Complete security deception includes detection and incident response

Deception tools have been growing in popularity over the past several years, but customers need to ensure they are using the technology to its fullest potential. The concept behind deception is fairly simple to understand: Security teams deploy a fake target that is monitored closely, which hackers will attack. Once the target is breached, the security team is alerted to the threat. In my experience, the use of deception technology is relatively low compared to the amount of time, energy and money invested in traditional intrusion prevention systems. Part of the challenge of deception is that maintaining things such as decoys, breadcrumbs and honeypots can be difficult in environments that are always changing. However, networks are becoming more agile through the use of software, making deception technology more agile and easier to use. To read this article in full or to leave a comment, please click here

Complete security deception includes detection and incident response

Deception tools have been growing in popularity over the past several years, but customers need to ensure they are using the technology to its fullest potential. The concept behind deception is fairly simple to understand: Security teams deploy a fake target that is monitored closely, which hackers will attack. Once the target is breached, the security team is alerted to the threat. In my experience, the use of deception technology is relatively low compared to the amount of time, energy and money invested in traditional intrusion prevention systems. Part of the challenge of deception is that maintaining things such as decoys, breadcrumbs and honeypots can be difficult in environments that are always changing. However, networks are becoming more agile through the use of software, making deception technology more agile and easier to use. To read this article in full or to leave a comment, please click here

Uber finally agrees to reveal diversity data

Uber Technologies has agreed to provide next month its diversity data, which it had earlier declined to make public.Representatives of the ride hailing company will disclose the information at the PUSHTech2020 summit on April 19 in Silicon Valley.The move comes at a time when the company has run into a number of controversies, including sexism charges leveled by a former employee, the exit of some key executives and a lawsuit from self-driving car rival Waymo.The announcement follows a meeting Thursday between Uber CEO Travis Kalanick and civil rights leader Rev. Jesse Jackson, founder and president of the Rainbow Push Coalition, which has been demanding higher representation for minorities in tech companies, according to a statement issued by the coalition.To read this article in full or to leave a comment, please click here

One week in Ho Chi Minh City – another busy APRICOT for the ISOC Team

If we had to choose music to accompany all our activities at APRICOT 2017 it would surely be Chopin’s Minute Waltz (Op 64, No 1)! No, we did not manage to fit 138 bars of music into 60 seconds but the tempo was very lively with frequent crescendos and diminuendos and a lengthy trill. Call it efficiency, but we all managed to share and exchange a lot of information working within the new shortened APRICOT 2017/APNIC 43 programme.   

Amelia Yeo

Our Response to the Senate Vote on FCC Privacy Rules

Today, the U.S. Senate voted narrowly to undo certain regulations governing broadband providers, put in place during the Obama administration, that would have required Internet Service Providers (ISPs) to obtain approval from their customers before sharing information such as web-browsing histories, app usage, and aspects of their financial and health information, with third parties. Now, ISPs may sell targeted advertising or share personal information and browsing history with third party marketers, without first getting explicit consent from web users.

Cloudflare is disappointed with the Senate’s actions, as we feel strongly that consumer privacy rights need to be at the forefront of discussions around how personal information is treated. The new regulations would have steered the U.S. closer to the privacy standards enjoyed by citizens in many other developed countries, rather than away from such rights.

Defaulting to an “opt-in” rather than “opt-out” standard would provide consumers with greater controls over how, when, and with whom their personal information is used and shared. We believe that individuals should have the last say on what is done with their personal information, rather than corporations.

Regardless of whether Washington ultimately decides to approve rolling back these regulations, Cloudflare will continue to Continue reading

Technology Short Take #80

Welcome to Technology Short Take #80! This post is a week late (I try to publish these every other Friday), so my apologies for the delay. However, hopefully I’ve managed to gather together some articles with useful information for you. Enjoy!

Networking

  • Biruk Mekonnen has an introductory article on using Netmiko for network automation. It’s short and light on details, but it does provide an example snippet of Python code to illustrate what can be done with Netmiko.
  • Gabriele Gerbino has a nice write-up about Cisco’s efforts with APIs; his article includes a brief description of YANG data models and a comparison of working with network devices via SSH or via API.
  • Giuliano Bertello shares why it’s important to RTFM; or, how he fixed an issue with a Cross-vCenter NSX 6.2 installation caused by duplicate NSX Manager UUIDs.
  • Andrius Benokraitis provides a preview of some of the networking features coming soon in Ansible 2.3. From my perspective, Ansible has jumped out in front in the race among tools for network automation; I’m seeing more coverage and more interest in using Ansible for network automation.
  • Need to locate duplicate MAC addresses in your environment, possibly caused by cloning Continue reading

FBI director floats international framework on access to encrypted data

FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.Speaking on Thursday, Comey suggested that the U.S. might work with other countries on a “framework” for creating legal access to encrypted tech devices.“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said on Thursday.Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing U.S. tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.To read this article in full or to leave a comment, please click here

FBI director floats international framework on access to encrypted data

FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.Speaking on Thursday, Comey suggested that the U.S. might work with other countries on a “framework” for creating legal access to encrypted tech devices.“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said on Thursday.Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing U.S. tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.To read this article in full or to leave a comment, please click here

26% off Nintendo Wii Remote Plus, Toad – Deal Alert

Simple, intuitive and easy to use. The Wii Remote Plus is a unique controller for the Wii and Wii U video game systems, now with the increased sensitivity of Wii MotionPlus built-in. The button presses of typical controllers are replaced by the natural, fluid motion of your hand. The Wii Remote Plus senses your every action and makes you feel less like a player and more like you're part of the game. This Wii remote is highly rated, and currently discounted 26% on Amazon to just $29.49.See this deal now on Amazon.To read this article in full or to leave a comment, please click here

