Archive

Category Archives for "Networking"

Phishing attacks using internationalized domains are hard to block

The latest version of Google Chrome, released earlier this week, restricts how domain names that use non-Latin characters are displayed in the browser. This change is in response to a recently disclosed technique that could allow attackers to create highly credible phishing websites.The ability to register domain names made up of characters like those found in the Arabic, Chinese, Cyrillic, Hebrew and other non-Latin alphabets dates back over a decade. Since 2009, the Internet Corporation for Assigned Names and Numbers (ICANN) has also approved a large number of internationalized top-level domains (TLDs) -- domain extensions -- written with such characters.To read this article in full or to leave a comment, please click here

Phishing attacks using internationalized domains are hard to block

The latest version of Google Chrome, released earlier this week, restricts how domain names that use non-Latin characters are displayed in the browser. This change is in response to a recently disclosed technique that could allow attackers to create highly credible phishing websites.The ability to register domain names made up of characters like those found in the Arabic, Chinese, Cyrillic, Hebrew and other non-Latin alphabets dates back over a decade. Since 2009, the Internet Corporation for Assigned Names and Numbers (ICANN) has also approved a large number of internationalized top-level domains (TLDs) -- domain extensions -- written with such characters.To read this article in full or to leave a comment, please click here

AES-CBC is going the way of the dodo

A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode.

Today we can safely confirm that this prediction is coming true, as for the first time ever the share of AES-CBC cipher suites on Cloudflare’s edge network dropped below that of ChaCha20-Poly1305 suites, and is fast approaching the 10% mark.

CC BY-SA 2.0 image by aesop

Over the course of the last six months, AES-CBC shed more than 33% of its “market” share, dropping from 20% to just 13.4%.

Ciphers

All of that share, went to AES-GCM, that currently encrypts over 71.2% of all connections. ChaCha20-Poly1305 is stable, with 15.3% of all connections opting for that cipher. Surprisingly 3DES is still around, with 0.1% of the connections.

The internal AES-CBC cipher suite breakdown as follows:

CBC

The majority of AES-CBC connections use ECDHE-RSA or RSA key exchange, and not ECDHE-ECDSA, which implies that we mostly deal with older clients.

RSA is also dying

In other good new, the use of ECDSA surpassed that of RSA at the beginning of the year. Currently more than 60% of all connections use Continue reading

Users’ orders: Make it easier to build hybrid clouds

A funny thing happened on the way to the hybrid cloud: Building the infrastructure was a pain in the neck.That's what enterprise IT people in the Open Networking User Group have discovered Last year, public cloud providers persuaded C-level executives to move significant corporate workloads to the cloud, but the tools weren't there to make it work, said Nick Lippis, co-founder and co-chairman of ONUG."There is a ton of custom work that has to be done," Lippis said.So the user group, which includes IT executives from hundreds of enterprises, chose building hybrid cloud infrastructure as its focus for this year. It will be the main topic at ONUG Spring 2017, taking place next week in San Francisco.To read this article in full or to leave a comment, please click here

Users’ orders: Make it easier to build hybrid clouds

A funny thing happened on the way to the hybrid cloud: Building the infrastructure was a pain in the neck.That's what enterprise IT people in the Open Networking User Group have discovered Last year, public cloud providers persuaded C-level executives to move significant corporate workloads to the cloud, but the tools weren't there to make it work, said Nick Lippis, co-founder and co-chairman of ONUG."There is a ton of custom work that has to be done," Lippis said.So the user group, which includes IT executives from hundreds of enterprises, chose building hybrid cloud infrastructure as its focus for this year. It will be the main topic at ONUG Spring 2017, taking place next week in San Francisco.To read this article in full or to leave a comment, please click here

Researchers build a microprocessor from flexible materials

Researchers have built a primitive microprocessor out of a two-dimensional material similar to graphene, the flexible conductive wonder material that some believe will revolutionize the design and manufacture of batteries, sensors and chips.With only 115 transistors, their processor isn't going to top any benchmark rankings, but it's "a first step towards the development of microprocessors based on 2D semiconductors," the researchers at Vienna University of Technology said in a paper published in the journal Nature this month.To read this article in full or to leave a comment, please click here

DARPA opens massive “Colosseum” to develop radical wireless applications

DARPA today said it the opened unique and massive testbed it will use as a battleground for researchers to build and test autonomous, intelligent and collaborative wireless technologies.Calling it a “magnificent electronic arena” The Colosseum will be primarily used to host the Defense Advanced Research Projects Agency’s $3.75 million three-year Spectrum Collaboration Challenge (SC2), which will pit researchers against each other to develop what the agency calls radically new technologies for “using and managing access to the electromagnetic spectrum in both military and civilian domains.”To read this article in full or to leave a comment, please click here

