snydeq writes: From telling everyone they're your customer to establishing a cloud strategy, Bob Lewis outlines 12 "industry best practices" that are sure to sink your company's chances of IT success: "What makes IT organizations fail? Often, it's the adoption of what's described as 'industry best practices' by people who ought to know better but don't, probably because they've never had to do the job. From establishing internal customers to instituting charge-backs to insisting on ROI, a lot of this advice looks plausible when viewed from 50,000 feet or more. Scratch the surface, however, and you begin to find these surefire recipes for IT success are often formulas for failure." What "best practices" would you add?
Migrate from GitHub to SourceForge quickly and easily with this tool. Check out all of SourceForge’s recent improvements.×
If you are a Mac user, you should be aware of new variants of malware that have been created specifically to target Apple computers; one is ransomware and the other is spyware. "The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor 'dark web' network that acted as a shopfront for both," reports BBC. "In a blog post, Fortinet said the site claimed that the creators behind it were professional software engineers with 'extensive experience' of creating working code." From the report: Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware's creators had said that payments made by ransomware victims would be split between themselves and their customers. Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data. The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine's microphone. In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.
An anonymous reader writes: Mozilla today launched Firefox 54 for Windows, Mac, Linux, and Android. The new version includes the next major phase of multi-process support, which streamlines memory use, improving responsiveness and speed. The Electrolysis project, which is the largest change to Firefox code ever, is live. Firefox now uses up to four processes to run webpage content across all open tabs. This means that complex webpages in one tab have a much lower impact on responsiveness and speed in other tabs, and Firefox finally makes better use of your computer's hardware.
Ed Bott, reporting for ZDNet: Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog.
Apple's decision to go all in on 64bit-capable devices, OS and apps has caused some trouble for Chess.com, a popular online website where people go to play chess. Users with a 32bit iPad are unable to play games on the website, according to numerous complaints posted over the weekend and on Monday. Erik, the CEO of Chess.com said in a statement, "Thanks for noticing. Obviously this is embarrassing and I'm sorry about it. As a non-developer I can't really explain how or why this happened, but I can say that we do our best and are sorry when that falls short." Hours later, he had an explanation: The reason that some iOS devices are unable to connect to live chess games is because of a limit in 32bit devices which cannot handle gameIDs above 2,147,483,647. So, literally, once we hit more than 2 billion games, older iOS devices fail to interpret that number! This was obviously an unforeseen bug that was nearly impossible to anticipate and we apologize for the frustration. We are currently working on a fix and should have it resolved within 48 hours.
An anonymous reader writes: "A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries," reports Bleeping Computer. Researchers say they identified several flaws in the VoLTE protocol (a mixture of LTE and VoIP) that allow an attacker to spoof anyone's phone number and place phone calls under new identities, and extract IMSI and geo-location data from pre-call message exchanges. These issues can be exploited by both altering some VoLTE packets and actively interacting with targets, but also by passively listening to VoLTE traffic on an Android device. Some of these flaws don't even need a full call/connection to be established between the victim and the target for the data harvesting operation to take place. Additionally, another flaw allows users to make calls and use mobile data without being billed. The team's research paper, entitled "Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone" was presented last week at SSTIC (Symposium sur la Securite des Technologies de l'Information et des Communications), a security conference held each year in Rennes, France.