The secret behind the success of Mirai IoT botnets

There’s no magic behind the success of Mirai DDoS botnets that are made up of IoT devices: the software enabling them is publicly available, which makes it easy for relatively inexperienced actors to create them and turn them loose on anyone.Flashpoint speculates that the attacker in the case of the Dyn DDoS, which had an enormous impact on major Web sites, was the work of low-skilled script kiddies – a frightening prospect that contributes to Trend Micro’s assessment that “the Internet of Things ecosystem is completely, and utterly, broken.”+More on Network World: US Senator wants to know why IoT security is so anemic+To read this article in full or to leave a comment, please click here

Apple’s new MacBook Pro isn’t iPhone-friendly

Apple didn't kill the 3.5mm headphone jack on its new lineup of MacBook Pros, but new design changes to Apple's revamped notebook lineup will undoubtedly irk many customers.Sure, the new Touch Bar looks amazing, and sure, the specs on the new MacBook Pro models certainly warrant getting excited about, but the port situation on the MacBook Pro is a mixed bag.+ Also on Network World: First Look: Apple’s new MacBook Pro lineup, and more + As Phil Schiller explained during today's event, Apple's new MacBook Pros feature four Thunderbolt 3 USB Type-C ports, and conveniently, each of these can be used to charge the machine. Now, USB-C is incredibly versatile, and Apple will use the advanced port for power charging, HDMI and much more.To read this article in full or to leave a comment, please click here

First Look: Apple’s new MacBook Pro lineup, and more

Run your fingers over this!Apple rolled out the newest generation of the MacBook Pro today at a showcase event at the company’s Cupertino campus. Along with – get this – thinner and sleeker construction, Apple’s latest MacBook Pros have had several important features redesigned, and one big new feature added. Have a look.The Touch BarImage by AppleTo read this article in full or to leave a comment, please click here

The FIDO Alliance provides strong authentication for online services  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  For many security professionals, passwords are the scourge of the authentication world, and their death can't come soon enough. Passwords are too often stolen, shared, forgotten or simply too weak or obvious to be effective. According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches involve the use of weak, default or stolen passwords.End users hate passwords too, because they create a bad user experience (UX). We are advised (or forced) to use complex combinations of numbers, characters and symbols that are practically impossible to remember, and we are supposed to have a different password for every system and application we use. Years ago I resorted to a password manager to keep track of my 300+ sets of credentials.To read this article in full or to leave a comment, please click here

The FIDO Alliance provides strong authentication for online services  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  For many security professionals, passwords are the scourge of the authentication world, and their death can't come soon enough. Passwords are too often stolen, shared, forgotten or simply too weak or obvious to be effective. According to the 2016 Verizon Data Breach Investigations Report, 63% of confirmed data breaches involve the use of weak, default or stolen passwords.End users hate passwords too, because they create a bad user experience (UX). We are advised (or forced) to use complex combinations of numbers, characters and symbols that are practically impossible to remember, and we are supposed to have a different password for every system and application we use. Years ago I resorted to a password manager to keep track of my 300+ sets of credentials.To read this article in full or to leave a comment, please click here

Check out these 11 new Windows 10 features Microsoft sneakily revealed

Microsoft was quiet about several planned features in the Creators UpdateImage by Blair Hanley FrankMicrosoft showed off a handful of marquee features for next year's Windows 10 update on Wednesday, but the company sneakily hid 11 more new releases in its sizzle reel preview of the Creators Update. To read this article in full or to leave a comment, please click here

Worth Reading: Implementing multifactor authentication in the enterprise

IT systems must manage users and control access privileges to protect sensitive resources. This function is usually implemented in enterprise networks through authentication (verification of identity), authorization (control of access privileges) and accounting (recording of actions for auditing)—an “AAA” security framework. —Data Center Journal

The post Worth Reading: Implementing multifactor authentication in the enterprise appeared first on 'net work.

A spam-control issue unique to Australia?

A user of Reddit’s section devoted to systems administration yesterday offered up for inspection an F-bomb-laden phishing email that had eluded his company’s spam filter despite the filter having been set to weed out such cursing. Then this exchange ensued: Reddit I also laughed out loud.To read this article in full or to leave a comment, please click here

A spam-control issue unique to Australia?

A user of Reddit’s section devoted to systems administration yesterday offered up for inspection an F-bomb-laden phishing email that had eluded his company’s spam filter despite the filter having been set to weed out such cursing. Then this exchange ensued: Reddit I also laughed out loud.To read this article in full or to leave a comment, please click here

To solve IoT security, look at the big picture, ARM says

The recent DDoS attacks launched from IoT devices demonstrate that the internet of things spans all parts of IT and that most companies deploying it still need a lot of help.That's the message from ARM, the chip design company behind nearly every smartphone and a big chunk of IoT, at its annual TechCon event this week in Silicon Valley.Small, low-power devices like sensors and security cameras are the most visible part of IoT, and they’re right in ARM’s wheelhouse as the dominant force in low-power chips. But on Wednesday, the company highlighted a cloud-based SaaS offering rather than chips or edge devices themselves. IoT depends on back-end capabilities as much as edge devices, and the company wants to play a role in all of it.To read this article in full or to leave a comment, please click here

