0

Google fixes over 100 flaws in Android, many in chipset drivers

Google released a new batch of Android patches on Wednesday, fixing over 100 flaws in Android's own components and in chipset-specific drivers from different manufacturers.Android's mediaserver component, which handles the processing of video and audio streams and has been a source of many vulnerabilities in the past, is at the forefront of this security update. It accounts for 16 Android vulnerabilities, including 7 critical flaws that can allow an attacker to execute code with higher privileges. The bugs can be exploited by sending specifically crafted audio or video files to users' devices via the browser, email or messaging apps. Because of the repeated mediaserver flaws, Google Hangouts and the default Android Messenger applications no longer pass media to this component automatically.To read this article in full or to leave a comment, please click here

0

Short Cuts

It was going to be a long evening, anyway—the flight check bird was coming in, and both Instrument Landing Systems (ILSs) needed to be tuned up and ready for the test. So we took some downtime, split into two teams, and worked our way through each piece of equipment—Localizer, Glide Slope, each marker in turn, VOR, TACAN—to make certain each was, as far as we could measure, sending the right signals to the right places. If flight check found even the smallest variance off what the ILS systems were supposed to be providing, they could shut the airfield down “until further notice.”

The team I was on was driving across one of the many roads out on the airfield, trying to catch up with the other half of the shop to find out what they had done, and what needed to be done. Off in the distance, we noted someone standing in the middle of a field between the roads, waving vigorously. We changed direction, driving across the bumpy field, through grass as high as the top of the hood (Base Ops was planning a burn, so they’d left the grass to grow a bit higher than normal). As Continue reading

0

RIP: The BlackBerry Classic (and its iconic keyboard) is dead

BlackBerry isn’t giving up on phones with physical keyboards, but the company does appear to be backing off the concept. The company recently announced that it will no longer make the BlackBerry Classic. The handset was first launched in late 2014 as a replacement for the BlackBerry Bold. This may be the end of the Classic handset but it isn't the end of physical keyboards for BlackBerry. The company still produces the Passport, which features a smaller physical keyboard to create more space for the phone’s touchscreen. There's also the Android-based BlackBerry Priv, which has a slide-out keyboard.To read this article in full or to leave a comment, please click here

0

Study: More than 50% of SMBs were breached in the past year

A new study conducted by the Ponemon Institute and sponsored by password management provider Keeper Security analyzed the state of cybersecurity in small and medium-sized businesses (SMBs) and found that confidence in SMB security is shockingly low (just 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective).To read this article in full or to leave a comment, please click here(Insider Story)

0

Study: More than 50% of SMBs were breached in the past year

A new study conducted by the Ponemon Institute and sponsored by password management provider Keeper Security analyzed the state of cybersecurity in small and medium-sized businesses (SMBs) and found that confidence in SMB security is shockingly low (just 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective)."We've conducted many surveys on enterprise cybersecurity in the past but this unique report on SMBs sheds light on the specific challenges this group faces," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. "Considering the size of the SMB market in the United States alone, this information can be useful to diminish the risk of breach to millions of businesses."To read this article in full or to leave a comment, please click here(Insider Story)

0

Microsoft could overtake Amazon in the cloud, Morgan Stanley survey finds

In what could be foreshadowing a momentous shift in the IaaS public cloud computing market, investment bank Morgan Stanley’s survey of CIOs found they’re more likely to use Microsoft Azure compared to Amazon Web Services in the coming years.The results of the survey are noteworthy because since the dawn of the IaaS cloud computing market Amazon Web Services has been seen as the top vendor. Morgan Stanley’s 2016 State of the CIO report shows that could be changing though. Morgan Stanley More CIOs are using Amazon Web Services over Microsoft for IaaS cloud now, but in three years more expect to use Azure over AWS. To read this article in full or to leave a comment, please click here

0

Intel scales back Android development

Android was once a big part of Intel's plans in mobile devices, but the company is now paying much less attention to the OS.Intel is moving away from developing Android for x86 processors used in smartphones, since it is exiting the handset market. The company's commitment to Android development for tablets, however, is also under question.The company still has a strong partnership with Google, with an Intel spokeswoman saying in email, "We continue to work with Google on supporting their OS for different product lines including Chromebooks, tablets and IOT products."To read this article in full or to leave a comment, please click here

0

New Blog: Route-SPF

Johnny Britt has started blogging over at route-spf.net (I guess he’s just going to write about link state… ). He’s just put his first post up, linked below. This one is worth watching for good material.

After being recently promoted to a network architect position, I found myself on google attempting to understand what network architecture was really about. I was in this situation primarily because I couldn’t explain to someone outside of IT what I did. I wasn’t even clear if I could properly explain it to someone in the IT field either. Which brought up the real concern, how can I do my job if I don’t understand what my job is?

