Widespread exploits evade protections enforced by Microsoft EMET

It's bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus (EAF+). The exploits have been recently added to the Angler exploit kit.Angler is one of the most widely used attack tools used by cybercriminals to launch Web-based, "drive-by" download attacks. It is capable of installing malware by exploiting vulnerabilities in users' browsers or browser plug-ins when they visit compromised websites or view maliciously crafted ads.To read this article in full or to leave a comment, please click here

Health insurer dedicates IT group to work with Digital Experience team

Sean Radlich is Manager of Digital Experience at HealthNow New York, one of the leading health insurance companies in upstate New York servicing about a million members. Headquartered in Buffalo, NY, the company operates BlueCross BlueShield of Western New York (Buffalo), BlueShield of Northeastern New York (Albany), Health Now Brokerage Concepts (Blue Bell, PA) and Health Now Administrative Services (across the Northeast US and California). Network World Editor in Chief John Dix recently spoke with Radlich about the organization’s digital initiatives and how his team works with IT. Sean Radlich, Manager of Digital Experience, HealthNow New YorkTo read this article in full or to leave a comment, please click here

Working with JunOs and Optics

Found myself troubleshooting a pesky fibre connection that wouldn’t come up. I was looking for a command that would show me if a light was being received on the interface and found these beauties:

show interfaces diagnostics optics xe-4/1/0

show chassis pic fpc-slot 4 pic-slot 1

The first shows information on light levels on the relevant optic. The second will help you figure out what type of cabling you need to be using. Handy when you don’t know if it should be single or multi mode.

Samsung’s new, water-resistant Galaxy S7 Active survives severe crash tests

Samsung's new Galaxy S7 Active is a toughened-up version of the flagship Galaxy S7 that won't fail if dropped on the ground or in water. The Android smartphone has a 5.1-inch screen with a 2560 x 1440 pixel resolution, and 32GB of storage. It sports a 12-megapixel rear-facing camera and a 5-megapixel front camera. It also has a fingerprint reader, and support for Samsung Pay. The smartphone will be available through AT&T on June 10. You can shell out US$794.99 for the handset, or buy it via AT&T Next, which cuts the price of phones down into monthly installments. AT&T Next also provides options to upgrade the handset at certain intervals.To read this article in full or to leave a comment, please click here

Verizon’s ‘Can you hear me now?’ guy is now selling us Sprint. This is wrong.

Paul Marcarelli – an actor better known as the “Can you hear me now?” guy – spent nine years profiting from a Verizon ad campaign that made his face famous and that phrase a part of the lexicon. That gig ended in 2011.Now he’s begun selling Sprint. In the new commercial he says he switched teams because Sprint’s service has become so wonderful. In real life, we all know he switched because Sprint is now helping him pay his bills. That’s fine. If AT&T had wanted Marcarelli’s services it would be the wonders of AT&T that the actor would be extolling on TV. Here’s the ad: Now there’s absolutely nothing to criticize about an actor earning a living. But that doesn’t mean there’s nothing wrong here.To read this article in full or to leave a comment, please click here

Verizon’s ‘Can you hear me now?’ guy is now selling us Sprint. This is wrong.

Tips from a Network Detective

Put your detective hat on your head and your Network Detective badge on your lapel. It’s times for another installment in the Network Detective Series.

Are we going on our first “case” together? Nope. Not just yet.

In this series I’m not going to be able to always call out every time my “techniques” and “methodologies” steer me one way or the other on a case. But over time you will notice there is a thread in there. A guiding framework and methodology.

So before we go on our first “case” together… I want to pass on to you what are really my major guiding principles for when I’m on a case. The “TOP” tips that I think have the biggest return on your time investment as a Network Detective.

Be Methodical
Know What is Normal (Knowledge is Key)
Get to the “Crime Scene” as Fast as You Can
Have “Crime Scene Maps” that Help and don’t Hinder
Let the Clues and Evidence Guide You
Learn and Improve

Tip #1: Be Methodical

Detection is, or ought to be, an exact science and should be treated in the same cold and unemotional manner.

-Sherlock Continue reading

IDG Contributor Network: Wi-Fi 911: Running with scissors?

