What we know about North Korea's cyberarmy

The attack on Sony Pictures has put North Korea’s cyberwarfare program in the spotlight. Like most of the internal workings of the country, not much is known but snippets of information have come out over the years, often through defectors and intelligence leaks.Here’s a summary of what we know:The CyberunitsNorth Korea’s governing structure is split between the Workers’ Party of Korea (WPK) and the National Defense Commission (NDC).North Korea’s main cyberoperations run under the Reconnaissance General Bureau (RGB), which itself falls under the Ministry of People’s Armed Forces that is in turn part of the NDC. The RGB has been operational for years in traditional espionage and clandestine operations and formed two cyberdivisions several years ago called Unit 121 and Office 91.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:35 am

Hybrid cloud adoption set for a big boost in 2015

Spurred in large part by enterprise interest in the hybrid cloud, the overall cloud market is likely to see great growth in the coming year.Industry analyst firm IDC predicts that the global cloud market, including private, public and hybrid clouds, will hit $118 billion in 2015 and crest at $200 billion by 2018. If the market shows that much growth next year, it will mean a 23.2% rise over the $95.8 billion market it reached in 2014.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:26 am

2014 IT outsourcing in review: Grading our predictions

Around this time last year, CIO.com and its outsourcing experts made some wide-ranging predictions for IT services. We said this would be the year that robots began taking over IT service jobs. (Not exactly.) We said that a new hybrid offshoring model would gain favor. (It did.) And we predicted the mass repatriation of work from third parties back onshore or in-house. (That didn't happen.)ALSO ON NETWORK WORLD: How to lure tech talent with employee benefits, perks We revisited all of our prognostications from last year and found that this year a record number of five were right on target, two were off base and three were just beginning to take shape at year-end. As we pull together our 2014 forecast for 2015, here's how those 2013 predictions for 2014 turned out.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:24 am

Apple's 10 biggest hits, misses, and head-scratchers of 2014

Setting the stage for 2015Apple had a blockbuster year. New iPhones, new iPads, a mobile payment solution that might actually change the way we pay, and an entirely new product category in Apple Watch.That’s not to say there weren’t missteps: iOS 8.0.1, anyone?We recap the year in Apple, from the high of record-breaking iPhone orders to the low of legal battles, and all the heartwarming and hilarious moments in between.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:22 am

Cyberattack on German steel factory causes 'massive damage'

A German steel factory suffered massive damage after hackers managed to access production networks, allowing them to tamper with the controls of a blast furnace, the government said in its annual IT security report.The report, published Wednesday by the Federal Office for Information Security (BSI), revealed one of the rare instances in which a digital attack actually caused physical damage.The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory’s office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organization. After the system was compromised, individual components or even entire systems started to fail frequently.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:20 am

10 IT roles to target when poaching talent

10 IT Roles to Target When Poaching TalentImage by ThinkStockThe boldest approach to recruiting is what John Sullivan, an internationally recognized HR thought leader, author, speaker and consultant calls a "hire-to-hurt," or H2H, a strategy which involves identifying and "… hiring in order to gain knowledge, best practices or new skills.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:18 am

Polycom unifies Lync Unified Communications

The concept of unified communications (UC) is still more of a vision than it is a reality. If employees want to collaborate, they need to use a number of different systems to actually pull off a virtual meeting, as “UC” today consists of a bunch of different tools from various vendors. This means that users often have to deal with complex or multiple scheduling systems, disjointed workflows, and numerous dialing methods. Any integration that’s done at a system level is likely custom and cost-prohibitive for most businesses. Despite all the advancements in UC, a tremendous amount of manual integration still needs to be done. If UC is ever to reach its potential, the user needs to stop being the point of integration.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:17 am

Microsoft files suit against alleged tech support scammers

Microsoft is finally cracking down on scammers who offer to fix non-existent computer problems for hundreds of dollars. In a first strike, Microsoft sued several U.S. companies it said are involved in fake tech support scams. For years, people have been receiving calls from companies pretending to be official Microsoft tech support staff, who try to convince the victim that their computer is infected with a virus. The scammers often offer to deal with it for a fee.MORE ON NETWORK WORLD: 10 (FREE!) Microsoft tools to make admins happier It is a big problem. Since May 2014 alone, Microsoft has received over 65,000 customer complaints regarding fraudulent tech support scams. According to a survey issued by Microsoft, over one-third of U.S. citizens fall for the scams once contacted, causing them to suffer approximately $1.5 billion in financial losses each year.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 8:15 am

