The paranoid user’s guide to Windows 10 privacy

Since its release, a major point of controversy with Windows 10 has been the many ways that it can track your personal activity and gather other data about you. Many people don’t mind sharing personal information in exchange for enabling or enhancing a helpful app or service.To read this article in full or to leave a comment, please click here(Insider Story)

IDG Contributor Network: IT departments becoming ‘obsolete’

Online services and workers choosing the tools they want to work with, rather than employees being dictated to by in-house IT experts, means the IT department’s functions are now primarily redundant, says Japan-based Brother.The printer maker refers to IT departments’ control over technology as “dark days” in its web-based advertorial feature in the British national newspaper the Telegraph in September.To read this article in full or to leave a comment, please click here

IDG Contributor Network: IT departments becoming ‘obsolete’

Online services and workers choosing the tools they want to work with, rather than employees being dictated to by in-house IT experts, means the IT department’s functions are now primarily redundant, says Japan-based Brother.The printer maker refers to IT departments’ control over technology as “dark days” in its web-based advertorial feature in the British national newspaper the Telegraph in September.To read this article in full or to leave a comment, please click here

Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks

The best way to get experience with most jobs or tasks is to do them. It’s difficult to learn how to drive a car without getting behind the wheel. Soldiers need to face the enemy in order to gain combat experience. And IT administrators have to experience and mitigate attacks to learn how to best defend their networks. The problem with these scenarios is that they involve a degree of risk. It’s not all that helpful to learn how to counter a cyberattack if the first one you experience puts your company out of business. That’s where the SafeBreach continuous security validation platform comes in. Deployed as a service, through the cloud or internally, it can show cybersecurity teams exactly where the network vulnerabilities are and how to plug those holes. It can even run wargames so that IT teams can learn the best ways to respond to attacks on their actual networks.To read this article in full or to leave a comment, please click here(Insider Story)

Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks

The best way to get experience with most jobs or tasks is to do them. It’s difficult to learn how to drive a car without getting behind the wheel. Soldiers need to face the enemy in order to gain combat experience. And IT administrators have to experience and mitigate attacks to learn how to best defend their networks.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 10.31.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Atlantis Workspace Infrastructure integrated with CitrixKey features: Atlantis integrated workspace infrastructure into the Citrix management suite. The combination of applications, management and infrastructure into a single PaaS solution will lower cost and complexity for managing virtual workspaces. More info.To read this article in full or to leave a comment, please click here

New products of the week 10.31.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Atlantis Workspace Infrastructure integrated with CitrixKey features: Atlantis integrated workspace infrastructure into the Citrix management suite. The combination of applications, management and infrastructure into a single PaaS solution will lower cost and complexity for managing virtual workspaces. More info.To read this article in full or to leave a comment, please click here

GRE over IPSec Tunnel and NAT Between Cisco and VyOS

The goal of this tutorial is to provide a configuration for Cisco and VyOS network devices with configured PAT (Port Address Translation) that connect two remote sides A and B through point-to-point GRE tunnel encapsulated into a IPsec tunnel. In a previous tutorial we proved that GRE tunnels in conjunction with IPsec tunnels transmit multicast traffic while data integrity, authentication and confidentiality was in place. I also provided a simple configuration of GRE, IPsec tunnel and OSPF routing protocol on the Cisco and VyOS routers. In this tutorial I will go further and provide full configuration of  the all network devices including PAT and access-lists.  

Picture 1 - Network Topology

Topology Description - Side A

Each side has a Layer 2 Cisco switch located in a LAN network. A switch connects hosts to its switchports. Each switchport is assigned to a particular VLAN. For instance, a host PC1 is connected to the switch SW1 and the switchport is assigned to a VLAN 100. Hosts in VLAN 100 (subnet 192.168.1.0/24) have guaranteed access to a remote subnet 192.168.2.0/24 via GRE/IPsec tunnel. A NAT access-list configured on a router R1 ensures that IP address of the host in VLAN 100 is not translated by PAT when a destination address is Continue reading

Black Friday isn’t dead in 2016

The Black Friday 2016 headlines are dire:   ”Is Black Friday dead?”  “Black Friday: Is the commercial holiday dying?” ”Black Friday is Dead, Long Live Black Friday” But no, Black Friday isn’t really dead and oodles of computers, smartphones, video game consoles and TVs will be snapped up at bargain prices on Friday, Nov. 25 itself, as well as pre-Thanksgiving, on Thanksgiving Day and on the Saturdays leading up to Christmas. Oh, yeah, even Cyber Monday will grab stragglers on Nov. 28.To read this article in full or to leave a comment, please click here

FBI doesn’t have a warrant to review new emails linked to Clinton investigation

After seeing reports that the Justice Department is “furious” at FBI Director Comey for telling Congress about new emails potentially related to Hillary Clinton’s private email server and if she disclosed classified information, the Clinton campaign “made it personal” and accused Comey of a smear campaign. Comey, ironically the same FBI guy who recommended no criminal charges for Clinton, is now being treated like her enemy.“It is pretty strange to put something like that out with such little information right before an election,” Clinton said during a rally at Daytona Beach on Saturday. “In fact, it’s not just strange; it’s unprecedented and deeply troubling.” She added, “So we’ve called on Directory Comey to explain everything right away, put it all out on the table.”To read this article in full or to leave a comment, please click here

