Monday, September 23, 2013

Mobile Management, Security Still a Challenge for Businesses

The survey revealed a growing chasm between what mobile workers want and what IT departments can secure is causing friction for businesses.

Just 18 percent of organizations are confident that their mobile policies are compliant with corporate policy and government regulation, according to a report from mobile productivity solutions specialist Accellion, and AIIM, a global non-profit organization that provides independent research, education and certification programs to information professionals.

Just more than half (51 percent) of organizations surveyed said they have big doubts about their mobile content management processes, even though nearly two-thirds of respondents have or plan to allow official enterprise content management (ECM access) through mobile devices. Meanwhile, 70 percent of respondents expressed concern and another 20 percent were extremely concerned about mobile file sharing.

The survey indicated the growing chasm between what mobile workers want and what IT departments can secure is causing friction for organizations in all industries. Only 30 percent of organizations have an approved bring-your-own-device (BYOD) policy in place, yet 46 percent of respondents reported that information access via mobile is "essential" and another 24 percent cite it as "somewhat important."


Treasury makes business case for iPads

The business case for mobile devices has become compelling for Treasury CIO Peter Alexander, who is now eyeing off Samsung and Android devices thanks to developments in mobile device management.

Following a presentation he gave at a CommVault seminar in Canberra, Alexander told ITnews the return on investment on portable devices given to senior Treasury executives was high.

He estimated the full cost of a typical smartphone was $1100/year including all costs such as data and security oversight.

"That's way cheaper than a desktop," he said.

With iPads, he said, the cost is less than $800 a year because there are no phone calls involved. Discounts from carriers made it especially compelling especially when a staffer did half an hour's work on their own time out of work hours, he said.

"We have people that sit on their iPads in front of the TV every night doing hours of work." 


Sunday, September 22, 2013

Mobile can help drive more federal innovation

 In his July Management Agenda: Innovative Government speech, President Obama outlined his vision for a smarter, more innovative and more responsive government.

He challenged federal leaders across all agencies to harness the power of technology and replicate online efficiencies already available in the private sector, such as tracking a package from shipping to delivery point or filling in information once, on one form, which then populates across multiple forms.

For federal leaders who are ready to think big, I encourage starting small — as in the 3-by-5-inch smartphone device that 91 percent of American adults own.

A mobile-first approach is a must for eGovernment innovation. No longer "nice to have" or novelty items, mobile devices are well on their way to becoming the primary means of accessing the Internet.


Saturday, September 21, 2013

For BlackBerry, Consumers Aren't the Only Problem

 BlackBerry's last-ditch move to abandon its consumer business and focus on selling devices to companies is a risky bet that it can hang on to ground that is rapidly eroding.

Thursday, September 19, 2013

Free at Krispy Kreme Today!

Today only, participating Krispy Kremelocations offer an original glazed doughnut for free for those who talk like a pirate as part of Talk Like A Pirate Day. That's the best freebie we've seen from Krispy Kreme since June, when it offered a no-strings-attached freebie.Click here to find a store near you.

Not easily shamed when it comes to free food? Dress like a pirate and receive one dozen original glazed doughnuts for free.

Monday, September 16, 2013

Load Tester 5.4: Now on OSX! - Web Performance

This is too COOL!

Hi, I'm Michael Czeiszperger, the original author of the Load Tester 1.0 and 2.0. Although Load Tester originally ran on OSX, 10 years ago the future of that platform was very much up for grabs, and with 99% of our sales on Windows, the OSX version was dropped. Fast forward to 2013, and I decided that 10 years of running Load Tester on my OSX machine through an emulator was 10 years too many. It only took a couple of days to get it running again on OSX, but several months working in my spare time to squash all the bugs and automate stuff like SSL certificate installs.

Screen Shot 2013-09-09 at 2.51.57 PM

Wether you use Safari, Firefox, or Chrome on OSX we've got you covered. Load Tester automatically manages configuration of your browser for recording. It also can handle iOS testing through the standard Apple iOS emulator.

Thursday, September 12, 2013

Health care data hub gets authority to operate

A key piece of technology needed to enroll applicants in the insurance marketplaces created by the 2010 health care overhaul has received authorization to operate, setting the stage for the exchanges' Oct. 1 launch.

News of the authorization stunned many observers, given that a  report from the Health and Human Services Inspector General revealed that testing for the data hub hadfallen behind schedule, and that security authorization wasn't due to be completed until Sept. 30, one day before the hub is scheduled to go online.


