Sixth-grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the Internet of Things (IoT), it is likely the warning would go in one ear and out the other. But when a sixth-grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

Sixth grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the internet-of-things (IoT), it is as likely as not that the warning would go in one ear and out the other. But when a sixth grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

Sixth grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the internet-of-things (IoT), it is as likely as not that the warning would go in one ear and out the other. But when a sixth grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

36% off iOttie Easy One Touch 2 Car Mount Holder – Deal Alert

Averaging 4.5 out of 5 stars from over 17,000 people on Amazon, this popular smartphone car mount locks and releases the device with just a push of a finger and features a telescopic adjustable arm. iOttie's mount opens to 3.2 inches in width, which makes it compatible with even "Plus" sized phones. The list price of $19.95 has been discounted right now 36% to just $12.75. See this deal on AmazonSee this deal on Amazon.To read this article in full or to leave a comment, please click here

Microsoft to NSA: WannaCry is your fault

Microsoft’s top lawyer has blamed the government’s stockpiling of hacking tools as part of the reason for the WannaCry attack, the worldwide ransomware that has hit hundreds of thousands of systems in recent days.Brad Smith, president and chief legal officer, pointed out that WannaCrypt is based on an exploit developed by the National Security Agency (NSA) and renewed his call for a new “Digital Geneva Convention,” which would require governments to report vulnerabilities to vendors rather than stockpile, sell, or exploit them.To read this article in full or to leave a comment, please click here

Microsoft to NSA: WannaCry is your fault

Microsoft’s top lawyer has blamed the government’s stockpiling of hacking tools as part of the reason for the WannaCry attack, the worldwide ransomware that has hit hundreds of thousands of systems in recent days.Brad Smith, president and chief legal officer, pointed out that WannaCrypt is based on an exploit developed by the National Security Agency (NSA) and renewed his call for a new “Digital Geneva Convention,” which would require governments to report vulnerabilities to vendors rather than stockpile, sell, or exploit them.To read this article in full or to leave a comment, please click here

Regional Internet Exits in Large DMVPN Deployment

One of my readers wanted to implement a large DMVPN cloud with regional Internet exit points:

We need to deploy a regional Internet exits and I’d like to centralize them.  Each location with a local Internet exit will be in a region and that location will advertise a default-route into the DMVPN domain to only those spokes in that particular region.

He wasn’t particularly happy with the idea of deploying access and core DMVPN clouds:

Read more ...

IBM makes leap in quantum computing power

IBM has some new options for businesses wanting to experiment with quantum computing.Quantum computers, when they become commercially available, are expected to vastly outperform conventional computers in a number of domains, including machine learning, cryptography and the optimization of business problems in the fields of logistics and risk analysis.Where conventional computers deal in ones and zeros (bits) the processors in quantum computers use qubits, which can simultaneously hold the values one and zero. This -- to grossly oversimplify -- allows a quantum computer with a 5-qubit processor to perform a calculation for 32 different input values at the same time.To read this article in full or to leave a comment, please click here

Getting started with Calico on Kubernetes

In the last 4 posts we’ve examined the fundamentals of Kubernetes networking…

Kubernetes networking 101 – Pods

Kubernetes networking 101 – Services

Kubernetes networking 101 – (Basic) External access into the cluster

Kubernetes Networking 101 – Ingress resources

My goal with these posts has been to focus on the primitives and to show how a Kubernetes cluster handles networking internally as well as how it interacts with the upstream or external network.  Now that we’ve seen that, I want to dig into a networking plugin for Kubernetes – Calico.  Calico is interesting to me as a network engineer because of wide variety of functionality that it offers.  To start with though, we’re going to focus on a basic installation.  To do that, I’ve updated my Ansible playbook for deploying Kubernetes to incorporate Calico.  The playbook can be found here.  If you’ve been following along up until this point, you have a couple of options.

