Cowboys running back aaalmost adds to our iPhone injury list

Dallas Cowboys running back Darren McFadden nearly worked his way into our next big list of real life ways people have been hurt using their phones.McFadden broke his elbow over Memorial Day weekend and his coach initially told the media that it happened when the running back attempted to catch a falling iPhone. That fit right in with injuries we came across when digging through a recent batch of U.S. Consumer Product Safety Commission data, collected from about 100 hospitals reporting emergency room visits into the National Electronic Injury Surveillance System. We discovered lots of trips and falls, not to mention a few animal bites allegedly caused by ringing phones startling the pets.To read this article in full or to leave a comment, please click here

This tiny device can infect point-of-sale systems and unlock hotel rooms

Millions of point-of-sale systems and hotel room locks can be hacked by temporarily placing a small, inexpensive device several inches away from their card readers.The device, due to be presented Sunday at the DEF CON conference in Las Vegas, is the creation of Weston Hecker, a senior security engineer at Rapid7. It was inspired by MagSpoof, another device created last year by security researcher Samy Kamkar.MagSpoof can trick most standard card readers to believe a certain card was swiped by generating a strong electromagnetic field that simulates the data stored on the card's magnetic stripe. Kamkar presented it as a way to replace all your cards with a single device, but Hecker took the idea and investigated what else could be done with it.To read this article in full or to leave a comment, please click here

This tiny device can infect point-of-sale systems and unlock hotel rooms

Millions of point-of-sale systems and hotel room locks can be hacked by temporarily placing a small, inexpensive device several inches away from their card readers.The device, due to be presented Sunday at the DEF CON conference in Las Vegas, is the creation of Weston Hecker, a senior security engineer at Rapid7. It was inspired by MagSpoof, another device created last year by security researcher Samy Kamkar.MagSpoof can trick most standard card readers to believe a certain card was swiped by generating a strong electromagnetic field that simulates the data stored on the card's magnetic stripe. Kamkar presented it as a way to replace all your cards with a single device, but Hecker took the idea and investigated what else could be done with it.To read this article in full or to leave a comment, please click here

Russia hacks, plunders the U.S. No bullets fired

It seems so simple, and I hope it’s not: Russia has invaded the U.S. and assaulted the U.S. presidential election, and they haven’t fired a single shot.It would seem all roads lead to the Russian government having their fingers in the U.S. Democratic National Committee and the Democratic Congressional Committee. And WikiLeaks now becomes the New New Gun poised at the collective heads of U.S. politicians—by their revelations and their intent.+ Also on Network World: U.S. cyber incident directive follows DNC hack +To read this article in full or to leave a comment, please click here

Russia hacks, plunders the U.S. No bullets fired

It seems so simple, and I hope it’s not: Russia has invaded the U.S. and assaulted the U.S. presidential election, and they haven’t fired a single shot.It would seem all roads lead to the Russian government having their fingers in the U.S. Democratic National Committee and the Democratic Congressional Committee. And WikiLeaks now becomes the New New Gun poised at the collective heads of U.S. politicians—by their revelations and their intent.+ Also on Network World: U.S. cyber incident directive follows DNC hack +To read this article in full or to leave a comment, please click here

Worth Reading: A Game of Pwns

Despite their perpetual status as old news, passwords and their security weaknesses continue to make headlines and disrupt security in ever-expanding ways, and the usual advice about better protection continues to go unheeded or, more worryingly, fails to address the threats any longer. As attacks continue to improve, they show that a cracked password for a given user account often has significant value beyond just the compromised environment. —Cloud Security Alliance

The post Worth Reading: A Game of Pwns appeared first on 'net work.

7 things you need to know about Samsung’s Galaxy Note7

There's a lot to like in Samsung's new Galaxy Note7, which will ship on Aug. 19.  The sharp screen is accentuated by a slight curve on the edges that makes the device easy to handle. It has a snappy, 64-bit processor, and it can rock games and virtual reality with the companion Gear VR headset. Samsung's attention to smaller details makes it a fine device. Here are seven things you need to know about Note7: Many similarities with Galaxy S7 and S7 Edge The Galaxy Note7 is a large-screen version of the Galaxy S7 and S7 Edge, with a 5.7-inch 2560 x 1440-pixel display. The USB-C port is an improvement over S7's micro-USB 2.0 ports. Common features include a 12-megapixel rear camera, 5-megapixel front camera, 802.11ac Wi-Fi, NFC, Bluetooth and wireless charging. The Note7 is pre-loaded with Android 6.0.1, weighs 169 grams and is 7.9 millimeters thick. It has 64GB of internal storage and an SD card slot.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Email at home hurts employees, study finds

