Cloudflare Repositories FTW

Cloudflare Repositories FTW

This is a guest post by Jim “Elwood” O’Gorman, one of the maintainers of Kali Linux. Kali Linux is a Debian based GNU/Linux distribution popular amongst the security research communities.

Cloudflare Repositories FTW

Kali Linux turned six years old this year!

In this time, Kali has established itself as the de-facto standard open source penetration testing platform. On a quarterly basis, we release updated ISOs for multiple platforms, pre-configured virtual machines, Kali Docker, WSL, Azure, AWS images, tons of ARM devices, Kali NetHunter, and on and on and on. This has lead to Kali being trusted and relied on to always being there for both security professionals and enthusiasts alike.

But that popularity has always led to one complication: How to get Kali to people?

With so many different downloads plus the apt repository, we have to move a lot of data. To accomplish this, we have always relied on our network of first- and third-party mirrors.

The way this works is, we run a master server that pushes out to a number of mirrors. We then pay to host a number of servers that are geographically dispersed and use them as our first-party mirrors. Then, a number of third parties donate Continue reading

Remember: Don’t Panic

I hate listening to “this is what we were doing this year” podcasts as they usually turn into pointless blabbering, self-congratulations and meaningless plans (think New Year resolutions). The Full Stack Journey Episode 28 with Scott Lowe was an amazing deviation from this too-common template.

If you don’t have time to listen to the podcast (but you OUGHT TO do it) here’s what I loved most: “When faced with the onslaught of new technologies, don’t panic. Wait a few months to see which ones survive”.

Read more ...

Your threat model is wrong

Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you've morphed the threat into something else that you'd rather deal with, or which is easier to understand.


Phishing

An example is this question that misunderstands the threat of "phishing":



The (wrong) threat model is here is that phishing is an email that smart users with training can identify and avoid. This isn't true.

Good phishing messages are indistinguishable from legitimate messages. Said another way, a lot of legitimate messages are in fact phishing messages, such as when HR sends out a message saying "log into this website with your organization username/password".

Satellite-based internet possible by year-end, says SpaceX

With SpaceX’s successful launch of an initial array of broadband-internet-carrying satellites last week, and Amazon’s surprising posting of numerous satellite engineering-related job openings on its job board this month, one might well be asking if the next-generation internet space race is finally getting going. (I first wrote about OneWeb’s  satellite internet plans it was concocting with Airbus four years ago.)This new batch of satellite-driven internet systems, if they work and are eventually switched on, could provide broadband to most places, including previously internet-barren locations, such as rural areas. That would be good for high-bandwidth, low-latency remote-internet of things (IoT) and increasingly important edge-server connections for verticals like oil and gas and maritime. Data could even end up getting stored in compliance-friendly outer space, too. Leaky ground-based connections, also, perhaps a thing of the past.To read this article in full, please click here

Space internet maybe end of year, says SpaceX

With SpaceX’s successful launch of an initial tranche of proposed broadband-internet-carrying satellites last week, and Amazon’s surprising posting of numerous satellite engineering-related job openings on its job board this month, one might well be asking if the next-generation internet space race is finally getting going — I first wrote about OneWeb’s  satellite internet plans it was concocting with Airbus four years ago.To read this article in full, please click here

Cisco security spotlights Microsoft Office 365 e-mail phishing increase

It’s no secret that if you have a cloud-based e-mail service, fighting off the barrage of security issues has become a maddening daily routine.The leading e-mail service – in Microsoft’s Office 365 package – seems to be getting the most attention from those attackers hellbent on stealing enterprise data or your private information via phishing attacks. Amazon and Google see their share of phishing attempts in their cloud-based services as well. [ Also see What to consider when deploying a next generation firewall. | Get regularly scheduled insights by signing up for Network World newsletters. ] But attackers are crafting and launching phishing campaigns targeting Office 365 users, wrote Ben Nahorney, a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security in a blog focusing on the Office 365 phishing issue.To read this article in full, please click here

