Word of the Day: evil maid attack

Word of the Day Daily updates on the latest technology terms |April 30, 2018

evil maid attack An evil maid attack is a security exploit that physically targets an unattended computing device. An evil maid attack is characterized by the attacker's ability to physically access the target multiple times without the owner's knowledge. Besides giving this type of attack a very catchy name, Polish security researcher Joanna Rutkowska successfully demonstrated in 2009 that even full disk encryption (FDE) cannot be counted on to protect a laptop when an attacker has physical access to the device.   Such an attack might unfold like this:   Scene I: A Chief Financial Officer (CFO) at a conference leaves her laptop in her hotel room during dinner, confident that any corporate data on the laptop is safe because the hard drive is encrypted.   Scene II: An evil maid (who is actually a corporate spy involved in industrial espionage) spots the CFO leaving her room.   Scene III: The evil maid sneaks into the CFO's room and boots up her laptop from a compromised bootloader on a USB stick. The evil maid then installs a keylogger to capture the CFO's encryption key and shuts the laptop back down.   Scene IV: The CFO returns from dinner and boots up her computer. Suspecting nothing, she enters her encryption key and unlocks the laptop's disk drive.   Scene V: The following morning, while the CFO is downstairs at breakfast, the evil maid comes back and retrieves the keylogger which now knows the CFO's encryption key. The name "evil maid" has caught on with security professionals and the label has been used in a general fashion to describe scenarios in which the attacker doesn't simply steal the device -- or access it once to clone the hard drive -- but instead, returns multiple times to wreak havoc.  Company executives, government officials and journalists are the most likely targets of evil maid attacks. Whether the purpose of the attack is to change, steal or sell information, chances are high that the attacker will also make changes to the device's software that will permit remote entry later on.   Experts recommend the following steps should be taken to lessen the chance of this type of physical attack: Never leave computing devices or small peripherals, such as USB drives, unattended. Avoid using any unknown peripheral. Ensure BIOS and firmware updates are always applied without delay. Enable input-output memory management unit (IOMMU) features. Enforce secure boot protection and change full disk encryption keys on a regular basis. Quote of the Day "There are some things you could do to protect against evil maid attacks: use a strong password, set a password on the bios to prevent changes to the bios, only boot the system off of the hard drive and have some sort of tamper-evident alert if someone changes the hardware." - Nick Lewis   Trending Terms industrial espionage keylogger full-disk encryption physical security insider threat   Learning Center Keycard vulnerability threatens millions of hotel rooms A keycard vulnerability enabled researchers to create a master key to access every room in a targeted hotel, potentially putting millions of rooms at risk of a break-in. Why security incident management is paramount for enterprises The final component of achieving cybersecurity readiness is building a proper security incident management plan. Here's how to do it. Evil maid attacks: How can they be stopped? An evil maid attack can bypass full disk encryption and expose sensitive corporate data. Here's how to protect systems and data from evil maids. How IoT security is different from physical and conventional IT security There are a number of systematic differences that should make us view IoT security differently than physical security and even conventional IT security. Data center physical security gets a tougher look Data center physical security is increasingly a topic that is getting a closer look, with tough questions, from organizations seeking colocation space. Writing for Business An enterprise needs to have an overall plan to protect PII and secure _________ sensitive data. A. their B. its Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.

Security in the cloud vs. security of the cloud

Security in the cloud vs. security of the cloud

Traditional connectivity and security solutions often fall short when applied to (now-dominant) cloud environments – but where, exactly, does the burden of responsibility fall for securing data and workloads in the cloud? This featured resource compares security in the cloud with security of the cloud – exploring where (and how) your organization is responsible for security in the age of cloud computing. Read on to learn more.

VIEW NOW

ABOUT THIS EMAIL

This email is published by the TechTarget Security Media Group. Copyright 2015 TechTarget, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. To unsubscribe from all TechTarget Security Media Group, Go to unsubscribe. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466 Contact: webmaster@techtarget.com When you access content from this newsletter, your information may be shared with the sponsors of that content as described in our Privacy Policy.

Digital Transformation Mistakes: 5 to Avoid

Digital Transformation Mistakes: 5 to Avoid

Companies today know they must embrace digital or face being obsolete. But digital is not just about writing an app - it's about rewriting your company and changing the way you work. This ebook highlights five counterintuitive mistakes frequently made by organizations that seem rational when building a digital strategy, but actually can be course-altering mistakes. It also provides an alternate path to achieving the same objectives using approaches common in successful digital companies.

VIEW NOW

ABOUT THIS EMAIL

This email is published by the TechTarget Data Center and Virtualization Media Group. Copyright 2017 TechTarget, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. To unsubscribe from all TechTarget Data Center and Virtualization Media Group. Go to unsubscribe. TechTarget Data Center and Virtualization Media Group, 275 Grove Street, Newton, MA 02466 Contact: webmaster@techtarget.com When you access content from this newsletter, your information may be shared with the sponsors of that content as described in our Privacy Policy.