Sunday, September 8, 2013

Employee Mobile Behaviors Pose Risk to Enterprise Data - New Fiberlink Survey Reveals

 In one example, among those employees that did use mobile devices for work (either corporate-issued or their own), this survey showed:
- 25 percent either opened or saved a work attachment file into a third party app, such as Evernote, Dropbox or QuickOffice.
- 20 percent admitted to having cut and pasted work related attachments or email from company email to their personal accounts.
- 18 percent claim that they have accessed websites that are blocked by a company IT policy.


Saturday, September 7, 2013

This is appalling. What NSA's influence on NIST standards means for feds

In short, NIST standards – at least in this instance – were weaker than they should have been because the NSA "became the sole editor" of the standards, according to Snowden-leaked documents, and no doubt a throng of coders and cryptographers are looking at exploiting those vulnerabilities right now.


Friday, September 6, 2013

Spooning By Bitbucket

 Choose your partner wisely...

NSA uses supercomputers to crack Web encryption and "insert vulnerabilities into commercial encryption systems"...

The spy agencies have focused on compromising encryption found in Secure Sockets Layer (SSL), virtual private networks (VPNs) and 4G smartphones and tablets. The NSA spent $255 million this year on the decryption program — code named Bullrunwhich aims to "covertly influence" software designs and "insert vulnerabilities into commercial encryption systems" that would be known only to the agency.

Bruce Schneier, a security technologist, examined the documents before they were published and authored an analysis for the Guardian. He told USA TODAY that they are the biggest revelations yet from the documents leaked by Snowden and said they show NSA has "subverted" much of the Internet and tech companies that form its backbone.

"They fundamentally undermine the social contract of the Internet — which is that you get what you think you get and it works,'' Schneier said. "An agency has subverted vast swaths of this to turn the Internet into a surveillance engine. Now the Internet doesn't do what people thought it did.''

"They've done it through secret agreements with companies, so essentially all the companies you deal with on the Internet have been lying to you. They have basically sucked the trust out of the Internet — the NSA and these companies. It's a public-private partnership to turn the internet into a surveillance engine.''

Thursday, September 5, 2013

The New iPhone Fingerprint Authentication System

So — can Apple's biometric authentication be hacked? Almost certainly; I'm sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone.  But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about.

The final problem with biometric systems is the database.  If the system is centralized, there will be a large database of biometric information that's vulnerable to hacking.  Apple's system is almost certainly local — you authenticate yourself to the phone, not to any network — so there's no requirement for a centralized fingerprint database.

Fingerprint authentication is a good balance between convenience and security for a mobile device, and Apple is smart to add the technology to the iPhone.

Monday, September 2, 2013

Android accounts for 79% of phone malware

Some 79% of malicious attacks on mobiles in 2012 occurred on devices running Google's Android operating system, US authorities have said.

Public information website Public Intelligence published the Department of Homeland Security and the Federal Bureau of Investigation memo to US police and emergency medical personnel.

Nokia's Symbian system, on the Finnish company's basic-feature handsets, had had the second-most malware attacks.

Apple's iOS had had 0.7% of attacks.

Android is the world's most popular mobile operating system, and the memo blamed its high share of attacks on its "market share and open-source architecture".

Text trojans - malware that sends SMS messages to premium-rate numbers without the phone owners' knowledge - accounted for half of the Android attacks on old versions of the system.

The memo also cited fake sites that appeared to be like Google's Play marketplace and "rootkits" that allowed hackers to track a user's keystrokes and passwords.

It said 44% of Android users were still using older versions of the operating system - specifically 2.3.3 through 2.3.7, dubbed Gingerbread and released in 2011.

These have a "number of security vulnerabilities that were fixed in later versions", the memo added.

Sunday, September 1, 2013

Sysadmin security fail: NSA finds Snowden hijacked officials’ logins

Some or all of this trouble could have been avoided if the NSA had followed its own playbook a bit more closely and used administrative and security best practices that are common across government, the financial industry, and other networks where access control auditing and the non-repudiation of data are mandated by laws, regulations, and the nature of the business. Giving an administrator the ability to gain access to user credentials—and the log systems that monitor changes to those credentials—is a classic bad move in network security. As Oracle points out in its documentation for its Enterprise Manager administration tool, "Giving the same level of access to all systems to all administrators is dangerous." In most sensitive enterprise systems, administrators' access powers are limited to very specific roles to prevent giving them the power to compromise multiple systems, making it more difficult for an insider to attack systems and cover his or her tracks.

|| David K. Shepherd ||