It’s Time For Security Apprenticeships

Breaking into an industry isn’t easy. When you look at the amount of material that is necessary to learn IT skills it can be daunting and overwhelming. Don’t let the for-profit trade school ads fool you. You can’t go from ditch digger to computer engineer in just a few months. It takes time and knowledge to get there.

However, there is one concept in non-technical job roles that feels very appropriate to how we do IT training, specifically for security. And that’s the apprenticeship.

Building For The Future

Apprenticeship is a standard for electricians and carpenters. It’s the way that we train new people to do the work of the existing workforce. It requires time and effort and a lot of training. But, it also fixes several problems with the current trend of IT certification:

  1. You Can’t Get a Job Without Experience – Far too often we see people getting rejected for jobs at the entry level because they have no experience. But how are they supposed to get the experience without doing the job? IT roles paradoxically require you to be cheap enough to hire for nothing but expect you to do the job on day one. Apprenticeships fix Continue reading

Updated Privacy Policy with minor clarifications

As we continue our work related to the upcoming General Data Protection Regulation (GDPR), we have published an updated Privacy Policy for all visitors to our websites. This version makes some minor clarifications to our previous Privacy Policy from August 2017.

We also published a Privacy Policy Frequently Asked Questions (FAQ) list with more details about how we comply with various provisions of the policy. If you have any questions about this, please contact me at [email protected].

See also:

The post Updated Privacy Policy with minor clarifications appeared first on Internet Society.

Keeping Drupal sites safe with Cloudflare’s WAF

Keeping Drupal sites safe with Cloudflare's WAF

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers. This post examines how we protected people against a new major vulnerability in the Drupal CMS, nicknamed Drupalgeddon 2.

Two weeks after adding protection with WAF rule ID D0003 which mitigates the critical remote code execution Drupal exploit (SA-CORE-2018-002/CVE-2018-7600), we have seen significant spikes of attack attempts. Since the 13th of April the Drupal security team has been aware of automated attack attempts and it significantly increased the security risk score of the vulnerability. It makes sense to go back and analyse what happened in the last seven days in Cloudflare’s WAF environment.

What is Drupalgeddon 2

The vulnerability potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could make a site completely compromised.

Drupal introduced renderable arrays, which are a key-value structure, with keys starting with a ‘#’ symbol, that allows you to alter data during form rendering. These arrays however, did not have enough input validation. This means that an attacker could inject a custom renderable array on one of these keys in the form structure.

Continue reading

Stuff The Internet Says On Scalability For April 20th, 2018

Hey, it's HighScalability time:

 

Freeman Dyson dissects Geoffrey West's book on universal scaling laws, Scale. (Image: Steve Jurvetson)

If you like this sort of Stuff then please support me on Patreon. And I'd appreciate if you would recommend my new book—Explain the Cloud Like I'm 10—to anyone who needs to understand the cloud (who doesn't?). I think they'll learn a lot, even if they're already familiar with the basics. 

  • 5x: BPF over iptables; 51.21%: SSL certificates now issued by Let's Encrypt; 15,000x: acceleration from a genomics co-processor on long read assembly; 100 Million: Amazon Prime members; 20 minutes: time it takes a robot to assemble an Ikea chair; 1.7 Tbps: DDoS Attack; 200 Gb/sec: future network fabric speeds; $7: average YouTube earnings per 1000 views; 800 million: viruses cascading onto every square meter of the planet each day; <10m: error in  Uber's GPS enhancement; $45 million: total value of Bitcoin ransomware extortion; 

  • Quotable Quotes:
    • @sachinrekhi: Excited to read the latest Amazon shareholder letter. Amazing the scale they are operating at: 100M prime members, $20B AWS business, >50% of products sold from third-party sellers...Bezos Continue reading

Weekend Reads 042018: Mostly DNS Security Stuff

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. In this post we will look at how one part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information and what you can do to better protect your privacy and security. Although DNS has long been a serious compromise in the privacy of the web, we’ll discuss some simple steps you can take to improve your privacy online. —Stan Adams @CDT

Cloudflare, the internet security and performance services company, announced a new service called “Spectrum.” The service gets its name from the fact that Cloudflare aims to offer DDoS protection for the whole “spectrum” of ports and protocols for its enterprise customers. @Tom’s Hardware

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication. In order to trick Continue reading

2018 Internet Society Board of Trustees Final Election Results & IETF Appointments

The Internet Society Elections Committee is pleased to announce the final results of the 2018 elections for the Board of Trustees. The voting concluded on 9 April 2018. The challenge period (for appeals) was opened on 11 April and closed on 18 April.