IoT, machine learning, AI and more: trends in 2018

IoT, machine learning, AI and more: trends in 2018

2018 will be the year when many businesses will finally move off data lakes and adopt a cloud-first strategy for big data analytics, according to Forrester Research. Businesses will need to be intelligent and understand their data and their customers to thrive in the future marketplace. Tap into this 22-page resource for 8 trends on business intelligence, including what analysts expect for: Internet of Things Machine learning Artificial intelligence Natural language generation And more

VIEW NOW

ABOUT THIS EMAIL

This email is published by the TechTarget Business Applications and Architecture Media Group. Copyright 2017 TechTarget, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. To unsubscribe from all TechTarget Business Applications and Architecture Media Group. Go to unsubscribe. TechTarget Business Applications and Architecture Media Group, 275 Grove Street, Newton, MA 02466 Contact: webmaster@techtarget.com When you access content from this newsletter, your information may be shared with the sponsors of that content as described in our Privacy Policy.

How the e-signature software apps stack up; looking at GDPR for SharePoint

Content Management Insider A roundup of content management news and features from TechTarget |April 30, 2018 NEWS E-signature software comparison: Making sense of the market By Anna Fiorentino, Contributor How do electronic signature tools from DocuSign, eSignLive, Adobe Sign, SignNow and SignEasy stack up? A G2 Crowd expert helps us sort through the field. (SearchContentManagement.com) Advertisement FEATURED STORIES   Free GDPR tool for SharePoint aids data privacy compliance A free, open source tool for SharePoint helps administrators build a General Data Protection Regulation management hub to comply with the EU's data privacy law. (SearchContentManagement.com)   Is it easy to migrate from PerformancePoint to Power BI? Organizations like to use PerformancePoint as a way for users to interact with visualizations, but it doesn't work with Power BI apps, which can be a problem. (SearchContentManagement.com)   Going paperless, AI, blockchain headline AIIM Conference AI, cloud storage and blockchain technology were discussed at the AIIM Conference. The Pipeline podcast rehashes the conference and two organizations that rid themselves of paper. (SearchContentManagement.com)   Content personalization tools sharpen focus on customers New content personalization tools help more organizations, including Amazon, target customers. In the process, Jeff Bezos has become the world's richest man. (SearchContentManagement.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Content Managment Insider, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Enterprise Applications Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.

Today 4PM EST: Amazon Redshift, EC2, RDS: AWS explains all three

Today 4PM EST: Amazon Redshift, EC2, RDS: AWS explains all three

More and more companies are modernizing their database apps through cloud adoption. But what’s the best path to database migration – and what new capabilities can such a strategy give you? Join the pros from AWS tomorrow (May 1, 2018) at 1 PM PDT (4 PM EDT) as they explain the benefits you can realize by migrating your on-premises databases to: •    Amazon Relational Database Service (Amazon RDS) •    Amazon Elastic Compute Cloud (EC2) •    And Amazon Redshift Discover how these automated solutions can help you rapidly migrate to the cloud by registering now for this can’t-miss webinar.

VIEW NOW

ABOUT THIS EMAIL

This email is published by the TechtargetData Center and Virtualization Media Group. Copyright 2017 TechTarget, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. To unsubscribe from all TechTarget Data Center and Virtualization Media Group. Go to unsubscribe. TechTarget Data Center and Virtualization Media Group, 275 Grove Street, Newton, MA 02466 Contact: webmaster@techtarget.com When you access content from this newsletter, your information may be shared with the sponsors of that content as described in our Privacy Policy.

Today 1PM EST: AWS security 101

Today 1PM EST: AWS Security 101

AWS adoption can provide the benefits of thousands of security tools to protect your sensitive data. But how, exactly, do you successfully migrate this data to the cloud? And what do you need to know to achieve effective AWS security? Join the experts from AWS today at 10 AM PDT (1 PM EDT) as they walk you through best practices for migrating mission-critical apps and data to AWS. Topics covered will include: •    How to migrate sensitive or high-risk data to AWS, step-by-step •    How to build a compliant AWS environment •    Real-life success story: An AWS migration case study •    And more

VIEW NOW

ABOUT THIS EMAIL

This email is published by the TechTargetData Center and Virtualization Media Group. Copyright 2017 TechTarget, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. To unsubscribe from all TechTarget Data Center and Virtualization Media Group. Go to unsubscribe. TechTarget Data Center and Virtualization Media Group, 275 Grove Street, Newton, MA 02466 Contact: webmaster@techtarget.com When you access content from this newsletter, your information may be shared with the sponsors of that content as described in our Privacy Policy.

