Infosec mourns over Howard Schmidt, who helped make the country a safer place

Howard Schmidt advised both President Brack Obama and George W. Bush on cybersecurity. He was a CSO at Microsoft and a CISO at eBay. He led several industry groups, and wrote books on cybersecurity.But when security professionals remember him, it is not so much for his technical accomplishments as for the impact he had on the people around him. He is remembered as a mentor, a communicator, and an educator."He does have a very storied path of accomplishment," said Mary Ann Davidson, CSO at Redwood City, Calif.-based Oracle Corp. "From a security standpoint, he had a tremendous impact, the many roles he played, the work in the white house."To read this article in full or to leave a comment, please click here

Are Virtual CISOs the answer to your security problems?

Chief Information Security Officers are a relatively rare breed. Information security is, after all, a relatively recent addition or subset to IT, and while most large organizations now do profess to having a CISO, CSO or head of information security, many still don’t. Indeed, it’s often the case that a company appoints its first CISO in the aftermath of a data breach - like Target did in 2014 or Sony in 2011.To read this article in full or to leave a comment, please click here(Insider Story)

CloudScale ASICs on Software Gone Wild

Last year Cisco launched a new series of Nexus 9000 switches with table sizes that didn’t match any of the known merchant silicon ASICs. It was obvious they had to be using their own silicon – the CloudScale ASIC. Lukas Krattiger was kind enough to describe some of the details last November, resulting in Episode 73 of Software Gone Wild.

For even more details, watch the Cisco Nexus 9000 Architecture Cisco Live presentation.

Listen to the podcast

IDG Contributor Network: Ensure your data infrastructure remains available and resilient

The fundamental role of data infrastructure is to protect, preserve, secure, serve applications and data, transforming them into information. Data protection is an encompassing topic, as it spans security (logical and physical), reliability availability serviceability (RAS), privacy and encryption, backup/restore, archiving, business continuance (BC), business resiliency (BR) and disaster recovery (DR).Recently, we've seen news about data infrastructure and application outages, including Amazon Web Service (AWS) Simple Storage Service (S3), Gitlab, and the Australian Tax Office (ATO).To read this article in full or to leave a comment, please click here

IDG Contributor Network: Ensure your data infrastructure remains available and resilient

The fundamental role of data infrastructure is to protect, preserve, secure, serve applications and data, transforming them into information. Data protection is an encompassing topic, as it spans security (logical and physical), reliability availability serviceability (RAS), privacy and encryption, backup/restore, archiving, business continuance (BC), business resiliency (BR) and disaster recovery (DR).Recently, we've seen news about data infrastructure and application outages, including Amazon Web Service (AWS) Simple Storage Service (S3), Gitlab, and the Australian Tax Office (ATO).To read this article in full or to leave a comment, please click here

Pence used private mail for state work as governor, account was hacked

U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report. Emails released to the Indianapolis Star following a public records request are said to show that Pence used his personal AOL account to communicate with his top advisers on issues ranging from security gates at the governor’s residence to the state’s response to terror attacks across the globe. A hacker seems to have got access to his email account in June last year and sent a fake mail to people on the former governor’s contact list, claiming  that Pence and his wife had been attacked on their way back to their hotel in the Philippines, according to the report. Pence subsequently changed his AOL account.To read this article in full or to leave a comment, please click here

Pence used private mail for state work as governor, account was hacked

U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report. Emails released to the Indianapolis Star following a public records request are said to show that Pence used his personal AOL account to communicate with his top advisers on issues ranging from security gates at the governor’s residence to the state’s response to terror attacks across the globe. A hacker seems to have got access to his email account in June last year and sent a fake mail to people on the former governor’s contact list, claiming  that Pence and his wife had been attacked on their way back to their hotel in the Philippines, according to the report. Pence subsequently changed his AOL account.To read this article in full or to leave a comment, please click here

Chevrolet joins unlimited data party with new 4G LTE plan for its vehicles

All of the big U.S. wireless carriers have rolled out new or updated unlimited data plans in recent weeks, and now Chevrolet is introducing one of its own for customers of its entire line of vehicles.The $20 per month unlimited prepaid plan, for owners of Chevys with in-vehicle OnStar 4G LTE Wi-Fi hotspots, is being offered in conjunction with exclusive partner AT&T.MORE: 10 cool connected car featuresWhile that advertised $20 price will of course be higher once you get nailed with fees and taxes, it will still be a better deal than the $20 for 4GB and $40 for 10GB per month deals that Chevrolet is phasing out when the unlimited plan goes into effect on March 3. A $10 monthly plan for 1GB of data, as well as a $5 daily data pass for 250MB and $150 12-month pass for 20GB will still be offered.To read this article in full or to leave a comment, please click here

Technology Short Take #79

Welcome to Technology Short Take #79! There’s lots of interesting links for you this time around.

Networking

  • I was sure I had mentioned Skydive before, but apparently not (a grep of all my blog posts found nothing), so let me rectify that first. Skydive is (in the project’s own words) an “open source real-time network topology and protocols analyzer.” The project’s GitHub repository is here, and documentation for Skydive is here.
  • OK, now that I’ve mentioned Skydive, I can talk about this article that provides an example of functional SDN testing with Terraform and Skydive. Terraform is used to turn up OpenStack infrastructure, and Skydive (via connections into Neutron and OpenContrail, in this example) is used to validate SDN functionality.
  • Tony Sangha took PowerNSX (a set of PowerShell cmdlets for interacting with NSX) and created a tool to help document the NSX Distributed Firewall configuration. This tool exports the DFW configuration and then converts it into Excel format, and is available on GitHub. (What’s that? You haven’t heard of PowerNSX before? See here.)

