The history chapter of most computer security courses includes a reference to the Morris Worm, a malicious program written in 1987 by Robert Morris that exploited weaknesses in Internet applications and brought the Internet to a halt.30 years later, tens of thousands of children who were born after the Morris Worm became famous have graduated from college with computer science or software engineering majors. Sadly, very few were required to learn about the programming and design weaknesses that made the Morris Worm possible. The same weaknesses have since resulted in thousands of other vulnerabilities, some of which have inflicted much more severe damages than the Morris Worm did 30 years ago.Students cannot earn a chemistry degree without taking mandatory safety courses where they learn how to avoid blowing up a building. But, surprisingly, they can become computer scientists or software engineers without any exposure to basic secure coding and safe design practices that could prevent an attacker from blowing up the Internet.Secure design and coding is not new. The weaknesses that made the Morris Worm possible have long been included in the SANS Top 25 “Most Dangerous Software Errors”, and ways to prevent them have been widely documented by organizations such as SAFECode, OWASP or IEEE Center for Security Design. However, for no apparent reason whatsoever, mastering these techniques has never been required to become a software engineer or a computer scientist. At best students are taught security as an elective course, as if building a secure Internet was optional.To compensate for this knowledge gap, mature software development organizations are providing security training to their software developers as part of a holistic approach to software security. Dell EMC along with other organizations are also making this training available for free to the broader community through SAFECode.But this is not sufficient; every day device manufacturers are turning into software companies to surf the Internet of Things (IoT) wave. They hire software professionals to make their devices connected and build their software culture. But without basic security knowledge, these software professionals will perpetuate the same mistakes that have contributed to our current state of insecurity.“The best time to plant a tree was 20 years ago. The second best time is now.” – Chinese ProverbThe only sustainable way to break this vicious circle is to teach safe coding practices to future software professionals in the way we teach safety to chemists: by making it part of the curriculum and a required skill for graduation.Both Industry and Academia have a key role to play in helping to build a more secure digital infrastructure. Industry has to make security part of every stage of their software development process and train their developers about secure coding techniques. Academia can do its part by making security part of their curriculum to train the next generation of software professionals.We can all contribute to solving this security education paradox by educating the educational institutions in our own network about their role in making industry’s push for more secure software sustainable.
Imagine a typical board room setting where executives are brainstorming ideas on a whiteboard, setting strategies and engaging with each other. For the boardroom, the whiteboard or screen is the heart of the room where curious people engage and take in new ideas and new skills – it’s where the magic happens.As the world’s number one monitor brand1, Dell is taking the heart of these rooms and giving them an upgrade by introducing the new Dell 75 4K Interactive Touch Monitor (C7520QT), available this Spring. With the C7520QT monitor, users will see increased engagement as it encourages real-time team collaboration for all.Meeting participants are encouraged to reach out and touch the screen. They can write or draw in real time with virtually no lag on the C7520QT monitor’s 20-point multi-touch InGlass™ screen using their fingers, palm or styluses – all at that same time. The 20-simultaneous touch capability allows multiple users to interact with the screen simultaneously, creating a truly unparalleled writing experience. When the meeting concluded, simply erase with the palm of your hand.Keep your audience captivated with brilliant visuals from start to finish thanks to the 75” screen with 4K resolution. Optimized fonts ensure visuals are sharp, and colors are vivid and consistent from virtually anywhere in the room thanks to the wide viewing angle enabled by IPS technology. Whether people are viewing the screen with morning light or with bright fluorescents, they’ll experience consistent onscreen clarity with anti-glare and anti-smudge coating, reducing distractions.The exclusive Dell Screen Drop technology features the world’s first accessibility feature2 improving reachability for users working from varying heights – ensuring collaboration is within easy reach. Buttons at the side of the panel enable users to lower the displayed image to 3 different height settings.This uniquely designed monitor is adaptable to spaces and allows for seamless integration of an optional Dell OptiPlex Micro PC into the display, resulting in an all-in-one solution. Whether the presenter is there, or anywhere else, it’s no problem – IT professionals can manage the display remotely using RS232, RJ45 and HDMI CEC connectivity.Increase productivity with real-time team collaboration and keep your audience engaged with the new Dell 75 4K Interactive Touch Monitor (C7520QT).Starting price is $5,999.99Availability: Spring 2019__________________________ Source: IDC Quarterly PC Monitor Tracker, Q3 2018.2 Based on Dell internal analysis, November 2018. Available on C8618QT, C7520QT and C5518QT monitors only. read more
