Laptop updaters riddled with security holes

A recent test of pre-installed updater software on 10 laptops showed that every single one had security problems."We went and bought about 10 laptops," said Darren Kemp, security researcher at Duo Security. "And every single vendor had their own piece of software to perform software updates, including the Microsoft Signature Editions, and they were all pretty terrible."For example, some laptop manufacturers weren't using encryption in their updaters."We found exploitable vulnerabilities in every vendor," he said.We found exploitable vulnerabilities in every vendor. Darren Kemp, security researcher at Duo SecurityTo read this article in full or to leave a comment, please click here

Laptop updaters riddled with security holes

A recent test of pre-installed updater software on 10 laptops showed that every single one had security problems."We went and bought about 10 laptops," said Darren Kemp, security researcher at Duo Security. "And every single vendor had their own piece of software to perform software updates, including the Microsoft Signature Editions, and they were all pretty terrible."For example, some laptop manufacturers weren't using encryption in their updaters."We found exploitable vulnerabilities in every vendor," he said.We found exploitable vulnerabilities in every vendor. Darren Kemp, security researcher at Duo SecurityTo read this article in full or to leave a comment, please click here

80% off XML & Ajax Programming Bootcamp – Deal Alert

Add These Critical Skills to Your Coding Resume with 34 Hours of Training. Discounted for a limited time from $199 to just $39.

IDG Contributor Network: Alibaba invests in ecommerce search game

Ecommerce vendors are increasingly under pressure to deliver the most relevant products to site visitors. As choices available to consumers increase, so too does the requirement to filter the myriad of options and offer the most relevant products in response to a consumer's search. It is for this reason that ecommerce search tools from companies such as SLI Systems are increasingly important.Another player in the space is stealth Israeli company Twiggle. Twiggle combines the buzzwords du jour—machine learning, artificial intelligence and natural language processing—and delivers them within the context of ecommerce search.To read this article in full or to leave a comment, please click here

Startup Nervana joins Google in building hardware tailored for neural networks

At the MIT EmTech Digital conference, startup Nervana announced plans to design and build a custom ASIC processor for neural networks and machine learning applications that the company’s CEO, Naveen Rao, claims will run 10 times faster than graphic processor units (GPU).The news comes after Google last week announced it had secretly deployed its neural network and machine-learning-tailored processors in its data centers about a year ago. The company reported that its custom processor had improved performance by an order of magnitude. Google’s approach and improvements in performance validate Nervana’s technical strategy.To read this article in full or to leave a comment, please click here

65 million Tumblr account records are up for sale on the underground market

A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.To read this article in full or to leave a comment, please click here

65 million Tumblr account records are up for sale on the underground market

A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Components of modern hacking operations

During my conversations with security executives, a topic that consistently comes up is what, exactly, constitutes a modern hacking operation. Security professionals understand they’re no longer facing script kiddies who lack a comprehensive plan. However, they’re also not fully aware of how detail-oriented adversaries are when developing an attack campaign.Today’s hacking operations are well-organized and developed by well-funded teams of highly trained adversaries who have diverse experiences and backgrounds. In fact, attack planning is handled like a business operation and includes hiring plans, budgets and timelines.To help security professionals better understand the attacks they’re facing, I thought I’d share some of my observations on the work that goes into planning a hack.To read this article in full or to leave a comment, please click here

Cisco’s evolution: Technology and branding changes over the years

From niche router vendor to all things networkingCisco’s new campaign “There’s Never Been A Better Time” urges everyone to consider how the network can solve the world’s biggest problems. The company is on a mission to change the world, but it didn’t start out that way. As Cisco evolved from a niche router vendor to the de facto standard for all things networking, so too has its message to the world.    To read this article in full or to leave a comment, please click here