Servers/Hardware

Nothing this time around. Should I keep this section, or ditch it? Feel free to give me your feedback on Twitter.

Security

For Big Banks, Regulation is the Mother of GPU Invention

There is something to be said for being at the right place at the right time.

While there were plenty of folks who were in the exact wrong spot when the financial crisis hit in 2007-2008, some technologies were uniquely well timed to meet the unexpected demands of a new era.

In the aftermath of the crash, major investment banks and financial institutions had a tough task ahead to keep up with the wave of regulations instituted to keep them straight. This has some serious procedural impacts, and also came with some heady new demands on compute infrastructure. Post-regulation, investment

For Big Banks, Regulation is the Mother of GPU Invention was written by Nicole Hemsoth at The Next Platform.

Docker Reaches The Enterprise Milestone

In the server virtualization era, there were a couple of virtual machine formats and hypervisors to match them, and despite the desire for a common VM format, the virtual server stacks got siloed into ESXi, KVM, Xen, and Hyper-V stacks with some spicing of PowerVM, Solaris containers and LDOMs, and VM/ESA partitions sprinkled on.

With containers, the consensus has been largely to support the Docker format that was inspired by the foundational Linux container work done by Google, and Docker, the company, was the early and enthusiastic proponent of its way of the Docker way of doing containers.

Now, Docker

Docker Reaches The Enterprise Milestone was written by Timothy Prickett Morgan at The Next Platform.

Microsoft starts selling 6 more years of Windows Server support

Microsoft yesterday started selling extended support for its Windows Server software, letting corporate customers add up to six years to the lifespan of Windows Server 2008 and later, and SQL Server 2008 and later.The company had announced this "Premium Assurance" in December, saying then that the extended support would be available for purchase this month.[ Further reading: SharePoint 2013 cheat sheet ] Under Premium Assurance, only vulnerabilities graded as "Critical" and "Important" will be patched. The extended support costs between 5% and 12% of the current licensing cost for each year of coverage, depending on when a customer commits. The sooner a plan is bought, the lower the price.To read this article in full or to leave a comment, please click here

Classic smartphone brands get a spring in their step at MWC (+video)

BARCELONA -- Venerable smartphone brands Motorola, Nokia and BlackBerry got new life at Mobile World Congress 2017, but that was primarily due to the influence of Chinese and Finnish manufacturers that have licensed the names.One new Android smartphone, the BlackBerry KEYone, was launched by TCL Communication, based in Huizhou, China. The phone has both a touchscreen and a physical keyboard, with 52 keys that can be used as shortcuts to find apps and functions. It goes on sale in April for $549.HMD Global of Espoo, Finland, launched three budget Android phones under the Nokia brand — the Nokia 3, 5 and 6, starting at $147 with screens ranging from 5 inches to 5.5 inches in size. A 2000 classic handset was revised — the Nokia 3310 — but with a slimmer size and a color screen.To read this article in full or to leave a comment, please click here

Hottest iPad & Surface alternatives from Mobile World Congress 2017

While the traditional tablet market has had a tough go of it lately, some industry watchers do see growth ahead particularly in the 2-in-1 detachables sector, and the batch of new devices shown at Mobile World Congress in Barcelona this week could play a big role in any such revival.While most of the new smartphones demoed at MWC were of the Android variety, tablet makers gave Windows some love as well with possible Microsoft Surface alternatives. (Apple, as usual, didn’t display at MWC, but is said to have new iPads in the works.)To read this article in full or to leave a comment, please click here

Worth Reading: The data deletion landscape

Delete is a word built into the vocabulary of users from the beginning of personal computing. When commanded to “del,” an operating system appeared to erase a file completely. However, right from the start, a users’ commonsense understanding of the command to “delete” differed from companies’ practices; rather than erasing a file, “delete” meant “put in the recycle bin.” “Deleted” files were not really gone but rather out of sight, available to be recovered if necessary. The rise of cloud computing, where files live remotely from their owners’ devices and are frequently accessible from multiple devices, has further muddied the concept of deletion by saving all of a user’s files in an ambiguous location until called upon. While this change may seem trivial, it represents a larger truth about our digital files: they are almost never really “deleted.” —CDT

The post Worth Reading: The data deletion landscape appeared first on 'net work.

AWS says a typo caused the massive S3 failure this week

Everyone makes mistakes. But working at Amazon Web Services means an incorrectly entered input can lead to a massive outage that cripples popular websites and services. That's apparently what happened earlier this week, when the AWS Simple Storage Service (S3) in the provider's Northern Virginia region experienced an 11-hour system failure.Other Amazon services in the US-EAST-1 region that rely on S3, like Elastic Block Store, Lambda, and the new instance launch for the Elastic Compute Cloud infrastructure-as-a-service offering were all impacted by the outage.To read this article in full or to leave a comment, please click here

Slack bug paved the way for a hack that can steal user access

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email.  PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.To read this article in full or to leave a comment, please click here

Slack bug paved the way for a hack that can steal user access

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email.  PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.To read this article in full or to leave a comment, please click here

1 2,114 2,115 2,116 2,117 2,118 3,696