systems, energy grids, and traffic lights.
"If you're using Windows XP, which isn't supported by Microsoft anymore, there are no latest patches," Shamir continued.
"Even if you do patch and you have an insider that will execute the malware, you're still doomed," he added.

Deep Learning

Traditional malware-detection methods -- signatures, simple machine learning or human-in-the-middle analysis -- aren't fast enough or powerful enough to protect a systems these days.
"That led us to deep learning because it can be used to teach a detector general patterns for identifying if something is malicious or not," said Andrew Gardner, senior technical director for machine learning at Symantec.
With traditional malware analysis, someone has to look at a malware sample; create labels, or metadata, for it; and store it in a database.
If the malware is encountered again, a detector will be able to identify it from those labels. If the malware has been changed in just the slightest way, though, it will be undetected.
With that kind of literal analysis, you can teach an analysis tool to identify Felix the Cat, but it's not going to identify other cats, such as Garfield, Morris or Simba.
Malware writers are well aware of that deficiency, so they write malicious software that's capable of constantly altering itself to avoid detection.

Future of Security

"With deep learning, we can take huge amounts of unlabeled data and use a small number of labels to create labels for the whole data set," Gardner told TechNewsWorld.
"That's pretty powerful because it removes a critical bottleneck: the human expert labeler," he said.
Now when the analysis tool is taught to identify Felix the Cat, it will be able to identify all cats, whether it has seen them before or not.
"I expect that in the future we will see more companies look at adopting deep learning security data because I can't think of any other way that they can feasibly process all the data that they collect," Gardner said.
"At Symantec," he continued, "we collect about a petabyte of data a day. That's an enormous amount of data. There's no way you could label all that data with human intervention."

Breach Diary

  • Jan. 25. Lawsuit against Georgia over a data breach that exposed personal data of 6 million voters in the state is dismissed at the request of the plaintiffs, who said their motivation for pursuing the litigation was to get the state to acknowledge the breach.
  • Jan. 25. VTech Holdings announces its Learning Lodge website and app store have resumed normal operations for most of its customers. In November, a data breach exposed personal data for 12 million people, including 6.4 million kids.
  • Jan 25. Affinity Plus Federal Credit Union reports a 64 percent decline in fraud since distributing EMV chip-enabled payment cards in October.
  • Jan. 25. Uber confirms a bug in its computer systems caused the tax information for one of its drivers to be viewed by other drivers.
  • Jan. 26. Online Trust Alliance reports that 91 percent of data breaches during the first eight months of 2015 could have been prevented by patching a server, encrypting data or ensuring employees not lose their laptops.
  • Jan. 27. Wendy's reveals it's investigating reports from its payment industry contacts of fraudulent activity on payment cards after they were used at the company's restaurants.
  • Jan. 27. TalkTalk announces that three workers at a call center in India have been arrested in connection with stealing customer data and using it to scam those customers. Customer records were also compromised in October in a data breach affecting more than 156,000 customers.
  • Jan. 27. NCH Healthcare, which operates hospitals in Collier County, Florida, notifies employees and medical staff their credential information is at risk after data breach at Cerner Data Center in Kansas City, Missouri.
  • Jan. 27. ThreatTrack Security releases a survey of 207 security professionals in the United States that found fewer were investigating data breaches not disclosed to their customers (11 percent compared to 57 percent in 2013) and fewer need to clean up malware from executives visiting porn sites (26 percent compared to 40 percent in 2013).
  • Jan. 28. Defense Minister Harjit Sajjan announces Canada's electronic spy agency, the Communications Security Establishment, has stopped sharing some of its data with key international allies after discovering the data included personal information about the country's citizens.
  • Jan. 28. Royal Bank of Canada announces it accidentally mailed hundreds of retirement account receipts to the wrong customers. Information on receipts includes names, addresses and social insurance numbers of account holders.
  • Jan. 28. Privacy Commissioner of British Columbia releases a report finding education ministry of the Canadian province failed to protect the personal information of 3.4 million students when its staff lost a portable hard drive in the fall of 2015.
  • Jan. 28. The Fraternal Order of Police, the largest police union in the United States, asks FBI to investigate a data breach of the organization's computers in which hundreds of megabytes of bargaining contracts and other records were stolen and posted to the Internet by a British hacktivist who calls himself TheCthulhu.
  • Jan. 29. Lincolnshire County in the UK reveals it's been presented with a ransomware demand for 1 million pounds. Its computer systems have been offline for four days after it discovered ransomware malware on them. It says systems will be online after its data is restored from its backup system.