  • Rebuild the cluster – I emphasized when we started all this that the cluster should be designed exclusively for testing.  Starting from scratch is always the best in my opinion if you’re looking to make sure you don’t have any lingering configuration.  To do that you Continue reading

BrandPost: Solving the Challenge of Multi-Factor Authentication Adoption

With the move to the cloud, and the increasingly hostile threat landscape, protecting the enterprise network using positive user authentication is more critical than ever. However, as security threats multiply and morph, and user devices and locations diversify, multi-factor authentication (MFA) has emerged as a trusted method for preventing misuse.While adopting and deploying MFA solutions requires a careful and thorough approach, with most challenges also come opportunities and potential new benefits. We reached out to influential IT leaders to understand their views regarding adoption of MFA in the cloud era. Here’s what they said:The User Comes FirstTo read this article in full or to leave a comment, please click here

BrandPost: Securing Remote Access to Enterprise Applications Behind the Firewall – Complex, but Solvable

In today’s digital era, a mobile, distributed workforce is common—and growing. According to IDC, the number of mobile workers will rise to more than 105 million by 2020—almost three-quarters of the U.S. workforce. While offering employees this flexibility makes it easier to recruit new job candidates, it has also made securing the corporate network and providing access to enterprise applications behind the firewall more complex than ever.The reasons for this growing complexity go beyond just anywhere, anytime, any device access to corporate data and applications, both on premises and in the cloud. The growing number of devices (employees, customers, or partners) accessing the network from beyond the traditional perimeter has increased the attack surface. The number and variety of cyber threats continue to grow. Compliance and regulations, especially for privacy and protecting customer data, are stricter than ever. Add to this the growing volume of newly connected devices, such as the Internet of Things (IoT), and the remote-access challenge becomes even more daunting.To read this article in full or to leave a comment, please click here

Apple to unveil new iPad Pro while axing the iPad Mini

Apple can try and spin it any way it wants, but the harsh reality remains that iPad sales have been slumping for years. In fact, it's been quite a few years since Apple has seen year-over-year iPad sales growth over the course of a quarter, despite Tim Cook's assertions that the iPad remains the future of computing.That debate aside, there do appear to be some shakeups comings to Apple's iPad lineup, a fact that shouldn't be all that surprising given Cook's remarks regarding the iPad earlier this year. "We've got some exciting things coming on iPad and I'm optimistic about where things are headed," Cook said about three months ago.That being the case, there are reports that Apple at WWDC this year will introduce a brand new 10.5-inch iPad Pro with an edgeless display. Now what makes this particularly intriguing is that Apple will reportedly fit said 10.5-inch display into a form factor no bigger than the current 9.7-inch iPad model. While it's perhaps too soon to say with any certainty, Apple's upcoming edgeless iPad may be Apple's last real chance at injecting a bit of life into its tablet lineup.To read this article Continue reading

Using JSONSchema to Validate input

There are a lot of REST APIs out there. Quite a few of them use JSON as the data structure which allows us to get data in and out of these devices. There are a lot of network focused blogs that detail how to send and receive data in and out of these devices, but I wasn’t able to find anything that specifically talked about validating the input and output of the data to make sure we’re sending and receiving the expected information.

Testing is a crucial, and IMO too often overlooked, part of the Infrastructure as Code movement. Hopefully this post will help others start to think more about validating input and output of these APIs, or at the very least, spend just a little more time thinking about testing your API interactions before you decide to automate the massive explosion of your infrastructure with a poorly tested script. ?

What is JSONSchema

I’m assuming that you already know what JSON is, so let’s skip directly to talking about JsonSchema. This is a pythonlibrary which allows you to take your input/output  and verify it against a known schema which defined the data types you’re expecting to see.

For example, consider Continue reading

Webinar – May 18 – WannaCry Ransomware: Why is it happening and (how) is it going to end?

What is happening with the WannaCry ransomware that has been attacking unpatched Windows computers around the world? How will it all end? What do we need to do collectively to deal with attacks like this? (Hint: Read Olaf's post.)

To learn more and pose questions to a panel of experts, you can join our partners at the Geneva Internet Platform and Diplo Foundation for a webinar on "Decrypting the WannaCry ransomware: Why is it happening and (how) is it going to end?"

Dan York
1 1,835 1,836 1,837 1,838 1,839 3,616