Microsoft has released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.
The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.
Ormandy announced Saturday on Twitter that he and his colleague found a "crazy bad" vulnerability in Windows and described it as "the worst Windows remote code execution in recent memory."
Bixby Voice isn’t the only thing we’ve been waiting for when it comes to the Galaxy S8. While Verizon, AT&T, T-Mobile, and Sprint customers have been enjoying their infinity displays for weeks, the rest of us have been patiently waiting for unlocked models to hit shelves so we can avoid carrier contracts, er, financing plans.
And now the wait is over. Samsung has announced that fully unlocked versions of the S8 and S8+ are now available through its website and Best Buy. The smaller phone will retail for $725 and the larger one for $100 more ($825), with all of the same features available on the carrier models. Like the rest of the U.S. models, the unlocked phones are powered by the Snapdragon 835 chip, not Samsung’s proprietary Exynos 8895.
In the age of high definition video streaming, you can't get very far with 200MB of mobile data. That appears to be the reason T-Mobile quietly killed its Free Data for Life program on Sunday.
Originally introduced in 2013, Free Data for Life gave tablet users 200MB of free data for the life of their device. As of Monday, T-Mobile is not accepting new devices on the Free Data for Life program. Anyone whose tablet is still pushing pixels can keep on getting their free 200MB every month as usual, however.
Instead of Free Data for Life, T-Mobile is directing users to its unlimited data offerings. "When we launched Free Data For Life in 2013, 200MB of high-speed data was a lot," T-Mobile told TmoNews, which first spotted the policy change. "Today...Customers who have T-Mobile ONE can add unlimited LTE data on a tablet for just $20 a month with autopay."
A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors.
The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies.
The new framework recommends, among other things:
There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach.
Executives are in a triple-tough spot. They’re boxed in with declining budgets. In addition, they’re rarely able to dedicate adequate time to hire qualified and — more importantly — competent team members. Finally, the positions they look to fill likely weren’t created out of a new need but were vacated by the abrupt departure of prior staff. Shrinking budgets, lack of time and urgent needs are the essence of bad hires.
Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.
+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+RedLock
Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.
A Java modularity specification failed to pass in a vote by Java executive committee members, leaving the future of the technology in question. The issue could hold up the planned July 27 release of Java 9, which is slated to include modularity.
Balloting on Java Specification Request 376 was completed on Monday. The modular plan for Java, intended to make it easier to scale the platform, has been opposed by companies including Red Hat and IBM. Red Hat, in particular, questioned many parts of the plan, including raising issues about potential application compatibility problems.
When Sun Microsystems said, "The network is the computer," it might have been talking about the Internet of Things, which was little more than an idea at the time. Today, more machines than ever are talking to other machines, and computing is being distributed across far-flung networks.
Onetime Sun CEO Scott McNealy sees some of the legendary company's vision coming to fruition in an IoT "data bus" from a small Silicon Valley outfit called Real-Time Innovations. On Tuesday, McNealy became the first member of RTI's Advisory Board.
RTI's data bus is middleware for delivering the right information at the right time to all the people and systems that need it. The software runs on meshed computing nodes that can be a small as a microcontroller, and it uses several kinds of network connections to make sure the data gets through.
ServiceNow is bringing enhanced machine-learning capabilities to its Now Platform for business process automation to help customers prevent outages, automatically route service requests, and predict and benchmark IT performance.
The AI capabilities will be offered through the upcoming Intelligent Automation Engine, announced at the company's Knowledge conference in Orlando Tuesday. The move strengthens ServiceNow's base in IT management while making further inroads into other areas of the enterprise.
The machine-learning capabilities will be brought into ServiceNow's cloud services for security, customer service, and HR. The Intelligent Automation Engine's algorithms are based on technology the company acquired through its purchase of DxContinuum in January.
Leadership in some form or fashion is taught in every college and university on the planet and has been practiced in every organization that ever existed. Despite that omnipresence, as well as society’s fascination with leadership and ample journalistic treatment of what appears to be a perennial “leadership crisis,” many executives lack a framework to evaluate and improve their own leadership. “Good” and “bad” leadership remains for the most part a subjective, bordering-on-mood-based assessment.
For the past six months, I have been working with a group of early-, mid- and late-stage leaders to better understand the changing state of leadership. To get the ball rolling, stretch the mind and precipitate animated conversation, I asked this group of IT leaders if the traits that made Alexander “great” were still relevant today. They concluded that leadership has evolved significantly in the 2,400 years since the boy king conquered most of the known western world, with contemporary leaders perceived as being more community-focused.
Over 1,600 representatives of financial institutions, investors, industry analysts and reporters convened at the Spring 2017 Finovate Conference on April 26 in San Jose. With events in Asia, Europe, and the East and West Coasts, Finovate conferences showcase cutting-edge banking and financial technology in a unique, short-form, demo-only format.