There were no challenges filed. Therefore the election results stand:

  • Walid Al-Saqaf has been re-elected to the board by Chapters, and
  • Robert Pepper has been elected by Organization members.

Also, following the process documented in RFC 3677, the Internet Architecture Board has selected and the IETF has confirmed:

  • Gonzalo Camarillo
  • John Levine

to each serve second terms on the board.

The term of office for all 4 of these Trustees will be 3 years, commencing with the 2018 Annual General Meeting of the Internet Society, 29 June – 1 July.

The Elections Committee congratulates all of the new and renewing Trustees. We also extend our thanks again to all the candidates and to everyone who participated in the process this year.

The post 2018 Internet Society Board of Trustees Final Election Results & IETF Appointments appeared first on Internet Society.

The Contradictions Of IBM’s Platform Strategy

The thing about platforms that have a wide adoption and deep history is that they tend to persist. They have such economic inertia that, so long as they can keep morphing and grafting on new technologies, that they persist long after alternatives have emerged and dominated data processing. Every company ultimately wants to build a platform for this reason, and has since the dawn of commercial computing, for precisely this reason, for this inertia – it takes too much effort to change or replace it – is what generates the profits.

It is with this in mind that we contemplate

The Contradictions Of IBM’s Platform Strategy was written by Timothy Prickett Morgan at The Next Platform.

The architectural implications of autonomous driving: constraints and acceleration

The architectural implications of autonomous driving: constraints and acceleration Lin et al., ASPLOS’18

Today’s paper is another example of complementing CPUs with GPUs, FPGAs, and ASICs in order to build a system with the desired performance. In this instance, the challenge is to build an autonomous self-driving car!

Architecting autonomous driving systems is particularly challenging for a number of reasons…

  1. The system has to make “correct” operational decisions at all times to avoid accidents, and advanced machine learning, computer vision, and robotic processing algorithms are used to deliver the required high precision. These algorithms are compute intensive.
  2. The system must be able to react to traffic conditions in real-time, which means processing must always finish under strict deadlines (about 100ms in this work).
  3. The system must operate within a power budget to avoid negatively impacting driving range and fuel efficiency.

So how do you build a self-driving car?

There are several defined levels of automation, with level 2 being ‘partial automation’ in which the automated system controls steering and acceleration/deceleration under limited driving conditions. At level 3 the automated system handles all driving tasks under limited conditions (with a human driver taking over outside of that). By level 5 Continue reading

StayFocusd Extension For Chrome

During the last month or two, I’d gotten into a habit of trawling through Imgur, looking for memes I could spin into humorous tweets about networking. It became a game to see what tweets I could create that people would find funny.

That game was successful, in that I had many tweets that were liked and/or retweeted dozens or, in a few cases, hundreds of times. But there was a downside. I was spending a lot of time on Imgur seeking inspiration. I was also spending a lot of time composing tweets and checking reactions.

I Hurt Myself Today

This led to the familiar cycle of Internet addiction. I was hooked on Twitter…again. I’ve been through this with Twitter off and on for many years now. My use of Imgur was also obsessive, opening the app on my phone multiple times per day and scrolling, scrolling, scrolling while looking for new fodder.

Using social media in the context of addiction is subtly different from simply wasting time. Addiction, for me, means using social media when I didn’t plan to. There’s a compulsion that would drive me to fire up Tweetdeck and check out all of my carefully curated columns, review Continue reading

StayFocusd Extension For Chrome

During the last month or two, I’d gotten into a habit of trawling through Imgur, looking for memes I could spin into humorous tweets about networking. It became a game to see what tweets I could create that people would find funny.

That game was successful, in that I had many tweets that were liked and/or retweeted dozens or, in a few cases, hundreds of times. But there was a downside. I was spending a lot of time on Imgur seeking inspiration. I was also spending a lot of time composing tweets and checking reactions.

I Hurt Myself Today

This led to the familiar cycle of Internet addiction. I was hooked on Twitter…again. I’ve been through this with Twitter off and on for many years now. My use of Imgur was also obsessive, opening the app on my phone multiple times per day and scrolling, scrolling, scrolling while looking for new fodder.

Using social media in the context of addiction is subtly different from simply wasting time. Addiction, for me, means using social media when I didn’t plan to. There’s a compulsion that would drive me to fire up Tweetdeck and check out all of my carefully curated columns, review Continue reading

1 1,415 1,416 1,417 1,418 1,419 3,616