Here’s how the US government can bolster cybersecurity

Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before U.S. Congress, warning it about the dangers of the internet.Unfortunately, the U.S. government is still struggling to act, he said. "You’re just going to keep ending up with the status quo," he said, pointing to the U.S. government's failure to regulate the tech industry or incentivize any change.It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show. Clearly, the U.S. government needs to do more on cybersecurity, but what?  Public and Private sector Perhaps, the need for U.S. action hasn't been more urgent. In last year's election, Russia was accused of hacking U.S. political groups and figures in an effort to influence the outcome.To read this article in full or to leave a comment, please click here

Here’s how the US government can bolster cybersecurity

Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before U.S. Congress, warning it about the dangers of the internet.Unfortunately, the U.S. government is still struggling to act, he said. "You’re just going to keep ending up with the status quo," he said, pointing to the U.S. government's failure to regulate the tech industry or incentivize any change.It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show. Clearly, the U.S. government needs to do more on cybersecurity, but what?  Public and Private sector Perhaps, the need for U.S. action hasn't been more urgent. In last year's election, Russia was accused of hacking U.S. political groups and figures in an effort to influence the outcome.To read this article in full or to leave a comment, please click here

Worth Reading: Putting ARM servers through the paces

When ARM officials and partners several years ago began talking about pushing the low-power chip architecture from our phones and tablets and into the datacenter, the initial target was the emerging field of microservers – small, highly dense and highly efficient systems aimed at the growing number of cloud providers and hyperscale environments where power efficiency was as important as performance. —The Next Platform

The post Worth Reading: Putting ARM servers through the paces appeared first on 'net work.

37% off Garmin Forerunner 225 GPS Running Watch with Wrist-based Heart Rate – Deal Alert

In addition to using GPS to calculate distance and pace, the 225 has a built-in accelerometer. This allows it to capture distance and pace data when you’re running on an indoor track or treadmill, with no need for a separate foot pod accessory.  Forerunner 225 is the first Garmin GPS running watch with wrist-based heart rate. Now you have the option to run without a heart rate strap. The 225 tracks distance, pace and heart rate, and featured activity tracking to count steps and calories all day. The full features Forerunner 225 averages 4 out of 5 stars from over 400 people on Amazon (read reviews), where its typical list price of $220 is currently reduced to the very low price of $139, one of its lowest prices to date. See the deal now on Amazon.To read this article in full or to leave a comment, please click here

IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017

The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.To read this article in full or to leave a comment, please click here

IRS Dirty Dozen: Phishing, phone cons and identity theft lead scam list for 2017

The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge. Just this month the IRS issued another warning about what it called a dangerous, evolving W-2 scams that are targeting corporations, school districts and other public and private concerns.To read this article in full or to leave a comment, please click here

Sphere in spheres

The post Sphere in spheres appeared first on 'net work.

HPE joins Cisco, Juniper with faulty clock technology problem

Hewlett Packard Enterprise is the latest vendor to identify a faulty clocking component of its products that can cause them to crash and not recover. HPE joined Cisco and Juniper in identifying the problem, even going so far as to tap the widely-suspected Intel-based clock element as the cause. In a statement the company said:“To the best of our knowledge, our customers are not experiencing failures due to the Intel C2000 chip, which is deployed on a limited number of our products. We remain committed to assuring the highest quality experience from our solutions and are proactively working with Intel to mitigate any future risk and impact on our customers.” Unlike Cisco and Juniper however, HPE did not identify its affected products nor offer any details as to what customers can do with them should the problem occur.To read this article in full or to leave a comment, please click here

HPE joins Cisco, Juniper with faulty clock technology problem

Hewlett Packard Enterprise is the latest vendor to identify a faulty clocking component of its products that can cause them to crash and not recover.HPE joined Cisco and Juniper in identifying the problem, even going so far as to tap the widely-suspected Intel-based clock element as the cause.In a statement the company said:“To the best of our knowledge, our customers are not experiencing failures due to the Intel C2000 chip, which is deployed on a limited number of our products. We remain committed to assuring the highest quality experience from our solutions and are proactively working with Intel to mitigate any future risk and impact on our customers.” Unlike Cisco and Juniper however, HPE did not identify its affected products nor offer any details as to what customers can do with them should the problem occur.To read this article in full or to leave a comment, please click here

