RSA Preview: Companies Are Still Wrestling With AI’s Role in Cybersecurity
Organizations are automating security incident investigations and making use of deception grids to identify breaches more quickly.
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
Why Routers And Switches Don’t Matter Now
Individual routers and switches don't matter. It's time to think of the entire system.Fake News, Loss of Privacy are Hurting the Internet, Mozilla says
The Internet has a case of the sniffles, with several symptoms keeping it from being as robust as it could be, according to a new Internet Health Report from Mozilla.
Major challenges facing the Internet include a collapse of privacy protections, the unabated spread of fake news, and the consolidation of power at giant tech companies, said Mozilla, the nonprofit creator of the Firefox browser and other open-source software.
Many people “have started to argue that technology companies are becoming too dominant; social media has been weaponized as a tool of harassment; our personal information has been stolen; and democratic processes have been undermined by the manipulation of online media and ads,” the report says.
The software maker called on Internet users to take action by learning how to better protect their privacy and to identify misinformation. “We believe the only way to keep the Internet in the hands of all of us is to ask for it, build it, and demand it,” Mark Surman, executive director of the Mozilla Foundation, said by email. “Consumers, governments and technologists need to push for fair competition, open innovation, interoperability and standards so the Internet can evolve in more healthy and humane ways. Continue reading
SevOne SDN Monitoring Platform Eases Transition to Cisco ACI Environments
The 2.0 version of its SDN Monitoring package integrates capabilities from SevOne’s data insights platform to automate operational insight of Cisco ACI environments, during and after its rollout.
The Role of the Network: Cost Center or Business Enabler?
A recent ESG survey revealed enterprise perceptions about networking infrastructure and its corporate value.
Couldn’t Resist: Cheat-Proofing Certifications
Stumbled upon this paragraph on Russ White’s blog:
I don’t really know how you write a certification that does not allow someone who has memorized the feature guide to do well. How do you test for protocol theory, and still have a broad enough set of test questions that they cannot be photographed and distributed?
As Russ succinctly explained the problem is two-fold:
Read more ...Verizon Data Breach Report Finds Ransomware Attacks Double Since 2017
Organized crime groups account for 50 percent of all the attacks analyzed, with nation-state or state-affiliated actors involved in 12 percent.
Measuring ATR
One of the more pressing and persistent problems today is the treatment of fragmented packets. We are seeing a very large number of end-to-end paths that no longer support the transmission of fragmented IP datagrams. What can the DNS do to mitigate this issue?New Research: Organizations Overhauling IT Will Leapfrog Competition
Dell EMC announced the results of a new IT Transformation maturity study surveying 4,000 IT decision makers worldwide Survey data shows transformed companies are 22x more likely to get new products and services to market ahead of the competition 81% of firms agree if they do not embrace IT Transformation, their companies will no longer... Read more →
Mythology about security…
Ed Felton tweeted a few days ago: “Often hear that the reason today’s Internet is not more secure is that the early designers failed to imagine that security could ever matter. That is a myth.”
This is indeed a myth. Much of the current morass can be laid at the feet of the United States government, due to its export regulations around cryptography.
I will testify against the myth. Bob Scheifler and I started the X Window System in 1984 at MIT, which is a network transparent window system: that is, applications can reside on computers anywhere in the network and use the X display server. As keyboard events may be transmitted over the network, it was clear to us from the get-go that it was a security issue. It is in use to this day on Linux systems all over the world (remote X11 access is no longer allowed: the ssh protocol is used to tunnel the X protocol securely for remote use). By sometime in 1985 or 1986 we were distributing X under the MIT License, which was developed originally for use of the MIT X Window System distribution (I’d have to go dig Continue reading
Privacy-Protecting Portable Router: Adding DNS-Over-TLS support to OpenWRT (LEDE) with Unbound
If you want to skip ahead to instructions, scroll to the next section. But I, like a TLS handshake, am very verbose so please enjoy this opener.
Imagine this scenario - I'm at a restaurant and need to have a private phone conversation but unfortunately my phone's battery is drained. To get around this problem, I borrow my friend's phone and dial the number - to protect my privacy I walk outside. When I'm done with the call, I come back inside and return the phone.
Whilst the phone itself doesn't store the coversation I've had, it does have a log of the recently dialed number, if the friend from whom I borrowed the phone wanted to, they could easily see who I actually called - even if they don't specifically know the topic of conversation.
Sometimes, the data about who you've spoken to can tell an aweful lot about the conversation - if someone was to call an emotional support hotline or a debt collector, you could probably infer a lot about the conversation from the caller ID.
When we browse the internet, we use encryption to try and protect the conversations we have. When you connect to a Continue reading