With ‘recall,’ Fiat Chrysler makes its car hack worse

After Wired showed two hackers remotely gain access and immobilize a moving Jeep by exploiting software vulnerabilities last week, Fiat Chrysler responded by patching the vulnerability in several Jeep, Dodge, and Chrysler models that were equipped with the Uconnect software that was hacked. How they went about issuing the patch, however, may just put the company's customers further at risk.Rather than simply treating the software patch as a traditional recall (i.e. requiring them to visit a service center and have an expert make the fix), Fiat Chrysler is mailing a USB thumb drive to owners of the affected cars. From there, the cars' owners can plug the USB drive into the cars' USB port to patch the software vulnerability. This seems like a convenient way to issue a recall for something that car owners can fix themselves. To read this article in full or to leave a comment, please click here

Human error to blame in fatal crash of Virgin Galactic’s spacecraft

When the co-pilot of Virgin Galactic’s SpaceshipTwo prematurely unlocked the feathering -- or braking system on the spacecraft it set off a chain of events that lead to a chain of events that brought the ship down.+MORE ON NETWORK WORLD: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+That was but one of the findings released today by the National Transportation Safety Board which has ben investigating the Virgin Galactic crash 10 months ago that killed the copilot and badly injured the pilot.To read this article in full or to leave a comment, please click here

OpenDaylight Project’s Jacques Envisions an End to Standards Wars

The OpenDaylight Summit kicks off with an open source battle cry.

Sonus DemoFriday Q&A + Video: The Impact of SDN on Business Continuity

Don't worry if you missed out on Sonus' DemoFriday on business continuity. Sonus answered audience's questions following the demo.

AppFormix Launches IT Management for Mirantis OpenStack

Startup taps Mirantis as first partner.

Amazon Launchpad store will sell goods from startups

Amazon is opening a specialized storefront on its website that will sell products from startups in an effort to help the fledging companies build their businesses.Called Launchpad, the site lists approximately 200 items with an emphasis on tech gadgets, like a US$649 drone or a $150 floating Bluetooth speaker. There are also startups selling food, like gluten-free pancake mix, and wellness products, including vitamins. Each startup will get a product page for its merchandise and will get Amazon’s help with marketing and distributing. The products will ship to buyers from Amazon’s warehouses and will be eligible for Prime, the company’s expedited shipping program. Joining Launchpad is free, Amazon said.To read this article in full or to leave a comment, please click here

Obama won’t pardon Snowden, despite petition

U.S. President Barack Obama won’t pardon National Security Agency leaker Edward Snowden, despite strong public support for it, the White House said Tuesday.A petition on WhiteHouse.gov calling for Obama to pardon Snowden has nearly 168,000 signatures, but that’s not enough to sway the president, said Lisa Monaco, Obama’s advisor on homeland security and counterterrorism.Obama has pushed for surveillance reforms “since taking office,” Monaco wrote on the WhiteHouse.gov petition site. “Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it,” she added.To read this article in full or to leave a comment, please click here

Darkode cybercrime forum might be making a comeback

The former administrator of Darkode, the online cybercrime forum that was recently shut down by law enforcement agencies, is preparing to bring it back, with better security and privacy for its members.On July 15, the U.S. Department of Justice announced that the Darkode hacking forum where cybercriminals had gathered to exchange services and tools for years, was dismantled following an operation that involved agencies in 20 countries.Seventy suspected Darkode members from many countries were searched, arrested or charged after the FBI infiltrated the forum’s invitation-only membership and gathered evidence.To read this article in full or to leave a comment, please click here

Google: Lock up your Compute Engine data with your own encryption keys

Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they’re concerned about the company snooping on their corporate information.On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.“Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request,” wrote Leonard Law, Google product manager, in a blog post describing the new feature.To read this article in full or to leave a comment, please click here

EU privacy watchdog weighs in on data protection reform, shares concerns

As European Union lawmakers in the Commission, Parliament and Council debate a new data protection law, the EU’s data protection watchdog has chimed in, expressing some concerns and saying individuals’ privacy rights should be at the core of the legislation.Although he is perhaps best placed to offer an opinion on the matter, legislators have no obligation to listen to European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who released his own proposed draft of the law on Monday.A lot is at stake, said Buttarelli. “This reform will shape data processing for a generation which has no memory of living without the internet. The EU must therefore fully understand the implications of this act for individuals, and its sustainability in the face of technological development.”To read this article in full or to leave a comment, please click here