Blackberry reports falling revenue, but loss shrinks

BlackBerry’s revenue continued its dive in the three months to Nov. 29, but on Friday the company reported a smaller loss than a year earlier.Revenue for the three months, BlackBerry’s third fiscal quarter, fell to US$793 million, compared to $916 million in the preceding three months and $1.19 billion a year earlier.The company reported a net loss of $148 million for its third fiscal quarter, compared to a loss of $207 million in its second. In its first quarter, however, it had reported a small profit. A year earlier, it reported a monster $5 billion loss, which included a $1 billion inventory write-down and a $2.7 billion impairment charge.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 7:00 am

Microsoft helps boost Android, iOS app performance with offline access

Microsoft wants to help Android, iOS and Windows apps run offline as well as online, offering a way to improve app responsiveness and functionality when network coverage is bad or non-existent.In an age of always-connected smartphones, it might seem there is no need for apps with offline access—but they still have several advantages, including better responsiveness and the ability to limit data charges by caching data on the device, according to Microsoft. The caching also lets applications continue to work when there is little or no network connectivity, the company said in a blog post on Thursday.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 6:35 am

Critical vulnerability in Git clients puts developers at risk

A critical vulnerability in client software used to interact with Git, a distributed revision control system for managing source code repositories, allows attackers to execute rogue commands on computers used by developers.The flaw affects the official Git client as well as third-party clients and software based on the original Git code. The issue only affects implementations running on Windows and Mac OS X, not Linux, because their file systems are case-insensitive—NTFS and FAT for Windows and HFS+ for Mac OS X.“An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine,” engineers from GitHub, a code repository hosting service, said in a blog post Thursday.To read this article in full or to leave a comment, please click here

Posted by on 19 December 2014 | 4:50 am

Think North Korea hacked Sony? Think about this

North Korea or not? There’s still a lot we don’t know about the attack on Sony Pictures and those behind it.After two weeks of investigations, anonymous government officials told some reporters and politicians on Wednesday that North Korea was behind the attacks. But on Thursday, U.S. officials resisted making the same allegations in public and didn’t release any evidence to back up the anonymous claims.North Korean involvement is certainly possible. After all, defectors have spoken about North Korea’s cyber attack force and training. But it also plays into a popular and easy-to-believe narrative about the country.There certainly appears to be circumstantial evidence, but it could be just that. So before calling case closed, here are some reasons to be wary, at least until some evidence is made public.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 6:55 pm

Uber temporarily suspends service in Portland

Uber is suspending its service in Portland, Oregon, for the next three months while city regulators there work to reframe local laws around taxis and car hailing apps.“We are pausing pick-ups within Portland city limits for three months,” an Uber spokeswoman said Thursday via email. The company will continue operating in the larger Portland metro area, she said, which includes Beaverton and Hillsboro. Drop-offs from those areas would continue in Portland, she said.Pick-ups in Portland will continue through this Sunday evening, she said, which Uber also detailed in a blog post.The development comes just days after a lawsuit from the city of Portland against Uber, which ordered it to halt its service because it did not have the permits to operate there legally.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 6:15 pm

The 'grinch' isn't a Linux vulnerability, Red Hat says

The “grinch” Linux vulnerability that Alert Logic raised alarms about Tuesday is not a vulnerability at all, according to Red Hat.“This report incorrectly classifies expected behavior as a security issue,” said a Red Hat bulletin issued Wednesday, responding to Alert Logic’s claims.Security firm Alert Logic Tuesday claimed that grinch could be as severe as the Heartbleed bug and that it’s a serious design flaw in how Linux systems handle user permissions, which could allow malicious attackers to gain root access to a machine.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 3:40 pm

Energy-aware software design can reduce energy consumption by 30% to 90%

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Over the years, "green IT" has become synonymous with hardware that is more energy efficient than previous generations of similar devices or components. For instance, devices might have a power saving mode or power management capabilities that let them draw less power when they are idle. Another example is smarter data center cooling techniques that use less energy despite higher rack density. Certainly there have been many improvements in reducing the energy consumption of servers, storage devices, office printers, laptops and desktop PCs.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 3:21 pm

Worst security breaches of the year 2014: Sony tops the list

As 2014 winds down, the breach of Sony Pictures Entertainment is clearly the biggest data breach of the year and among the most devastating to any corporation ever. Attackers broke in and took whatever they wanted, exfiltrating gigabytes and gigabytes of documents, emails and even entire movies, apparently at will for months and months on end. + Also on Network World: The weirdest, wackiest and coolest sci/tech stories of 2014 | Peeping into 73,000 unsecured security cameras thanks to default passwords +To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 2:15 pm

Sale of Nigeria's Nitel bogs down in confusion yet again

The sale of Nigeria’s state-owned Nigerian Telecommunications (Nitel) and its mobile arm, Mobile Telecommunications Mtel), is once again bogged down in confusion following allegations that the government sold the company below the value offered by another willing buyer.The NATCOM consortium, headed by a Nigerian, last week emerged as winner of the bidding for the company, on an offer of $252.25 million.However, fresh controversy has emerged, with Arabian Amlak For Investment taking the matter to court. Arabian Amlak is challenging the government’s so-called guided liquidation process, via which Nitel is being acquired for far less than the $920 million the company says it offered. In the guided liquidation process, the government is selling the company on the assurance that the buyer will continue to operate the company, rather than buying it and potentially selling off pieces.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 2:10 pm