The Dell-EMC Merger: 7 Challenges

Overclockers have pushed Intel’s new Broadwell chip to 5.7GHz

Intel's new 10-core Broadwell-E gaming chip is only a few hours old, but already overclockers have pushed a 3GHz version of the chip to 5.7GHz and they say they're only just getting started.Overclocking is the process by which software commands and extreme cooling are used to push processors to run faster than they are typically designed to run -- the chip equivalent of putting your foot on the gas and flooring it while keeping your car under control.At an overclocking event at the Computex trade show in Taipei on Tuesday, large tanks of liquid nitrogen stood on the ready to help overclockers keep the processors cool.To read this article in full or to leave a comment, please click here

Review: Hot new tools to fight insider threats

In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.To read this article in full or to leave a comment, please click here(Insider Story)

3 top tools to fight insider threats

Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here

3 top tools to fight insider threats

Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here

Review: Hot new tools to fight insider threats

In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.An entire industry has sprung up to provide a defense against insider threats. We tested products from Fortscale, Avanan, and PFU Systems, with each one concentrating on a different aspect of the problem.To read this article in full or to leave a comment, please click here(Insider Story)

Is XMPP Control- or Management-Plane Protocol?

My readers are consistently asking me whether XMPP and OVSDB are control- or management-plane protocols (to make matters worse, publicly available information tends to be confusing).

For example, one of them wrote…

Intel beefs up VR ammo with Extreme Edition Core i7 chips

Intel considers virtual reality a key growth vector as it reshapes to survive in a post-PC world, and new Core i7 Extreme Edition chips will play a big role in that transition.The new chips, code-named Broadwell-E, are speed demons with up to 10 cores, a new high for Intel PC chips. Primarily for gaming PCs, the new chips will also go in desktops certified to work with headsets like Oculus Rift and HTC Vive.The Core i7-6900 series and 6800 series chips are targeted at enthusiasts looking for the latest and greatest technologies in PCs. These chips can be overclocked and unlocked, which could instantly upgrade PC performance by cranking up CPU frequency.To read this article in full or to leave a comment, please click here

VRRP Skew Time (and always be learning…)

It’s funny how you can work with something for years, but miss a small detail. This week I learnt about Skew Time for VRRP. The reason for it is completely obvious once you think about it, but for some reason the detail had escaped me for all these years.

VRRP Hellos

VRRP sends out a “hello” multicast every <hello> seconds. Usually this is something like every 1 or 3 seconds. Unlike HSRP, only the current master sends out hello messages. This contains the current master priority & status.

The backup devices listen out for this hello message. If they think they have a higher priority, or if they fail to hear the hello message, they will assume the role of master.

Down Interval

Changing from backup to master because of one missed hello could cause network instability. There’s a common rule used for all keepalive-type messages, where backup devices will wait for three missed polls/keepalives before declaring something ‘down.’

VRRP is similar. It waits three poll intervals before declaring the master ‘down,’ and attempting to Continue reading

Worth Reading: Plumgrid, Cumulus, and SDN

With the advent of Software Defined Networking, enterprises are able to manage their network through a series of abstracted layers, offering a flexibility that was out of reach even 10 years ago. While this may seem futuristic to some, SDN is quickly becoming the new standard when working with containers, networks, and VMs at scale. The New Stack

The post Worth Reading: Plumgrid, Cumulus, and SDN appeared first on 'net work.

Can != Should, Is != Ought

Maybe I’m getting too old for my own good. Or maybe studying philosophy is making me older. Here in the US, though, it is Memorial Day, a day where people normally grill burgers and dogs, throw a few back, and forget to ask why. It’s just another day off, and days off are good for—well, for something.

Memorial Day, in the US, stands in memorial for those who fought—and, specifically died—for our freedom. But what is freedom? In my world, there are two types of freedom: freedom from, and freedom to. Two pieces this week made me think through this difference once again, and how we are increasingly confusing the two concepts.

But the big thing that changed this week is a Google home device is no longer a theoretical possibility. It’s here. And on a sunny day at the outdoor amphitheater, just a half mile away from the Googleplex, the audience watched as a video showed the device at work in the home of a typical American family. There was laughter when the dad broadcast his playlist into every room in the home, waking up his sleeping children — and then later remotely turned on the lights to make Continue reading