Google tells its publisher partners to comply with EU cookie directive

Google is now requiring that publishers that carry its ads comply with a European Union directive and ask their site visitors’ for permission before setting cookies on their computers.Google spelled out the requirement in its new EU User Consent Policy for publishers that participate in services including AdSense, DoubleClick Ad Exchange and DoubleClick for Publishers.“If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today,” said Jason Woloz, Google’s security and privacy program manager for display and video ads, in a blog postTo read this article in full or to leave a comment, please click here

Brinks safe — with a USB port — proves easy hacking for security researchers

“Every step of the way, we were like, ‘This can’t be possible.’ ”Yet this – opening a Brinks CompuSafe Galileo using its standard USB port, a keyboard and 100 lines of code – was most definitely possible for a pair of security researchers, Daniel Petro and Oscar Salazar, who work for the IT security consulting company Bishop Fox.From an IDG News Service story on our site: They bought a Galileo CompuSafe on eBay. The most egregious problem they found is a fully functional USB port on the side of the safe. That allowed them to plug in a keyboard and a mouse, which worked.To read this article in full or to leave a comment, please click here

MetalCaptcha: Free service uses metal band logos as CAPTCHAs

Hacker News had me laughing today as a company called HeavyGifts took a joke and turned it into a real and free product by using metal band logos as CAPTCHAs. Unless there is another computer virus based on weaponizing heavy metal, such as the malware reported to F-Secure’s Mikko Hypponen by an Iranian nuclear scientist after AC/DC’s Thunderstruck was allegedly blasting from workstations in the middle of the night, when else can I write about metal music?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Software vulnerabilities hit a record high in 2014, report says

How safe is the software you use? Do you have a system in place to identify vulnerabilities and patch them when they are discovered? How quickly do you react to vulnerability reports? There's evidence that software vulnerabilities are on the rise, and few companies are taking the necessary action to combat them.There was some worrying news in the recent Secunia Vulnerability Review 2015. The number of recorded vulnerabilities hit a record high of 15,435 last year, up 18% from 2013. The vulnerability count has increased 55% in the last five years. The report also found a rise in the number of zero-day vulnerabilities with 20 being uncovered in the 50 most popular programs. These are vulnerabilities that have already been exploited by hackers before being made public or being patched.To read this article in full or to leave a comment, please click here

Xen patches new virtual-machine escape vulnerability

A new vulnerability in emulation code used by the Xen virtualization software can allow attackers to bypass the critical security barrier between virtual machines and the host operating systems they run on.The vulnerability is located in the CD-ROM drive emulation feature of QEMU, an open source hardware emulator that’s used by Xen, KVM and other virtualization platforms. The flaw is tracked as CVE-2015-5154 in the Common Vulnerabilities and Exposures database.The Xen Project released patches for its supported releases Monday and noted that all Xen systems running x86 HVM guests without stubdomains and which have been configured with an emulated CD-ROM drive model are vulnerable.To read this article in full or to leave a comment, please click here

OpenDaylight Project Scores Points With China’s Tencent

The OpenDaylight Summit opens with Tencent's story about switching to OpenDaylight.

The Score Is High. Who’s Holding On?

If you haven’t had the chance to read Jeff Fry’s treatise on why the CCIE written should be dropped, do it now. He raises some very valid points about relevancy and continuing education and how the written exam is approaching irrelvancy as a prerequisite for lab candidates. I’d like to approach another aspect of this whole puzzle, namely the growing need to get that extra edge to pass the cut score.

Cuts Like A Knife

Every standardized IT test has a cut score, or the minimum necessary score required to pass. There is a surprising amount of work that goes into calculating a cut score for a standardized test. Too low and you end up with unqualified candidates being certified. Too high and you have a certification level that no one can attain.

The average cut score for a given exam level tends to rise as time goes on. This has a lot to do with the increasing depth of potential candidates as well as the growing average of scores from those candidates. Raising the score with each revision of the test guarantees you have the best possible group representing that certification. It’s like having your entire group be Continue reading

Remedial Drawing

The post Remedial Drawing appeared first on 'net work.

Worth Reading: Shifting Storage

According to a recent outlook from Wikibon, we are on the cusp of a digital extinction event as today’s complex network storage architectures give way to more nimble server-side solutions.

via IT Business Edge

The post Worth Reading: Shifting Storage appeared first on 'net work.

HL: EIGRP for IP

The post HL: EIGRP for IP appeared first on 'net work.