Dumb passwords: The 2016 Oscars Edition

In 2015, the world’s stupidest people chose Star wars-related passwords like “princess,” “solo” and “starwars.” So let’s watch PCWorld’s Jon Phillips pick even dumber movie-related passwords for 2016.

Health insurer loses 6 hard-disk drives with records of 95,000 customers

Health insurer Centene Corp. said six hard disk drives with personal health information on 95,000 of its customers have gone missing."While we don't believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives," Centene CEO Michael Neidorff said in a statement.Centene, a Fortune 500 company that reported $16 billion in revenue in 2014, operates health plans for 2.9 million members in 21 states.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The hard drives contained the personal health information of customers who received laboratory services from 2009 to 2015. The personal information on its customers includes their name, address, date of birth, Social Security number, member ID number and health information.To read this article in full or to leave a comment, please click here

11 cloud trends that will dominate 2016

Along with social, mobile and analytics, cloud technologies and models have earned a place as one of the core disruptors of the digital age. And while the cloud market has matured over the years, its interaction with the rapidly growing data and analytics landscape suggests there are plenty more disruptive opportunities for cloud in 2016. As 2016 gets underway, five insiders share their predictions for what 2016 holds in store for the cloud.[ Related: It’s a hybrid cloud world, and we’re all just living in it ]To read this article in full or to leave a comment, please click here

IDG Contributor Network: Protecting against the next great heist by encrypting in-transit data

Cast your mind back to the last time you were offline – not just when your connection was down, but a time when you were truly, unequivocally disconnected. That time may have been spent sending letters, physically going into a bank to make a deposit or withdrawal, and actually meeting with people to share information.Nowadays, we're far more efficient thanks to our reliance on connectivity and the network. During the past 20 years or so, information has evolved in line with the network, and become largely a digital commodity that can be sent and received with the click of a mouse. Electronic communications now cross organizations and oceans with relative ease, in volumes that seemed unfathomable during the days when postal mail was king. But all of this need for connectivity comes with a downside: criminal elements seeking to steal that data – and make no mistake, something as seemingly innocent as a personal email can be as valuable to a criminal as a bank transaction.To read this article in full or to leave a comment, please click here

Solving NFV Operational Challenges With NFV’s Own Strengths

Turn operational challenges into opportunities, taking advantage of NFV’s strengths.

What U.S. cities are most prone to malware infections, and why?

An anti-malware vendor has released a list of the 20 most infected cities around the U.S. in terms of malware, and the trend appears to be that cities not known for being technology centers are getting hit the hardest.Enigma Software, which develops the SpyHunter anti-spyware detection software, analyzed more than 25 million different infections on computers in the 150 largest cities in the U.S. and found 2015 was a big year for malware over prior years.Enigma came about its numbers via customers who have its software installed on their machines. The national average was 8.1%, meaning nationwide, but that comes from the number of infections divided by the city's entire population.To read this article in full or to leave a comment, please click here

Simple ASA to IOS VPN

Occasionally you just need a cheat sheet to configure something up. This is meant to be exactly that, a quick configuration of lan to lan IPSec between an ASA and IOS based router.

Host (for testing)

! /// Host is simply here to emulate a
! /// client on one end of the network
!
hostname Host
!
interface GigabitEthernet0/1
 description to iosv-1
 ip address 192.168.1.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1

iosv-1 (IOS IPSec Endpoint)

! /// iosv-1 is terminating one end of an IPSec Tunnel
!
hostname iosv-1
!
! /// phase 1 policy
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
!
! /// pre shared key
!
crypto isakmp key P@rtn3rNetw0rk address 3.3.3.4
!
crypto ipsec transform-set myset esp-aes esp-sha-hmac
 mode tunnel
!
crypto map mymap 10 ipsec-isakmp
 set peer 3.3.3.4
 set transform-set myset
 set reverse-route distance 10
 match address crypto
!
interface GigabitEthernet0/1
 description to Internet
 ip address 2.2.2.2 255.255.255.0
 !
 ! /// recommend to restrict inbound traffic
 ip access-group out-in in
 !
 ! /// probably a good idea to disable ip 
 ! /// unreachables on the outside interface
 no ip unreachables
 !
 ! /// if nat is  Continue reading

Security startup wages continuous war games against networks

Startup SafeBreach automatically assesses corporate networks to find out whether they offer up enough security loopholes for real-world attacks to succeed.Using software probes called simulators distributed throughout customers’ networks, SafeBreach attempts to establish connections among devices and network segments just as a hacker would do in trying to carry out malicious activity.These automated attempts are driven by the Hacker’s Playbook, a SafeBreach library of known attack methods that the simulators try in order to discover weaknesses and reveal how these vulnerabilities might be exploited to carry out successful breaches.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords So simulators might find individual weaknesses in a desktop Internet connection, a credit card database and a management platform that could be strung together to nab customer credit card data. This would be reported on a single screen.To read this article in full or to leave a comment, please click here

Startup Cybric aims to reduce time between detecting and remediating breaches

Startup Cybric is working on a cloud-based platform to help businesses find out about breaches quickly and clean them up as fast as possible.It will do that with its platform, Continuous Security Delivery Fabric that creates a clone of network elements in its cloud and runs tests against them looking for vulnerabilities. Because the work is done in the cloud, it doesn’t slow down or interfere with the business’s production network, the company says.Because multiple tests can be run in parallel in the cloud, the time it takes to find vulnerabilities is reduced, the company says. Alternatively, customers can run the Continuous Security Delivery Fabric on premises.To read this article in full or to leave a comment, please click here

Big Switch Networks Offers Upgrades & Free Stuff

Community editions mean the first taste is free.

