Tag Archives: development

My latest Gartner research: Vendor Rating: Huawei

Huawei has established itself as a solid provider of ICT infrastructure technologies across consumer, carrier and enterprise markets worldwide. CIOs and IT leaders should utilize this research to familiarize themselves with Huawei’s “all-cloud” strategy and ecosystem development….

Gartner subscribers can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IoT risks raise concerns among IT specialists in central and eastern Europe

www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain knowledge and insights about, for example, buildings, cars, industrial installations, healthcare, aviation and civil infrastructure, using smart and connected devices. But according to Sylwester Chojnacki, director, enterprise business group at Huawei CEE, the designers of IoT equipment have not learned the lessons from the early years of internet development. “They do not pay sufficient attention to the safety of devices and applications,” he said. IoT devices are often the first target in cyber attacks, leading to intrusions into computer systems and large databases. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New centre to help Singapore boost cyber security

www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security By Lim Yan Liang The Straits Times Feb 4, 2016 Singapore will face more cyber attacks as technology is increasingly used in everyday life, from smart traffic lights and driverless trains to the ubiquitous smartphones. The greater risk, which is inevitable as Singapore pushes to be a Smart Nation, was flagged yesterday by the managing director of the Infocomm Development Authority (IDA), Ms Jacqueline Poh, noting the rise in the United States of such security incidents involving its critical infrastructures. To address the danger, Singapore plans to give existing measures a further boost. One is the introduction of a Cyber Security Bill in Parliament later this year to give the 11-month-old Cyber Security Agency greater powers to secure Singapore’s critical information infrastructure. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Here’s what ‘Shmoocon 2016,’ the D.C. hackerfest, tells us about the cybersecurity industry

www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/ By Aaron Gregg The Washington Post January 28, 2016 Walking around Shmoocon, a D.C. cybersecurity conference in its 12th year, one gets the impression that the hacker community is growing out of a bit of its outrageousness. “There’s a chaotic element to it that has really fallen off,” said Shmoocon founder Bruce Potter. “All the shenanigans you used to see; dumping Jello in the fountain in Vegas…you don’t even see it anywhere anymore.” To be sure, the cultural quirks are still there. Grown men still call each other by over-the-top hacker aliases. A man walks around wearing a chicken mask with a fluorescent-green box strapped to this back blaring electronic music. With the exception of a group of West Point cadets, everyone is wearing T-shirts. But the crowd’s absurdities make it easy to forget that these are some of the most sought-after professionals in business, government and war. Over the past few years costly and highly-public instances of data theft have driven huge corporations to give cybersecurity professionals C-suite representation for the first time. And there’s a massive dearth of trained cybersecurity professionals, even in the Washington area: a 2015 report from market research firm Burning Glass found almost 50,000 open positions for cybersecurity professionals across the country with an advertised average salary of $83,934. As a result, conferences like Shmoocon have become central nodes where corporate and government recruiters find cyber talent. Local economic development boosters are targeting cybersecurity as a growth sector for the region, hoping they can capitalize on the steady stream of specialized talent that spills out the region’s military and intelligence agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] Speak About Your Cyberwar at PHDays VI

Forwarded fFrom: Alexander Lashkov Positive Hack Days VI, the international forum on practical information security, opens Call for Papers. Our international program committee consisting of very competent and experienced experts will consider every application, whether from a novice or a recognized expert in information security, and select the best proposals. Now, more than ever before, cybersecurity specialists are being asked to stop sitting on the fence and choose a side — competitive intelligence vs DLP systems; security system developers vs targeted cyberattacks; cryptographers vs reverse engineers; hackers vs security operations centers. A new concept of PHDays VI is designed to show what the current vibe is in information security. We want researchers to speak about the real dangerous threats and possible consequences. We also expect developers and integrators to give real answers to these threats rather than to talk about empowering security technologies. Come and share your experience at PHDays VI in Moscow, May 17 and 18, 2016. Your topic can revolve around any modern infosec field: new targeted attacks against SCADA, new threats to medical equipment, vulnerabilities of online government services, unusual techniques to protect mobile apps, antisocial engineering in social networks, or what psychological constitution SOC experts have. In addition, this year, we are planning to discuss IS software design, development tools, and SSDL principles. Our key criteria is that your research should be unique and offer a fresh perspective on hacking, modern information technologies, and the role they play in our lives. If you have something interesting or surprising to share, but none of the formats are suitable for your participation, please apply anyway and be sure we will consider your work. The first stage of CFP ends on January 31, 2016. Apply now — the number of final reports is limited. In 2015, the forum brought together 3,500 participants. In 2016, it is expected to see 4,000 attendees: information security leaders, CIO and CISO of the world’s largest companies, top managers of giant banks, industrial and oil and gas producing enterprises, telecoms, and IT vendors, representatives from different government departments. Positive Hack Days featured a variety of distinguished participants including Bruce Schneier (the legendary cryptography expert), Whitfield Diffie (one of the inventors of asymmetric cryptography), Mohd Noor Amin (IMPACT, UN), Natalya Kasperskaya (CEO of InfoWatch), Travis Goodspeed (a reverse engineer and wireless enthusiast from the U.S.), Tao Wan (the founder of China Eagle Union), Nick Galbreath (Vice-President of IPONWEB), Mushtaq Ahmed (Emirates Airline), Marc Heuse (the developer of Hydra, Amap, and THC-IPV6), Karsten Nohl (a specialist in GSM engineering), Donato Ferrante and Luigi Auriemma (famous SCADA experts from Italy), and Alexander Peslyak (the creator of the password cracking tool John the Ripper). Find any details about the format, participation rules, and CFP instructions on the PHDays website: www.phdays.com/call_for_papers/


