You'll Never Guess What Google Paid This Guy $6K For

You'll Never Guess What Google Paid This Guy K For

The .xyz registry launched a searchable domain name drop tool this week to encourage adoption of the new gTLD. The daily updated search tool could be useful for those monitoring .xyz for expiring registrations, and one company that might want to consider making use of it is a tech company you might have heard of: Alphabet.

Last year an ex-Google researcher experimenting with Google Domains found out that too clever a domain investment, and it can morph into a security bug, when he registered Google.com.

Google refunded the $12 Sanmay Ved paid to register its flagship domain, and then awarded him over $6,000 under its bug bounty program.

READ MORE: Google Domains Service Moves to .Google

“The Indian Prime Minister’s visit to Facebook and Google to promote a digital India did work wonders,” Ved wrote in a LinkedIn post shortly after the incident. “The very next day of his visit, it ended up convincing Google to sell what is perhaps their most prized possession to a person hailing from the small city of Mandvi in the Kutch region of the Indian Prime Minister’s home state…albeit just for a minute or so :) [sic].”

The company may have decided that its Alphabetization rendered its legacy domain obsolete, but if so, saner heads quickly prevailed.

Earlier this year the amount awarded to Ved was disclosed as part of Google’s annual review of its security rewards program. Ved originally received $6,006.13, a numerical rendition of the company name. The company doubled the amount after Ved announced he would donate the award to charity.

While the tool is really meant for registrants investing in domains, its launch provides a timely reminder for businesses in all industries that if your domain name is valuable, it should be carefully protected.

Source: TheWHIR

Report: Asia, North America to Lead 5G Adoption through 2021

Report: Asia, North America to Lead 5G Adoption through 2021

5G may eventually underpin huge amounts of communication in support of the Internet of Things (IoT), but tech consultancy Ovum said it will initially be used to enhance mobile broadband services, reaching 24 million subscriptions worldwide in 2021. The company’s inaugural 5G Subscription Forecast predicts that significant immediate adoption of 5G in North America and Asia will drive global subscription numbers, with each accounting for 40 percent of the market in 2021.

5G will launch officially in 2020, and commercial services using networks and devices fully compliant with 5G are still a few years away from launching, though Ovum notes a number of operators have announced plans to launch services marketed as 5G earlier.

READ MORE: IoT to Drive Next Wave of Connected Devices: Report

“The main use case for 5G through 2021 will be enhanced mobile broadband services, although fixed broadband services will also be supported, especially in the US,” said Mike Roberts, Ovum Practice Leader covering carrier strategy and technology. “Over time 5G will support a host of use cases including Internet of Things and mission-critical communications, but Ovum does not believe those use cases will be supported by standardized 5G services through 2021.”

The forecast suggests that 5G will be available in 20 national markets by the end of 2021, across each of the four major regions the company divides the world into. While North America and Asia will each have nearly 10 million 5G subscribers at that point, Europe and the Middle East and Africa will account for 10 percent each with close to 2.5 million. Major operators in the US, South Korea, China, and Japan have made known plans to move aggressively with 5G launches, which significantly influences the forecast.

China’s Huawei, for instance, began announcing major 5G plans in April 2015.

Ovum defines a 5G subscription as applying to both the connection and the device, and 5G as a system based on 3GPP 5G standards. These will only begin to come available with 3GPP Release 15, slated to be finalized in 2018.

The company considers all of its subscription figures conservative, though it notes that uncertainty goes along with predicting technology several years away.

“5G is at an early stage and there is a high degree of uncertainty around 5G deployment and adoption, including significant upside and downside risks,” Roberts added.

Ericsson called for “global spectrum harmonization to secure early 5G deployments” in a recent report.

Source: TheWHIR

Firms in Regulated Industries Smarten Up on Cybersecurity, Encrypt More than Ever

Firms in Regulated Industries Smarten Up on Cybersecurity, Encrypt More than Ever

The number of businesses making extensive use of encryption spiked seven percent over the past year, the largest increase in over a decade, according to research released Wednesday by Thales. More than two in five companies (41 percent) now use extensive encryption, the 2016 Encryption Applications Trend Study shows.

Ponemon surveyed over 5,000 professionals from 14 industries in 11 countries on behalf of Thales for the 11th annual study. It found that because of regulations, privacy concerns, and the need to protect against breaches, companies in financial services, healthcare and pharmaceutical, and technology are leading encryption adoption.