DARPA opens massive “Colosseum” to develop radical wireless applications

DARPA today said it the opened unique and massive testbed it will use as a battleground for researchers to build and test autonomous, intelligent and collaborative wireless technologies.Calling it a “magnificent electronic arena” The Colosseum will be primarily used to host the Defense Advanced Research Projects Agency’s $3.75 million three-year Spectrum Collaboration Challenge (SC2), which will pit researchers against each other to develop what the agency calls radically new technologies for “using and managing access to the electromagnetic spectrum in both military and civilian domains.”To read this article in full or to leave a comment, please click here

Microsoft updates Office Online Server, announces release schedule

Microsoft announced it intends to stick to a twice-per-year cadence of major releases for Windows 10 and Office. Along with that, it has updated the Office Online Server for data centers.Office Online Server basically lets companies deliver Office Online to their users from their data centers rather than over the internet and from Microsoft’s servers. Microsoft introduced the Office Online Server (OOS) as a successor to Office Web Apps Server 2013.+ Also on Network World: Microsoft ends updates for Windows 7/8.1 on new processors + Office Online is not the same as Office 365. There are differences in the apps, although the core remains the same. One thing different is that Office Online doesn’t use the ribbon in some apps. But the basics—Word, Excel, Powerpoint and OneNote—are all there. Outlook is available only through Outlook.com.To read this article in full or to leave a comment, please click here

Forget signatures for malware detection. SparkCognition says AI is 99% effective  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The notion of detecting malware by looking for malicious file signatures is obsolete. Depending on which source is cited, anywhere from 300,000 to one million new malware files are identified every day.Kaspersky Lab says it finds 323,000 files daily, AV-TEST claims to discover more than 390,000 new malicious programs every day, and Symantec says it uncovers almost a million new threats per day. No matter how you count it, that’s a lot of malicious software being unleased into the wild day after day.To read this article in full or to leave a comment, please click here

Forget signatures for malware detection. SparkCognition says AI is 99% effective  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The notion of detecting malware by looking for malicious file signatures is obsolete. Depending on which source is cited, anywhere from 300,000 to one million new malware files are identified every day.Kaspersky Lab says it finds 323,000 files daily, AV-TEST claims to discover more than 390,000 new malicious programs every day, and Symantec says it uncovers almost a million new threats per day. No matter how you count it, that’s a lot of malicious software being unleased into the wild day after day.To read this article in full or to leave a comment, please click here

75% off Lamicall S1 Cell Phone Dock – Deal Alert

Designed on a low center of gravity makes it stable. The extended hooks keep the phone in safety, and rubber cushions protect the phone from scratches and sliding. Suitable height, perfect angle of view when using Facetime and YouTube, makes it so easy to read message and emails. Compatible with iPhone and Android phones even when they have an added case.  The doc averages 4.8 out of 5 stars from over 4,500 reviewers on Amazon (86% rate a full 5 stars: see reviews), where its typical list price of $36.99 has been reduced 19% to $29.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Worth Reading: An opaque alternative to oblivious cloud analytics

Even as encryption methods and security procedures have improved, the data is still at risk of being attacked through such vulnerabilities as access pattern leakage through memory or the network. It’s the threat of an attack via access pattern leakage that a group of researchers from UC Berkeley wanted to address when they developed an “oblivious” distributed data analytics platform that leverages the hardware enclave technology available in Intel’s Software Guard Extensions (SGX). The sensitive nature of much of the data that is being collected and analyzed in the cloud – from medical and financial data to user information like emails and shopping histories – makes it an attractive target for cyber-criminals, so the need to protect the data in such cloud environments is growing. —The Next Platform

The post Worth Reading: An opaque alternative to oblivious cloud analytics appeared first on rule 11 reader.

MIT selling 8 million coveted IPv4 addresses; Amazon a buyer

MIT is selling half of its 16 million valuable IPv4 addresses – an increasingly scarce stash it has held since the birth of the Internet. While details of the sale have not been made public, at least some of those addresses have already been transferred to Amazon.MIT says it will use the proceeds of the sale to finance its own IPv6 network upgrades and “support activities focused on the future of the Internet and the global cyber-infrastructure.”From an announcement by Next Generation MITnet. Fourteen million of these IPv4 addresses have not been used, and we have concluded that at least eight million are excess and can be sold without impacting our current or future needs, up to the point when IPv6 becomes universal and address scarcity is no longer an issue. The Institute holds a block of 20 times 10^30 (20 nonillion) IPv6 addresses.To read this article in full or to leave a comment, please click here

1 1,741 1,742 1,743 1,744 1,745 3,354