Archive

Category Archives for "Networking"

Microsoft releases only 4 security bulletins, 2 critical, on first 2017 Patch Tuesday

For the first Patch Tuesday of 2017, Microsoft is easing us into it by releasing only four security bulletins, half are of which are rated as critical for remote code execution flaws. In reality, only three of those are for Windows systems!This is the lightest load I can recall Microsoft handing us. It almost feels like this surely can’t be right, but hey – you didn’t want to work hard today anyhow, did you?CriticalMS17-002 resolves a remote code execution flaw in Microsoft Office. Microsoft Word 2016 32-bit and 64-bit editions and Microsoft SharePoint Enterprise Server 2016 are listed as the only affected software versions. The RCE bug is a result of Office software failing to properly handle objects in memory. If an attacker successfully exploited the flaw, and the user had admin rights, the attacker could take control of the box.To read this article in full or to leave a comment, please click here

Microsoft releases only 4 security bulletins, 2 critical, on first 2017 Patch Tuesday

For the first Patch Tuesday of 2017, Microsoft is easing us into it by releasing only four security bulletins, half are of which are rated as critical for remote code execution flaws. In reality, only three of those are for Windows systems!This is the lightest load I can recall Microsoft handing us. It almost feels like this surely can’t be right, but hey – you didn’t want to work hard today anyhow, did you?CriticalMS17-002 resolves a remote code execution flaw in Microsoft Office. Microsoft Word 2016 32-bit and 64-bit editions and Microsoft SharePoint Enterprise Server 2016 are listed as the only affected software versions. The RCE bug is a result of Office software failing to properly handle objects in memory. If an attacker successfully exploited the flaw, and the user had admin rights, the attacker could take control of the box.To read this article in full or to leave a comment, please click here

Tech luminaries team up on $27M AI ethics fund

Artificial intelligence technology is becoming an increasingly large part of our daily lives. While those developments have led to cool new features, they've also presented a host of potential problems, like automation displacing human jobs, and algorithms providing biased results.Now, a team of philanthropists and tech luminaries have put together a fund that's aimed at bringing more humanity into the AI development process. It's called the Ethics and Governance of Artificial Intelligence Fund, and it will focus on advancing AI in the public interest.A fund such as this one is important as issues arise during AI development. The IEEE highlighted a host of potential issues with artificial intelligence systems in a recent report, and the fund seems aimed at funding solutions to several of those problems.To read this article in full or to leave a comment, please click here

IT teams put conversations to work with ChatOps

Chat is an old tool that’s newly popular. From Slack and HipChat to Salesforce Chatter and Microsoft’s new Teams tool (and a myriad of others), these collaboration tools supplement rather than replace enterprise social networks like Yammer or Jive. Microsoft’s Office division director Richard Ellis likens it to the difference between Facebook and WhatsApp: “The chat-based workspace fills a gap where people can talk rapidly, share content and work as a team.”To read this article in full or to leave a comment, please click here(Insider Story)

Iran Leaks Censorship via BGP Hijacks

Last week, we reported via Twitter that the Iranian state telecom TIC hijacked address space containing a number of pornographic websites.  The relevant BGP announcement was likely intended to stay within the borders of Iran, but had leaked out of the country in a manner reminiscent of Pakistan’s block of Youtube via BGP hijack in 2008.  Over the weekend, TIC performed BGP hijacks of additional IP address space hosting adult content as well as IP addresses associated with Apple’s iTunes service.

In addition, in 2015 on this blog we reported that a new DNS root server instance in Tehran was being leaked outside Iran, a situation that was quickly rectified at that time.  Despite the fact that the Tehran K-root is intended to only be accessible within Iran, as we will see below, it is currently being accessed by one of the largest US telecommunications companies.

Iranian BGP-based Censorship

Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites.  Continue reading

IDG Contributor Network: Road Test: Taking a self-driving BMW for a spin—at 60 mph in rush hour traffic

I’ve owned or driven five BMWs in my lifetime. The sixth one drove me.BMW kindly gave me the opportunity to pilot one of its prototype self-driving cars last week at the Consumer Electronics Show (CES) in Las Vegas. And the experience wasn’t one of dawdling around a parking lot, cleverly avoiding a few traffic cones.Driving 60 mph, I commanded a powerful 5 Series, modified, but generally a production-level sedan. I allowed it to drive me for 11 miles along a congested, rush-hour interstate through the center of glittering sin city.To read this article in full or to leave a comment, please click here

Disk-wiping malware Shamoon targets virtual desktop infrastructure

A cybersabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has returned and is able to target server-hosted virtual desktops.The malware, known as Shamoon or Disttrack, is part of a family of destructive programs known as disk wipers. Similar tools were used in 2014 against Sony Pictures Entertainment in the U.S. and in 2013 against several banks and broadcasting organizations in South Korea.Shamoon was first observed during the 2012 cyberattack against Saudi Aramco. It spreads to other computers on a local network by using stolen credentials and activates its disk-wiping functionality on a preconfigured date.To read this article in full or to leave a comment, please click here

Disk-wiping malware Shamoon targets virtual desktop infrastructure

A cybersabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has returned and is able to target server-hosted virtual desktops.The malware, known as Shamoon or Disttrack, is part of a family of destructive programs known as disk wipers. Similar tools were used in 2014 against Sony Pictures Entertainment in the U.S. and in 2013 against several banks and broadcasting organizations in South Korea.Shamoon was first observed during the 2012 cyberattack against Saudi Aramco. It spreads to other computers on a local network by using stolen credentials and activates its disk-wiping functionality on a preconfigured date.To read this article in full or to leave a comment, please click here

iPhone 8 Rumor Rollup: Stainless steel, India standing tough & really going wireless