RELATED: Despite Increased Awareness of Encryption, Many Internet Users Think it’s Too Complicated

“The increased usage of encryption can be traced to many factors, chief among them being cyber-attacks, privacy compliance regulations and consumer concerns,” John Grimm, senior director security strategy at Thales e-Security said. “Additionally, the continuing rise of cloud computing as well as prominent news stories related to encryption and access to associated keys have caused organizations to evolve their strategy and thinking with respect to encryption key control and data residency. Our global research shows that significantly more companies are embracing an enterprise-wide encryption strategy, and demanding higher levels of performance, cloud-friendliness, and key management capabilities from their encryption applications.”

The study also found that the way companies think about encryption applications changes as their encryption practices mature.

Companies with mature encryption strategies are more likely to deploy Hardware Security Modules (HSMs) broadly across encryption applications. SSL/TLS, database encryption, and application level encryption are the most common uses for HSMs, the study said.

Companies with mature strategies are much more likely to apply encryption to big data repositories, public cloud services, business applications, and private cloud infrastructure, respectively. They also value regional segregation, tamper resistant dedicated hardware, and support for both cloud and on-premise deployment more highly.

Support for encryption both in the cloud and on-premise has risen in consideration to the second most important feature of encryption applications, while companies now consider performance and latency the most important feature.

Earlier this year the 2016 Global Encryption Trends Study, another in the series of Thales-Ponemon reports, showed a gradual increase in whole-enterprise encryption strategies.

The spike in business’ use of encryption roughly coincides with efforts by numerous governments to limit encryption (or its effectiveness), including those of the US, UK, and Russia.

Source: TheWHIR

Blacknight Expands Infrastructure in Dublin with BT Ireland Partnership

Blacknight Expands Infrastructure in Dublin with BT Ireland Partnership

Irish host and registrar Blacknight has reached a deal to run services out of a BT Ireland data center in Dublin’s Citywest to support its growth in European markets, according to a report from the Irish Independent. The €4 million lease agreement reportedly spans multiple years, and involves a large amount of Blacknight’s data infrastructure.

Blacknight has been operating from four data centers, all in Ireland, including its own, which it opened in Carlow in early 2014. BT Ireland’s Citywest data center is a 183,000 square foot, carrier-neutral facility.

“This is a significant investment for Blacknight,” said Michele Neylon, chief executive of Blacknight. “It will enable us to completely refresh and enhance our data infrastructure and expand our network capacity.”

Blacknight has been broadening its portfolio from a focus on shared hosting and the Irish developers market to also serve the SME market across Europe as a one-stop shop for web services, with new offerings like DIY marketing tools from rankingCoach, which it launched last year.

How easy or profitable it will be for the company to address the European market going forward was made less certain by the UK’s vote to leave the European Union, also known as Brexit, on June 23.

Companies in the UK trying to keep up with changes to their legal obligations, for instance from newly minted EU laws governing data protection and other matters, will have to be confident in their local markets to make new investments while the details of Brexit are worked out.

Google opened its second data center in Dublin just ahead of the referendum.

Source: TheWHIR

Report: Cloud Requires New Approach to Security Operations

Report: Cloud Requires New Approach to Security Operations

Three quarters of businesses using public cloud apply the same security operations strategy to workloads regardless of the infrastructure they reside on, according to research sponsored by Alert Logic and released on Tuesday.

The study, Evolve Your Security Operations Strategy to Account for Cloud, shows many security teams appear to be adapting slowly to increasingly complex service delivery models.

Forrester Consulting recently surveyed 100 cloud security infrastructure-decision makers in the US and UK on behalf of Alert Logic about the impact of cloud adoption on security operations. It found that 51 percent of companies are increasing security spending as a result of cloud adoption. Forty-nine percent are instituting new policies and controls for cloud security, and 46 percent are re-evaluating security operations and controls for all environments.

A CIO survey released by Nomura in March showed that security and cloud computing are among the biggest drivers of IT spending increases.

“Cloud computing enables businesses to invest more time in innovation and less time managing IT infrastructure,” Ben Matheson, Alert Logic CMO said in a statement. “In the same way, many businesses are finding that supplementing or outsourcing their security operations with cloud security vendors that offer cloud-native technologies and fully managed services is an increasingly strategic option.”

More than half (53 percent) of companies surveyed have their own in-house security operations center (SOC). The challenges most often faced by those companies bringing security operations in-house are managing security content such as signatures and whitelists, and identifying multi-vector attacks, at 44 percent each, respectively. High costs were cited by 41 percent, followed by a trio of skills-related challenges: “building out threat intelligence skills” (40 percent); making sense of data (33 percent); and staffing the SOC (33 percent).

Both business and technical skills are necessary to support a SOC, according to the study, and a number of items from each set of skills were identified, led on the business side by risk management expertise (46 percent), and on the technical side by network security (42 percent), just ahead of virtualization and cloud infrastructure experience, threat intelligence and analytics, and application/infrastructure security.

