In defense of Paul Graham’s “Inequality”

The simplest way of trolling people is to defend that which everyone hates. That's what Paul Graham discovered this week in his support for "inequality". As a troll, I of course agree with his position.

When your startup is success, you are suddenly rich after living like a pauper for many years. You naturally feel entitled to exploit all those tax loopholes and exemptions that rich people get. But then your accountant gives you the bad news: those loopholes don't exist. You'll have to give more than half of your new wealth to the government. The argument that the "rich don't pay their fair share of taxes" is based on cherry picking exceptional cases that apply to a tiny few. They certainly don't apply to you, the startup founder. Statistically, the top 1% earn ~20% of the nation's income but pay ~40% of taxes, twice their "fair share". There's nothing a successful entrepreneur can do to evade these taxes.

I point this out because the point of To Kill a Mockingbird is that to understand a person, you need to walk around in their shoes. That's the backstory of Paul Graham's piece. He regularly hears statements like "the Continue reading

Mythical vuln-disclosure program

In the olden days (the 1990s), we security people would try to do the "right thing" and notify companies about the security vulnerabilities we'd find. It was possible then, because the "Internet" team was a small part of the company. Contacting the "webmaster" was a straightforward process -- indeed their email address was often on the webpage. Whatever the problem, you could quickly get routed to the person responsible for fixing it.

Today, the Internet suffuses everything companies do. There is no one person responsible. If companies haven't setup a disclosure policy (such as an email account "[email protected]"), they simply cannot handle disclosure. Assuming you could tell everyone in the company about the problem, from the CEO on down to the sysadmins and developers, you still won't have found the right person to tell -- because such a person doesn't exist. There's simply no process for dealing with the issue.

I point this out in response to the following Twitter discussion:

@KimZetter true. hey @tactical_intel I can connect you… CC: @ErrataRob
— ❄∵ Joshua Corman ∵❄ (@joshcorman) January 5, 2016

Josh's assertion is wrong. There is nobody at American Airlines that can handle a bug report. At some point, Continue reading

Cloud Security Is a Switching Problem

Data center governance needs to be extended around these new application platforms.

Security ‘net: Student privacy in focus

Student Privacy in Focus

Driving your market back to the earliest age possible is a tried and true marketing technique — and technology companies are no different in this regard. Getting people hooked on a product at an early age is a sure fire way to build a lifelong habit of preference for that one brand, and for usage in general. Perhaps, though, we should be concerned when it comes to social media. As “edtech” makes its way into our schools, should we be concerned about the privacy of our children? Via CDT:

Schools have largely embraced education applications, websites, and devices (collectively referred to as “edtech”) as a means for improving classroom instruction and administration. 71 percent of parents report their child uses technology provided by schools for educational purposes. In most cases this means more data is being collected on students. However, US privacy law has not kept pace with the rapid adoption of technology and data collection in schools. The Family Educational Rights and Privacy Act (FERPA), our existing student privacy law, is outdated and there are no sector-specific privacy laws that focus on edtech.

How effective is anonymization, anyway? A good bit of research is showing Continue reading

VMware NSX and Split and Smear Micro-Segmentation

While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications.

Some vendors have recently claimed they can achieve micro-segmentation at data center scale while maintaining a hardware architecture. As I described in my recent article in Network Computing, this is unlikely because you have to factor in speed and capacity.

To quickly recap the main points describing the model in the article:

Our objective is for all security perimeters to have a diameter of one—i.e. deploying one security function for each service or VM in the data center—if we want to granularly apply policies and limit successful attacks from propagating laterally within a perimeter. A larger diameter implies we chose to ignore all inter-service communications within that perimeter.

This objective is impossible to achieve with our traditional hardware-based perimeters: The service densities and the network speeds found in current data center designs overrun any hardware-based inline inspection models.

The solution resides in “splitting and smearing” security functions across thousands of servers. This requires an operational model capable of managing large scale distributed functions Continue reading

BT Sees 1,000% Increase in Security Threats

BT deploys three kinds of Cisco security to defend itself.

Worth Reading: Cryptography is Hard

I’m going to try the impossible: I’m going to give an example of how cryptography is really used, and how it can fail. -via circleid

The post Worth Reading: Cryptography is Hard appeared first on 'net work.

SDxCentral Weekly News Roundup — January 1, 2016

A departure at Wind River tops this holiday-break edition of the Roundup.

8 Things I Learned About SDx in 2015

It's been a year of learning about new products, new markets... and giraffes.

Trump is right about “schlong”

The reason Trump is winning is because the attacks against him are unfair. The recent schlong-gate is a great example.

Yes, "schlong" means "penis", but is also means "rubber hose". Getting beaten by a rubber hose has long been a severe way of beating somebody. Getting "schlonged" has long meant getting a severe beating with absolutely no sexual connotation. Sure, you may never heard of this slang, because it's very regional, but it does exist. Fact checkers have gone back and found many uses of this word to mean just that [1] [2] [3] [4] [5], meaning "severe beating" in a non-sexual sense.

