Will Trump slash public funding for scientific research? The Verge #nih #secure #email


#

Will Trump slash public funding for scientific research?

Mark O. Hatfield Clinical Research Center on the National Institutes of Health Bethesda, Maryland campus NIH/Wikimedia Commons

“I hear so much about the NIH, and it’s terrible,” President-elect Donald Trump told conservative radio host Michael Savage last year, using the acronym for the National Institutes of Health. The NIH is the federal agency that shelled out $32 billion for biomedical research in fiscal year 2016. This federal money is a key source of funding for academic research — on anything from cancer to Alzheimer’s.

“I hear so much about the NIH, and it’s terrible.”

But just because Trump thinks the NIH is terrible doesn’t mean he won’t fund it, if his comments to Scientific American are any guide. He said in September that “there are increasing demands to curtail spending and to balance the federal budget, we must make the commitment to invest in science, engineering, healthcare and other areas that will make the lives of Americans better, safer and more prosperous.” On its part, the NIH says it’s ready for the transition. “NIH has a long history of bi-partisan support and stands ready to work with the new Administration to improve people’s health and reduce the burden of disease through biomedical research,” Amanda Fine, a PR officer for the NIH, wrote in an email to The Verge .

So — is a Trump presidency good news or bad news for the nation’s most important sources of research funding?

“Trump has been a bit of a black box on that issue,” says Jennifer Zeitzer, the director of legislative relations at the Federation of American Societies for Experimental Biology. “The good news is we don’t know what it means for public funding and the bad news is we don’t know what it means for public funding.”

NIH funds are critical for work around the country. Academic institutions in the US rely heavily on federal dollars for running their labs, buying equipment, processing samples, and training the next generation of scientists. “The entire business of the US academic biomedical research enterprise is based on federal dollars. All of it,” says Ethan Weiss. an associate professor of medicine at University of California, San Francisco. “Without that, it would collapse.”

Researchers all over the US depend on these grants to make a living. Jacquelyn Gill. an assistant professor of paleoecology and plant ecology at the University of Maine, recently received a $300,000 grant from the National Science Foundation, another federal agency, that will fund her research for the next three years. Part of that money will go into her own salary and into the salary for undergraduates and post-doctoral researchers who work at her lab. Cutting public funding means cutting jobs, and that makes it hard to attract young people into scientific research.

“I would like to have a job. I would like to continue to work.”

“I’m getting my PhD and I want to start my own lab eventually,” says Sarah Hengel, who’s doing breast cancer research at the University of Iowa, in a lab that partially runs on NIH dollars. “It’s a little scary when it’s uncertain what the future will be like. I would like to have a job. I would like to continue to work.”

NIH and NSF funding has been fluctuating in the past few years. The NIH lost 22 percent of its capacity to fund research due to budget cuts, sequestration, and inflation from 2003 to 2015, according to Zeitzer, at the Federation of American Societies for Experimental Biology. And federal funding from government agencies like the NSF, the Department of Agriculture, and Health and Human Services has fallen by 17 percent from 2010 to 2014. when factoring in inflation. That means that, for a while now, researchers have looked at alternative sources of funding, including private foundations, NGOs, and private donors.

The problem with private funding is that it’s usually not as big; it also doesn’t allow scientists to focus on that long-term, basic, fundamental research that doesn’t give a return on investment quickly, but is key to finding cures for diseases. Weiss, at the University of California, San Francisco, used HIV as an example. HIV/AIDS went from being a death sentence in the 1980s to a chronic but relatively manageable disease because of decades of prior research into the basic biology of viruses and the workings of DNA. “That didn’t happen in the dark,” Weiss says. “Fundamental biology is important because you never know when you might need it.”

Climate scientists are the most concerned

Climate scientists are the most concerned. since Trump has denied man-made climate change exists. The current NSF budget is already a fraction of the NIH’s — $7.46 billion. And with Trump’s decision to appoint a climate skeptic to lead the Environmental Protection Agency transition. climate scientists fear that public funding for their research will be slashed. “We don’t expect a lot of support for climate initiatives,” says Joshua Adam Drew, a professor at the Department of Ecology, Evolution and Environmental Biology at Columbia University. “I hope I’m wrong and that I’m just being depressed about the future, but I don’t see there being a large. support for an increased federal budget for research.”