Mobile Providers: Are Smart Cities Your Next Big Customer

Vitria May Newsletter Issue is 'Mobile Providers: Are Smart Cities Your Next Big Customer.' Subscribe to receive the latest information on IoT and Advanced Analytics.

Hello David, We would like to invite you to subscribe to our monthly newsletter so that we can provide you with the latest news and information on Advanced Analytics, IoT, and Operational Intelligence. The Focus of this month's issue is 'Mobile Providers: Are Smart Cities Your Next Big Customer'.  Click here to subscribe. Here are highlights and insights we wanted to share with you from the April Issue. No other innovation is creating more DATA than the Internet of Things (IoT) IoT is a collection of network connected physical objects and machines. They have embedded identifications, sensors, and software that can provide an understanding of where they are, what they're doing and what's going on around them. These devices, billions of them, are spewing data at an amazing rate. Industry watchers estimate that only 0.5% to 1% of all data available to a business is ever analyzed and used. Industry experts say that ANALYTICS is the key to unlocking the potential of data and specifically data from IoT. IoT – smart devices – generate an enormous amount of data. The challenge is to capture and filter the most significant – to separate the signal from the noise. When IoT data analysis is AUTOMATED and INTEGRATED into operational systems managers and workers anticipate what's next. Digital operations – the ability to enable decisions and actions based on real time data collection – improves productivity, increases effectiveness and decreases the cost of operation. When data analysis is AUTOMATED and INTEGRATED into operational systems managers and workers can make decisions and take actions faster. Automated data analytics take the abundance of data and transforms it into IMMEDIATE answers. Businesses rely on operations and operations improve with access to data and automated data analytics.  What is Your Strategy for IoT DATA ANALYTICS?  How will data analytics benefit your business? UNDERSTAND how analytics will impact culture and operations ASSESS if the data center technology can support the plan (compute, storage and network) – will the big data infrastructure involve moving storage to the cloud DETERMINE the plan for accessing internal and external data – how you will ensure quality and security IDENTIFY what skills you will need – are they already in house or will you get them from the outside by hiring or outsourcing CONSIDER data quality requirements and governance DEVELOP use cases and IMPLEMENT the solution Market Trends and Research VITRIA DIGITAL ASSETS Supporting your Ambition: Transform to a Digital Operation CLOUD OF THINGS WHAT IF? VITRIA EXECUTIVE EBOOK TELECOM TRENDS / RESEARCH HOW DO I GET THERE? Vitria has developed a free EBook exploring the topic 'IoT- More than the Data'. Reserve your copy here. We are focusing on a seven week executive bulletin series regarding strategy that touches on the big data architecture, the data itself and the analytics platform. The series explores how to integrate the analytics that may come with the IoT applications and the broader platform for analytics provided by VIA by Vitria. Subscribe to the series here.   Your Analytically, The Vitria Team http://www.vitria.com/ Vitria Technology, Inc   4300 Bohannon Drive  Suite #200  Menlo Park,  CA   94025   United States You received this email because you are subscribed to IoT from Vitria Technology, Inc. Update your email preferences to choose the types of emails you receive.  Unsubscribe from all future emails

What today's lead DevOps engineers get paid

Cloud Applications Digest A roundup of this week’s cloud applications and development content| April 30, 2018 FEATURED STORY Salary snapshot: What is a lead DevOps engineer paid today? by Valerie Silverthorne, Senior Technology Editor Our monthly salary snapshot looks at lead DevOps engineer salaries, which are high and getting higher due to the worsening developer shortage. Here's how the paychecks stack up. (DevOpsAgenda.com) Advertisement NEWS   Tufin Orca automates security for containers and microservices Tufin's policy-based security automation tool fortifies DevOps environments, as it integrates with CI/CD tools, scans for threats, and secures containers and microservices. (SearchMicroservices.com)   Google Stackdriver APM enhances app monitoring Additional profiling, debugging and tracing tools for Google's Stackdriver suite expand application performance management services for developers. (TheServerSide.com) EXPERT ADVICE   DevOps is key to low-code BPM, digital process automation Low-code BPM and digital process automation tools empower business-side app development. But without BPM developers and DevOps management, automation can lead to chaos. (SearchMicroservices.com)   Understand continuous delivery and continuous deployment Learn why it is important to understand the differences between continuous delivery and deployment. Expert Matt Heusser discusses how they work with one another. (SearchSoftwareQuality.com)   Automated security testing frees devs to prevent breaches Common software security mistakes include testing at the last minute and not testing open source code and VMs. Matt Heusser suggests ways to avoid these and other missteps. (SearchSoftwareQuality.com)   Build secure coding practices right into the IDE Tools that integrate secure coding practices into the IDE promise to improve software security, even if the app in question isn't secure by design. (TheServerSide.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Cloud Application Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Data Center and Virtualization Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.