What do you think when you hear the words, “data security”? A number of ideas may come to mind depending on your background, profession, or how closely you have been following the recent news of data breaches. Often, the same is true when organizations try to tackle the challenge of securing data. They know it’s an issue, but how best to address it? Where should they start? Many organizations fall into the trap of thinking their perimeter security is enough. If they can just keep the threats out of their networks, they will be safe. However, that is not the case. It’s not that those security solutions are not important; in fact, they are crucial. It’s that the threats are continually evolving — and the individuals behind the threats are finding new ways to break in.We must start treating data with the same rigor as the perimeter, to ensure the right types of security are in place. Data has become the new perimeter. Taking a layered approach to securing data increases the chance that in the event of breach, the data will remain secure. How do we do this? We must make sure the data is encrypted and that the encryption keys are secured, so even if the data is stolen, it is unusable.One of the many ways Dell Technologies is aiming to help our customers with these security challenges is by providing infrastructure solutions that are cyber-resilient by design. We realize our customers are going to be running their sensitive data on our platforms, so we need to provide them with the tools necessary to secure that data. Here we are going to explore just one of those ways we help customers achieve data security within their server infrastructure.In a global marketplace, the physical location of data can spread far and wide, leading to increased vulnerabilities. Gone are the days of organizations operating a single, tightly secured data center where access is limited and server hardware physical security is well assured. Data center admins are tasked with fast response times, disaster recovery plans, and regulatory requirements that mandate onshore private data storage. To accomplish this, most organizations follow the multiple data center architecture approach. This conventional approach carries risk.Data-at-rest encryption is one of the key security considerations to keep data safe on the disks using self-encrypting drives (SEDs). Data-at-rest encryption offers instant, transparent encryption of data on servers and dedicated storage. The default protection strategy for the data on the SEDs is to use on-board key management software which grants authorized users access to the keys needed to decrypt and unlock the data stored on the SED. However, this strategy has limitations. If a malicious user walks out of the data center with this server, they could potentially locate the keys and access the encrypted data. Additionally, it can leave you exposed to insider threats, where an employee who has access to the server could locate the key and steal the data.To address this security hole, a new feature – Secure Enterprise Key Management (SEKM) was introduced. Utilizing SEKM, the keys are generated, managed, and stored on an external server away from the data that is stored on the SEDs. SEKM is then coupled with industry-leading data security solution Thales’ CipherTrust Manager through the industry standard Key Management Interoperability Protocol or KMIP. Since the CipherTrust Manager is external, the keys have the highest possible availability, so their power to enhance data security can be leveraged across many systems, thereby achieving true scalability that extends the value of the key management components. Leveraging the key management deployment across the organization also simplifies policy management and regulatory compliance audits.In addition, CipherTrust Manager is external. The keys have the highest possible availability, so their power to enhance data security can be leveraged across many systems. This provides true scalability that extends the value of the key management platform. Leveraging the key management deployment across the organization also simplifies policy management and regulatory compliance audits. If you need to meet higher FIPS levels, including Thales Luna HSMs adds the strongest possible root-of-trust, high entropy of the generated keys, and a FIPS 140-2 Level 3 certified hardware vault to hold these critical private keys.Developing the right data security strategy can be daunting and complex, but with the expertise of our sales teams, we can help to simplify data security and accelerate your time to compliance and to achieve multi-cloud security. With Dell EMC’s cyber-resilient by design PowerEdge servers and Thales CipherTrust Data Security Manager, we can help you develop a more comprehensive strategy to secure your data. If you are ready to get started, contact your Dell Sales team. read more
DENVER (AP) — The families of four Black girls who were mistakenly detained by suburban Denver police at gunpoint last year after they were suspected of being in a stolen car are suing police and the city of Aurora. The lawsuit filed on Monday claims the officers’ actions permanently traumatized the girls and are part of a pattern of racial biased treatment of Black people. The city would not comment on the lawsuit but a spokesperson said the city’s police chief has apologized directly and offered to pay for therapy for the girls. The lawsuit seeks unspecified monetary damages. read more
DUBAI, United Arab Emirates (AP) — Gulf Arab states are launching new restrictions over fears of the coronavirus resurging across their countries. With populations including largely young and healthy foreign laborers, many Gulf countries have avoided the higher death tolls seen in elsewhere around the world. However, reported case numbers appear to be rising since the New Year. The affected countries include Saudi Arabia, Kuwait and Qatar. Oman is warning it could take further restrictions as well. Earlier this week, Dubai in the United Arab Emirates closed all bars and pubs for the entire month of February and limit other activities after a spike in coronavirus cases followed New Year’s Eve celebrations that drew visitors from around the world. read more