Here's a look at 20 impressive companies I met at this year's conference.Spacequant
Spacequant offers a mortgage solution called SQ that's designed to to automate multiple manual tasks involved in commercial property underwriting and enable financial institutions to assess value and risk of small-balance commercial real estate properties in minutes. The platform supports extraction and standardization of data from property financial statements, multiple sources of external data about each property and market around it, and provides decision tools for real-time assessment of property value and risk.
Because Mother Nature is so stingy when she doles out the gene for common sense, frameworks and standards for IT governance had to be invented.An example
Recently, I heard about an incident in which a municipal IT director was planning and executing significant changes to a department’s critical infrastructure without informing the customer — the department personnel. After being confronted, he insisted that he wasn’t required to inform the stakeholders because it was routine and he didn’t need departmental approval. Huh! To make matters worse, the changes involved significant risks that were far beyond the understanding of that IT director and his staff.
If you think you're immune from a scary exploit found in Intel's Active Management Technology just because you're a consumer, think again.
The exploit, disclosed on May 1, lets bad actors bypass authentication in Intel's remote management hardware to take over your PC. This hardware, built into enterprise-class PCs, lets IT administrators remotely manage fleets of computers—install patches and software, and even update the BIOS as though they were sitting in front of it. It is, in essence, a God-mode.
Here's the fine print: Many early news reports said "consumer PCs are unaffected." But what Intel actually said was, "consumer PCs with consumer firmware" are unaffected.
Craig Diangelo was an IT worker at Northeast Utilities in Connecticut until he completed training his H-1B-visa-holding replacement. He was one of about 200 who lost their jobs in 2014 after two India-based IT offshore outsourcing firms took over their work at what is now called Eversource.
Diangelo, at first, was quiet, bound by severance agreements signed with the company. Then he started speaking out.Craig Diangelo
Industrial robots used in factories and warehouses that are connected to the internet are not secure, leaving companies open to cyberattacks and costly damages.
That's the word coming from a study conducted by global security software company Trend Micro and Polytechnic University of Milan, the largest technical university in Italy.
"The industrial robot – it's not ready for the world it's living in," said Mark Nunnikhoven, vice president of cloud research at Trend Micro. "The reality is these things are being connected in more and more places. There are a lot of attacks that could happen in that environment."
[ Related: Don't fear the robots, embrace the potential ]
With voting on a module system for Java set to close within the Java community, a high-ranking official at Oracle is again defending the plan amid criticism from Red Hat.
Modularity is the main feature in Java 9, which is due to arrive July 27—if the disagreement over modularization does not hold up the release. Oracle's Mark Reinhold, chief architect in the company's Java platform group, sent out an email on an openjdk mailing list Monday, arguing the issues being brought up have already been covered.
Low-cost smartphones like the Moto G5 introduced a few months ago are shipping with soon-to-be-outdated chips from Qualcomm, which has announced successor chips.
Qualcomm on Monday introduced the Snapdragon 630 and 660, which are massive upgrades to chips used in low-cost smartphones introduced over the last six months or so.
And in a few months, you'll be able to buy low-cost smartphones with these new chips, with prices starting at US$200. The handsets will feature LTE download speeds equivalent to that in the iPhone 7 and have graphics processors capable of capturing 4K video.
Additionally, the low-cost smartphones will charge up faster than ever. The chips support Qualcomm's Quick Charge 4, and smartphones can charge up to 50 percent in just 15 minutes.
Several German firms are taking a stab at a single login process for accessing different online services -- an approach that could compete with U.S. offerings.
The companies, which include automaker Daimler, insurance provider Allianz and Deutsche Bank, among others, announced the joint effort on Monday. Their goal: to create a platform that revolves around a “master key” for users that can access sites and services across industries.
The platform will not only make online registration simpler, but also more secure, they said. To do so, the companies will incorporate top standards in data security, and comply with local European Union data protection laws.
Everyone has a preference when it comes to travel wear, but one company is hoping someday passengers will sport spacesuits on its craft. That company is SolarStratos, and it has built what it calls the world's first solar stratospheric plane.
A two-seat prototype with 22 square meters of solar cells had its maiden flight on May 5 in Payerne, Switzerland. The flight only lasted seven minutes, with the plane ascending to just 300 meters. But the goal is to eventually take a solar plane on a five-hour flight to an altitude of more than 24,000 meters, which will put travelers in the stratosphere.
The project presents some unique challenges. First, passengers will have to wear a spacesuit, since the plane's cabin will not be pressurized. And in the case of an emergency, parachutes will not be an option in the -70 degree Celsius atmosphere.
The U.S. Federal Communications Commission's website slowed to a crawl after comic and political commentator John Oliver urged viewers to flood the agency with comments in support of net neutrality, in what appeared to be a repeat of a 2014 incident.
With the FCC headed toward a repeal of net neutrality rules it passed in early 2015, Oliver on Sunday echoed his "Last Week Tonight" commentary on the topic from three years ago. (Note to viewers: The link to Oliver's new diatribe is not safe for work.) As in 2014, the FCC's website seemed to buckle under the load late Sunday and early Monday, but the cause may have been more sinister than a flood of people expressing their support for net neutrality rules.