source: technewsworld.com

Linux and the open source business model are far different today than many of the early developers might have hoped. Neither can claim a rags-to-riches story. Rather, their growth cycles have been a series of hit-or-miss milestones.

The Linux desktop has yet to find a home on the majority of consumer and enterprise computers. However, Linux-powered technology has long ruled the Internet and conquered the cloud and Internet of Things deployments. Both Linux and free open source licensing have dominated in other ways.

Microsoft Windows 10 has experienced similar deployment struggles as proprietary developers have searched for better solutions to support consumers and enterprise users.

Meanwhile, Linux is the more rigorous operating system, but it has been beset by a growing list of open source code vulnerabilities and compatibility issues.

The Windows phone has come and gone. Apple's iPhone has thrived in spite of stagnation and feature restrictions. Meanwhile, the Linux-based open source Android phone platform is a worldwide leader.

Innovation continues to drive demand for Chromebooks in homes, schools and offices. The Linux kernel-driven Chrome OS, with its browser-based environment, has made staggering inroads for simplicity of use and effective productivity.

Chromebooks now can run Android apps. Soon the ability to run Linux programs will further feed open source development and usability, both for personal and enterprise adoption.

One of the most successful aspects of non-proprietary software trends is the wildfire growth of container technology in the cloud, driven by Linux and open source. Those advancements have pushed Microsoft into bringing Linux elements into the Windows OS and containers into its Azure cloud environment.

"Open source is headed toward faster and faster rates of change, where the automated tests and tooling wrapped around the delivery pipeline are almost as important as the resulting shipped artifacts," said Abraham Ingersoll, vice president of sales and solutions engineering at Gravitational.

"The highest velocity projects will naturally win market share, and those with the best feedback loops are steadily gaining speed on the laggards," he told LinuxInsider.

To succeed with the challenges of open source business models, enterprises have to devise a viable way to monetize community development of reusable code. Those who succeed also have to master the formula for growing a free computing platform or its must-have applications into a profitable venture.

Based on an interesting GitLab report, 2018 is the year for open source and DevOps, remarked Kyle Bittner, business development manager at Exit Technologies.

That forecast may be true eventually, as long as open source can dispel the security fears, he told LinuxInsider.

"With open source code fundamental to machine learning and artificial intelligence frameworks, there is a challenge ahead to convince the more traditional IT shops in automotive and oil and gas, for example, that this is not a problem," Bittner pointed out.

 source: nakedsecurity.sophos.com

Netflix phishing scammers are at it again – sending emails that try to steal sensitive details from subscribers.

Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails. The scammers are urging victims to enter their Netflix account information and payment details.

Like many phishing scammers, this group let itself down with poorly-worded language. Below a headline which reads ‘Update your payment information!’ the phishing mail says…

We face some difficulties with the current billing information of your own. We will try again, but please at the same time you update your payment details.

At the foot of the mail is a button urging recipients to update their accounts.

Netflix, which has 130m global subscribers, is a popular target for phishers. Back in January we wrote up a similar scam which also targeted Netflix users.

Australians found themselves targeted in June, and in the same month training organization SANS warned of an uptick in Netflix-targeted phishing emails that were using TLS-certified sites.

But why go to the trouble? Netflix accounts themselves aren’t that valuable.

Sadly, many people still use the same passwords for multiple accounts, meaning that if attackers successfully steal a Netflix login, they can try it on other accounts, including email and online banking logins.

What to do?

  • Never click on a login link or an account verification link in an email.
  • Check for the HTTPS padlock.
  • If there is a padlock, check the name of the site. If it’s not exactly what you expect, close the site down.
  • Don’t ignore telltale signs such as spelling and grammar errors.
  • One password, one site. If you’re worried about remembering them all, consider using a password manager.

 source: krebsonsecurity.com

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue strea

Enacted in May 2018, the Economic Growth, Regulatory Relief and Consumer Protection Act rolls back some of the restrictions placed on banks in the wake of the Great Recession of the last decade. But it also includes a silver lining. Previously, states allowed the bureaus to charge a confusing range of fees for placing, temporarily thawing or lifting a credit freeze. Today, those fees no longer exist.

A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file).

And because each credit inquiry caused by a creditor has the potential to lower your credit score, the freeze also helps protect your score, which is what most lenders use to decide whether to grant you credit when you truly do want it and apply for it.

To file a freeze, consumers must contact each of the three major credit bureaus online, by phone or by mail. Here’s the updated contact information for the big three:

Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788

Online: Experian
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013

 source: securityweek.com

Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management—both of which tackle difficult and ever-changing challenges in the business operating environment—cybersecurity pits defenders against intelligent, creative and deliberate opponents. 

Hackers are aware that they are actively hunted and thwarted at every step between target scoping and data breach. That means they are applying the full brunt of their ingenuity and technical expertise to avoid cybersecurity defenses as they pursue their goal.

Even though this struggle takes place in cyberspace, the lessons from real battlegrounds retain their relevance and significance. In the ancient military strategy text, Art of War, Sun Tzu makes the point “If you know the enemy and know yourself, you need not fear the results of a hundred battles.”

Cybersecurity teams need to adopt an adversarial mindset that allows them to tackle the unique challenges of the cyberspace. This involves clearly understanding what their enemies are capable of and preparing an appropriate response.

Communication and visibility

The most valuable weapon on the battlefield is information about your team and their current state as well as your enemy. “If ignorant both of your enemy and yourself, you are certain to be in peril.”  This holds true in reverse as well. Hackers want to know as much about your networks as they possibly can. 

The first step in a targeted cyber-attack is recon. By scanning public facing systems, hackers can learn a great deal about an organization’s IT infrastructure, including potential vulnerabilities. Once they have made their way onto the system, a hacker’s first priority is to establish a persistent connection that allows them to maintain visibility into the network they have infiltrated.

As a result, the first priority of a cybersecurity team needs to be cutting off communication between their systems and hackers. This is especially true for botnets or cryptojacking malware in which the main benefit to hackers relies on sustained, two-way connections to the infected devices to leverage their computing power for DDoS attacks or mining cryptocurrency. 

It is also important for cybersecurity teams to have visibility into their networks to understand what normal behavior is and what could be driven by hackers. It is easy for hackers to slip onto networks through unmonitored open ports or by infecting third-party devices that have access to internal networks if cybersecurity teams are watching them closely. By developing a strong understanding of the digital assets connected to the corporate network, cybersecurity teams can better protect themselves against threats targeting devices they are not regularly monitored.