Zeitzer, at the Federation of American Societies for Experimental Biology, says it’s too early to know. Congress could approve spending bills before Christmas; those bills include raising the NIH budget to $34.1 billion and the NSF budget to $7.51 billion in 2017. That would secure public funding for the first year of Trump’s presidency. What would happen for the year 2018 and onward, however, is anyone’s guess. And that uncertainty is what’s most concerning to some. “It’s a complete and whole black hole. We don’t have any idea,” Weiss says. “I don’t think Trump has give a lot of thought to it. And maybe that’s a good thing, maybe the administration will be distracted with other things and things will stay relatively status quo.”

Now Trending

The Eve V is the USB-C Surface Pro that Microsoft won’t make Could Eve-Tech be the OnePlus of Windows?

  • Apple, Facebook, and Google CEOs unite in opposition to Texas discrimination Tech executives say bathroom bill targeting transgender students would be ‘bad for our employees and bad for business’

  • Microsoft nearly made the Lumia 950 into a miniature Surface

  • Here are all the laptops Asus just announced at Computex

  • Everyone should copy Asus’ gorgeous laptop color accents

  • Command Line

    Command Line delivers daily updates from the near-future.

    This Article has a component height of 17. The sidebar size is long.

    The Latest


    1to1Core – Microsoft Azure #1to1 #core, #microsoft #azure, #hybrid #cloud #computing, #cloud #computing #application, #hybrid #cloud #os, #private #cloud #infrastructure, #hybrid #cloud #os #technology, #applications #of #cloud #computing, #cloud #computing #technologies, #what #is #private #cloud, #secure #cloud #hosting


    #

    Hybrid Cloud OS

    Enterprise Mobile Apps

    Software for the Cloud

    Cloud Dashboards

    SERAEM

    Ready to Rocket

    Dynamically create your Vision

    Why does my business
    need a Cloud OS ?

    Today’s world requires rapid adaption to new technology. Change can be daunting, but 1to1Core’s Hybrid Cloud OS has you covered. Let us help you maximize your potential using our customizable platform. Harmonizing your business with mobile and hybrid cloud computing is important, and the team at 1to1Core are here to ease your business through the transition.

    What can I do with
    a Cloud OS ?

    1to1Core has been delivering the power of cloud technology to businesses for over 15 years. We can help you with anything from creating innovative custom Apps, to achieving truly secure web hosting, to back office management, to sales — even marketing tools and analytics! 1to1Core’s Hybrid Cloud OS allows your business to harness the power of the Cloud.

    Why does my business
    need a Cloud OS ?

    Today’s world required rapid adaption to new technology. Change can be scary, but 1to1Core’s Cloud OS has you covered. Let us help you get your business up to date using our customizable App platform. Harmonizing your business with mobile and cloud computing is important, and 1to1Core Cloud OS are experts in easing the transition

    What can I do with
    a Cloud OS ?

    1to1Core has been delivering the power of cloud technology to businesses over 15 years. From web hosting, to back office management, to sales & marketing tools and analytics. 1to1Core Cloud OS brings the knowledge and tools you need for your business to harness the power of the Cloud. Let us show you why adaptation is worthwhile.

    It’s a 5 Screen World

    We recognize that today is a place where people use multiple devices, from mobile to desktop, to control their day-to-day applications.

    1to1Core’s Hybrid Cloud OS was built with responsive design in mind. Hybrid Cloud OS is an experience customized to your screen, at whatever size it may be. Never be stuck with desktop apps again, get onto the Cloud!


    Security Awareness Program #u.s. #security #awareness, #computer #security, #secure #your #computer, #personal #security, #disaster #preparedness, #homeland #security, #security #awareness #tips, #security #awareness #program, #information #security #professional, #information #security #program, #information #security #auditing, #risk #management, #insider #threat, #incident #response, #security #awareness #day, #information #security, #security #awareness


    #

    Security Awareness for IT Users – InfoSec Institute
    InfoSec Institute is consistently rated as one of the top providers for Security Awareness Program training for users of IT systems. With a systematic approach, multiple delivery formats (instructor-led, CBT/WBT, SCORM formatted modules), and access to industry recognized subject matter experts, InfoSec Institute has what it takes to raise critical security awareness issues in a thought provoking manner for your organization.