Upcoming Security Events

  • Feb. 3. Building an IT Security Awareness Program That Really Works. 2 p.m. ET. InformationWeek DarkReading webinar. Free with registration.
  • Feb. 4. 2016 annual Worldwide Infrastructure Security Update. 11 a.m. ET. Webinar sponsored by Arbor Networks. Free with registration.
  • Feb. 4. Best Practices in Cybersecurity Supply Chain Risk Management -- The Boeing Story. 2 p.m. Webinar sponsored by Exostar. Free with registration.
  • Feb. 5-6. B-Sides Huntsville. Dynetics, 1004 Explorer Blvd., Huntsville, Alabama. Free.
  • Feb. 9. Start With Security. University of Washington Law School, 4293 Memorial Way NE, Seattle. Sponsored by Federal Trade Commission. Free.
  • Feb. 11. Pulse on Advanced Threats: Findings from Arbor Networks' Worldwide Infrastructure Security Report. 11 a.m. ET. Webinar sponsored by Arbor Networks. Free with registration.
  • Feb. 11. SecureWorld Charlotte. Charlotte Convention Center, 501 South College St., Charlotte, North Carolina. Registration: conference pass, $195; SecureWorld Plus, $625; exhibits and open sessions, $30.
  • Feb. 11. Data Breach & Privacy Litigation Conference. Julia Morgan Ballroom, 465 California St., San Francisco. Registration: attorneys and companies, $795; litigation service provider, $1,195; law firm assistant, $375; legal marketing attendee, $595.
  • Feb. 11-12. Suits and Spooks DC. The National Press Club, 529 14th St. NW, Washington, D.C. Registration: $599; government and academia, $499.
  • Feb. 16. Architecting the Holy Grail of Network Security. 1 p.m. ET. Webinar sponsored by Spikes Security. Free with registration.
  • Feb. 17. Stopping Breaches at the Perimeter: Strategies for Secure Access Control. 1 p.m. ET. Webinar sponsored by 451 Research and SecureAuth. Free with registration.
  • Feb. 18. Will the Real Advanced Threat Stand Up? Attack Campaigns in 2016 and Beyond. 1 p.m. ET. Webinar sponsored Arbor Networks. Free with registration.
  • Feb. 20. B-Sides Seattle. The Commons Mixer Building, 15255 NE 40th St., Redmond, Washington. Tickets: participant, $15 plus $1.37 fee; super awesome donor participant, $100 plus $3.49 fee.
  • Feb. 28-29. B-Sides San Francisco. DNA Lounge, 375 11th St., San Francisco. Registration: $25.
  • Feb. 29-March 4. RSA USA 2016. The Moscone Center, 747 Howard St., San Francisco. Registration: full conference pass before Jan. 30, $1,895; before Feb. 27, $2,295; after Feb. 26, $2,595.
  • Feb. 29-March 4. HIMSS16. Sands Expo and Convention Center, Las Vegas. Registration: before Feb. 3, $865; after Feb. 2, $1,165.
  • March 10-11. B-Sides SLC. Salt Palace Convention Center, 90 South West Temple, Salt Lake City. Registration: $65.
  • March 12-13. B-Sides Orlando. University of Central Florida, Main Campus, Orlando, Florida. Registration: $20; students, free.
  • March 14-15. Gartner Identity and Access Management Summit. London. Registration: 2,550 euros plus VAT; public sector, $1,950 plus VAT.
  • March 17-18. PHI Protection Network Conference. Sonesta Philadelphia, 1800 Market St., Philadelphia. Registration: $199.
  • March 29-30. SecureWorld Boston. Hynes Convention Center, Exhibit Hall D. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
  • March 31-April 1. B-Sides Austin. Wingate Round Rock, 1209 N. IH 35 North (Exit 253 at Hwy 79), Round Rock, Texas. Free.
  • April 20-21. SecureWorld Philadelphia. Sheraton Valley Forge Hotel, 480 N. Guelph Rd., King of Prussia, Pennsylvania. Registration: conference Pass, $325; SecureWorld Plus, $725; exhibits & open sessions, $30.
  • June 13-16. Gartner Security & Risk Management Summit. Gaylord National Resort & Convention Center, 201 Waterfront St., National Harbor, Maryland. Registration: before April 16, $2,950; after April 15, $3,150; public sector, $2,595
The Next President's Alternative Energy Agenda

