LastPass fixes serious password leak vulnerabilities

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service's users for Google Chrome, Mozilla Firefox and Microsoft Edge.According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user's secure vault.To read this article in full or to leave a comment, please click here

LastPass fixes serious password leak vulnerabilities

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service's users for Google Chrome, Mozilla Firefox and Microsoft Edge.According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user's secure vault.To read this article in full or to leave a comment, please click here

The anatomy of a powerful desktop with an ARM chip

When he was growing up, a dream of Linux pioneer Linus Torvalds was to acquire the Acorn Archimedes, a groundbreaking personal computer with the first ARM RISC chips.But in 1987, Archimedes wasn't available to Torvalds in Finland, so he settled for the Sinclair QL. In the meanwhile, the Archimedes failed and disappeared from the scene, killing any chance for ARM chips to dominate PCs.Since then, multiple attempts to put ARM chips in PCs have failed. Outside of a few Chromebooks, most PCs have x86 chips from Intel or AMD.The domination of x86 is a problem for Linaro, an industry organization that advocates ARM hardware and software. Many of its developers use x86 PCs to compile programs for ARM hardware. That's much like trying to write Windows programs on a Mac.To read this article in full or to leave a comment, please click here

Rough Guide to IETF 98: DNS Privacy and Security, including DNSSEC

Ex-prison guard who was shot 6 times to speak at FCC meeting on contraband cellphones

Thursday morning's FCC meeting promises to be dramatic: It will feature testimony by an ex-prison guard who survived after being shot six times at his South Carolina home as the result of a hit ordered on him hit by an inmate using a contraband cellphone.Capt. Robert Johnson (ret.) of the South Carolina Department of Corrections has become an advocate for putting the clamps on contraband cellphones since that 2010 incident, and he has an ally in new FCC Commissioner Ajit Pai. A year ago Pai and then South Carolina Gov. Nikki Haley co-authored an op-ed piece in USA Today titled "Cellphones are too dangerous for prison."To read this article in full or to leave a comment, please click here

AI, machine learning blossom in agriculture and pest control

Artificial intelligence (AI) is rising in prominence with the proliferation of chatbots, virtual assistants and other conversational tools that companies are using to improve customer service, productivity and operational efficiency. But AI is also helping to automate and streamline tasks in data-intensive industries traditionally ruled by rigorous science and good old-fashioned human analysis.Seed retailers, for example, are using AI products to churn through terabytes of precision agricultural data to create the best corn crops, while pest control companies are using AI-based image-recognition technology to identify and treat various types of bugs and vermin. Such markedly different scenarios underscore how AI has evolved from science fiction to practical solutions that can potentially help companies get a leg up on their competition.To read this article in full or to leave a comment, please click here

iPhone, Mac owners: How to stymie hackers extorting Apple, threatening to wipe devices

Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks."This group is known for getting accounts and credentials, they have gotten credentials in the past," said Lamar Bailey, director of security research and development at Tripwire, of the purported hackers. "But whether they have that many ... who knows?"There's another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.To read this article in full or to leave a comment, please click here

iPhone, Mac owners: How to stymie hackers extorting Apple, threatening to wipe devices

Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks."This group is known for getting accounts and credentials, they have gotten credentials in the past," said Lamar Bailey, director of security research and development at Tripwire, of the purported hackers. "But whether they have that many ... who knows?"There's another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.To read this article in full or to leave a comment, please click here

Worth Reading: Just Press Reboot

After you pass security at Schiphol, Amsterdam’s international airport, go past the Christian Dior boutique and leave the Pretentious and Overpriced Mediocre Chocolate Shop (maybe not the exact name) on your left. On the wall you will see a big red button labeled “Reboot Schiphol.” Just press it in case your flight is delayed. Not really, but that is what Reuters seems to believe. —ACM

The post Worth Reading: Just Press Reboot appeared first on 'net work.

