Archive

Category Archives for "Networking"

Startup NodePrime decloaks, wants to manage your whole data center

San Francisco-based startup NodePrime wants to be the proverbial single pane of glass that you use to manage your complicated, heavily virtualized data center, the company announced as it exited stealth today with a $7 million seed funding round in the books.The idea is to provide the type of infrastructure management that Google and Facebook use to manage their outsized data centers. But where Google and Facebook have to spend big on custom hardware and elite engineering talent, NodePrime wants to offer the same capabilities as a commodity.+ ALSO ON NETWORK WORLD: Hottest Enterprise Network & Computing Startups of 2015To read this article in full or to leave a comment, please click here

Voice hackers can record your voice then use morpher to trick authentication systems

It's easy for someone with potentially malicious intentions to record your voice, as you leave traces of your voice when simply talking somewhere out in public, during mobile phone calls, in videos posted on social networking sites, or even when sending a recorded voice greeting card. Your voice is considered to be unique enough to serve as an authentication of your identity.But after studying the implications of commonplace voice leakage and developing voice impersonation attacks, researchers from the University of Alabama at Birmingham warned that an attacker, in possession of only a very limited number of your voice samples, with "just a few minutes worth of audio of a victim's voice," can clone your voice and could compromise your security, safety, and privacy.To read this article in full or to leave a comment, please click here

Microsoft’s Windows chief Myerson falls short of addressing Windows 10 spying concerns

After a month of stern accusations, including one from yours truly, the chief of Microsoft's Windows group addressed user concerns over privacy and information gathering in a blog post.Since its launch two months ago, Windows 10 has been dogged by a number of privacy concerns, ranging from machine IDs to keylogging to spying on your Cortana queries. Windows 7 and 8 were also drawn into the controversy, as Microsoft back-ported some of its telemetry gathering functions to the older operating systems, and the company was also found to be downloading the multigigabyte installation files to Windows 7 and Windows 8 machines without user permission.To read this article in full or to leave a comment, please click here

21 of the greatest computer quotes ever

He said itImage by Mark GibbsThe world of computers and programming isn’t just a world of algorithms, bits, and coding; it’s also a world of dark, sarcastic and or sardonic humor about the world of computers and programming, by which I mean it’s also recursive (see recursive). Here are arguably (and I’m sure you will argue) 21 of the greatest computer quotes ever. Let the wit begin!To read this article in full or to leave a comment, please click here

Is Apple’s walled garden showing signs of erosion?

Apple has long benefitted from a perception that its devices and the software that powers them are more safe and secure than the competition, but last year's high-profile iCloud hack and a recent large-scale malware attack bring Apple security into question. Earlier this month, Apple suffered a potentially catastrophic security lapse when malicious code injected into a counterfeit version of Xcode, the company's app development toolset, made its way into hundreds (and perhaps thousands) of apps from Chinese developers. The malware affected hugely popular apps, including WeChat, which was eventually pulled from the App Store. Apple failed to detect and stop the malware from entering its "walled garden" and gaining access to an untold number of customers' iOS devices.To read this article in full or to leave a comment, please click here

Breaking free of legacy tech

Rotary Club members who donate $1,000 or more to the Rotary Foundation get a lot of special attention. They are named Paul Harris Fellows in honor of the organization's founder. They receive a certificate and an elegant lapel pin. It's an important award in the Rotary world, and one that has been around since 1957. But recently it had become the source of a lot of unhappiness.When Discover Financial Services set out to expand its offerings beginning in 2007, the company's legacy technology was an obvious impediment, according to executive vice president and CIO Glenn Schneider. "As with many others who've been around for years and have multiple generations of technology in their data centers, the question was, how do we leverage that?" he says. The company's move into the banking business, with IRAs, CDs and many other types of accounts, made its banking platform an obvious choice for an update. "Our mission is to be the leading direct bank and payments platform," Schneider says. "We are all online, so to create competitive differentiation, we felt the necessity to start at the foundation level itself and create a new platform."To read this article in full or Continue reading

2015’s most dangerous celebrity web searches

DJ Armin van BuurenImage by Jorge Mejía PeraltaElectronic Dance Music (EDM) DJ Armin van Buuren replaces comedian and talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online. For the ninth year in a row, Intel Security researched popular culture’s most famous people to reveal which of them generates the most dangerous search results.To read this article in full or to leave a comment, please click here

Network security weaknesses plague federal agencies

In the shadow of the recent Office of Personnel Management break-in it likely comes as little surprise to many that the federal government needs to pick up its security game in a big way.This challenge is perhaps reflected best in report this week by watchdogs at the Government Accountability Office that shows despite years of recommendations and billions of dollars spent, most federal agencies remain frighteningly weak when it comes to cybersecurity.To read this article in full or to leave a comment, please click here

Verisign introduces free, privacy-focused public DNS

When it comes to domain name systems (DNS), there are a lot of choices available. Yesterday, Verisign introduced a free, public Domain Name System (DNS) service that respects users' privacy.I think we're all aware now that much of the information we put into websites is often sold and used for good and bad purposes. We search for certain restaurants and all of sudden we're being pushed coupons for it. We update our LinkedIn profile and now we're being approached about jobs at competing companies. When we purchase an item online with a credit card, the number may be stolen. Even though there are risks, we still do those activities because they make our lives more convenient, and for that we're willing to deal with the consequences.To read this article in full or to leave a comment, please click here

Verifying SSL Certificate Chains

Found this link very useful doing this:

http://www.herongyang.com/Cryptography/OpenSSL-Certificate-Path-Validation-Tests.html

Some useful commands:
Display a certificate:
openssl x509 -in test-cert-top.pem -noout -text

Display a certificate's issuer:
openssl x509 -in test-cert-top.pem -noout -issuer

Display a certificate's subject:
openssl x509 -in test-cert-top.pem -noout -subject

Verify a certificate:
openssl verify test-cert-top.pem

Verify a certificate chain with 3 certificates:
openssl verify -CAfile test-cert-bottom.pem -untrusted test-cert-middle.pem test-cert-top.pem
-CAfile keyword indicates which certificate is used as the root certificate, with the -untrusted option being set to validate the intermediate certificate in the chain

Verify a certificate chain with 2 certificates:
openssl verify -CAfile test-cert-bottom.pem test-cert-middle.pem


Dyreza malware steals IT supply chain credentials

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post."We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."To read this article in full or to leave a comment, please click here

Cisco acquires security consultancy

Cisco this week said it intends to purchase Portcullis, a privately held cybersecurity consultancy based in the United Kingdom.Terms of the deal were not disclosed.+MORE ON NETWORK WORLD: Cisco security chief: 4 things CISOs need to survive+ Cisco James Mobley, Cisco vice president of security solutionsTo read this article in full or to leave a comment, please click here

Worth Reading: Antivirus and Zero Day

Deploying multiple AV products might expand the total number of known malware signatures in your AV armor, but this approach doesn’t combat the biggest flaw: new, zero-day malware that no AV product has ever encountered (and therefore can’t possibly recognize). Even with frequent updates to the signature database, AV software just can’t keep up. via the cloud security alliance

The post Worth Reading: Antivirus and Zero Day appeared first on 'net work.

1 2,973 2,974 2,975 2,976 2,977 3,484