    Security Awareness for IT Professionals – InfoSec Institute
    InfoSec Institute provides a deeper level of security awareness training for technical audiences, honing in on the specific issues that individual IT Professionals need to know in order to secure their infrastructure.

    Security Awareness for Software Developers (.NET, Java, C/C++) – InfoSec Institute
    Software developers are increasingly under task to develop more secure applications. Without the requisite knowledge, it is an insurmountable task. InfoSec Institute bridges the gap between poorly designed and executed code and secure code with the internationally recognized Security Awareness for Software Developers line of courses.

    You can find other value able security awareness training resources here:

    NIST 800-50: Security Awareness and Training Program
    This NIST publication provides detailed guidance on designing, developing, implementing, and maintaining an awareness and training program within an agency’s IT security program.

    ENISA: A Users� Guide: How to Raise Information Security Awareness
    This document illustrates the main processes necessary to plan, org anise and run information security awareness program raising initiatives: plan & assess, execute & manage, evaluate & adjust. Each process is analyses and time-related actions and dependencies are identified. The process modeling presented provides a basis for “kick-starting” the scoping and planning activities as well as the execution and assessment of any security awareness program. The Guide aims to deliver a consistent and robust understanding of major processes and activities amoung users.

    NIST 800-16: Information Technology Security Training Requirements (188 pages)
    The overall goal for use of this document is to facilitate the development or strengthening of a comprehensive, measurable, cost-effective IT security awareness program which supports the missions of the organization and is administered as an integral element of sound IT management and planning. Protecting the value of an organization�s information assets demands no less. This approach allows senior officials to understand where, in what way, and to what extent IT-related job responsibilities include IT security responsibilities, permitting the most cost-effective allocation of limited IT security training resources.
    Appendix A-D Appendix E

    Building a Security Awareness Program – CyberGuard
    Hackers, worms and viruses grab the headlines, but the real threat often comes not from outside the organization but within. Social engineering and unhappy employees pose very real risks to network security. How do you address the problem? This article offers a practical approach to setting up an effective security awareness program that gets everyone in the organization on board.

    Awareness Tips for All Personnel – Gideon T. Rasmussen
    Security tips are a key component to any awareness program. They should advise of best practices and reinforce policy.These tips are written with the average person as the intended audience. The site randomly displays information security tips. Companies can use it internally to educate their user community. The site and script are free to download.

    Security Awareness Tips by Role – IT Governance Institute
    ITGI offers a security baseline for enterprises and security survival kits for a variety of computer users.

    Security Awareness Toolbox – The Information Warfare Site
    The Security Awareness Toolbox contains many useful documents and links. The Main Documents section was contributed by Melissa Guenther. The Toolbox is a rich source of awareness material.

    University of Arizona Security Awareness Page
    The UA security awareness site contains awareness presentations, videos and posters. It’s a good site to explore.

    NoticeBoard Newsletter
    NoticeBored offers a free awareness newsletter covering a different information security topic each month. The newsletter provides an introduction to the monthly topic, describes the information security risks and outlines the remaining security awareness materials delivered to NoticeBored customers.

    IIA Tone at the Top Awareness Newsletter
    Mission: To provide executive management, boards of directors, and audit committees with concise, leading-edge information on such issues as risk, internal control, governance, ethics, and the changing role of internal auditing; and guidance relative to their roles in, and responsibilities for the internal audit process.

    Security Awareness Group – Yahoo Groups
    The security awareness group provides a forum to discuss awareness program methodologies and share security awareness tips. Those interested in learning more about information security will benefit from the exchange of tips and the opportunity to ask questions.

    Security Awareness Posters

    Attentus Healthcare Company in cooperation with DasSign has provided security awareness posters in the interest of public education. These posters can be used and distributed freely without obligation.


    World s most secure email service is easily hackable #the #most #secure #email


    #

    ‘World’s most secure’ email service is riddled with security flaws that leave it vulnerable to being hacked

    • Startup Nomx is trying to change the way that emails send to make them safer
    • It claims its email system ‘ensures absolute security and privacy’
    • But a researcher has found a flaw in the system that makes it easy to hack

    Published: 17:05 BST, 28 April 2017 | Updated: 17:05 BST, 28 April 2017

    An email service that claims to offer the ‘world’s most secure communications protocol’ is easily hackable, according to a researcher.

