US DOJ drops child porn case to avoid disclosing Tor exploit

The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen after a judge asked the government to disclose the hacking technique it used to gather evidence."The government must now choose between disclosure of classified information and dismissal of its indictment," the DOJ said in a court filing Friday. "Disclosure is not currently an option."The case involves Jay Michaud, a school administrator from Vancouver, Washington, who was arrested in July 2015 for allegedly viewing child porn images on Playpen. Michaud's case was one of at least 137 cases brought throughout the U.S. in relation to Playpen, a website that operated on the Tor anonymity network and which the FBI managed to seize in 2015.To read this article in full or to leave a comment, please click here

U.S. suspends fast-track H-1B processing, blames backlog

The White House decision to suspend premium processing for H-1B visa holders is being blamed on a visa backlog. It will affect some people seeking visas who may be in need of this fast-track system.The U.S. government is hoping that its decision to suspend premium processing, announced late Friday, leads to an improvement in overall processing times.President Donald Trump has talked about moving to a "merit-based" H-1B system instead of a lottery, but the administration has been mum on details. There is concern within the tech industry about H-1B reform, but the action on premium processing may be unrelated to that. Meanwhile, there are differing views about the value of fast-track processing.To read this article in full or to leave a comment, please click here

Lawmakers try again to stop call center offshoring

Lawmakers in the U.S. Senate and the House reintroduced legislation Thursday intended to impede the offshore outsourcing of call centers.The bills, called the U.S. Call Center and Consumer Protection Act, if approved, would create a list of firms that shift work overseas. Firms on that list would be ineligible for federal grants and loans, and call center workers will be required to disclose their locations. U.S. customers would have the right to request that their calls are transferred to a call center agent physically based in the U.S.To read this article in full or to leave a comment, please click here

IT Resume Makeover: Find focus by building a theme

Do you have trouble establishing a cohesive focus for your resume? That was the case for this IT Resume Makeover candidate, Bhairav Sampath, whose name has been changed for this article. He knew his resume needed to offer some clarity on what he brings to the table.To read this article in full or to leave a comment, please click here(Insider Story)

Why more Chief Strategy and Risk Officers need a seat at the security table

For years the evolving role of chief information security officers has increasingly required them to think more like a chief risk or strategy officer and anticipate cyber threats before they happen. Now a perfect storm is brewing that may finally push risk management and strategy roles to the forefront of cybersecurity.To read this article in full or to leave a comment, please click here(Insider Story)

How microcertifications work for IT job seekers and employers

Organizations struggling to fill high-demand tech roles -- like Linux or cybersecurity, for instance -- often look at certifications to benchmark a candidate's skills and real-world experience and gauge their potential for success on the job. But for job seekers, certifications are expensive, time-consuming and often don't accurately assess the hands-on skills needed to succeed in a role.For many IT job seekers and the organizations that would hire them, microcertifications -- or microcredentials -- are a faster, more affordable and more effective way to achieve the same result and get open jobs filled faster.[ Related story: How unfilled tech jobs impact the US economy ] To read this article in full or to leave a comment, please click here

9% off Vilros Raspberry Pi 3 Complete Starter Kit – Deal Alert

If you're looking to get started with Raspberry Pi, this Raspberry PI Complete Starter Kit comes with everything you need. And right now you'll save some bucks buying it on Amazon with this 9% off deal ($67.99 -- See it now on Amazon). The Vilros kit contains:To read this article in full or to leave a comment, please click here

Okta acquires Stormpath to boost its identity services for developers

Okta has acquired Stormpath, a company that provides authentication services for developers. The deal should help the identity provider improve its developer-facing capabilities.Stormpath offered developers a set of tools for managing user logins for their apps. Rather than building a login system from scratch, developers could call the Stormpath API and have the company take care of it for them. Frederic Kerrest, Okta’s co-founder and Chief Operating Officer, said that the acquisition should help his company build self-service capabilities for developers.While Okta is probably best known for its identity and access management products aimed at businesses’ internal use, the company also operates a developer platform aimed at helping app developers handle user identity. Kerrest said that the developer capabilities are a fast-growing part of Okta’s business, but that its functionality could use some help. That’s where this acquisition comes in.To read this article in full or to leave a comment, please click here

