May, 2017

article thumbnail

Maybe Skip SHA-3

Imperial Violet

In 2005 and 2006, a series of significant results were published against SHA-1 [ 1 ][ 2 ][ 3 ]. These repeated break-throughs caused something of a crisis of faith as cryptographers questioned whether we knew how to build hash functions at all. After all, many hash functions from the 1990's had not aged well [ 1 ][ 2 ]. In the wake of this, NIST announced ( PDF ) a competition to develop SHA-3 in order to hedge the risk of SHA-2 falling.

IT 111
article thumbnail

Agile infrastructure is a prerequisite for digital transformation

CGI

Agile infrastructure is a prerequisite for digital transformation. harini.kottees…. Tue, 05/02/2017 - 06:00. Enterprises and governments are striving to become “digital” to revolutionize the customer and citizen experience and improve service delivery, operational efficiency and business outcomes. A foundational requirement to supporting such transformation is having a modern, agile IT infrastructure—a digital infrastructure platform.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Disambiguate “Zero-Day” Before Considering Countermeasures

Lenny Zeltser

“Zero-day” is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we’ve accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion.

Paper 68
article thumbnail

National Geographic Channel Tonight: Pwnie Express’s Jayson E. Street Breaks into Banks Designed To Keep Him Out

Outpost24

Not all hackers are bad guys. After all, a hacker is simply someone who figures how to repurpose a tool, a gadget, or a device to carry out a task the object wasn’t designed to do. Steve Wozniak was a hacker before he co-created Apple. Tesla, Turing, and DaVinci, are all hackers in their own right.

67
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cybersecurity or Information Governance Failure???

Getting Information Done

This past weekend the world was overwhelmed by the cyberattack that spread around the globe hitting businesses, hospitals, and government agencies in over 150 countries. The rapid spread of Ransomware based on WannaCry which exploits vulnerabilities in Microsoft’s Windows operating system has been characterized by Europol Director, Rob Wainwright, as “…something we haven’t seen before”.

More Trending

article thumbnail

AES-GCM-SIV

Imperial Violet

AEADs combine encryption and authentication in a way that provides the properties that people generally expect when they “encrypt” something. This is great because, historically, handing people a block cipher and a hash function has resulted in a lot of bad and broken constructions. Standardising AEADs avoids this. Common AEADs have a sharp edge though: you must never encrypt two different messages with the same key and nonce.

article thumbnail

A Website Security Framework Intro

PerezBox

A framework should provide the underlying structure we require to build on. Consider a home. Regardless of the type of home, they all have a similar framework. The framework keeps. Read More. The post A Website Security Framework Intro appeared first on PerezBox.

article thumbnail

Revising a Retention Schedule: Lessons Learned

The Schedule

This spring, Michigan State University completed the first phase of a multi-year records retention schedule project by revising the Human Resources Records Retention Schedule. The new schedule , which is the first major revision since 1990, aligns with regulations and best practices, is easier to read, and clearly identifies a number of active and legacy business systems as well as offices of record for each record series.

article thumbnail

The Internet Big Five Is Now The World’s Big Five

John Battelle's Searchblog

The post The Internet Big Five Is Now The World’s Big Five appeared first on John Battelle's Search Blog. Back in December of 2011, I wrote a piece I called “ The Internet Big Five ,” in which I noted what seemed a significant trend: Apple, Microsoft, Google, Amazon, and Facebook were becoming the most important companies not only in the technology world, but in the world at large.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NIST Plans To Examine Internet of Things (IoT) For Its Cybersecurity Framework

Privacy and Cybersecurity Law

The National Institute of Standards and Technology (NIST) is holding a Cybersecurity Framework Workshop this week at its headquarters in Gaithersburg, Maryland. […].

article thumbnail

China Releases Revised Draft on Measures for Implementation of the New Cybersecurity Law

Hunton Privacy

On May 19, 2017, the Cyberspace Administration of China (“CAC”) issued a revised draft (the “Revised Draft”) of its Measures for the Security Assessment of Outbound Transmission of Personal Information and Critical Data. The original draft was issued in April 2017, and similar to the original draft, the Revised Draft does not have the impact of law; it does, however, provide an indication of how the CAC’s views on the Cybersecurity Law have evolved since the publication of the original draft.

article thumbnail

DB2 for z/OS and Data-as-a-Service and Database-as-a-Service

Robert's Db2

-as-a-service is all the rage in IT these days, and understandably so -- the "service-ization" of information technology capabilities and interfaces will be transformational; indeed, transformations have already occurred or are underway at many organizations and within many application development and deployment environments. In this blog entry I want to highlight a couple of -as-a-service concepts, data-as-a-service (aka DaaS) and database-as-a-service (aka DBaaS), and examine their relevance t

Cloud 48
article thumbnail

SMBv1 isn’t safe

Roger's Information Security

Long before WannaCry used a recently patched Microsoft vulnerability to exploit machines, the recommendation was to disable SMBv1. Disabling old protocols isn’t sexy. You’re breaking things, and not introducing new features. You’re fixing theoretical future attacks. Perhaps the willingness to take on this challenge is a good measure of the maturity level of a security program.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Ode to the use-after-free: one vulnerable function, a thousand possibilities

Scary Beasts Security

Overview This post explores an old but wonderful vulnerability that enables us to really showcase the (oft underestimated) power of the use-after-free vulnerability class. We’re going to take a step back and consider the wider class of “use-after-invalidation”, of which use-after-free is one type of use of invalidated state. We will see one single area of vulnerable code that has it all: use-after-invalidation leading to out of bounds reads and writes; use-after-free leading to object aliasing;

article thumbnail

Is Humanity Obsolete?

