Walks like a Black Duck: Docker’s security teaseware tool unmasked

I read of Docker’s announcement June 6, about a new security vetting online tool for its containers. Yes, it’s a step forward. But it’s not Docker’s.Last week, I received a briefing and did a proof-of-concept test on another SaaS container-checking tool, Black Duck’s Security Checker.  Hmmmm. Docker’s tool quacks like a Black Duck.After some quick queries, I confirmed that these tools are indeed the same.The short of it is this: there are two SaaS front ends pointing to the same tool—Black Duck’s Hub product, which vets, among other things, Docker containers. You get three free tests at Black Duck. However, at Docker, it’s FREE-AS-IN-BEER until Aug. 1, 2016. You pick. It’s subscription-only afterwards, unless the model changes. To read this article in full or to leave a comment, please click here

IDG Contributor Network: LinkedIn data breach still causing problems

Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification and use stronger passwords.Four years later, and the passwords of 117 million accounts were compromised.Worryingly, this came to light only when a hacker put them up for sale, offering data from 167 million accounts in total. If you haven’t changed your LinkedIn password since 2012, you could be at risk. Tech savvy is no protection, as evidenced by the fact that a hacker group used the LinkedIn password dump to hack Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts.To read this article in full or to leave a comment, please click here

IDG Contributor Network: LinkedIn data breach still causing problems

Do you remember back in 2012 when LinkedIn was hacked? Around 6.5 million user passwords were posted on a Russian blog. There was a mandatory password reset for affected users, and LinkedIn released a statement advising people to enable two-step verification and use stronger passwords.Four years later, and the passwords of 117 million accounts were compromised.Worryingly, this came to light only when a hacker put them up for sale, offering data from 167 million accounts in total. If you haven’t changed your LinkedIn password since 2012, you could be at risk. Tech savvy is no protection, as evidenced by the fact that a hacker group used the LinkedIn password dump to hack Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts.To read this article in full or to leave a comment, please click here

Worth Reading: Encryption is a red herring

Spooky rhetorical flourishes have become commonplace in the debate about encrypted communications. We are told that the FBI is “going dark;” that “warrant-proof” communications are proliferating; and that terrorists and criminals are operating en masse and with impunity. But are evildoers really foiling law enforcement’s ability to investigate their crimes? Real Clear Policy

The post Worth Reading: Encryption is a red herring appeared first on 'net work.

Millions of sensitive services exposed on internet reveal most hackable countries

There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on the internet reveal most hackable countries

There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on internet reveal most hackable countries

There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

Millions of sensitive services exposed on the internet reveal most hackable countries

There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here

To Wave 2 or not to Wave 2?

The second wave of wireless networking gear based on the 802.11ac standard – collectively, “wave 2” – is the current cutting edge of Wi-Fi technology. Boasting multi-user MIMO (meaning that it can service multiple client devices using its multiple antennae), wider channels, and a number of other bells and whistles, wave 2 hardware offers more throughput and better handling of multiple connections. But is it really necessary? Generally, connection speeds are limited by other parts of the infrastructure, not the wireless connection. Cutting-edge gear, obviously, comes at a premium price. If the improvements over 802.11ac wave 1 aren’t crucially important to you, some argue, you might be better off skipping wave 2 and waiting for the next wireless standard – 802.11ax – to make it onto shelves.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Troubleshooting Cisco’s ISE without TAC

One thing I have been very passionate about is making secure network access deployments easier, which includes what we like to call serviceability. Serviceability is all about making a product easier to troubleshoot, easier to deploy and easier to use. Ultimately the goal is always customer success.There is a distinct correlation between visibility and success of any NAC project. If you are blind to what's happening, and if you can't easily get to the information that helps figure out what's wrong, it can be very frustrating and also gives the appearance of a poor deployment.My goal of this post is to highlight a lot of the serviceability items Cisco has put into ISE that you may not be aware of. I'll do my best to not only call out the feature or function that was added, but explain why it matters and what version it was added in. To read this article in full or to leave a comment, please click here