The Next President's Alternative Energy Agenda

5:04 PM Add Comment
Alternative energy has become a real growth engine during the last several years. It seems to bounce up and down, depending on the leadership in the White House. President Obama is a supporter, so growth has been relatively strong in recent years. The big question is, what will happen under a new president?
The Next President's Alternative Energy Agenda
That is a question every investor and industry worker is asking. We all want to work and invest in a growth sector. Many people have hitched their wagon to the growth engine in the energy space, and that has been a good call.

Will the Growth Engine Slow?

However, worries that things will change and growth will slow are starting to set in. What happens will depend in large part on who we elect as president.
Energy is important, but it is just one of many important factors we must focus on going forward. In general, voters won't focus on one issue, like energy, when there are multiple problems -- like security, economic growth and jobs.
That said, growth in energy, especially alternative energy, will continue. The question is, will it be at the same rapid pace or will it slow? If you are working for or invested in the right companies in the alternative energy space, you likely will continue do well.

Choosing Growth Companies

How do you choose the right growth-oriented companies? That question is easier to ask than to answer.
Alternative energy is an industry driven by innovation, reinvention and politics. The hot companies and new technologies always will capture the attention of the media and industry watchers. That means those companies should be the focus for investors and workers.
The life span of a hot opportunity in the energy space may be short. A company or technology that is new and hot today may give way to the next hot company or technology in the blink of an eye.
That happens in every industry. Consider the mobile phone marketplace. Motorola led the space early on. Then in the 1990s, Nokia and BlackBerry took the No. 1 position, sending Motorola to the basement. In the 2000s, Apple's iPhone and Google's Android OS took the lead, sending Nokia and BlackBerry to join Motorola in the basement.

Leadership Changes

Things change quickly. Leadership changes quickly. Sometimes leaders stay leaders by creating the next growth wave to ride. Most times they do not -- they ride that wave up and then down again.
Consider the iPhone, which has been under scrutiny for slowing growth. Apple remains a beloved company in the eyes of its customers. However, its growth lately has not been quite up to what analysts predicted, so the stock has been hit and some media outlets have been trashing it.
There are two distinct sectors to balance: the customer and the investor. Sometimes they are on the same growth track, but other times they take different paths.
Expect the same thing to happen in the energy space. Investors can use the lessons they learned from the wireless wars in the energy arena. Choose the right companies and technologies to work for or to bet on with your investment dollars.

Energy Tables Turn Quickly

The hottest energy industry segments are solar, wind, hydro, biomass and geothermal energy. There will be plenty of winners and losers in each. Determining which to bet on is the biggest challenge.
Stay alert -- the tables can turn quickly. That might happen with the change in leadership in Washington. However, even if the new president has an alternative energy focus, the industry's volatile growth will continue. Alternative energy will continue to grow -- it's the pace of growth that is the big unknown.
Be prepared to make a series of strategic moves. Staying alert in the rapidly growing and changing alternative energy space will help you stay on the winning side of the growth curve.
FDA Guidelines Target IoT Medical Device Security

FDA Guidelines Target IoT Medical Device Security

5:03 PM Add Comment


The U.S. Food and Drug Administration last week took a step toward addressing the threat the Internet of Things poses to patients and their data by releasing some proposed guidelines for managing cybersecurity in medical devices.
"A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats," the FDA says in its proposal.
"The exploitation of vulnerabilities may represent a risk to the safety and effectiveness of medical devices and typically requires continual maintenance throughout the product life cycle to assure an adequate degree of protection against such exploits," the agency notes.
"Proactively addressing cybersecurity risks in medical devices reduces the patient safety impact and the overall risk to public health," it says.
The guidelines offer best practices for assessing, remediating and reporting cybersecurity vulnerabilities in medical devices.
Stakeholders have 90 days to submit comments to the FDA on the proposed guidelines before they're finalized.

