Does the message to users about security need to change? Or does IT need to rebuild infrastructure so users can worry less about security? Wendy Nather, principal security strategist at Duo Security, talks with CSO senior writer Fahmida Rashid about how organizations can learn to do security right.

Get the details on Microsoft's new Azure Stack, why cyberattacks never seem to end, the fate of Apple's Touch ID and why QWERTY keyboards are now tech relics.

On Unix systems, random numbers are generated in a number of ways and random data can serve many purposes. From simple commands to fairly complex processes, the question “How random is random?” is worth asking.

EZ random numbers

If all you need is a casual list of random numbers, the RANDOM variable is an easy choice. Type "echo $RANDOM" and you'll get a number between 0 and 32,767 (the largest number that two bytes can hold).

$ echo $RANDOM 29366

Of course, this process is actually providing a "pseudo-random" number. As anyone who thinks about random numbers very often might tell you, numbers generated by a program have a limitation. Programs follow carefully crafted steps and those steps aren’t even close to being truly random. You can increase the randomness of RANDOM's value by seeding it (i.e., setting the variable to some initial value). Some just use the current process ID (via $$) for that. Note that, for any particular starting point, the subsequent values that $RANDOM provides are quite predictable.

To read this article in full or to leave a comment, please click here

IBM has introduced the 14th generation of its Z series mainframes, which still sell respectably despite repeated predictions of their demise. One of the major features being touted is the simple ability to encrypt all of the data on the mainframe in one shot. 

The mainframe, called IBM Z or z14, introduces a new encryption engine that for the first time will allow users to encrypt all of their data with one click—in databases, applications or cloud services—with virtually no impact on performance.

The new encryption engine is capable of running more than 12 billion encrypted transactions every day. The mainframe comes with four times more silicon for processing cryptographic algorithms over the previous generation mainframe along with encryption-oriented upgrades to the operating system, middleware and databases.  

To read this article in full or to leave a comment, please click here

IBM wants businesses to use its new z14 mainframe to encrypt pretty much everything -- an approach to security it calls pervasive encryption.

Encrypting everything, and restricting access to the keys, is one way to reduce the risk and impact of data breaches. It can reduce the threat surface by 92 percent, according to research commissioned by IBM.

To make such pervasive encryption viable, the z14 has four times as much silicon devoted to cryptographic accelerators as its predecessor, the z13, giving it seven times the cryptographic performance.

To read this article in full or to leave a comment, please click here

The Internet of Things, at its simplest level, is smart devices - from refrigerators that warn you when you’re out of milk to industrial sensors – that are connected to the Internet so they can share data, but IoT is far from a simple challenge for IT departments.

For many companies, it represents a vast influx of new devices, many of which are difficult to secure and manage. It’s comparable to the advent of BYOD, except the new gizmos are potentially more difficult to secure, aren’t all running one of three or four basic operating systems, and there are already more of them.

A lot more, in fact – IDC research says that there are around 13 billion connected devices in use worldwide already, and that that number could expand to 30 billion within the next three years. (There were less than 4 billion smartphone subscriptions active around the world in Ericsson’s most recent Mobility Report.) 

To read this article in full or to leave a comment, please click here

Over the past few years Cisco has changed the face of its security business. What was once a struggling concern is now the fastest-growing part of Cisco. How did the company do this? Part of the rebirth of Cisco security can be traced to a change in focus, away from point products to a more data-driven model. Big data, analytics and machine learning have been hot topics in IT, and Cisco has gotten religion in this area and applied it masterfully to its security business.

Today, Cisco added to that when it announced its intent to acquire privately held Observable Networks. The St. Louis-based company provides dynamic network behavior monitoring to help security teams find anomalies that could indicate a breach. The product captures data and analyzes it to gain situational awareness of all users, devices and traffic, not only on a company’s network, but also out to the cloud, with support for both Amazon Web Services and Microsoft Azure.

To read this article in full or to leave a comment, please click here

When it comes to tracking down the bad actors behind malware and ransomware, cybersecurity firms are turning to linguists.

Some of the largest companies in the U.S. have been targets of hackers, including Yahoo, JP Morgan Chase and TJX. Watch as we detail the top 15 breaches and their overall impact on customers or employees.

NordVPN gives you a private and fast path through the public Internet. All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can’t crack. Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN. Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here). This is a special deal available for a limited time.

To read this article in full or to leave a comment, please click here

During the past few years, the Internet of Things (IoT) has become one of the hottest movements of our time. Although many technology trends and buzzwords come and go overnight, it’s clear that the IoT is here to stay. Almost half of the world's population is online, and technology is a deeply integrated part of our lives. Smart thermostats regulate our business and household temperatures, connected cameras watch over our homes and pets, online TVs and speakers respond to our every need, and intelligent devices constantly monitor our health.

According to Gartner, the number of world-wide Internet connected devices will grow to 11.4 billion by 2018. It’s a phenomenal trend that will continue to spread until human and machine connectivity becomes ubiquitous and unavoidably present.

To read this article in full or to leave a comment, please click here

In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops:

You are doing a terrible job and should probably be fired. 

I know. That’s harsh. 

But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job. 

For years, we’ve had one trojan, worm and virus after another. And almost every single one is specifically targeting Microsoft Windows. Not MacOS. Not Linux. Not DOS. Not Unix. Windows. 

To read this article in full or to leave a comment, please click here