Four out of five respondents said they would seek help from a security expert for threat intelligence anaylsis, public cloud security, security operations, network security, and data privacy and compliance.

Security is becoming less of an obstacle to public cloud adoption, according to a study released earlier this month by HyTrust. Combined with the challenges of one-strategy-fits-all security operations and finding the right skills, this may be a reflection of confidence that the security solutions are out there, rather than what they actually are.

Source: TheWHIR

Snowden Blasts Russia's Proposed Anti-Terror Laws

Snowden Blasts Russia's Proposed Anti-Terror Laws

Former NSA contractor and whistleblower Edward Snowden has condemned a proposed set of new anti-terror laws in Russia which would require ISPs to store users’ data for a year.

The proposed laws would also require phone companies to store the contents of all calls and texts for six months, and metadata for three years. The Russian Duma (or lower legislative assembly) voted 325-1 on Friday to approve the bill, which also requires any company encrypting digital communications to assist the government with decryption.

SEE ALSO: Tech Companies Speak Out Against “Dangerous” Anti-Encryption Bill

The law has been presented as a response to the bombing of a Russian passenger jet over Egypt in October, the Guardian reports, and includes provisions requiring individuals to warn authorities of plans by others to commit crimes, which some are calling a throwback Soviet repression.

Snowden took to Twitter over the weekend to denounce the “Big Brother law,” saying it will cost money and liberty “without improving safety,” and urging Russian President Vladimir Putin not to sign it into law. He also suggested it could require a “tiny 50Gbps ISP” to set up and run around 100PB of storage to comply.

Russian telecommunication companies have responded critically. The founder of Russian instant messaging service Telegram told a Russian newspaper that “Telegram does not provide data and encryption keys to third parties, including governments,” RT reports. A company refusing to assist in decryption can be fined up to a million rubles ($15,000) under the proposed law.

Russia’s largest mobile phone operators, including MTS, MegaFon, VympelCom and Tele2, sent a joint letter to the head of the Russian Federation Council (or upper assembly) Valentina Matvienko, protesting the law, the Moscow Times reports via newspaper Kommersant. The letter called the measures “technically and economically impractical.” MTS estimated its cost of storage at 2.2 trillion rubles ($33.8 billion), and several of the companies claimed they would cease to be profitable, depriving the Russian government of billions of rubles in tax revenue.

They also pointed out that such mass storage creates a data breach risk, which they argued could threaten national security.

Operating in Russia already poses some unique challenges to technology companies, including data storage laws that led Apple to lease data center space in the country in September.

Snowden was revealed in March as the target of an investigation which resulted in the closure of email provider Lavabit in 2013.

Source: TheWHIR

Comodo Drops Trademark Applications, Avoiding Legal Battle with Certificate Authority Let's Encrypt

Comodo Drops Trademark Applications, Avoiding Legal Battle with Certificate Authority Let's Encrypt

Comodo has withdrawn applications for three trademarks involving the term “Let’s Encrypt” – a move that seems to be related to a plea by an open certificate authority of the same name urging Comodo to abandon its applications.

Let’s Encrypt is a free, automated, and open certificate authority by the non-profit Internet Security Research Group (ISRG). Comodo’s Requests for Express Abandonment came with 24 hours of a blog post by the Let’s Encrypt project on Thursday last week, but it is unclear if the two are directly related.

The Let’s Encrypt project said in a blog post that it contacted Comodo regarding the trademark applications in March, and asked directly and through attorneys for Comodo to drop its applications, saying it is “the first and senior user” of the term.

Comodo filed trademarks for the terms “Let’s Encrypt,” “Let’s Encrypt with Comodo,” and “Comodo Let’s Encrypt” for certificate authority or related services. The company acknowledges in its applications that these phrases have not been part of its branding before they were filed in October.

The United States Patent and Trademark Office (USPTO) responded to Comodo’s application in February, asking for clarification of “identification and classification of goods and services.”

“We’ve forged relationships with millions of websites and users under the name Let’s Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone,” ISRG executive director Josh Aas said in the blog post. “We’ve also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that.”

The Let’s Encrypt project was announced in November 2014, and it issued over a million SSL/TLS certificates in its first three months after launching late last year.

The organization argued it is most commonly associated with the term and has been using it longer, and will “vigorously defend” its brand.

Comodo did not respond to an email seeking comment.

Source: TheWHIR

Gain Deep Customer Knowledge with HostingCon Management Sessions

Gain Deep Customer Knowledge with HostingCon Management Sessions

There are a dozen educational sessions in the management track at HostingCon Global 2016 New Orleans. Expert speakers will bring thought-provoking insights and analysis to the key elements and challenges of getting your company’s message and value out to people who need to know.