An IoT First

"The FDA is to be congratulated because this is the first time that somebody is acknowledging the risk associated with the Internet of Things," said Torsten George, vice president for global marketing at RiskSense.
The agency is raising the security bar for medical device makers, said Lee Kim, director of privacy and security at the Healthcare Information and Management Systems Society.
"I think that provides some assurance for healthcare providers, but they need to scan their networks for vulnerabilities, too," she told TechNewsWorld. "The healthcare providers can't turn a blind eye to this either."
The guidelines are especially important because healthcare IT is very compliance-oriented, noted Chris Wysopal, CTO of Veracode.
"If a regulating authority doesn't have anything to say, organizations think they don't have to do anything because they don't take a risk-based approach, as financial service companies or manufacturers do when they try to protect their brand or intellectual property," he told TechNewsWorld.

Guidelines With Teeth

While the FDA's move is a good one, guidelines are only recommendations on how to behave. Medical device makers could ignore them without having to worry about punishment -- yet.
"There are no fines mentioned yet, but they could come," RiskSense's George told TechNewsWorld.
Competition also could play a role in nudging device makers to comply with the guidelines.
"There are so many medical devices out there and so much competition that a differentiating factor could become compliance with these guidelines," HIMSS's Kim said.
The guidelines could provide fodder for potential legal actions against device makers.
"The courts are being very stringent when it comes to cybersecurity. If you're not following best practices these days, the courts are leaning toward consumers and end users when making their judgments," George noted.
"There's the potential that some attorneys looking at this would use these guidelines to establish negligence in a civil case," Kim said. "That legal pressure could be a motivator for medical device manufacturers to shore up their security practices."

More Concern Over App Flaws

Healthcare IT execs don't seem to share the FDA's heightened concern over the risks medical devices pose to patients and their data, according to a survey released last week by Veracode and HIMSS.
The survey, which was part of Veracode's "State of Web and Mobile Application Security in Healthcare" report, found that only 7 percent of the 200 participating healthcare IT execs placed the insecurity of IoT devices -- such as medical devices, POS devices, printers and building automation -- on their list of top security threats.
What most concerned the execs was cyberattackers exploiting vulnerabilities in applications (28 percent), followed by phishing attacks on employees, negligent employees and malicious insiders (26 percent).
Fears over application vulnerabilities are being raised with good reason.
"Data from actual code-level analysis of billions of lines of code conducted by Veracode shows that 80 percent of healthcare applications exhibit cryptographic issues such as weak algorithms upon initial assessment. Given the large amount of sensitive data collected by healthcare organizations, this is quite concerning," the report notes.
"In addition, healthcare fares worse than the vast majority of other industries when it comes to addressing remediation, with only 43 percent of known vulnerabilities being remediated," it continued.
Healthcare organizations should test the medical devices they use and hold vendors accountable for security gaps, the report recommends.
"Many medical devices, including MRI scanners, X-ray machines and drug infusion pumps, are vulnerable to hacking, creating significant health risks for patients," the report notes.
Zenwalk 8 Beta Led Me Down a Rocky Road