The post New Blog: Route-SPF appeared first on 'net work.

0

CFAA anti-hacking law applies to using shared password, appeals court said

Millions of Americans willingly share passwords with family or friends to access devices or accounts, but the Ninth Circuit Court of Appeals said using a willingly shared password is covered under the anti-hacking Computer Fraud and Abuse Act (CFAA).After previously being found guilty of violating the CFAA, David Nosal appealed because he doesn't believe he actually hacked his former employer, Korn/Ferry. Instead, he gained access through passwords that other employees voluntarily shared with him after he left the company and his credentials were revoked.But in a 2-1 decision, the federal appeals court may have set a dangerous precedent that could ultimately affect millions of Americans who use a willingly shared password. Password sharing was not allowed by Korn/Ferry, so Circuit Judge Margaret McKeowin wrote (pdf) that Nosal had acted “without authorization” and, therefore, falls under the CFAA.To read this article in full or to leave a comment, please click here

0

CFAA anti-hacking law applies to using shared password, appeals court said

Millions of Americans willingly share passwords with family or friends to access devices or accounts, but the Ninth Circuit Court of Appeals considered using a willingly shared password to be covered under the anti-hacking Computer Fraud and Abuse Act (CFAA) law.After previously being found guilty, David Nosal appealed since he believed he should not have been found guilty of CFAA as he didn’t actually hack his former employer, Korn/Ferry. Instead, he gained access through passwords that had been voluntarily shared with him by other employees after he left the company and his credentials were revoked.But in a 2-1 decision, the federal appeals court may have set a dangerous precedent which could ultimately affect millions of Americans who use a willingly shared password. Password-sharing was not allowed by Korn/Ferry, so Circuit Judge Margaret McKeowin wrote (pdf) that Nosal had acted “without authorization” and therefore falls under the CFAA.To read this article in full or to leave a comment, please click here

0

Worth Reading: The great 21st century data rush

In the digital age, data is currency and information is the energy that drives the 21st century economy. Today, 46.1 percent of the world’s population is online. These 3.4 billion Internet users collectively generate a significant amount of commercial and personal data that can be stored, collated, and analyzed. This data is the lifeline that charts users’ online identities: it can also be monetized by Internet service providers, social media platforms, and end user applications. As a necessary corollary, control over data and the flow of information has become highly politicized. One who controls this data retains the power to shape the global geopolitical order. -Lawfare

The post Worth Reading: The great 21st century data rush appeared first on 'net work.

0

9 best technology jobs in the U.S.

The best tech jobs in 2016Image by ThinkstockComputers, smartphones, tablets, e-readers -- technology touches every aspect of our daily lives. It facilitates business, communication, travel, entertainment and healthcare, just to name a few, and the industry boasts high salaries and low unemployment rates. The U.S. Bureau of Labor Statistics predicts that technology jobs will grow at a rate of 12 percent this decade, almost twice the growth rate of jobs growth overall. Here, based on the number of projected jobs from 2014 to 2024, the median salary and the unemployment rate are the nine best technology jobs as ranked by US News & World Report. 1. Computer systems analystImage by ThinkstockTo read this article in full or to leave a comment, please click here

0

Finding, retaining IT talent still a struggle

What's the biggest threat to IT organizations today? According to global human resources and staffing solutions firm Randstad Technologies' 2016 Workplace Trends Report, it's the scarcity of skilled talent and an increasingly competitive landscape in which to attract and hire that talent.Of the 2,004 hiring managers and hiring decision makers surveyed between November and December 2015, 55 percent say finding the skilled talent they need is the biggest threat to meeting their revenue or business performance targets in 2016."These results validated for us what we already suspected -- there's absolutely a skills shortage, the war for talent is real, and it's having a corresponding effect on ROI and productivity and on companies' bottom line," says Bob Dickey, group president, technology and engineering, Randstad U.S.To read this article in full or to leave a comment, please click here

0

Spending on public cloud IT infrastructure to hit $23.3 billion

The first quarter of 2016 may have shown some softness in hyperscale cloud service provider (CSP) demand for IT infrastructure products for deployment in cloud environments — server, enterprise storage and Ethernet switches — but it's coming back with a vengeance in the second half, according to the latest forecast from IDC).The IDC Worldwide Quarterly Cloud IT Infrastructure Tracker, released yesterday, forecasts that total spending on IT infrastructure products for deployment in cloud environments will hit $37.1 billion in 2016, an increase of 15.5 percent. IDC forecasts that spending on public cloud IT infrastructure, in particular, will increase by 18.8 percent in 2016 to $23.3 billion.To read this article in full or to leave a comment, please click here