John Battelle's Searchblog

The post Is Humanity Obsolete? appeared first on John Battelle's Search Blog. image. Upon finishing Yuval Harari’s Homo Deus , I found an unwelcome kink in my otherwise comfortably adjusted frame of reference. It brought with it the slight nausea of a hangover, a lingering whiff of jet exhaust from a hard night, possibly involving rough psychedelics.

Cloud 55
article thumbnail

New ABA Opinion – Attorneys Must Take Reasonable Cybersecurity Measures To Protect Client Data

Privacy and Cybersecurity Law

On May 11, 2017, the American Bar Association (ABA) issued Formal Opinion 477, making clear that a lawyer may transmit information […].

article thumbnail

Bavarian DPA Tests GDPR Implementation of 150 Companies

Hunton Privacy

On May 24, 2017, the Bavarian Data Protection Authority (“DPA”) published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation (“GDPR”). . The DPA announced that it has sent the questionnaire to 150 randomly selected Bavarian companies. The questionnaire examines the following topics: procedures relating to the GDPR and the Data Protection Officer’s responsibilities; data processing activities, inventories and privacy by design; onb

GDPR 56
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The impact of a cyber breach on public sector organisations

CGI

The impact of a cyber breach on public sector organisations. harini.kottees…. Wed, 05/31/2017 - 05:09. Recently CGI commissioned research from Oxford Economics to explore the link between a cyber incident and company value. Specifically, we wanted to develop an analytical methodology to examine share-price movements in companies that had experienced publicly disclosed cyber breaches.

Sales 40
article thumbnail

Information age delivers new space race

MIKE 2.0

At the height of the race for the moon, everyone imagined that by now we would be living in a space age. Instead we got the information age which has given us access to unparalleled global connections and almost the sum of human knowledge at our fingertips. Stanley Kubrick’s “2001: A Space Odyssey” assumed the information revolution would happen alongside the move into space, in fact it seems they had to be sequential.

article thumbnail

Should You Be Worried About Apps Tracking Personal Data?

Productivity Bytes

For years now, maybe even decades, we’ve been living in a digital age. Anything and everything we do is quantified as data. The products we buy and prefer. The websites, apps, and media we consume. The places we go. All this information and more is being parsed into digital files, and it gets fed back … + Read More. The post Should You Be Worried About Apps Tracking Personal Data?

article thumbnail

Resourceful Records Managers

The Schedule

Her is our second post in the Resourceful Records Managers series! If you are interested in sharing your journey as a Records Manager please contact me at jgd1(at)williams(dot)edu. Name: . Fred Grevin. Institution and Job Title: . New York City Economic Development Corporation (NYCEDC). Vice-President, Records Management. 1. What led you to choose your current career in Records Management?

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

SEC Issues Cybersecurity Alert For Brokers And Financial Advisers

Privacy and Cybersecurity Law

On May 17, 2017, the US Securities and Exchange Commission (SEC), through its National Exam Program, issued a “ Risk Alert ” to broker-dealers, investment advisers and investment firms to advise them about the recent “WannaCry” ransomware attack and to encourage increased cybersecurity preparedness. The purpose of the alert, according to the SEC, was to “highlight for firms the risks and issues that the staff has identified during examinations of broker-dealers, inv

article thumbnail

New York AG Settles with Wireless Lock Maker Over Security Flaws

Hunton Privacy

On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement (the “Settlement”) with Safetech Products LLC (“Safetech”) regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. In a press release, Schneiderman indicated that this “marks the first time an attorneys general’s office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private inform

article thumbnail

Countdown to GDPR: it’s time for action

CGI

Countdown to GDPR: it’s time for action. harini.kottees…. Thu, 05/25/2017 - 03:53. Right now if there is one thing looming large on the radar of senior banking executives, it’s GDPR. The General Data Protection Regulation comes into force a year from now. It will usher in a new data management regime for any organisation collecting, storing or processing personal data.

GDPR 40
article thumbnail

CMSWire Article: How Information Architecture Improves Customer Experience

JKevinParker

My latest CMSWire article is " How Information Architecture Improves Customer Experience ": Have you ever had a problem finding information on a website or app? If so, you were experiencing a poor information architecture (IA). Conversely, a great experience with a site or application is only possible with solid IA under the surface. While information architecture doesn't get the headlines that personalization or chat bots receive, when built on a unified information strategy, IA can improve the

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

RFID Global announces Visi-Trac Analytics

RFID Global Solution, Inc.

RFID Global Solution, Inc., is pleased to announce Visi-Trac Analytics, providing a new level of real-time operational intelligence that empowers companies to forecast future outcomes, prevent operational disruptions, and improve supply chain performance. The post RFID Global announces Visi-Trac Analytics appeared first on RFID Global Solution.

article thumbnail

Making it Stick: Records Management Training Approaches

The Schedule

Several weeks ago the University Archivist and I conducted our bi-annual University Archives and Records Management training session, part of our Office of Human Resources Faculty and Staff Development Program. This got me thinking about the various strategies, methods, and approaches records managers employ when conducting training and outreach. I reached out to my peers via SAA’s records management and ARMA’s EDU listservs to get a sense of just that, and hopefully learn some new tips and tric

article thumbnail

US Government Accountability Office Releases New Report On The Internet of Things (IoT)

Privacy and Cybersecurity Law

On May 15, 2017, the US Government Accountability Office (GAO) released a new report entitled “ Internet of Things: Status and implications of an increasingly connected world.” In the report, the GAO provides an introduction to the Internet of Things (IoT), describes what is known about current and emerging IoT technologies, and examines the implications of their use.

IoT 40