Cisco: IOS security update includes denial of service and code execution warnings

Cisco is warning IOS and IOS EXE users of five security vulnerabilities it rates as “High” that could lead to denial of service attacks or allow an invader to execute arbitrary code on an particular system.The warnings – which include Cisco’s DHCP client, L2TP, Zero Touch Provisioning, HTTP server and Web user interface -- are part of what Cisco says are a twice-yearly bundle of IOS security advisories it issues to keep those users up-to-date on current IOS security issues.To read this article in full or to leave a comment, please click here

Cisco: IOS security update includes denial of service and code execution warnings

Cisco is warning IOS and IOS EXE users of five security vulnerabilities it rates as “High” that could lead to denial of service attacks or allow an invader to execute arbitrary code on an particular system.The warnings – which include Cisco’s DHCP client, L2TP, Zero Touch Provisioning, HTTP server and Web user interface -- are part of what Cisco says are a twice-yearly bundle of IOS security advisories it issues to keep those users up-to-date on current IOS security issues.To read this article in full or to leave a comment, please click here

Google cites progress in Android security, but patching issues linger

The chances of you encountering malware on your Android phone is incredibly small, according to Google.By the end of last year, less than 0.71 percent of Android devices had installed a "potentially harmful application," such as spyware, a Trojan, or other malicious software.That figure was even lower, at 0.05 percent, for Android phones that downloaded apps exclusively from the Google Play store.The internet giant revealed the figures in a new report detailing its efforts to making the Android OS secure. Thanks to better app review systems, the company is detecting and cracking down on more malware.To read this article in full or to leave a comment, please click here

Google cites progress in Android security, but patching issues linger

The chances of you encountering malware on your Android phone is incredibly small, according to Google.By the end of last year, less than 0.71 percent of Android devices had installed a "potentially harmful application," such as spyware, a Trojan, or other malicious software.That figure was even lower, at 0.05 percent, for Android phones that downloaded apps exclusively from the Google Play store.The internet giant revealed the figures in a new report detailing its efforts to making the Android OS secure. Thanks to better app review systems, the company is detecting and cracking down on more malware.To read this article in full or to leave a comment, please click here

New opportunities for augmented reality

Augmented reality, virtual reality and mixed reality are three realities that exist on the reality-virtuality continuum—and they are probably the three terms you have heard again and again.  However, there is a fourth reality you probably haven’t heard of—diminished reality.Diminished reality can be thought of as the opposite of augmented reality. Augmented reality (AR) enhances our reality by overlaying digital elements like 3D models on the physical world.  Contrary to that, diminished reality (DR) diminishes parts of the physical world. It removes unwanted objects in our view.To read this article in full or to leave a comment, please click here

Know your encryption workarounds: a paper

As The 21st Century Encryption Wars continue with no end in sight, security experts Bruce Schneier and Orin Kerr have collaborated on a paper that seeks to establish a common understanding of one aspect of the clash: encryption workarounds.  The authors consciously avoid policy recommendations, but rather hope to better the understanding of those who will do so in our political and law enforcement arenas.From the paper’s abstract: The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target's data that has been concealed by encryption. This essay provides an overview of encryption workarounds. It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.To read this article in full or to leave a comment, please click here

Know your encryption workarounds: a paper

As The 21st Century Encryption Wars continue with no end in sight, security experts Bruce Schneier and Orin Kerr have collaborated on a paper that seeks to establish a common understanding of one aspect of the clash: encryption workarounds.  The authors consciously avoid policy recommendations, but rather hope to better the understanding of those who will do so in our political and law enforcement arenas.From the paper’s abstract: The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target's data that has been concealed by encryption. This essay provides an overview of encryption workarounds. It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.To read this article in full or to leave a comment, please click here

CenturyLink Surges Forward with Its Own Version of CORD

It’s not using the ONOS controller for its CORD project.

Google Invests in Storage Innovator Avere

Avere earned its chops in flash-based storage.

Is MPLS mandatory for Traffic Engineering?

Is MPLS mandatory for Traffic Engineering? What is Traffic Engineering in the first place  ? Wikipedia defines traffic engineering as below. ” Internet traffic engineering is defined as that aspect of Internet network engineering dealing with the issue of performance evaluation and performance optimization of operational IP networks.” So we are managing the performance with […]

The post Is MPLS mandatory for Traffic Engineering? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Open19’s Goal: Create an Open Standard for Data Center Infrastructure

LinkedIn created the open source project, and Cumulus is an early contributor.