We regularly use words like hosed, shafted, stiffed, chapped, and boned to mean something similar. Sure, some of these derive from a base word for "penis", but are commonly used these days without any sexual or derogatory connotation. The only different about "schlonged" is that most Americans were unfamiliar with the idiom. Had Trump said "shafted" instead, this controversy would not have erupted.

But those who hate Trump, and who have only known "schlong" to mean something dirty and derogatory, are unwilling to let go Continue reading

It’s Unlikely Juniper Could Have Found the Security Breach Sooner

With repo access, you can get away with a lot.

2015: A Cloud Security Wake Up Call

2015 was no stranger to security breaches, so we have to wonder: What needs to change?

Cisco Says It Has No Juniper-Like Security Issues

Cisco says it's found no back-door breaches. Yet.

Why It’s Time to Build a Zero Trust Network

Network security, for a long time, has worked off of the old Russian maxim, “trust but verify.” Trust a user, but verify it’s them. However, today’s network landscape — where the Internet of Things, the Cloud, and more are introducing new vulnerabilities — makes the “verify” part of “trust but verify” difficult and inefficient. We need a simpler security model. That model: Zero Trust. Continue reading

Someone Built a Back Door Into Juniper’s Netscreen Firewalls

It was no accident: Unauthorized code got into ScreenOS.

Docker Webinar Q&A: Intro To Docker Security

Today, security is one the biggest topics within the enterprise world and tops the list of enterprise IT initiatives. As companies have begun to adopt containers within their environments, they have realized the security benefits that come with them as … Continued

Where do bitcoins go when you die? (sci-fi)

A cyberpunk writer asks this, so I thought I'd answer it:

Plotpoint query: Someone has some bitcoins, nobody knows, they die, leave no will, have no heirs, what happens to the bitcoins?
— William Gibson (@GreatDismal) December 18, 2015

Note that it's asked in a legal framework, about "wills" and "heirs", but law isn't the concern. Instead, the question is:

What happens to the bitcoins if you don't pass on the wallet and password?

Presumably, your heirs will inherit your computer, and if they scan it, they'll find your bitcoin wallet. But the wallet is encrypted, and the password is usually not written down anywhere, but memorized by the owner. Without the password, they can do nothing with the wallet.

Now, they could "crack" the password. Half the population will choose easy-to-remember passwords, which means that anybody can crack them. Many, though, will choose complex passwords that essentially mean nobody can crack them.

As a science-fiction writer, you might make up a new technology for cracking passwords. For example, "quantum computers" are becoming scary real scary fast. But here's the thing: any technology that makes it easy to crack this password also makes it easy to crack all of bitcoin Continue reading

Dell Preps an IPO for SecureWorks

Before acquiring EMC, Dell seems to be forming a Federation of its own.

Force Awakens review: adequacity

The film is worth seeing. See it quickly before everyone tells you the spoilers. The two main characters, Rey and Fin, are rather awesome. There was enough cheering in the theater, at the appropriate points, that I think fans and non fans will like it. Director JarJar Abrams did not, as I feared, ruin the franchise (as he did previously with Star Trek).

On the other hand, there's so much to hate. The plot is a rip-off of the original Star Wars movie, so much so that the decision to "go in and blow it up" is a soul-killing perfunctory scene. Rather than being on the edge of your seat, you really just don't care, because you know how that part ends.

While JarJar Abrams thankfully cut down down on the lens flare, there's still to much that ruins every scene he applies it to. Critics keep hammering him on how much this sucks, but JarJar will never give up his favorite movie making technique.

The universe is flat and boring. In the original trilogy, things happen for a purpose. Everything that transpires is according to Palpatine's design. And even while we find his plans confusing, we still get the Continue reading

A Different Kind of POP: The Joomla Unserialize Vulnerability

At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has been zero days since a patch has been released for that bug. A CVE ID has been issued for this particular vulnerability as CVE-2015-8562. Jaime Cochran and I decided to take a closer look.

The Joomla unserialize vulnerability

In this blog post we’ll explain what the vulnerability is, give examples of actual attack payloads we’ve seen, and show how CloudFlare automatically protects Joomla users. If you are using Joomla with CloudFlare today and have our WAF enabled, you are already protected.

The Joomla Web Application Firewall rule set is enabled by default for CloudFlare customers with a Pro or higher plan, which blocks this attack. You can find it in the Joomla section of the CloudFlare Rule Set in the WAF Dashboard.

The WAF rule for protecting against the Joomla Unserialize Vulnerability

What is Joomla?

Joomla is an open source Content Management System which allows you to build web applications and control every aspect of the content of your Continue reading

« Previous 1 … 157 158 159 160 161 … 182 Next »

Archive

Student Privacy in Focus

What is Joomla?