    The system, whose creators claim ‘ensures absolute security and privacy’, runs through a device that is riddled with security flaws, the expert said.

    Security researcher, Scott Helme, found an easy way for hackers to remotely break into the $199 (£154) device and take control of a user’s email account.

    Scroll down for video

    An email service that claims to be the ‘world’s most secure communications protocol’ is easily hackable, according to a researcher. The system, whose creators say ‘ensures absolute security and privacy’, runs through a $199 (£154) device (pictured) that is riddled with flaws

    THE NOMX VULNERABILITY

    Security researcher Scott Helme decided to explore how the device works by taking it apart.

    He found that the box uses outdated software on a basic ‘Raspberry Pi’ computer chip that has several bugs.

    Nomx’s code is ‘riddled with bad examples of how to do things,’ Mr Helme wrote in a blog post on his research.

    He found that Nomx’s web application had a flaw that allowed anyone to take full control of the device and hence someone’s email account.

    All a hacker would need to do is have their victim visit a malicious website link.

    ‘I could read emails, send emails, and delete emails. I could even create my own email address,’ Mr Helme told Motherboard .

    Startup company, Nomx, who designed the service, has denied that there is anything wrong with their hardware.

    The company is trying to change the way emails are sent in order to create a safer way to message people.

    It sells a device that helps users set up their own email server.

    This, the company says, keeps your messages away from mail exchange servers, otherwise known as MX servers – hence ‘Nomx’.

    The company claims that these MX servers are inherently ‘vulnerable’ and by avoiding them using their device, users’ emails will be more secure.

    Security researcher Scott Helme decided to explore how the device works by taking it apart.

    He found that the box uses outdated software on a basic ‘Raspberry Pi’ computer chip that has several bugs.

    Nomx’s code is ‘riddled with bad examples of how to do things,’ Mr Helme wrote in a blog post on his research.

    RELATED ARTICLES


    Anonymous Secure Email – Email Hosting – Email Account – Email Provider – Anonymous Email – Encrypted Email Service, secure email reviews.#Secure #email #reviews


    #

    Secure Email

    Secure email reviews

    • High strength SSL encryption
    • IMAP, SMTP, POP3 and Webmail
    • Multi-level spam and virus protection
    • Unlimited disposable email addresses
    • OpenPGP encryption, digital signatures
    • IP hiding for enhanced privacy
    • RSS feeds delivered via email
    • Hosted in Switzerland

    Specifications

    • Globally accessible secure webmail service.
    • Multi-lingual interface in over 30 languages.
    • Choice of 4 different webmail interfaces – Dynamic interface similar to a desktop email program, Traditional HTML based interface, and stripped down Mobile interface.
    • Web mail automatically synchronized with your desktop email program via IMAP.
    • Globally accessible SSL secured IMAP and POP3 service.
    • Unlimited disposable email addresses at your own unique subdomain.
    • Globally accessible SSL secured SMTP service.
    • Alternate ports available for use from behind corporate / ISP firewalls.
    • Ability to send to up to 100 recipients per mail.

    Spam and Virus Protection

    • Spam identification and tagging with Vipul’s Razor.
    • Virus blocking with ClamAV
    • Receive RSS feeds for your favorite sites and blogs directly in your email account, with all the flexibility and power of IMAP.
    • You can purchase custom domain hosting to receive email for your own domain to your Neomailbox account.
    • Unlimited email addresses @yourdomain.

    Unlimited Disposable Aliases

    • Every account includes unlimited disposable email addresses at your own unique subdomain.
    • You will receive email for any address @your_subdomain.neomailbox.ch without having to set up anything in advance.
    • You can block and unblock aliases at will.
    • Compatible with Thunderbird, Microsoft Outlook, Outlook Express, Eudora, Apple Mail, Windows Live Mail, Android Mail and any POP3 / IMAP compatible email program.
    • No downloads or plugins required.
    • Alternate ports to enable use through firewalls.
    • Fast, load-balanced servers running OpenBSD, the most secure operating system available.
    • Servers hosted in state-of-the-art data centers with multiple network and power connections.
    • 24/7/365 Automated monitoring and emergency support.
    • Account valid for 1 year.
    • We will send you renewal reminders when your account is nearing its renewal date.