Zenwalk 8 Beta Led Me Down a Rocky Road

5:03 PM Add Comment
Zenwalk is a Linux distro that seems to be in a state of flux.
I took a gamble with the Zenwalk 8.0 beta edition, released last month, after several colleagues raved about its improvements. Chalk that up to potentially bad advice.
It's not that Zenwalk is a bad distro. It is an uncooperative and strange experience. With all the options available, a lot can be said about not having to struggle with an OS version that is problematic.
I had not bothered with Zenwalk Linux since reviewing it about a year ago. The announcement for the upcoming version 8 release prompted some interesting good vibes. All that was holding up the next full release seemed to be the availability of the next stable release of Slackware.
Zenwalk is based on Slackware Linux and runs the Xfce desktop environment and a focused collection of applications. The current versions use the Chromium browser, which doubles as an image gallery viewer and very fast PDF viewer.
zenwalk 8 beta
Zenwalk 8 Beta Desktop View
The beta release is available for the 64-bit x86 architecture exclusively. This release is fully backward compatible with Slackware and focuses on developer Jean-Philippe Guillemin's view that desktops have to be able to be synced with smartphones, making the Web browser the most important application.
I should have tempered my high expectations. The Zenwalk website redirects visitors to the forum page. If you look hard enough, you can make your way to the download link for the nonbeta ISO files. You have to look even harder to locate the Zenwalk 8 beta ISO..

Unfriendly Experience

My experience with the beta release was very disappointing. It was not easy or much fun installing. Part of that is due to its Slackware roots. Perhaps a bigger part is the distro's continuing disjointed state of affairs.
Zenwalk can be installed only on a local drive, supporting only 64-bit hardware platforms. I gave up trying to install it to a virtual machine.
Not having a live-session ISO makes trying to test Zenwalk's suitability and compatibility with a user's hardware a worthless endeavor. This gives Linux in general a bad name to potential users who know little about the good Linux distros.
The ISO image features a minimal boot loader designed primarily for adding extra kernel parameters. The user must press the enter key to boot the installer or the F2 key for a detailed list of boot options.

Tough to Install

The simplified text-mode installer was not simple at all. The distribution's text-mode installer is somewhat intimidating. It has none of the modern installation tools that help automate the process.
I had to select a keyboard map and manually partition the disk before the installation would continue. Even installing the bootloader was problematic. Once the installation completed, a maze of setup chores just bogged down and worsened the experience some more.
In addition, after installation, it is a must to select a language, set up the root (system administrator) password and create a new user. Why make things so difficult?
A workaround should have been installing Zenwalk from a USB drive. The dd command is simple:
Zenwalk-8.0beta.iso dd if= of=/dev/bs=1MSDx
That process, however, turned out to be just as unfriendly as everything else.

Needs a Better Way

I found few changes in my first and second impressions since my initial look at Zenwalk Linux. The website is just as sketchy and unimpressive now as it was then.
Zenwalk 8 beta remains more of an individual flight of fancy than a serious Linux OS. Creator Guillemin built the Linux OS as a sort of customized computing tool so he could stop repeating the same modifications on systems after each new installation.
That is all well and good for experienced users, but it does little to give everyday users a Linux distro that is easy to install and set up.
Lightweight distros powered by the Xfce desktop are common among Linux distros. Zenwalk is a fork of Slackware Linux and was previously branded "Minislack." It is fully compatible with official Slackware packages.
Zenwalk is preloaded with some solid Linux apps, but the choice of applications is very limited in an effort to keep the inventory slimmed down. This is not enough to make a good everyday Linux OS.

Desktop View

Zenwalk has a panel bar on the upper part of the screen and a bottom dock that serves as an application launcher.
The Xfce interface works as expected. It has no unique tweaks or integrations that make Zenwalk stand apart from other Xfce-based distros.
The Zenwalk 8.0 beta announcement hypes the fast boot speed and performance sharpened by providing one application per task. Yes, Zenwalk is fast to boot and has quick responsiveness.
However, I can't stop asking myself, "Is that all there is?" I want something that makes Zenwalk my everyday OS. If I were looking for a replacement for my current Linux systems, I would have to keep looking.

Bottom Line

I am willing to chalk up the unfriendly nature of the Zenwalk 8 beta to its transitional state awaiting the final release. But if Zenwalk 8 stumbles with the same difficulties present in the beta release, the distro will continue to miss its mark.
My impression last year was praise for the philosophy behind Zenwalk but disappointment with its ho-hum desktop environment. I am holding out hope that what comes next changes my first and second impressions.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?
Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.
And use the Talkback feature below to add your comments!



Subscribe to: Posts (Atom)