Messaging app Line buys Microsoft's MixRadio music-streaming app

Line, the messaging app from Japan, has acquired MixRadio, the free music-streaming service Microsoft gained through its Nokia acquisition, the companies announced Thursday.The deal gives Line, already popular with 170 million monthly active users, a new way to attract more customers at a time of rising interest in music streaming. It also explains what Microsoft would do with the music service after Microsoft said it would spin it off, as the company now focuses on “productivity.” Apparently music doesn’t make people productive.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 1:35 pm

Vulnerability in embedded Web server exposes millions of routers to hacking

A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet.A compromised router can have wide-ranging implications for the security of home and business networks as it allows attackers to sniff inbound and outbound traffic and provides them with a foothold inside the network from where they can launch attacks against other systems. It also gives them a man-in-the-middle position to strip SSL (Secure Sockets Layer) from secure connections and hijack DNS (Domain Name System) settings to misrepresent trusted websites.The new vulnerability was discovered by researchers from Check Point Software Technologies and is located in RomPager, an embedded Web server used by many routers to host their Web-based administration interfaces.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 1:30 pm

Infor’s future in the enterprise looks cloudy and bright

Like other enterprise application companies, Infor built itself up through a slew of acquisitions that it has worked hard to unify. And, like other traditional software providers, Infor these days is working hard to move its customers to the cloud.To read this article in full or to leave a comment, please click here(Insider Story)

Posted by on 18 December 2014 | 12:37 pm

The Sony breach may be start of new nation-state cyberattack

It has been an exceptional year for IT security breaches, which have become part of an escalating trend in destructive attacks. And they're going to get worse.The Sony Pictures cyber attackers are doing everything they can to inflict damage on the company. They have released films, emails, medical records, and all sorts of confidential data, and are making threats of physical attacks in conjunction with the release of The Interview, a comedy about the attempted assassination of the North Korean president. On Wednesday, Sony canceled the Dec. 25 release of the movie after theater chains said they would not show the film because of the threats.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 12:33 pm

Organized criminals targeting individual iPhone, Android users

A well organized criminal group is targeting both iOS and Android users with highly targeted man-in-the-middle attacks, according to a new threat advisory from Akamai Technologies, Inc."They have a lot of resources," said Rod Soto, principal security researcher in the company's business security unit.For example, they were able to target a group of individuals congregating in an Asian country based on their communications, and then used man-in-the-middle and social engineering to trick users into installing the Xsser mobile remote access Trojan on their mobile devices.The activity was first spotted in September.Soto said he wasn't allowed to reveal any more information about that particular attack, but did say that the criminal group involved was highly sophisticated.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 12:31 pm

Amazon Web Services updates console to simplify management

As enterprises have increased the number of systems they run on Amazon Web Service’s cloud, keeping track of it all has become more difficult. But the company is now trying to rectify that with the help of better tagging.Tags are used to organize resources on Amazon’s cloud and have become increasingly important as companies use its infrastructure in more sophisticated ways. To make tags more useful, Amazon has upgraded its management console with resource groups and the Tag Editor tool.Resource groups are used to create collections of servers, storage buckets, databases and so on. The Tag Editor is used to manage tags across services and regions, Amazon said in a blog post on Wednesday.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 11:50 am

Sony hit with second employee lawsuit over hack

Sony Pictures has been hit by a second lawsuit alleging it didn’t do enough to safeguard the personal information of employees that was lost in a major hack in late November.Central to the lawsuit, which was filed at the U.S. District Court for the Central District of California, is the assertion that “cybercriminals were able to perpetrate a breach of this depth and scope because Sony Pictures Entertainment failed to maintain reasonable and adequate security measures to protect the employees’ information from access and disclosure.”It follows a similar lawsuit on Monday filed in the same court by two former employees.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 11:05 am

BrandPost: BYOD: is true flexibility still a stretch too far?

Employees tend to be more satisfied and productive when they’re allowed to use their preferred mobile device for work. However, “bring your own” tools need to support – or at least, not undermine – legitimate business processes, security, and compliance requirements.In companies still hemming and hawing over whether to instate BYOD, however, IT departments are often guilty of overstating the associated security concerns – whether to satisfy a need for control or out of a disproportionate fear of risk. For some IT leaders, it goes against the grain that business data is no longer confined to enterprise systems. Others struggle with the mind-shift from expecting the individual to fit business demands to making the business fit individual demands.To read this article in full or to leave a comment, please click here

Posted by on 18 December 2014 | 11:00 am