Being always-on, along with pressure to answer email out of work hours, is leading to dangerous levels of emotional exhaustion, a study has found. As a result, employees are experiencing burnout, absenteeism and low job productivity.The report suggests that managers are kidding themselves when they think workers checking email at home adds to productivity. The folks are, in fact, feeling like they never left the workspace and aren’t able to mentally detach from work, which is something experts say is necessary for family balance and emotional health.+ Also on Network World: How to avoid becoming overwhelmed with email +To read this article in full or to leave a comment, please click here

Microsoft wins battle for Boeing in war with AWS

Boeing's decision to run its aviation analytics applications on the Azure cloud computing software is a big win for Microsoft, which is chasing Amazon Web Services (AWS) in the high-stakes race to sell computing, storage and other infrastructure software over the internet. The aerospace giant based its choice largely on Microsoft’s willingness to help it develop applications to serve its 300 airline customers, which are starved for ways to optimize fuel efficiency and better manage fleets."The combination of technical acumen and depth, as well as where they're investing and how they're addressing the business customer, really matched up with our objectives," says Andrew Gendreau, director of advanced information solutions at Boeing's digital aviation unit. He tells CIO.com that Microsoft also impressed with its commitment to advancing its Cortana analytics and internet of things suites as well as augmented reality, which could play a big factor modeling aviation modeling.To read this article in full or to leave a comment, please click here

Juniper swallows silicon photonics player Aurrion

With an eye towards better handling bandwidth-ravenous video streaming and data center to data center traffic, Juniper today said it would buy fabless photonics manufacturer Aurrion for an undisclosed price.“We expect that Aurrion’s breakthrough technology will result in fundamental and permanent improvements in cost per bit-per-second, power per bit-per-second, bandwidth density, and flexibility of networking systems,” said Pradeep Sindhu, co-founder and CTO of Juniper Networks wrote in a blog announcing the acquisition.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+To read this article in full or to leave a comment, please click here

They’re back! Car hackers take control of Jeep’s steering and braking

It’s a good thing cars can’t experience emotions or one specific 2014 Jeep Cherokee would be terrified every time security pros Charlie Miller and Chris Valasek come near it. That’s the vehicle they remotely hacked in 2015; now they used the Jeep to show how an attacker can control the steering, accelerator and brakes while the Jeep is driving at high speeds.Granted, this time they were in the vehicle with a laptop physically connected to the CAN network via the diagnostic port. They reverse-engineered the electronic control unit (ECU) firmware, basically knocking it offline, so they could send fake CAN messages to tell the car what to do, such as slam on the brakes, jerk the steering wheel or hit the gas.To read this article in full or to leave a comment, please click here

They’re back! Car hackers take control of Jeep’s steering and braking

It’s a good thing cars can’t experience emotions or one specific 2014 Jeep Cherokee would be terrified every time security pros Charlie Miller and Chris Valasek come near it. That’s the vehicle they remotely hacked in 2015; now they used the Jeep to show how an attacker can control the steering, accelerator and brakes while the Jeep is driving at high speeds.Granted, this time they were in the vehicle with a laptop physically connected to the CAN network via the diagnostic port. They reverse-engineered the electronic control unit (ECU) firmware, basically knocking it offline, so they could send fake CAN messages to tell the car what to do, such as slam on the brakes, jerk the steering wheel or hit the gas.To read this article in full or to leave a comment, please click here

Juniper swallows silicon photonics player Aurrion

With an eye towards better handling bandwidth-ravenous video streaming and data center to data center traffic, Juniper today said it would buy fabless photonics manufacturer Aurrion for an undisclosed price.“We expect that Aurrion’s breakthrough technology will result in fundamental and permanent improvements in cost per bit-per-second, power per bit-per-second, bandwidth density, and flexibility of networking systems,” said Pradeep Sindhu, co-founder and CTO of Juniper Networks wrote in a blog announcing the acquisition.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+To read this article in full or to leave a comment, please click here