Session topics will include the possibilities of interconnection fabrics, how service providers can best raise money, the nitty-gritty of acquisitions, best practices for product launches, and a new Internet infrastructure model for supporting IoT and cloud. Other sessions will cover the tricky relationship between technology and business, proven growth strategies cloud companies can adopt, the value of peering standards, and scaling your in-house support team.

There are also management speed roundtables with three industry leaders on Monday afternoon, in which participants can both workshop with peers and “ask the experts” as they cycle through the most pressing topics in the track.

Liquid Web executive vice president Jeff Uphues will explain the importance of a deep understanding of customers, and how to gain it. With specific initiatives for MSPs, VARs, ISVs, and hosts, this Tuesday afternoon session will enable attendees to jump start their cloud services and hosting strategies.

There is still one more session announcement to come in the management track, and the final updates are being finalized for this year’s HostingCon Global. Time is running out to register, with only six weeks until the conference!

Source: TheWHIR

Security (Finally) Less of an Obstacle to Cloud Adoption: Report

Security (Finally) Less of an Obstacle to Cloud Adoption: Report

Nearly three-quarters of organizations are planning to increase their public cloud workload this year, and Microsoft Azure is the platform the most intend to use, according to research released by virtualization control and security company HyTrust. The study, Industry Experience: the 2016 State of the Cloud and Software Defined Data Center (SDDC) in Real-World Environments, shows that companies generally believe that security is becoming less of an obstacle to cloud adoption.

While often-repeated security concerns remain the top barrier to cloud and virtualization adoption, HyTrust found that nearly half (45 percent) have virtualized “Tier 1” or sensitive and mission-critical applications. Additionally, 38 percent are planning to start or increase their use of virtualized Tier 1 applications.

“Without much fanfare, this critical technology advance has become woven into the basic fabric of businesses large and small,” said Eric Chiu, president of HyTrust. “The potential of virtualization and the cloud was always undeniable, but there was genuine concern over security and skepticism regarding the processes required. What we find in this research is that the challenges are being overcome, and every kind of function in every kind of industry is being migrated. There are some holdouts, to be sure, but they’re now the exception, and we’re betting they won’t stay that way for long.”

READ MORE: Security, Cloud Computing Remain CIO Budget Priorities: Report

The results were taken from a survey of decision makers and network managers and administrators in the US and UK at companies of 250 or more employees. They show a split between industry verticals, with for instance companies in health care and related fields slightly more likely to have workloads in the cloud, whether those workloads are mission-critical, test/development, or storage.

Virtualization deployment can noticeably benefit the organization’s bottom line according to 88 percent of respondents, and half expect cloud to deliver greater tangible benefits and ROI this year.

While migration concerns likewise vary between industries, data security and breaches, monitoring and visibility, and infrastructure-wide security and control are all concerns for between 50 and 70 percent of companies in several different industries.

SEE ALSO: Cloud Computing’s Connection With Software-Defined Networking

Almost one-third of those moving workloads to public cloud this year intend to use Azure (32 percent), well ahead of VMware vCloud Air at 24 percent and AWS at 22 percent.

The study also includes positive news for providers of specific services, as automation is seen as a key to large scale SDDC deployments by 9 out of 10, while disaster recovery is the workload most likely to be moved over to the cloud according to 64 percent.

The high adoption numbers indicate that the steep incline in public cloud revenues will continue for the foreseeable future.

Source: TheWHIR

GitHub Notifies Users of Unauthorized Access

GitHub Notifies Users of Unauthorized Access

GitHub revealed in a brief blog post Thursday that it is the latest site to be subjected to a reused password attack. The attack, which was detected Tuesday evening PST, compromised the usernames and passwords of an unspecified number of accounts, and possibly other personal information. GitHub’s investigation of the incident is ongoing.

The passwords of affected accounts have been reset, and GitHub is in the process of sending individual notifications to account holders.

GiHub became aware of a large number of unauthorized attempts to access accounts, apparently by an attacker using credentials obtained from breaches at other sites, according to the blog post.

“We immediately began investigating, and found that the attacker had been able to log in to a number of GitHub accounts,” the blog post says. “GitHub has not been hacked or compromised.”

All users are urged “to practice good password hygiene and enable two-factor authentication.”

While media attention has been focussed recently on a LinkedIn breach from 2012 after social media accounts belonging to Facebook founder Mark Zuckerberg were hijacked, GitHub does not name a breach source, and uses the plural in the announcement. A Tumblr breach in 2013 was recently estimated to have involved 65 million accounts.

GitHub experienced a sustained DDoS attack in 2015, allegedly originating in China.

Source: TheWHIR