    We offer an unconditional 30-day 100% money-back guarantee so you needn’t take our word that you’ll love the service. You can just sign up and try it yourself – risk-free.


    FTP Site Hosting – Easy, Affordable, Professional #secure #ftp #site #hosting


    #

    • 5 Min Site Activation 24/7 365 Days Per Year
    • Web-based Site Administrator – Online User Administrator, create your own users and more 24/7
    • Web-based access to your FTP site – free web-based FTP client
    • Web-based, real time FTP usage reports – powerfull reporting tool shows downloads, uploads, & deletes
    • Simple, pay only for what you use, pricing
  • NEW Email notification when a user uploads or downloads a file. Our robust system allows you to select which of your users will receive an email notification when a particular user uploads or downloads a file. You can even edit what the email will say and who it will be from.
    • Encrypted ( SSL ) uploads and downloads at no additional costs. To use SSL encryption, the FTP client software you use must support it ( Voyager and Cute FTP do ). We have an option to require your users to use SSL encryption. Our free online FTP client always uses SSL encryption.
    • Each user gets his own user id and password
    • Users logon directly to their subdirectory. They only ‘see’ their files.
    • Servers are firewall protected to protect your files
    • Servers are located in a restricted access locked facility
    • Unlimited Users
    • No pre-set space limitations or transfer allocation
    • Cost effective – only pay for what you use each month
    • Free Online ( no installation needed ) FTP client for you and your users
    • High-end state-of-the-art server facility – 99.9% up-time
    • 24/7 support phone line
    • Printable invoices and receipts available online

    Supported Features

    • Encrypted Transfers supported ( SSL )
    • Option to require user to transfer encrypted
    • Resume inturrupted file transfers
    • Option to auto-delete users on a specified date
    • Your users only ‘see’ their folder/files
    • You specify whether a user has upload, download, or delete rights
    • XCRC command support to verify downloaded file matches file on server

    Copyright 2001-2008 Northstar Data Systems All rights reserved.


    Linux is secure…right? #secure #web #servers


    #

    Linux is secure…right?

    “There are no threats for Linux servers. Aren’t they built to be secure?”

    “Linux servers are secure and hardened, why do we need additional security controls on those?”

    “I do understand there are threats out there but I am not aware of any major attacks on Linux servers”

    If you find yourself nodding as you read these statements, you’re not alone.

    There is a common belief that Linux servers are more secure and less vulnerable than Windows servers.

    Although there is some truth in the belief, the reality is that Linux servers (and the applications they host) also have vulnerabilities and by ignoring this, you are putting your business at unnecessary risk.

    Widespread and increasing use

    There was a time not too long ago when Linux was a ‘geek’ OS, the domain of command line management and limited enterprise use. Those days are definitely gone, clearly illustrated by things like Gartner pegging the global OS growth for Linux at 13.5%[1]. as well as the prevalence of Linux in the public cloud environment, as demonstrated by the fact that approximately 90% of workloads in AWS EC2 are running some variant of Linux. With such widespread use for sensitive enterprise applications, it’s no small wonder that there is an increasing focus on attacking Linux servers, as evidenced in the recent ransomware attack in South Korea that used a Linux-focused ransomware attack called Erebus that impacted the web sites, databases, and multi-media files of 3,400 businesses.

    Secure, but still vulnerable

    With more and more servers moving beyond the enterprise boundary and into the cloud, network protection at the host-level becomes increasingly important, as workloads need to defend themselves vs. having a perimeter around them. And remember, workloads include the applications that sit on top of Linux…it’s more than just the OS.

    Having a host-based Intrusion Prevention System (IPS) will help protect against vulnerabilities in core operating system AND the application stack running on top. Great examples of network-accessible vulnerabilities with wide-spread impacts are the recent Apache Struts-2 issue, Heartbleed and Shellshock, but there are many more. And just because a vulnerability, like Heartbleed, is a couple years old doesn’t mean that applications and servers are not still vulnerable. In a recent Shodan survey, it showed that Heartbleed was still an available vulnerability on more than 180,000 servers around the world, with the majority of them in the US!