Juniper swallows silicon photonics player Aurrion

With an eye towards better handling bandwidth-ravenous video streaming and data center to data center traffic, Juniper today said it would buy fabless photonics manufacturer Aurrion for an undisclosed price.“We expect that Aurrion’s breakthrough technology will result in fundamental and permanent improvements in cost per bit-per-second, power per bit-per-second, bandwidth density, and flexibility of networking systems,” said Pradeep Sindhu, co-founder and CTO of Juniper Networks wrote in a blog announcing the acquisition.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+To read this article in full or to leave a comment, please click here

Video shows off purported iPhone 7 Lightning-connected EarPods

A new video might give a sneak peek at what listening to content on your iPhone 7 will be like if Apple indeed nixes the traditional 3.5mm headphone jack in its next smartphone.Speculation has been rampant this year that Apple is planning to do away with the 3.5mm headphone jack in an effort to slim down its smartphone and perhaps take more control over audio accessories by having its proprietary Lightning connector take over. In fact, a video that surfaced last week features a Lightning-to-3.5mm jack dongle to take the edge off for some users.To read this article in full or to leave a comment, please click here

Introducing the p0f BPF compiler

Two years ago we blogged about our love of BPF (BSD packet filter) bytecode.

CC BY 2.0 image by jim simonson

Then we published a set of utilities we are using to generate the BPF rules for our production iptables: the bpftools.

Today we are very happy to open source another component of the bpftools: our p0f BPF compiler!

Meet the p0f

p0f is a tool written by superhuman Michal Zalewski. The main purpose of p0f is to passively analyze and categorize arbitrary network traffic. You can feed p0f any packet and in return it will derive knowledge about the operating system that sent the packet.

One of the features that caught our attention was the concise yet explanatory signature format used to describe TCP SYN packets.

The p0f SYN signature is a simple string consisting of colon separated values. This string cleanly describes a SYN packet in a human-readable way. The format is pretty smart, skipping the varying TCP fields and keeping focus only on the essence of the SYN packet, extracting the interesting bits from it.

We are using this on daily basis to categorize the packets that we, at CloudFlare, see when we are a target Continue reading

IDG Contributor Network: Adding human experts to IT security with Red Canary

News this morning from cybersecurity company Red Canary, which has just raised $6.1 million by way of a Series A funding round.Red Canary is part of a growing trend in the security world: that of adding real live humans into a security product. The particular space that Red Canary is involved in—managed detection and response—has a few players (SecureWorks and eSentire, to name a couple), all of whom try to subvert the orthodox thinking around cybersecurity with the addition of a human touch.+ Also on Network World: Black Hat: 9 free security tools for defense & attacking +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Adding human experts to IT security with Red Canary

News this morning from cybersecurity company Red Canary, which has just raised $6.1 million by way of a Series A funding round.Red Canary is part of a growing trend in the security world: that of adding real live humans into a security product. The particular space that Red Canary is involved in—managed detection and response—has a few players (SecureWorks and eSentire, to name a couple), all of whom try to subvert the orthodox thinking around cybersecurity with the addition of a human touch.+ Also on Network World: Black Hat: 9 free security tools for defense & attacking +To read this article in full or to leave a comment, please click here

Google fires back at age discrimination lawsuit

Google, in new federal court papers, is rebutting claims of age discrimination and its handling of two older job applicants who were rejected for positions. Google insisted in a court filing Friday that its policies "rigorously forbids discrimination of any kind," including age discrimination. It is fighting an age discrimination lawsuit filed last year by two plaintiffs who were rejected for jobs. Both are over the age of 40. One plaintiff, Cheryl Fillekes, a programmer, filed a motion in June to make this age discrimination lawsuit a "collective action" case for software engineers, site reliability engineers or systems engineers over the age of 40 who applied for a job at Google, but were rejected. That could broaden the case to include thousands of people.To read this article in full or to leave a comment, please click here

Windows 10 Anniversary Update: The good, the bad and the ‘meh’ (with video)

The Windows 10 Anniversary Update has been a year in the making, with more than two dozen public previews made available so that we could get a taste of what was to come. As of August 2nd, it is finally here.This new version will be delivered via Windows Update -- although at the time of writing, it was not yet clear whether it would be available immediately to everyone or whether there would be a slower rollout.So after all the time, all the work and all the hype, how does it stack up? Will it improve Microsoft's one-year-old operating system, or make users regret that they upgraded?To read this article in full or to leave a comment, please click here