Enough of the iPhone 10th anniversary celebrations (yes, I'm looking in the mirror here): It's time to channel our collective Apple watching energies into iPhone 8 (not to mention possible iPhone 7s and 7s Plus editions). As Apple CEO Tim Cook said in the company's press release about the 10th anniversary of the original iPhone, "The best is yet to come."Heavy metal rumors The hot rumor this week is that Apple will re-embrace stainless steel, harkening back to its pre-aluminum body iPhone 4 and 4S models. Speculation is that the iPhone 8 will have a bezel-free, 5.8-inch OLED display.To read this article in full or to leave a comment, please click here

Highest paying jobs in the U.S. — techies take backseat to medical pros

Sure, you perform surgery on computer systems every day and are often on call to handle emergency password procedures, but salary-wise my IT professional friends, you are no doctor.LinkedIn Tuesday published its list of the top 20 highest paying jobs (median base salary as reported to LinkedIn Salary) in the United States, and the medical/healthcare field dominates. Tops is Cardiologist, with a median base salary of $356K, followed by Radiologist ($355K), Anesthesiologist ($350K), Surgeon ($338K) and Medical Director ($230K). To read this article in full or to leave a comment, please click here

Worth Reading: Notes on the lawsuit against D-Link

Today, the FTC filed a lawsuit[*] against D-Link for security problems, such as backdoor passwords. I thought I’d write up some notes. The suit is not “product liability”, but “unfair and deceptive” business practices for promising “security”. In addition, they interpret “security” different from the cybersecurity community. This needs to be stressed because right now in our industry, there is a big discussion of product liability, insisting that everything attached to the Internet needs to be secured. People will therefore assume the FTC action is based on “liability”. Instead, all six counts are based upon the fact that D-Link offers its products for securing networks, and claims they are secure. Because they have backdoor passwords, clear-text passwords, command-injection bugs, and public private-keys, the FTC feels the claims of security to be untrue. —Errata Security

The post Worth Reading: Notes on the lawsuit against D-Link appeared first on 'net work.

EdgeConneX expands the edge of the internet with subsea connections

A couple of years ago I wrote about an innovative company called EdgeConneX that was focused on improving the internet experience by extending the internet’s edge into new markets.While there are many content delivery networks and internet optimization companies focused on this task, EdgeConneX’s approach has been to push the actual edge of the internet into new markets. All major U.S. cities, such as Los Angeles, New York and Chicago, are internet edge locations. EdgeConneX has expanded the edge to next tier cities such as Miami, Seattle and San Diego. Its customers are the content providers, media companies and fiber providers that deliver services to consumers and businesses. The vendors that leverage EdgeConneX are able to offer high-quality and faster services at a lower cost compared with backhauling traffic to the next closest point. To read this article in full or to leave a comment, please click here

EdgeConneX expands the edge of the internet with subsea connections

A couple of years ago I wrote about an innovative company called EdgeConneX that was focused on improving the internet experience by extending the internet’s edge into new markets.While there are many content delivery networks and internet optimization companies focused on this task, EdgeConneX’s approach has been to push the actual edge of the internet into new markets. All major U.S. cities, such as Los Angeles, New York and Chicago, are internet edge locations. EdgeConneX has expanded the edge to next tier cities such as Miami, Seattle and San Diego. Its customers are the content providers, media companies and fiber providers that deliver services to consumers and businesses. The vendors that leverage EdgeConneX are able to offer high-quality and faster services at a lower cost compared with backhauling traffic to the next closest point. To read this article in full or to leave a comment, please click here

Fortinet embraces Cisco, HPE, Nokia

Fortinet is adding Cisco, HPE and Nokia to its stable of partners whose security gear can share information with Fortinet products to improve overall security.The company is announcing at its Accelerate 2017 customer conference this week that equipment made by these new partners will integrate into the Fortinet Security Fabric via an API to tighten security in core networks, remote devices and the cloud.The amount of sharing that goes on depends on the individual third-parties’ APIs.Fortigate Security Fabric is woven from Fortinet products that can communicate among each other to find and analyze threats and let admins see their input in a single window. That’s an upgrade from the initial fabric in which IT teams had to switch among the dashboards for the Fortinet products involved.To read this article in full or to leave a comment, please click here

Fortinet embraces Cisco, HPE, Nokia

Fortinet is adding Cisco, HPE and Nokia to its stable of partners whose security gear can share information with Fortinet products to improve overall security.The company is announcing at its Accelerate 2017 customer conference this week that equipment made by these new partners will integrate into the Fortinet Security Fabric via an API to tighten security in core networks, remote devices and the cloud.The amount of sharing that goes on depends on the individual third-parties’ APIs.Fortigate Security Fabric is woven from Fortinet products that can communicate among each other to find and analyze threats and let admins see their input in a single window. That’s an upgrade from the initial fabric in which IT teams had to switch among the dashboards for the Fortinet products involved.To read this article in full or to leave a comment, please click here

Mayer: not so much leaving Yahoo, as taking it with her?

Marissa Mayer is getting ready to say goodbye to Yahoo's board, but not necessarily to the Yahoo brand.The company said in a U.S. Securities and Exchange Commission filing Monday that it will shed almost everything that makes it Yahoo, including its name, when its deal with Verizon closes. If you're a Yahoo shareholder, you might notice the difference, but for Yahoo users, the consequences of Monday's filing are minimal. Yahoo the company has two major assets: a worldwide network of internet portals, and a 15 percent stake in Chinese internet giant Alibaba worth many times that. When a plan to sell off the Alibaba stake ran into tax complications, the company pivoted, instead striking a deal to sell its portals, its brand -- almost everything but the Alibaba stake, in fact -- to Verizon.To read this article in full or to leave a comment, please click here

1 1,989 1,990 1,991 1,992 1,993 3,341