Emergency 911 services first materialized in the United States when the Alabama Telephone Company established the service in the sleepy little town of Haleyville on Feb. 16, 1968. At that time, phone companies knew the installation address and phone number of each and every telephone device, and calls were routed based on this information. While seemingly unsophisticated by today’s standards, at the time, it was considered quite a feat of engineering.The process remained valid until Sept. 21 of 1983 when the world changed forever. In a historic decision by the Federal Communications Commission, the Motorola 8000X, the world's first commercially available portable cell phone, was approved for service and personal mobility took on a brand-new meaning. What was the cost of this miraculous technology? For just under $4,000, consumers could ‘cut the cord’ that tethered them to the wall -- a small price to pay for a device that would revolutionize and redefine telecommunications history.To read this article in full or to leave a comment, please click here

Hackers breach social media accounts of Mark Zuckerberg and other celebrities

Over the weekend hackers managed to access Facebook founder Mark Zuckerberg's Twitter and Pinterest accounts, as well as the social media accounts of other celebrities. Someone posted to Zuckerberg’s Twitter feed on Sunday, claiming to have found his password in account information leaked from LinkedIn. A group calling itself the OurMine Team took credit for breaking into Zuckerberg's Twitter, Pinterest and Instagram accounts, but there's no evidence that the Instagram account has been breached. "You were in LinkedIn Database with password 'dadada'," read a message supposedly posted by hackers from Zuckerberg's @finkd Twitter account. To read this article in full or to leave a comment, please click here

Hackers breach social media accounts of Mark Zuckerberg and other celebrities

Why legal departments begrudge the cloud

Legal professionals are by their nature a skeptical and cautious lot, but the sharp rise in cloud-based applications being used by enterprises and law firms, as well as recent high-profile law firm security breaches, has many legal professionals reticent about entering cloud engagements.“The buck stops with the lawyer,” says Michael R. Overly, a partner and intellectual property lawyer focusing on technology at Foley & Lardner LLP in Los Angeles. “You’re trusting the [cloud provider] with how they manage security,” and yet their contract language excuses them from almost all responsibility if a security or confidentiality breach occurs, he says. “One can’t simply go to clients or the state bar association and say the third party caused a breach, so it’s really not our responsibility.”To read this article in full or to leave a comment, please click here

10 security Ted Talks you can’t miss

Security talksImage by ThinkstockWe know you’re busy, that’s why we invested the time to find you the 10 Security TED talks that you really can’t miss. These talks tackle some of the biggest security challenges of our time, from securing medical devices to how cyber-attacks can threaten world peace. Some of them will be given by security experts you know, and other talks here by those who may be new to you. Some are recent, others were recorded years ago, but are just (if not more) relevant today. We think you’ll be better for having taken the time to listen and consider their messages.To read this article in full or to leave a comment, please click here

Every Product Needs to Scale… to a Point

Long time ago in a podcast far far away Greg and Ethan pondered whether networking solutions need to scale or not, and obviously one cannot disagree with their generic conclusion that enterprises need just-good-enough solutions and not Google-scale architectures.

However, do keep in mind that:

Cloud Storage: 7 Key Considerations

Keeping data stored in a hybrid cloud requires careful planning. Here's what to keep in mind.

The Next-Gen Network Engineer

As networks become more defined by software, so too will the engineers that run them.

New products of the week 6.6.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.IntellaFlex HyperEngine Packet ProcessorKey features – APCON’s HyperEngine monitoring solution supports up to 200Gbps throughput and provides a set of monitoring services including ultra-fast deduplication and NetFlow at hyperspeed, with additional features coming later in 2016. More info.To read this article in full or to leave a comment, please click here

New products of the week 6.6.16

5 trends shaking up multi-factor authentication

Perhaps the biggest surprise in our review of nine multi-factor authentication products is that physical tokens are making a comeback. Many IT managers were hoping that software-based tokens, which are easier to deploy and manage, would make hardware tokens extinct.In our review three years ago of two-factor authentication products, the hot new approach was using smartphones as an authentication method via soft tokens, which could be a smartphone app, SMS message or telephony.To read this article in full or to leave a comment, please click here(Insider Story)

9-vendor authentication roundup: The good, the bad and the ugly

Due to numerous exploits that have defeated two-factor authentication, either by social engineering, remote access Trojans or various HTML injection techniques, many IT departments now want more than a second factor to protect their most sensitive logins and assets.In the three years since we last reviewed two-factor authentication products, the market has responded, evolving toward what is now being called multi-factor authentication or MFA, featuring new types of tokens.For this review, we looked at nine products, five that were included in our 2013 review, and four newcomers. Our returning vendors are RSA’s Authentication manager, SafeNet’s Authentication Service (which has been acquired by Gemalto), Symantec VIP, Vasco Identikey Authorization Server, and TextPower’s SnapID app. Our first-timers are NokNok Labs S3 Authentication Suite, PistolStar PortalGuard, Yubico’s Yubikey and Voice Biometrics Group Verification Services Platform.To read this article in full or to leave a comment, please click here

Buyer’s Guide to 9 multi-factor authentication products

Multi factorsSince we last reviewed two-factor authentication products, the market has moved beyond two-factor authentication toward what is now being called multi-factor authentication. One of the key features being new types of hardware-based tokens. Here are individual reviews of nine MFA products. See the full review.To read this article in full or to leave a comment, please click here

« Previous 1 … 2,574 2,575 2,576 2,577 2,578 … 3,443 Next »

Archive

Tip #1: Be Methodical