Okta acquires Stormpath to boost its identity services for developers

Okta has acquired Stormpath, a company that provides authentication services for developers. The deal should help the identity provider improve its developer-facing capabilities.Stormpath offered developers a set of tools for managing user logins for their apps. Rather than building a login system from scratch, developers could call the Stormpath API and have the company take care of it for them. Frederic Kerrest, Okta’s co-founder and Chief Operating Officer, said that the acquisition should help his company build self-service capabilities for developers.While Okta is probably best known for its identity and access management products aimed at businesses’ internal use, the company also operates a developer platform aimed at helping app developers handle user identity. Kerrest said that the developer capabilities are a fast-growing part of Okta’s business, but that its functionality could use some help. That’s where this acquisition comes in.To read this article in full or to leave a comment, please click here

BrandPost: IT Professionals Weigh in on Enterprise Automation

IT professionals are singing the praises of automation. It’s a transformative technology practice that allows IT to improve agility and the availability of services while liberating IT staff from time-consuming routine tasks. These are essential factors as organizations transition to digital business.But IT leaders also preach prudence. Automation in IT must be approached with a clear strategy. It must be fully understood, skillfully deployed, and diligently monitored, tested, and optimized.We reached out to influential IT leaders to learn what factors and best practices organizations should consider in order to realize the maximum benefits of automation in the data center. Here’s what they said.To read this article in full or to leave a comment, please click here

Google faces new antitrust investigation in Turkey

Antitrust concerns about Google's tying of its app store and services to use of the Android OS are spreading, as Turkey's Competition Board has opened an inquiry, reversing an earlier decision.Russian search company Yandex filed a complaint with the board in 2015, alleging that Google requires smartphone manufacturers to pre-load Google Play Store, Google Play Services and Google Mobile Services on any Android devices they sell, and to make Google Search the default search provider on those devices.Such behavior would be a concern for Yandex, which offers app store, mobile mapping and search services of its own.To read this article in full or to leave a comment, please click here

Response: Cisco’s Identity Crisis: Complexity, Pride, and SD-WAN

An excellent post from Eyvonne Sharp highlights one of Cisco’s weakest areas, its enduring passion for too many products, too many options, too much complexity:

With that in mind consider Cisco, a company in love with complexity. They’ve built their business making complex systems. Their culture breeds nerd knobs. They’ve built certification tracks — through which many network engineers have built their careers — to develop expert level understanding of their products.

At the same time, engineers operate in a culture were we believe configuration and operational complexity have inherent value. We unconsciously embrace the following logic: Networks are complex. One must be smart to understand networks. I understand networks. Therefore, I’m smart.

We extrapolate this logic and believe that complexity, for complexity’s sake, makes us superior. In truth, our pride has tied gordian knot with complexity and we don’t know how to unravel it.

Using SD-WAN as a use case to highlight Cisco’s love of its own complex technology instead of radically redefining itself. Cisco has limited traction in SD-WAN space because its current technology is hard to design, harder to operate and lacks features. While the business units are doing their best to make it simple, building on Continue reading

Why Automation is Necessary in IT

How to remotely control your Windows 10 computer via Google Chrome

Google provides a free and powerful tool, Chrome Remote Desktop, that lets you connect to and control your Windows 10 computer over the internet. (It also works with Windows 7 and Windows 8.) The computer has to be running Chrome, of course, and you also need a Gmail account to sign in to Chrome in order to use this feature.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 3.6.17

New products of the weekImage by CertaOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.A10 Networks Thunder CFW, with integrated Gi/SGi firewall capabilitiesImage by a10To read this article in full or to leave a comment, please click here

New products of the week 3.6.17

New products of the weekImage by CertaOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.A10 Networks Thunder CFW, with integrated Gi/SGi firewall capabilitiesImage by a10To read this article in full or to leave a comment, please click here

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network. However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.To read this article in full or to leave a comment, please click here(Insider Story)

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network. However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.To read this article in full or to leave a comment, please click here(Insider Story)

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.To read this article in full or to leave a comment, please click here(Insider Story)

Worth Reading: Agile Development and Security

Matthias Luft (a good friend of mine, and a guest speaker in the upcoming Building Next-Generation Data Center course) wrote a great post about the (lack of) security in software development.

The parts I like most (and they apply equally well to networking):