FBI doesn’t have a warrant to review new emails linked to Clinton investigation

After seeing reports that the Justice Department is “furious” at FBI Director Comey for telling Congress about new emails potentially related to Hillary Clinton’s private email server and if she disclosed classified information, the Clinton campaign “made it personal” and accused Comey of a smear campaign. Comey, ironically the same FBI guy who recommended no criminal charges for Clinton, is now being treated like her enemy.“It is pretty strange to put something like that out with such little information right before an election,” Clinton said during a rally at Daytona Beach on Saturday. “In fact, it’s not just strange; it’s unprecedented and deeply troubling.” She added, “So we’ve called on Directory Comey to explain everything right away, put it all out on the table.”To read this article in full or to leave a comment, please click here

It’s time to rein in social media services

If you run a social networking service then the one thing you don’t want to be considered to be is a publisher. As a publisher, you become responsible for whatever your users care to post which means when they post something that’s illegal in any way, you are as liable as the poster to be prosecuted. On the other hand, as a “platform”, where no editorial control is exercised, a social media service is only obliged to act on content when they received a court order or a DMCA takedown notice. Pixabay This distinction between being a publisher and a platform is crucial to the major social media services because the cost of vetting and policing user-generated content would be prohibitively expensive even if it were possible (every minute, Twitter generates 350,000 tweets while in the same window 510 comments are posted, 293,000 statuses are updated, and 136,000 photos are uploaded to Facebook).To read this article in full or to leave a comment, please click here

Hacking forum cuts section allegedly linked to DDoS attacks

An online hackers' forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday's massive internet disruption. HackForums.net will be shutting down the "Server Stress Testing" section, the site's admin Jesse "Omniscient" LaBrocca said in a Friday posting. "I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down," he wrote. The section was designed to let members offer so-called stress testing services for websites as a way to check their resiliency. However, security firms claim Hack Forums was actually promoting DDoS-for-hire services that anyone can use to launch cyber attacks.To read this article in full or to leave a comment, please click here

Hacking forum cuts section allegedly linked to DDoS attacks

An online hackers' forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday's massive internet disruption. HackForums.net will be shutting down the "Server Stress Testing" section, the site's admin Jesse "Omniscient" LaBrocca said in a Friday posting. "I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down," he wrote. The section was designed to let members offer so-called stress testing services for websites as a way to check their resiliency. However, security firms claim Hack Forums was actually promoting DDoS-for-hire services that anyone can use to launch cyber attacks.To read this article in full or to leave a comment, please click here

Lost thumb drives bedevil US banking agency

A U.S. banking regulator says an employee downloaded a large amount of data from its computer system a week before he retired and is now unable to locate the thumb drives he stored it on.The Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, said the loss represented "a major information security incident" as it reported the case to Congress on Friday.The data was taken in November 2015, but its loss was only discovered in September this year as the agency reviewed downloads to removable media devices in the last two years.The employee in question used two thumb drives to store the information, both of which he is unable to locate, the agency said.To read this article in full or to leave a comment, please click here

Lost thumb drives bedevil US banking agency

A U.S. banking regulator says an employee downloaded a large amount of data from its computer system a week before he retired and is now unable to locate the thumb drives he stored it on.The Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, said the loss represented "a major information security incident" as it reported the case to Congress on Friday.The data was taken in November 2015, but its loss was only discovered in September this year as the agency reviewed downloads to removable media devices in the last two years.The employee in question used two thumb drives to store the information, both of which he is unable to locate, the agency said.To read this article in full or to leave a comment, please click here

Best Deals of the Week, October 24th – October 28th – Deal Alert

Best Deals of the Week, October 24th - October 28th - Deal AlertCheck out this roundup of the best deals on gadgets, gear and other cool stuff we have found this week, the week of October 17th. All items are highly rated, and dramatically discounted.66% off KMASHI 15000mAh External Battery Power BankKMASHI's 15,000mAh power bank can charge any 2 smartphones, tablets or USB devices simultaneously at high speed, and several times over without needing to be recharged. It currently averages 4 out of 5 stars on Amazon from over 7,700 customers (read reviews). With the current 66% discount you can buy it on Amazon for just $17. See it now on Amazon.To read this article in full or to leave a comment, please click here

Microsoft to launch low-end VR headset in December

Apparently Microsoft is not done with hardware introductions. The company plans to bring new low-cost mixed-reality headsets to market through its Windows Holographic platform for as little as $299. The details came out at the big Surface launch event in New York earlier this week, but the news site Polygon got more details from Microsoft Technical Fellow and head of the HoloLens program Alex Kipman.To read this article in full or to leave a comment, please click here

Worth Reading: Seven (more) deadly sins of microservices

It seems like the development community is quite excited about microservices these days, but at OSCON Europe, Daniel Bryant, who is chief scientist at OpenCredo, continued to point out some of the mistakes that architects and administrators routinely make while adopting to this new “Loosely coupled service oriented architecture with bounded contexts,” as Adrian Cockcroft described microservices. —The New Stack

The post Worth Reading: Seven (more) deadly sins of microservices appeared first on 'net work.

Companies complacent about data breach preparedness

The likelihood that companies will experience a security incident continue to rise every year. While most organizations have put a data breach preparedness plan in place to combat such incidents, most executives aren't updating or practicing the plan regularly, according to study released earlier this month."When it comes to managing a data breach, having a response plan is simply not the same as being prepared," Michael Bruemmer, vice president at Experian Data Breach Resolution (which sponsored the study) said in a statement. "Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills."To read this article in full or to leave a comment, please click here