Cisco security spotlights Microsoft Office 365 e-mail phishing increase

It’s no secret that if you have a cloud-based e-mail service, fighting off the barrage of security issues has become a maddening daily routine.The leading e-mail service – in Microsoft’s Office 365 package – seems to be getting the most attention from those attackers hellbent on stealing enterprise data or your private information via phishing attacks. Amazon and Google see their share of phishing attempts in their cloud-based services as well. [ Also see What to consider when deploying a next generation firewall. | Get regularly scheduled insights by signing up for Network World newsletters. ] But attackers are crafting and launching phishing campaigns targeting Office 365 users, wrote Ben Nahorney, a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security in a blog focusing on the Office 365 phishing issue.To read this article in full, please click here

NVMe on Linux

NVMe stands for “non-volatile memory express” and is a host controller interface and storage protocol that was created to accelerate the transfer of data between enterprise and client systems and solid-state drives (SSD). It works over a computer's high-speed Peripheral Component Interconnect Express (PCIe) bus. What I see when I look at this string of letters, however, is “envy me.” And the reason for the envy is significant.Using NVMe, data transfer happens much faster than it does with rotating drives. In fact, NVMe drives can move data seven times faster than SATA SSDs. That’s seven times faster than the SSDs that many of us are using today. This means that your systems could boot blindingly fast when an NVMe drive is serving as its boot drive. In fact, these days anyone buying a new system should probably not consider one that doesn’t come with NVMe built-in — whether a server or a PC.To read this article in full, please click here

Teridion’s entry in the MNS market supports enterprise wide-area networking

A few months ago, I wrote about the managed network services (MNS) market as the evolutionary direction of the network carrier. One of the companies that plays in this space is Teridion, with a service called Teridion for Enterprise. It’s a global WAN service with some unique capabilities to support performance and reliability that enterprises can really appreciate.Teridion for Enterprise is a cloud-centric solution all the way. The network is built in the cloud, and customers use commodity edge devices such as SD-WAN appliances or Cisco ISR boxes to connect. Customers request services, make changes and set policies through an easy and contemporary user interface; they pay only for the capacity they use; and all maintenance and management is completely handled by Teridion.To read this article in full, please click here

Nvidia launches edge computing platform for AI processing

Nvidia is launching a new platform called EGX Platform designed to bring real-time artificial intelligence (AI) to edge networks. The idea is to put AI computing closer to where sensors collect data before it is sent to larger data centers.The edge serves as a buffer to data sent to data centers. It whittles down the data collected and only sends what is relevant up to major data centers for processing. This can mean discarding more than 90% of data collected, but the trick is knowing which data to keep and which to discard.“AI is required in this data-driven world,” said Justin Boitano, senior director for enterprise and edge computing at Nvidia, on a press call last Friday. “We analyze data near the source, capture anomalies and report anomalies back to the mothership for analysis.”To read this article in full, please click here

Survey finds SD-WANs are hot, but satisfaction with telcos is not

This week SD-WAN vendor Cato Networks announced the results of its Telcos and the Future of the WAN in 2019 survey. The study was a mix of companies of all sizes, with 42% being enterprise-class (over 2,500 employees). More than 70% had a network with more than 10 locations, and almost a quarter (24%) had over 100 sites. All of the respondents have a cloud presence, and almost 80% have at least two data centers.  The survey had good geographic diversity, with 57% of respondents coming from the U.S. and 24% from Europe.Highlights of the survey include the following key findings:To read this article in full, please click here

Survey finds SD-WANs are hot, but satisfaction with telcos is not

This week SD-WAN vendor Cato Networks announced the results of its Telcos and the Future of the WAN in 2019 survey. The study was a mix of companies of all sizes, with 42% being enterprise-class (over 2,500 employees). More than 70% had a network with more than 10 locations, and almost a quarter (24%) had over 100 sites. All of the respondents have a cloud presence, and almost 80% have at least two data centers.  The survey had good geographic diversity, with 57% of respondents coming from the U.S. and 24% from Europe.Highlights of the survey include the following key findings:To read this article in full, please click here

This Blazing Fast VPN Is Now Available For Just $1/mo

If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you’d usually use the internet for entertainment and work. That’s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.To read this article in full, please click here

1 1,175 1,176 1,177 1,178 1,179 3,793