    [1] Gartner, “Market Share Analysis: Server Operating Systems, Worldwide, 2016”, ID#G00318388, May 26, 2017

    If you run a web server on Linux (running on at least 37 percent of the web servers out there according to W3Techs ), you need protection against vulnerabilities affecting them, including Apache, Nginx, etc.

    Table 1: Vulnerabilities Protected by Deep Security

    It is very important to not confuse vulnerabilities with threats. While there may be fewer known threats for Linux, if you look at the National Vulnerability Database, there are a similar number of vulnerabilities reported for both Linux. and Windows operating systems.

    Malware, designed for Linux

    Contrary to popular belief, there is a lot of malware for the Linux platform. While the numbers in comparison to Microsoft Windows are not quite as high, there are still tens of thousands of pieces of malware designed for Linux, including the Erebus ransomware mentioned above.

    Deploying ONLY anti-malware is inadequate for protecting servers. However, most attacks on datacenters that lead to breach involve the installation of malware as part of the attack chain. This is why compliance and security frameworks such as PCI-DSS (Section #3), SANS CIS Critical Security Controls (Section #8), and NIST Cybersecurity Framework (Section DE.CM-4) all continue to recommend anti-malware as a best practice.

    Layered security for Linux workloads

    It’s clear that there is no silver bullet when it comes to server security, and that businesses should be using a layered security approach to protect vulnerable Linux workloads. Beyond anti-malware and IPS, there are a number of controls that will help to build a robust Linux strategy:

    • Application Control: helps ‘lock down’ the Linux host to prevent any unknown process or script from running. This prevents the malware from running in the first place or attackers from taking advantage of backdoors that it might have placed on the server.
    • Integrity Monitoring: A new threat is likely to make changes to the system somewhere (ports, protocol changes, files), so it’s important to watch for these. Integrity monitoring helps with monitoring the system for any changes outside of an authorized change window, which tend to be few for typical production workloads.
    • Log Inspection: Scans log files and provides a continuous monitoring process to help identify threats early in the cycle. Attacks like SQL Injection, command injection, attacks against APIs can be seen in the logs and then action taken.

    The lesson we learn here is that although Linux is a more secure and reliable operating system option, it’s not your cure-all solution when it comes to security. Like any other OS, some assembly and maintenance is required, and it’s your responsibility to adopt a multi-layered security strategy, including managing regular updates and adding additional security controls to protect the servers AND the applications running on them. To learn more about Linux vulnerabilities and how to protect against them using Trend Micro Deep Security, read our short research paper here.

    Related posts:


    Strict Transport Security in MVC: Implementing RequireHstsAttribute – DZone Security #programming, #software #development, #devops, #java, #agile, #web, #iot, #database, #mobile, #big #data, #cloudsecurity,https,asp.net #core,secure #connection


    #

    Strict Transport Security in ASP.NET MVC: Implementing RequireHstsAttribute

    Strict Transport Security in ASP.NET MVC: Implementing RequireHstsAttribute

    Discover how to protect your applications from known and unknown vulnerabilities.

    HTTPS is the core mechanism for accessing web resources in a secure way. One of the limitations of HTTPS is the fact that the user can manually provide a URL which doesn’t contain the proper schema. In most cases, this will result in the application sending a redirect response which will tell the browser to re-request the resource using HTTPS. Unfortunately, this redirect creates a risk of a Man-in-the-Middle attack. Strict Transport Security is a security enhancement which allows web applications to inform browsers that they should always use HTTPS when accessing a given domain.

    Strict Transport Security defines Strict-Transport-Security header with two directives: required max-age and optional includeSubDomains. From the moment the browser receives the Strict-Transport-Security header, it should consider the host as a Known HSTS Host for the number of seconds specified in the max-age directive. Being a Known HSTS Host means that the browser should always use HTTPS for communication. In the initially described scenario (user providing HTTP schema or no schema at all), the browser should cancel the initial request by itself and change the schema to HTTPS. Specifying the includeSubDomains directive means that a given rule applies also to all subdomains of the current domain.

    In order to implement this behavior in an ASP.NET MVC application, we need to fulfill two requirements: issue a redirect when a request is being made with HTTP, and send the header when a request is being made with HTTPS. The first behavior is already available through RequireHttpsAttribute so we can inherit it – we just need to add the second.

    We can now use this attribute, for example, by adding it to our global filters collection.

