Prevent or detect? What to do about vulnerabilities

Today's CISOs are undoubtedly overwhelmed with trying to make the most informed, efficient, and economical decisions about securing the most valuable assets in the enterprise. In the days of old, those decisions were a little bit easier because investing in prevention provided decent protection.That's not true today, which is why Ira Winkler president of Secure Mentem and author of Advanced Persistent Security said that trying to protect against every threat is not cost efficient.Shifting the mentality of those defenders who came to age in the world of preventative protection has been slow going. As a result, some security programs are failing, "Not because the bad guys got in, but because they got out," Winkler said.To read this article in full or to leave a comment, please click here

Trust issues: Know the limits of SSL certificates

Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to leave a comment, please click here

Trust issues: Know the limits of SSL certificates

Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to leave a comment, please click here

Python vs. R: The battle for data scientist mind share

The boss’s boss looks out across the server farm and sees data—petabytes and petabytes of data. That leads to one conclusion: There must be a signal in that noise. There must be intelligent life in that numerical world—a strategy to monetize all those hard disks filling up with numbers.That job falls on your desk, and you must now find a way to poke around the digital rat’s nest and find a gem to hand the boss.[ Download the InfoWorld megaguide: The best Python frameworks and IDEs. | Learn to crunch big data with R. | Keep up with hot topics in programming with InfoWorld’s App Dev Report newsletter. ] How? If you’re a developer, there are two major contenders: R and Python. There are plenty of other solutions that help crunch data, and they live under rubrics like business intelligence or data visualization, but they are often full-service solutions. If they do what you want, you should choose them. But if you want something different, well, writing your own code is the only solution. Full-service tools do a good job when the data is cleaned, buffed, and ready, but they tend to hiccup and even throw up when Continue reading

How to break your smartphone addiction and get back to work

Few things have as much hold on our attention as our smartphones. Recent research found that an average user touches their mobile phone 2,617 times a day and a heavy user swipes, taps, and clicks more than 5,000 times per day! That’s nearly three to four hours a day of lost productivity.Luckily, there are a few tools that can help save you from yourself. Treat your smartphone addiction with these three apps.OffTime PCWorld OffTime lets you tailor your smartphone use—and its distractions—for work, home, or alone time.To read this article in full or to leave a comment, please click here

What enterprises can learn in the aftermath of a phishing attack

The problem: spearphishingImage by John Singleton Copley/National Gallery of ArtSpearphishing is a top attack vector used by cyber adversaries today. Consists of fraudulent emails that appear to be legitimate which target specific organizations, groups, or individuals to gain access to information systems. Targeted spear phishing also leverages social engineering which includes research about specific targets of interest. Organizations rely on email connectivity with the outside to function and thus is an entry into a potential target’s environment that bypasses many of the legacy security stack.To read this article in full or to leave a comment, please click here

What enterprises can learn in the aftermath of a phishing attack

The problem: spearphishingImage by John Singleton Copley/National Gallery of ArtSpearphishing is a top attack vector used by cyber adversaries today. Consists of fraudulent emails that appear to be legitimate which target specific organizations, groups, or individuals to gain access to information systems. Targeted spear phishing also leverages social engineering which includes research about specific targets of interest. Organizations rely on email connectivity with the outside to function and thus is an entry into a potential target’s environment that bypasses many of the legacy security stack.To read this article in full or to leave a comment, please click here

Antsy Windows 10 users can grab Creators Update now

Microsoft on Wednesday began letting antsy customers download Creators Update, the latest Windows 10 feature upgrade.Last week, the company had said it would make Creators Update available for manual download on April 5, about a week before it will pull the Windows Update trigger and start pushing the upgrade to most users.[ See Computerworld’s Review of Windows 10 Creators Update. ]To read this article in full or to leave a comment, please click here

Network Automation Is Much More than Configuration Management

Most network automation presentations you can find on the Internet focus on configuration management, either to provision new boxes, or to provision new services, so it’s easy to assume that network automation is really a fancy new term for consistent device configuration management.

However, as I explained in the Network Automation 101 webinar, there’s so much more you can do and today I’d like to share a real-life example from Jaakko Rautanen, an alumni of my Building Network Automation Solutions online course.

Read more ...

ARIN 39 Report

Having just spent two and a half days at an ARIN Public Policy Meeting, I’d like to share some of my impressions of the meeting, and the state of address policy in the region served by ARIN.

Encryption is critical for business communication

Imagine if all your business contracts were sent to customers written on postcards. Everyone who happened to see the postcard could see exactly what you were going to charge the customer, how many of your product the customer is going to order - and all of the information about the customer.

Your competition, naturally, could take that information and send a contract to that customer of yours that undercuts your proposal and offers better terms. They could also share that information with others to let them know that this customer buys from you. (Or, at least, they used to!) Your customer, too, could potentially see what you are charging other customers.

Now... STOP imagining - THIS IS HOW THE INTERNET WORKS TODAY!