Say hello to The Matrix: DARPA looks to link brains and computers

Building a high-speed brain-to-computer interface that would offer “unprecedented signal resolution and data-transfer bandwidth between the human brain and the digital world” is the goal of a new program announced by the Defence Advanced Research Projects Agency recently. The research agency’s Neural Engineering System Design (NESD) want to develop an implantable device that would “serve as a translator, converting between the electrochemical language used by neurons in the brain and the ones and zeros that constitute the language of information technology. You may recall in the sci-fi film The Matrix, protagonists were plugged into a violent virtual future world though a brain interface.To read this article in full or to leave a comment, please click here

Say hello to The Matrix: DARPA looks to link brains and computers

Building a high-speed brain-to-computer interface that would offer “unprecedented signal resolution and data-transfer bandwidth between the human brain and the digital world” is the goal of a new program announced by the Defence Advanced Research Projects Agency recently. The research agency’s Neural Engineering System Design (NESD) want to develop an implantable device that would “serve as a translator, converting between the electrochemical language used by neurons in the brain and the ones and zeros that constitute the language of information technology. You may recall in the sci-fi film The Matrix, protagonists were plugged into a violent virtual future world though a brain interface.To read this article in full or to leave a comment, please click here

Cyberthugs targeting companies with ransomware based on extortion amount for data

As if the steady rise of ransomware isn’t alarming enough, businesses that get hit with ransomware may not be unlucky targets of opportunity, but targets of choice as cyberthugs are setting ransom demands based on how much valuable data a business has.That is just one cybersecurity and online privacy trend found in the 2016 Data Protection and Breach Readiness Guide. With a nod to Data Privacy Day, the Online Trust Alliance (OTA) released its new guide as well as key findings from its analysis.To read this article in full or to leave a comment, please click here

The Butcher’s Bill

Watching a real butcher work is akin to watching a surgeon. They are experts with their tools, which are cleavers and knives instead of scalpels and stitches. They know how to carve the best cut of meat from a formless lump. And they do it with the expert eye of a professional trained in their trade.

Butcher is a term that is often loaded with all manner of negative connotations. It makes readers think of indiscriminate slaughter and haphazard destruction. But the real truth is that a butcher requires time and training to cut as they do. There is nothing that a butcher does that isn’t calculated and careful.

Quick Cuts

Why all the discussion about butchers? Because you’re going to see a lot more comparisons in the future when people talk about the pending Dell/EMC acquisition. The real indiscriminate cutting has already started. EMC hid an undisclosed number of layoffs in a Dec. 31 press release. VMware is going to take a 5% hit in jobs, including the entire Workstation and Fusion teams.

It’s no secret that the deal is in trouble right now. Investors are cringing at some of the provisions. The Virtustream spin out was rescinded after Continue reading

Let us look at the code running our devices, says Federal Trade Commissioner

Consumers should have the right to inspect the source code for connected devices they own, to ensure it doesn't contain bugs or backdoors, one U.S. Federal Trade Commissioner believes.As we connect our homes, our vehicles and our clothing to the Internet of Things, "We need to be very mindful of consumer data security and be very careful of anything that undermines that data security," said Commissioner Terrell McSweeny.McSweeny was speaking in a personal capacity at the State of the Net conference in Washington, D.C., on Monday, but her position as one of four Commissioners at the U.S. Federal Trade Commission could allow her to influence policy.To read this article in full or to leave a comment, please click here

Worth Reading: Intel becomes irrelevant

We’re approaching the end of the closed, proprietary, single source technology era. ARM processors are freely licensed, more open, and much more cost competitive than similar products from Intel or AMD. If you need 10 million chips for your next product do you buy them from Intel? Or do you get a license from ARM and hire a foundry to make them for you? -va cringely

The post Worth Reading: Intel becomes irrelevant appeared first on 'net work.

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances. In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections. The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances. In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections. The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here

Big Switch Offers Free SDN Software

Security ‘net: Digital Copyright Edition

The world of digital copyright is somewhat tangential to “real” security, but it’s a culture issue that impacts every network engineer in myriad ways. For instance, suppose you buy a small home router, and then decide you really want to run your own software on it. For instance, let’s say you really want to build your own router because you know what you can build will outperform what’s commercially available (which, by the way, it will). But rather than using an off box wireless adapter, like the folks at ARS, you really want to have the wireless on board.

Believe it or not, this would be considered, by some folks, as a pretty large act of copyright infringement. For instance, the hardware manufacturer may object to you replacing their software. Or the FCC or some other regulatory agency might even object because they think you’re trying to hog wireless spectrum, or because you don’t like what the wireless providers are doing. The EFF has a good piece up arguing that just such tinkering as replacing the operating system on a commercially purchased device is at the heart of digital freedom.

One of the most crucial issues in the fight for Continue reading