0

Amazon’s amazingly wasteful packaging

“Why did they come in such a big box,” asks my 14-year-old daughter, Emma, who is hopeful she won’t need them – special dental flossers for kids who wear braces – beyond summer’s end. But she needs them now and none were available at my local grocery or two pharmacies, so, I had resorted to Amazon. Two days later, a box big enough to hold a DVD player lands on our doorstep carrying two tiny packages of 24 flossers, the pair wrapped tightly together in more Amazon plastic. The box measures 15.5 by 13 by 3.5 inches.To read this article in full or to leave a comment, please click here

0

Network, host, and application monitoring for Amazon EC2

Microservices describes how visibility into network traffic is the key to monitoring, managing and securing applications that are composed of large numbers of communicating services running in virtual machines or containers.
Amazon Virtual Private Cloud (VPC) Flow Logs can be used to monitor network traffic:

• VPC Flow Logs
• VPC Flow Logs – Log and View Network Traffic Flows

However, there are limitations on the types of traffic that are logged, a 10-15 minute delay in accessing flow records, and costs associated with using VPC and storing the logs in CloudWatch (currently $0.50 per GB ingested, $0.03 per GB archived per month, and possible addition Data Transfer OUT charges).

In addition, collecting basic host metrics at 1 minute granularity using CloudWatch is an additional $3.50 per instance per month.

The open source Host sFlow agent offers an alternative:

1. Lightweight, requiring minimal CPU and memory on EC2 instances.
2. Real-time, up to the second network visibility
3. Efficient, export of extensive set of host metrics every 10-60 seconds (configurable).

This article will demonstrate how to install Host sFlow on an Amazon Linux instance:

$ cat /etc/issue
Amazon Linux AMI release 2016.03

The following commands build the latest Continue reading

0

Tetris comes to Megaprocessor

The game Tetris has gone through many configurations over its 30-plus years in existence (including on an MIT building in in a pumpkin), but perhaps none is more impressive than a Cambridge, England man's version running on a giant homemade computer.The BBC reports on James Newman, who has been building his 33-foot wide, 6-foot high Megaprocessor since 2012, and has shared a series of Youtube videos about the project, including a demo of the behemoth running Tetris.To read this article in full or to leave a comment, please click here

0

21% off SentrySafe Fire-Safe Waterproof File Storage Box – Deal Alert

Where do you store your most important CD's, DVD's, USB drives and documents? Are they protected from fire and water damage, if that "worst-case scenerio" actually happens? SentrySafe's HD4100CG storage box is UL classified with 1/2-hour fire protection and ETL verified 1/2 hour fire protection for CD's, DVD's, USB drivers and memory sticks up to 1550F. It’s also ETL verified waterproof. It measures roughly 11x8 with a 9-inch depth. It currently averages 4.5 out of 5 stars on Amazon from over 300 customers (read reviews) and its list price of $85 has been reduced by 21% to $68. See the discounted SentrySafe HD4100CG Fire-Safe Waterproof File now on Amazon.To read this article in full or to leave a comment, please click here

0

21% off SentrySafe Fire-Safe Waterproof File Storage Box – Deal Alert

Where do you store your most important CD's, DVD's, USB drives and documents? Are they protected from fire and water damage, if that "worst-case scenario" actually happens? SentrySafe's HD4100CG storage box is UL classified with 1/2-hour fire protection and ETL verified 1/2 hour fire protection for CD's, DVD's, USB drivers and memory sticks up to 1550F. It’s also ETL verified waterproof. It measures roughly 11x8 with a 9-inch depth. It currently averages 4.5 out of 5 stars on Amazon from over 300 customers (read reviews) and its list price of $85 has been reduced by 21% to $68. See the discounted SentrySafe HD4100CG Fire-Safe Waterproof File now on Amazon.To read this article in full or to leave a comment, please click here

0

New Tor-powered backdoor program targets Macs

Security researchers have found a new backdoor program that allows attackers to hijack Mac systems and control them over the Tor network.The new malware has been dubbed Backdoor.MAC.Eleanor by researchers from antivirus vendor Bitdefender and is distributed as a file converter application through reputable websites that offer Mac software.The rogue application is called EasyDoc Converter. Once installed it displays a fake interface where users can supposedly drag and drop files for conversion, but which in reality doesn't do anything.In the background, the application executes a shell script that installs multiple malicious components in a folder called “/Users/$USER/Library/.dropbox." The Dropbox name is used to make the malware harder to spot and has nothing to do with the legitimate Dropbox file synchronization software.To read this article in full or to leave a comment, please click here