HPE invites open-source developers to pitch in on ‘The Machine’

Hewlett Packard Enterprise on Tuesday stepped up its efforts to develop a brand-new computer architecture by inviting open-source developers to collaborate on the futuristic device it calls "The Machine."Originally announced in 2014, The Machine promises a number of radical innovations, including a core design focus on memory rather than processors. It will also use light instead of electricity to connect memory and processing power efficiently, HPE says.A finished product won't be ready for years still, but HPE wants to get open-source developers involved early in making software for it. Toward that end, it has released four developer tools.To read this article in full or to leave a comment, please click here

Featured Interview: Andrew Coleman aka Roger Wilco on his Pica8 Training Course & White Box Networking Experience

Hear first hand experience from Andrew Coleman (aka Roger Wilco) on his Pica8 Training Course.

Cisco: IP traffic will surpass the zettabyte level in 2016

IP traffic will grow in a massive way as 10 billion new devices come online over the next five years. Those are just a couple of the amazing facts found in Cisco’s 11th annual Visual Networking Index look at all things in the communications world. +More on Network World: The most momentous tech events of the past 30 years+To read this article in full or to leave a comment, please click here

Hot security startups to watch

While there’s talk that investment dollars for security startups are getting harder to find, entrepreneurs still manage to deliver a range of hardware, software and services that protect data, networks and corporate reputations.This roundup of 13 such companies that we’re keeping an eye on runs the gamut from cloud security services to fraud prevention to protecting supervisory control and data acquisition (SCADA) and Internet of Things devices.+ SEE LAST YEAR'S LIST of Security startups to watch +To read this article in full or to leave a comment, please click here

Cisco: IP traffic will surpass the zettabyte level in 2016

IP traffic will grow in a massive way as 10 billion new devices come online over the next five years. Those are just a couple of the amazing facts found in Cisco’s 11th annual Visual Networking Index look at all things in the communications world. +More on Network World: The most momentous tech events of the past 30 years+To read this article in full or to leave a comment, please click here

Hot security startups to watch

While there’s talk that investment dollars for security startups are getting harder to find, entrepreneurs still manage to deliver a range of hardware, software and services that protect data, networks and corporate reputations.This roundup of 13 such companies that we’re keeping an eye on runs the gamut from cloud security services to fraud prevention to protecting supervisory control and data acquisition (SCADA) and Internet of Things devices.+ SEE LAST YEAR'S LIST of Security startups to watch +To read this article in full or to leave a comment, please click here

Cisco: IP traffic will surpass the zettabyte level in 2016

IP traffic will grow in a massive way as 10 billion new devices come online over the next five years.Those are just a couple of the amazing facts found in Cisco’s 11th annual Visual Networking Index look at all things in the communications world.+More on Network World: The most momentous tech events of the past 30 years+To read this article in full or to leave a comment, please click here

Cisco: IP traffic will surpass the zettabyte level in 2016

IP traffic will grow in a massive way as 10 billion new devices come online over the next five years. Those are just a couple of the amazing facts found in Cisco’s 11th annual Visual Networking Index look at all things in the communications world. +More on Network World: The most momentous tech events of the past 30 years+To read this article in full or to leave a comment, please click here

Check your BITS, because deleting malware might not be enough

Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after they've been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level.Upon further investigation, the researchers found two rogue jobs registered in BITS, a Windows service that's used by the OS and other apps to download updates or transfer files. The two malicious jobs periodically downloaded and attempted to reinstall the deleted malware.To read this article in full or to leave a comment, please click here

Check your BITS, because deleting malware might not be enough

Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after they've been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level.Upon further investigation, the researchers found two rogue jobs registered in BITS, a Windows service that's used by the OS and other apps to download updates or transfer files. The two malicious jobs periodically downloaded and attempted to reinstall the deleted malware.To read this article in full or to leave a comment, please click here