    From this moment, our application will be enforcing HSTS. But the initial problem still has not been fully resolved – there is still that one redirect which can happen if the application is not accessed over HTTPS the first time. This is why HSTS Preload List has been created. This service allows for submitting domains which should be hardcoded, as Known HSTS Hosts, in the browsers – this removes the risk of that one potential redirect. The service is hosted by Google, but all major browsers vendors have stated that they will be using the submitted list of domains.

    If one wants to include his/her application on the HSTS Preload List, after submitting the domain additional steps needs to be taken. The application must confirm the submission by including preload directive in the Strict-Transport-Security header and fulfill some additional criteria:

    • Be HTTPS only and serve all subdomains over HTTPS.
    • The value of max-age directive must be at least eighteen weeks.
    • The includeSubdomains directive must be present.

    Some small adjustments to our attribute are needed in order to handle this additional scenario.

    Now we have full HSTS support with preloading in an easy to use attribute just waiting to be used in your application. You can find cleaned up source code here .


    Secure File Transfer Software for the Enterprise #linux #secure #file #transfer


    #

    Managed File Transfer

    Secure, Affordable Scalable

    GoAnywhere MFT is an enterprise-level solution that secures, automates and streamlines file transfers for organizations of all sizes. Deployable on-premises, cloud or hybrid environments, this managed file transfer solution helps organizations to achieve regulatory compliance with ease, improve data security and streamline manual processes.

    Managed File Transfer

    Secure FTP

    Encrypt Protect Your File Transfers

    Safeguard sensitive file transfers using strong encryption technology and modern authentication methods with the Secure FTP features in GoAnywhere MFT. The intuitive browser-based interface allows you to easily configure, automate and track all of your inbound and outbound Secure FTP file transfers.

    Secure FTP Information

    Collaboration

    Give employees and partners the tools they need to access, share and collaborate on files from anywhere. Send a single email or collaborate on multiple files with GoAnywhere MFT. Customize to suit your organization with desktop sync, multi-platform support and no subscription fees or file size limitations.

    We provide support for all GoAnywhere products by our own highly trained and dedicated on-staff support team. Have questions or need assistance? Give us a call, visit the forums, drop us an email or initiate a chat. Our Support Team is here for you and ready to help!

    Our customers say it best. Check out our Customer Testimonials .

    “We migrated all our existing file transfers to GoAnywhere. Linoma is very responsive on any questions or issues (which are very few) that we have. I would recommend this to anyone looking for a solid file transfer solution. “

    James W. EMPLOYERS

    CALENDAR | EVENTS

    8:15am – 5:00pm CT

    Featuring discussions on current tech-security issues such as cloud security, email and social media security, VoIP, LAN security, wireless security, USB drives security & more.

    8:00am – 9:00am CT

    Join us for this webinar with research firm Goode Intelligence to explore the proven financial benefits of using a managed file transfer solution.

    A sneak peek into this year’s Gartner Security Risk & Management Summit. Includes some event previews that you won’t want to miss.

    GoAnywhere® Managed File Transfer (MFT) has been Drummond Certified™ for the highest level of AS2 interoperability in the AS2-1Q17 test event.

    Updates to USPS communication methods are coming in August 2017. Read more to learn what’s happening and which methods you’re now allowed to use.

    You may know the “why” behind managed file transfers, but do you know the how? Follow a file’s journey from user to recipient to learn how MFT works.

    Meet Kathryn Anderson from Backbone Consultants, a speaker at our July webinar, Lessons from the Field: 7 Steps to Proactive Cybersecurity.

    Spear phishing can infiltrate companies even if they follow security best practices. Implement these 7 steps to protect your business against attacks.

    Learn how clinics, insurance providers and health system business associate can protect against data breaches.

    What are MFT agents? What’s the difference between traditional managed file transfer deployments and an MFT agent deployment? Find out here.

    Learn where cybersecurity professionals are focusing their efforts in 2017, in this takeaways post overviewing the Cybersecurity Trends Report.

    The 2017 Cybersecurity Trends Report uncovered both shocking and actionable insights about the state of file transfer security.

    4 step guide on how to establish a cybersecurity policy, including templates and examples.

    We sat down with some of this year’s hottest speakers slated to present at COMMON 2017. Here’s what they had to say.