March 31, 2014

SmartThings Founder Sees a Limitless Internet of Things
SmartThings builds a hub that connects to a home router and to sensors that can detect states like motion, moisture, temperature, or presence, such as the comings and goings of pets. But more important, it's building an open development platform for independent developers and device makers developing tools for the Internet of Things. For instance, in SmartThings offices, a Sonos wireless speaker suddenly blares with the sound of a barking dog. It sounds very real. A developer created a connection between a door bell and a virtual guard dog that will bark if no one is home.


Reading the Global Threat Intelligence Report (GTIR)
The GTIR was based on threat intelligence and attack data from the NTT Group companies which include Solutionary, NTT Com Security, Dimension Data, NTT Data and support from NTT R&D. The security experts have analyzed approximately three billion worldwide attacks occurred in 2013, the Finance and Technology industries are that most targeted by attackers which used mainly botnet for their offensives. The majority of the vulnerabilities listed in the report are related to patch management, firewall and application settings.


McAfee CSO article stirs up the whitehat infosec community
The article itself may be some kind of link bait – Security Magazine has a wide readership that brings in all types of roles and it asks you to register and give up a bunch of info. (There is a non-registration version here: on PasteBin). That being said, when you consider the title and that the level of reader that would most likely read an article regarding the hiring of ethical hacker would be high level CSO or CISO, it’s quite possible it was written just to find out what decision makers are interested in the topic. Whether this was written by Conran himself or not, his name is still on it and his word is attached to this article.


Ensuring HIPAA Compliance
Any company dealing with protected health information is required by HIPAA to make sure that security measures are in place for every record kept, from physical copies, to network and digital copies. HIPAA also extends to the processing of information, requiring measures to be taken to ensure that even during administration, the privacy of information is maintained. The penalties for violating HIPAA are severe, ranging from $100 to $50,000 per violation, up to maximum of $1,500,000 a year with the threat of criminal charges also present. Not something which you and your business want to get mixed up with.


With a piracy rate of 80 percent, can the tech world convince Africa to buy legitimate software?
"Everybody knows somebody that can get a hold of any software," he says. "In most cases no fees are involved as it usually involves a form of bartering, where software you want is exchanged for software you already have. Established IT shops won't typically sell pirated software off the shelf, but you'll still be able to obtain pirated software from them via interaction with their employees." Coetsee is managing director of Noctranet, a software company specializing in cloud. He says it isn't uncommon for him to find people, even clients, pirating his own software.


Smartphone kill-switch could save consumers $2.6B per year
If a kill-switch led to a sharp reduction in theft of phones -- something supporters argue would happen because stolen phones would lose their resale value if useless -- most of the $580 million spent on replacing stolen phones would be saved. A further $2 billion in savings could be realized by switching to cheaper insurance plans that don't cover theft. Not all consumers would make the switch, but Duckworth said his research suggests at least half would. As part of the report, Duckworth contracted a survey of 1,200 smartphone users in February 2014 by ResearchNow.


How the open transport switch will make operator SDN a reality
Most SDN technology has been developed for Ethernet networks. Generally the control plane and the data plane are disaggregated from the physical network and centralized into a software controller that manages flows all over the network. But optical transport networks often vary in architecture and protocol, making it a big challenge to decouple the control and data planes and apply one kind of controller over the network. To tackle this challenge, a number of vendors are currently developing open transport switches (OTSes) that act as the intermediary between an SDN controller and an optical transport switch.


Business counts cost of cyber attackers’ secret weapon
“Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Ashish Patel, regional director, network security UK & Ireland at McAfee. “What we’re hoping to do is educate businesses so they know what to look for and understand what’s needed to defend against them. Education is absolutely key,” he told Computer Weekly. This will be in the form of roadshows, reports, security summits and client briefings. “The study has shown the real lack of understanding, knowledge and awareness in the community,” said Patel.


Orchestrating Your Delivery Pipelines with Jenkins
Here, we will discuss how to put a number of these recommendations into practice in a concrete setting, namely setting up a delivery pipeline in Jenkins. Many of the steps we will present carry over to other Continuous Integration (CI) and orchestration tools, and there are analogous extensions or core features for many of the plugins we will introduce, too. We are focussing here on Jenkins, however, because it is the most widely-used Continuous Integration server out there. Even if you are using different CI servers or services in your environment, it should be relatively easy to experiment with the steps we will cover in a “sandbox” Jenkins installation, before carrying them over to your own CI environment.


Q&A with Jim Hietala on Security and Healthcare
There’s a plethora of things out there right now that organizations need to be concerned about. Certainly advanced persistent threat, the idea that maybe nation states are trying to attack other nations, is a big deal. It’s a very real threat, and it’s something that we have to think about – looking at the risks we’re facing, exactly what is that adversary and what are they capable of? I think profit-motivated criminals continue to be on everyone’s mind with all the credit card hacks that have just come out. We have to be concerned about cyber criminals who are profit motivated and who are very skilled and determined and obviously there’s a lot at stake there. All of those are very real things in the security world and things we have to defend against.



Quote for the day:

"When winds of change blows, some build walls while others build windmills." --  Chinese proverb