HPE joins Cisco, Juniper with faulty clock technology problem

Hewlett Packard Enterprise is the latest vendor to identify a faulty clocking component of its products that can cause them to crash and not recover. HPE joined Cisco and Juniper in identifying the problem, even going so far as to tap the widely-suspected Intel-based clock element as the cause. In a statement the company said:“To the best of our knowledge, our customers are not experiencing failures due to the Intel C2000 chip, which is deployed on a limited number of our products. We remain committed to assuring the highest quality experience from our solutions and are proactively working with Intel to mitigate any future risk and impact on our customers.” Unlike Cisco and Juniper however, HPE did not identify its affected products nor offer any details as to what customers can do with them should the problem occur.To read this article in full or to leave a comment, please click here

AMD bundles Ashes of the Singularity with FX processors ahead of Ryzen’s launch

The hotly anticipated Ryzen processors are expected to start rolling out in early March, but AMD's still pushing its older FX-series chips folks looking to build a budget gaming PC. Newegg and AMD just revealed a FX processor promotion that bundles a 6- or 8-core chip with the real-time strategy game Ashes of the Singularity: Escalation, the poster child for cutting-edge DirectX 12 technology.To read this article in full or to leave a comment, please click here

AMD bundles Ashes of the Singularity with FX processors ahead of Ryzen’s launch

The hotly anticipated Ryzen processors are expected to start rolling out in early March, but AMD's still pushing its older FX-series chips folks looking to build a budget gaming PC. Newegg and AMD just revealed a FX processor promotion that bundles a 6- or 8-core chip with the real-time strategy game Ashes of the Singularity: Escalation, the poster child for cutting-edge DirectX 12 technology.To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — February 17, 2017

AT&T and Broadcom partner to drive innovation in network hardware.

Show 327: Future Of Networking With Bruce Davie

The Packet Pushers Future of Networking series continues with an interview with Bruce Davie about SDN and the changes that are in store for data center networking. The post Show 327: Future Of Networking With Bruce Davie appeared first on Packet Pushers.

Understanding CNI (Container Networking Interface)

If you’ve been paying attention to the discussions around container networking you’ve likely heard the acronym CNI being used.  CNI stands for Container Networking Interface and it’s goal is to create a generic plugin-based networking solution for containers.  CNI is defined by a spec (read it now, its not very long) that has some interesting language in it.  Here are a couple of points I found interesting during my first read through…

• The spec defines a container as being a Linux network namespace.  We should be comfortable with that definition as container runtimes like Docker create a new network namespace for each container.
• Network definitions for CNI are stored as JSON files.
• The network definitions are streamed to the plugin through STDIN.  That is – there are no configuration files sitting on the host for the network configuration.
• Other arguments are passed to the plugin via environmental variables
• A CNI plugin is implemented as an executable.
• The CNI plugin is responsible wiring up the container.  That is – it needs to do all the work to get the container on the network.  In Docker, this would include connecting the container network namespace back to the host somehow.
• The CNI plugin is responsible for Continue reading

SAP license fees are due even for indirect users, court says

SAP's named-user licensing fees apply even to related applications that only offer users indirect visibility of SAP data, a U.K. judge ruled Thursday in a case pitting SAP against Diageo, the alcoholic beverage giant behind Smirnoff vodka and Guinness beer.The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store."If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case.To read this article in full or to leave a comment, please click here

Intent-Based Security Gains Momentum at RSA

Fortinet, vArmour, and Twistlock give 'intent' some RSA air time.

Insecure Android apps put connected cars at risk

Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could prevent tampering by hackers.Researchers from antivirus vendor Kaspersky Lab took seven of the most popular Android apps that accompany connected cars from various manufacturers and analyzed them from the perspective of a compromised Android device. The apps and manufacturers have not been named.The researchers looked at whether such apps use any of the available countermeasures that would make it hard for attackers to hijack them when the devices they're installed on are infected with malware. Other types of applications, such as banking apps, have such protections.To read this article in full or to leave a comment, please click here

Insecure Android apps put connected cars at risk

Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could prevent tampering by hackers.Researchers from antivirus vendor Kaspersky Lab took seven of the most popular Android apps that accompany connected cars from various manufacturers and analyzed them from the perspective of a compromised Android device. The apps and manufacturers have not been named.The researchers looked at whether such apps use any of the available countermeasures that would make it hard for attackers to hijack them when the devices they're installed on are infected with malware. Other types of applications, such as banking apps, have such protections.To read this article in full or to leave a comment, please click here

Security for Serverless Functions Boils Down to the Basics

You'll have to write things down and (gasp!) talk to people.