To solve IoT security, look at the big picture, ARM says

The recent DDoS attacks launched from IoT devices demonstrate that the internet of things spans all parts of IT and that most companies deploying it still need a lot of help.That's the message from ARM, the chip design company behind nearly every smartphone and a big chunk of IoT, at its annual TechCon event this week in Silicon Valley.Small, low-power devices like sensors and security cameras are the most visible part of IoT, and they’re right in ARM’s wheelhouse as the dominant force in low-power chips. But on Wednesday, the company highlighted a cloud-based SaaS offering rather than chips or edge devices themselves. IoT depends on back-end capabilities as much as edge devices, and the company wants to play a role in all of it.To read this article in full or to leave a comment, please click here

Formula One puts you in the Grand Prix with VR and AR

When it comes to cars, there can be little question that Formula 1 is at the bleeding edge, pushing the limits of engineering. So, it is fitting that it is now helping to push the limits of virtual reality (VR) and augmented reality (AR).For the third year running, the motor racing competition's "Official Connectivity Provider," Tata Communications (also the Official Managed Connectivity Supplier of the Mercedes AMG Petronas Formula One Team), operated the F1 Connectivity Innovation Prize — which seeks to leverage F1's legacy of innovation to inspire fans around the world to harness their technical expertise and passion for the sport to drive their own innovation.To read this article in full or to leave a comment, please click here

60% off Anker 60W 10-Port USB Charger – Deal Alert

PowerIQ and VoltageBoost technology combine to provide the fastest possible charge of up to 2.4 amps per port on this charging station from Anker. A total of ten ports pump out 60 watts of power, enabling simultaneous multi-device charging, from smartphones to tablets and everything in between. Built-in safety features protect you and your devices. This powerful 10-port charging station currently averages 5 out of 5 stars from 1,100 people on Amazon (read reviews). Its typical list price has been reduced 60% to $39.99.To read this article in full or to leave a comment, please click here

CIO security lessons: Dark thinking on IoT & exploding enterprise networks

“How many of you or your staff had trouble getting on the internet Friday?”That was how cybersecurity consultant Bryce Austin kicked off his talk Tuesday at SIMposium 2016, a big gathering of CIOs and IT execs at the Mohegan Sun resort in Connecticut, on the "Unintended Consequences of the Internet of Things."Uncomfortable laughter ensued.Austin, who then went on to make attendees even more uncomfortable, swears that even though his session didn't make the original program, it wasn’t added to the agenda as a result of the now notorious IoT-exploiting Dyn DDoS attack that unfolded Friday.To read this article in full or to leave a comment, please click here

Nokia Hit With Q3 Net Loss as Network Buildouts Slow

About that $17B Alcatel-Lucent buy — why didn't that help?

Designer or Architect? It’s A Matter Of Choice

I had a great time at ONUG this past week. I got to hear a lot of great presentations from some great people, and I got a chance to catch up with some friends as well. One of those was Pete Lumbis (@PeteCCDE) who had a great presentation this past spring at Interop. We talked a lot about tech and networking, but one topic he brought up that made me stop and think for a moment was the wide gulf between design and architecture.

Binary Designers

Design is a critical part of an IT project. Things must fit and make sense before the implementors can figure out how to put the pieces together. Design is all about building a list of products and describing how they’ll interact once turned on. Proper design requires you to step away from the keyboard for a moment and think about a bigger picture than just hacking CLI commands or Python code to make some lights start blinking in the right order.

But design is inherently limited. Think about the last design you did, whether it be wireless or networking or even storage. When you start a design, you automatically make assumptions about Continue reading

Reaction: Keith’s Law

Ethan pointed me to this post about complexity and incremental improvement in a slack message. There are some interesting things here, leading me in a number of different directions, that might be worth your reading time. The post begins with an explanation of what the author calls “Keith’s law”—

I am going to paraphrase the version he shared over lunch at the Facebook campus a few years ago and call it Keith’s Law: In a complex system, the cumulative effect of a large number of small optimizations is externally indistinguishable from a radical leap. If you want to do big things in a software-eaten world, it is absolutely crucial that you understand Keith’s Law. —Breaking Smart

The author attributes this to the property of emergence; given I don’t believe in blind emergence, I would attribute this effect to the combined intertwining of many intelligent actors producing an effect that at least many of them probably wanted (the improvement of the complex system), and each of them working in their own spheres to achieve that result without realizing the overall multiplier effect of their individual actions. If that was too long and complicated, perhaps this is shorter and better—

The law of Continue reading

Big Switch Networks, A Career-Launching Company

Qualcomm to Acquire NXP for $38B, the Latest Chip Megamerger

5G meets automotive in a bid to build an IoT powerhouse.

IDG Contributor Network: Securing the breach trumps breach prevention

In my prior posts, I discussed both the changing face of data breaches and the reality distortion field surrounding today’s IT security professionals when they talk about effective ways to combat data breaches. Three things we know for certain, though, is that data breaches are not going away, our adversaries are continuing to innovate and attack, and the costs of a breach are becoming more tangible.Just this month, Verizon claimed the massive hack on Yahoo caused irreparable harm to the tech company in terms of customer trust, possibly allowing the wireless provider to withdraw from or renegotiate the terms of its $4.83 billion acquisition agreement. Also, in October, the U.K. Information Commissioner’s Office hit TalkTalk with more than $400,000 in fines for its 2015 cyber attack.To read this article in full or to leave a comment, please click here