Dan York

US says laptop ban may expand to more airports

The U.S. might add other airports to its ban restricting passengers from bringing laptops and other electronics into the cabin for certain flights from the Middle East.“We may take measures in the not too distant future to expand the number of airports,” said Homeland Security secretary John Kelly on Wednesday during a congressional hearing.Last month, the U.S. announced the ban, which affects ten airports, all of which are in Muslim-majority countries. Passengers flying to the U.S. are barred from bringing any electronic devices larger than a smartphone into a plane’s cabin, and must instead check them in as baggage.    To read this article in full or to leave a comment, please click here

US says laptop ban may expand to more airports

The U.S. might add other airports to its ban restricting passengers from bringing laptops and other electronics into the cabin for certain flights from the Middle East.“We may take measures in the not too distant future to expand the number of airports,” said Homeland Security secretary John Kelly on Wednesday during a congressional hearing.Last month, the U.S. announced the ban, which affects ten airports, all of which are in Muslim-majority countries. Passengers flying to the U.S. are barred from bringing any electronic devices larger than a smartphone into a plane’s cabin, and must instead check them in as baggage.    To read this article in full or to leave a comment, please click here

Your Cheese Moved a Long Time Ago

I was recently on a panel at the Event-Driven Automation Meetup at LinkedIn in Sunnyvale, CA, and we all had a really good hour-long conversation about automation. What really made me happy was that nearly the entire conversation focused on bringing the same principles that companies like LinkedIn and Facebook use on their network to smaller organizations, making them practical for more widespread use. Nina Mushiana of @LinkedIn says "Anything that can be documented should be automated".

Your Cheese Moved a Long Time Ago

I was recently on a panel at the Event-Driven Automation Meetup at LinkedIn in Sunnyvale, CA, and we all had a really good hour-long conversation about automation. What really made me happy was that nearly the entire conversation focused on bringing the same principles that companies like LinkedIn and Facebook use on their network to smaller organizations, making them practical for more widespread use. Nina Mushiana of @LinkedIn says "Anything that can be documented should be automated".

Your Cheese Moved a Long Time Ago

I was recently on a panel at the Event-Driven Automation Meetup at LinkedIn in Sunnyvale, CA, and we all had a really good hour-long conversation about automation. What really made me happy was that nearly the entire conversation focused on bringing the same principles that companies like LinkedIn and Facebook use on their network to smaller organizations, making them practical for more widespread use.

One particular topic that came up was one I’ve struggled with for the past few years; What about Day 2 of network automation? So, we manage to write some Ansible playbooks to push configuration files to switches - what’s next? Often this question isn’t asked. I think the network automation conversation has progressed to the point where we should all start asking this question more often.

I believe that the network engineering discipline is at a crossroads, and the workforce as a whole needs to make some changes and decisions in order to stay relevant. Those changes are all based on the following premise:

The value of the network does not Continue reading

Decoding FSK

Something I’ve been playing with lately is software defined radio with GNURadio. I’m not good at it yet, but I’ve managed to decode the signals from a couple of things.

This is my step-by-step for how I decoded data from a boiler thermostat. I’m not saying it’s the best way, or even a good way. But it’s what got me there.

0. Find the frequency

Often this is written on the device itself. Other times it’s in the manual. If not, then more research is needed, such as by trying to find the manufacturer on fcc.gov or similar.

In this case it was easy. The manual said “868 MHz”, which is in the SRD860 band.

1. Capture some data

When I poked at the controls of the thermostat, saying “please make the room 25 degrees”, the thermostat must send this data to the boiler. I could hear the boiler start up and shut down, so there must be something sent between me pressing the buttons and I heard the results.

I started by centering around 868.5 Mhz with 1Msps. The minimum for the RTL-SDR is 900ksps, so even if you wanted to see less than 1MHz you need Continue reading

Your Cheese Moved a Long Time Ago

I was recently on a panel at the Event-Driven Automation Meetup at LinkedIn in Sunnyvale, CA, and we all had a really good hour-long conversation about automation. What really made me happy was that nearly the entire conversation focused on bringing the same principles that companies like LinkedIn and Facebook use on their network to smaller organizations, making them practical for more widespread use.

One particular topic that came up was one I’ve struggled with for the past few years; What about Day 2 of network automation? So, we manage to write some Ansible playbooks to push configuration files to switches - what’s next? Often this question isn’t asked. I think the network automation conversation has progressed to the point where we should all start asking this question more often.

I believe that the network engineering discipline is at a crossroads, and the workforce as a whole needs to make some changes and decisions in order to stay relevant. Those changes are all based on the following premise:

The value of the network does not Continue reading

Google is helping to build another Asia-Pacific submarine cable

Google is investing in another massive undersea fiber-optic cable as a part of its plans to build out network connectivity around the world. The company announced Wednesday that it is helping to fund a project called Indigo, which will connect Jakarta, Singapore, Perth and Sydney to one another.The cable will run for approximately 9,000 kilometers (almost 5,600 miles) and provide a capacity of roughly 18Tbps (bits per second). It's being built to bring users more connectivity in a region that has growing internet needs.Google has now invested in five submarine cables in the Asia-Pacific region and seven overall. By investing in these cables, the company hopes to better compete with other cloud providers and consumer internet companies.To read this article in full or to leave a comment, please click here

1 2,144 2,145 2,146 2,147 2,148 3,819