32% off Nintendo Wii Remote Plus, Toad – Deal Alert

Simple, intuitive and easy to use. The Wii Remote Plus is a unique controller for the Wii and Wii U video game systems, now with the increased sensitivity of Wii MotionPlus built-in. The button presses of typical controllers are replaced by the natural, fluid motion of your hand. The Wii Remote Plus senses your every action and makes you feel less like a player and more like you're part of the game. This Wii remote is highly rated, and currently discounted 32% on Amazon to just $27.15, saving you almost $13. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

Squeezing The Joules Out Of DRAM, Possibly Without Stacking

Increasing parallelism is the only way to get more work out of a system. Architecting for that parallelism required requires a lot of rethinking of each and every component in a system to make everything hum along as efficiently as possible.

There are lots of ways to skin the parallelism cats and squeeze more performance and less energy out of the system, and for DRAM memory, just stacking things up helps, but according to some research done at Stanford University, the University of Texas, and GPU maker Nvidia, there is another way to boost performance and lower energy consumption. The

Squeezing The Joules Out Of DRAM, Possibly Without Stacking was written by Timothy Prickett Morgan at The Next Platform.

Microsoft expands connected car push with patent licensing

Microsoft's push into the connected car space has moved up a gear with a new patent licensing agreement with Toyota. The world's second-largest auto maker will have access to a range of Microsoft patents as part of the deal announced this week. Rather than trying to build a high-tech automobile of its own, Microsoft is focusing on providing carmakers with the tools they need to create smarter vehicles and the Toyota deal is the first of what it hopes will be a series of such agreements. Microsoft offers an entire suite of cloud services aimed at aiding the development of internet-enabled automobiles and is also integrating its Cortana virtual assistant into cars alongside PCs, phones and other devices. In the future, a connected car could become a rolling extension of a user’s office, with Office 365 integrations.To read this article in full or to leave a comment, please click here

20% off Razor Hovertrax 2.0 Hoverboard Self-Balancing Smart Scooter – Deal Alert

Step on the deck and go with Razor Hovertrax 2.0, the world’s smartest self-balancing electric scooter. Intelligently-engineered with EverBalance technology, Hovertrax 2.0 is the only board that auto-levels for a safer, easier mount and a smoother ride. Whether you’re coasting, racing, or commuting, Hovertrax 2.0 is always in balance. Indoors or out, Hovertrax 2.0 does the work so you can enjoy the journey. Hovertrax 2.0: technology so advanced, it’s simple. Once you learn how to ride, it becomes second nature.  Razor was also the first U.S. brand to receive the UL 2272 listing for safety, ensuring that the Hovertrax 2.0 meets or exceeds the highest fire and electrical safety standards. The HoverTrax 2.0 has a list price of $459.99 has been reduced 20% to just 369.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Leaked iCloud credentials obtained from third parties, Apple says

A group of hackers threatening to wipe data from Apple devices attached to millions of iCloud accounts didn't obtain whatever log-in credentials they have through a breach of the company's services, Apple said."There have not been any breaches in any of Apple's systems including iCloud and Apple ID," an Apple representative said in an emailed statement. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com, me.com and mac.com email addresses, and the group says more than 250 million of those credentials provide access to iCloud accounts that don't have two-factor authentication turned on.To read this article in full or to leave a comment, please click here

Leaked iCloud credentials obtained from third parties, Apple says

A group of hackers threatening to wipe data from Apple devices attached to millions of iCloud accounts didn't obtain whatever log-in credentials they have through a breach of the company's services, Apple said."There have not been any breaches in any of Apple's systems including iCloud and Apple ID," an Apple representative said in an emailed statement. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com, me.com and mac.com email addresses, and the group says more than 250 million of those credentials provide access to iCloud accounts that don't have two-factor authentication turned on.To read this article in full or to leave a comment, please click here

Worth Reading: Rescuing Network Time Protocol

The Network Time Protocol (NTP) is an Internet Engineering Task Force (IETF) protocol. It is responsible for syncing time between servers, using a variety of reference clocks as a guide. To the average user, this function may seem inconsequential, but knowing the time to one-thousandth of a second or less is essential for countless computer functions. Exactly when an electronic stock trade was made, for example, can mean a difference of millions of dollars. Similarly, in the 2003 blackout in the northeastern United States and Canada, in the nine seconds before the blackout, ten thousand events were recorded, but, because they were not accurately time-stamped, it proved impossible to document exactly what happened and learn much from what happened. As the Network Time Foundation site observes, “Knowing the time isn’t important. Until it is.” —The New Stack

The post Worth Reading: Rescuing Network Time Protocol appeared first on 'net work.

If incident response automation is hot, threat detection automation is sizzling

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

In a recent Network World article Jon Oltsik noted that Incident Response (IR) automation is becoming a very hot topic in the info security world. Oltsik called out multiple factors driving demand for IR automation and orchestration, including the manual nature of IR work, the cyber skills shortage and the difficulty of coordinating activity between SecOps and DevOps.

To read this article in full or to leave a comment, please click here

If incident response automation is hot, threat detection automation is sizzling

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.In a recent Network World article Jon Oltsik noted that Incident Response (IR) automation is becoming a very hot topic in the info security world. Oltsik called out multiple factors driving demand for IR automation and orchestration, including the manual nature of IR work, the cyber skills shortage and the difficulty of coordinating activity between SecOps and DevOps.To read this article in full or to leave a comment, please click here

1 2,056 2,057 2,058 2,059 2,060 3,695