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Blackhole Exploit Kit Makes a Comeback

www.eweek.com/security/blackhole-exploit-kit-makes-a-comeback.html By Robert Lemos eWEEK.com 2015-11-19 The once-popular Blackhole exploit kit has returned, attempting to infect using old exploits but also showing signs of active development, according to researchers with security firm Malwarebytes. Over the weekend, Malwarebytes detected attacks using older exploits for Oracle’s Java and Adobe’s Acrobat, but which attempted to deliver recently compiled malware. When Malwarebytes investigated, it found, behind the attacks, a poorly secured server that had Blackhole installed on it. The return of Blackhole suggests that cyber-criminals may be reusing the code, which was leaked in 2011, Jérôme Segura, senior security researcher for Malwarebytes Labs, told eWEEK. “Blackhole was well-written, and we have seen in the past, like with Zeus, that a lot of criminals do not reinvent the wheel,” he said. “They will use older infrastructure and build on top of it.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] As containers take off, so do security concerns

http://www.csoonline.com/article/2984543/vulnerabilities/as-containers-take-off-so-do-security-concerns.html By Maria Korolov CSO Sep 17, 2015 Containers offer a quick and easy way to package up applications and all their dependencies, and are popular with testing and development. According to a recent survey sponsored by container data management company Cluster HQ, 73 percent of enterprises are currently using containers for development and testing, but only 39 percent are using them in a production environment. But this is changing, with 65 percent saying that they plan to use containers in production in the next 12 months, and cited security as their biggest worry. According to the survey, just over 60 percent said that security was either a major or a moderate barrier to adoption. Containers can be run within virtual machines or on traditional servers. The idea is somewhat similar to that of a virtual machine itself, except that while a virtual machine includes a full copy of the operating system, a container does not, making them faster and easier to load up. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] What cybersecurity means for global trade

https://agenda.weforum.org/2015/09/what-cybersecurity-means-for-global-trade/ By James Lockett Sep 15 2015 Cybersecurity is a sensitive and important issue, but it is also one that is open to inappropriate use by policy makers who choose to use it to inhibit free trade in ICT (Information and Communications Technology). Ironically, the internet and ICT may offer more benefits to the development of global trade than any single policy has managed to achieve. Cybersecurity does not fall neatly into a single set of rules. Rather, it spans espionage and theft, privacy and data protection, cross-border trade and investment in ICT, and cross-border criminal enforcement. Because of this, it can be open to restrictive trade measures defined as ensuring national self-sufficiency to protect national security. When implemented for the wrong reasons, such policy making does little more than create the illusion of national security, and will tend to inhibit the vital flow of ICT products and services needed in order for countries and societies to leverage the advantages of the Digital Age and Digital Economy. When originally established, the General Agreement on Tariffs and Trade (GATT) was intended to deal with the very technical issue of regulating trade between signatory countries. Other multilateral institutions created at the time in order to enhance international cooperation, most notably the United Nations, were created to address issues of national or international security and peace. The GATT was drafted in such a way so as not to unduly constrain signatories’ freedom of action in matters of national security, and this policy space has resulted in ambiguities that can be exploited in ways that are unhelpful. For example, in 2010 a group of United States senators called for the private sale of telecommunications equipment from a Chinese company to a major US carrier to be blocked on the grounds that the carrier was also a supplier to the military. In a 2012 report, citing cybersecurity concerns, the US House Permanent Select Committee on Intelligence recommended that US telecommunications operators not do business with China’s leading network equipment suppliers, and that the government should block takeovers of US companies by the largest Chinese equipment manufacturers. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail