Experts divided on value of Cyber National Guard

This past weekend at SXSW, two Congressmen suggested that the U.S. create a cybersecurity reserves system, similar to the National Guard, but the idea has received a mixed welcome from the cybersecurity community.According to House Rep. Will Hurd, a Republican from Texas, a national cybersecurity reserve could help strengthen national security and bring in a diversity of experience. Hurd, who has a degree in computer science from Texas A&M, has served as an undercover CIA officer and has worked as a partner at cybersecurity firm FusionX.He has been pitching the idea of a Cyber National Guard for a while, and has suggested that the government could forgive student loan debt for those who serve. It would also help ensure a cross-pollination of experience between government and industry.To read this article in full or to leave a comment, please click here

Microsoft ends updates for Windows 7/8.1 on new processors

As it promised, Microsoft has stopped issuing updates for Windows 7 and Windows 8.1 users whose PCs run Intel's seventh-generation processors (codename Kaby Lake), AMD's seventh-generation processors (Bristol Ridge), and Qualcomm's 8996 processor or newer. It's also likely that AMD's new Ryzen processor is included in that list. Bristol Ridge is a slightly older processor made on an older core design.Mainstream support for Windows 7 ended on January 2015, but extended support—in other words, patches—is supposed to continue until January 2020. Support for Windows 8.1 runs through next year and support ends in 2023. However, Windows 7 and Windows 8.1 PCs running these new CPUs will not scan for updates or download them from Windows Update. Windows 7 and Windows 8.1 users with new processors who run the Windows Update tool get one of two messages. The first is straightforward: To read this article in full or to leave a comment, please click here

Epoch Rollover: Coming Two Years Early To A Router Near You!

The 2038 Problem

Broken Time? -  Roeland van der Hoorn
Many computer systems and applications keep track of time by counting the seconds from "the epoch", an arbitrary date. Epoch for UNIX-based systems is the stroke of midnight in Greenwich on 1 January 1970.

Lots of application functions and system libraries keep track of the time using a 32-bit signed integer, which has a maximum value of around 2.1 billion. It's good for a bit more than 68 years worth of seconds.

Things are likely to get weird 2.1 billion seconds after the epoch on January 19th, 2038.

As the binary counter rolls over from 01111111111111111111111111111111 to 10000000000000000000000000000000, the sign bit gets flipped. The counter will have changed from its farthest reach after the epoch to its farthest reach before the epoch. time will appear to have jumped from early 2038 to late 1901.

Things might even get weird within the next year (January 2018!) as systems begin encounter freshly minted CA certificates with expirations after the epoch rollover (it's common for CA certificates to last for 20 years.) These certificates may appear to have expired in late 1901, over a century prior to their Continue reading

Yahoo breach exposes the drawbacks of state-sponsored hacking

When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they're taking a big risk. On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren't kept on a tight leash things can turn bad. Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia's state security agency hired to carry out the Yahoo breach, didn't care much for a low profile. His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars -- the latest an Aston Martin DB9 with the license plate "MR KARIM."To read this article in full or to leave a comment, please click here

Yahoo breach exposes the drawbacks of state-sponsored hacking

When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they're taking a big risk. On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren't kept on a tight leash things can turn bad. Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia's state security agency hired to carry out the Yahoo breach, didn't care much for a low profile. His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars -- the latest an Aston Martin DB9 with the license plate "MR KARIM."To read this article in full or to leave a comment, please click here

Cornell has a radio for the whole world with software filtering

Researchers at Cornell University have developed a new type of radio-on-a-chip that could mean cheaper, more flexible wireless systems. Smartphone makers could, for example, use the technology to make a single model of each phone that works anywhere in the world.Single-chip radios have become a popular choice for communications hardware in the last decade because most characteristics of the radio are determined through software, not discrete hardware components. For this reason, they are often referred to as software-defined radios.But software can only do so much. In many transceiver devices -- ones that transmit and receive -- an array of filters is needed to protect the sensitive receiver circuity from signals being transmitted. Those signals can be up to a billion times more powerful that the ones being received, so without the filters, the radio would be overwhelmed and useless.To read this article in full or to leave a comment, please click here

Layer 2 security – DHCP Details, DHCP Snooping

Layer 2 security – DHCP Details, DHCP Snooping  Introduction   This article is the first of a series explaining layer 2 attacks identification and mitigation techniques, which will be a part of a bigger series discussing Security Infrastructure.   We will be discussing the most common attacks and how to mitigate them; but more important, […]

The post Layer 2 security – DHCP Details, DHCP Snooping appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

How AR and VR can reach a billion users before 2028

We have seen it all before: This will be the year of (blank). Pick any technology—augmented reality (AR) and virtual reality (VR) headsets, wearables, social networks, etc. The hype cycle starts three to five years early, and everyone—vendors, Wall Street and venture capitalists—is disappointed when last year was not the year.It is early days for VR and even earlier for AR. Sales of VR headsets were graded disappointing after the close of the Christmas season and seemingly confirmed when BestBuy closed half of its in-store Oculus demo stations.To read this article in full or to leave a comment, please click here

Super rare functioning Apple I computer could fetch hundreds of thousands at auction

An auction house in May will look for the highest bidding fanboy or fangirl who'd like to get his or her hands on what it claims is just one of 8 functioning Apple I computers. Auction Team Breker, which is based in Germany and specializes in what it calls "technical antiques", has set an auction date for the Apple I on May 20. MORE: iPhone 8 rumor rollup The collector's item could fetch hundreds of thousands of dollars based on sales of past such items, such as an Apple I sold by Sotheby's in 2014 for about $375K and a prototype of the Apple I that sold for $815K last year. Auction Team Breker estimates its item will go for between $190K and $320K.To read this article in full or to leave a comment, please click here

Oracle promises IaaS growth as cloud business rises

Oracle’s third quarter financial results continue to show that the company’s future is in the cloud. On Wednesday, the company reported massive growth in its software- and platform-as-a-service businesses, promising further gains as its customers do away with their data centers.The company’s SaaS and PaaS revenue from December 2016 through February 2017 was a little over US$1 billion, up from $583 million during the same period a year prior. Its infrastructure-as-a-service business brought in $178 million during the same period, bringing the company’s total cloud revenue for the quarter to almost $1.2 billion.To read this article in full or to leave a comment, please click here

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here

Worth Reading: Three attitudes that lead to maintainable code

When writing code, there are many specific principles that aim to make your code more maintainable: DRY, the single responsibility principle, the Law of Demeter, the open/closed principle, etc. These are great principles to follow, but it can be difficult to keep all of them in your head at once. I’ve found it’s often easier to keep a few broader ideas in mind. —Atomic Object

The post Worth Reading: Three attitudes that lead to maintainable code appeared first on 'net work.

Qualcomm pushing vague term “platforms” over “processors” for Snapdragon line

Qualcomm's plea this week to start referring to its Snapdragon processors as the Qualcomm Snapdragon Mobile Platform reminds me of my early days at Network World when every vendor insisted it was selling a "solution" and not a switch or router or server.Interviews often went something like this:"So what is your company announcing today?""A solution""Yeah, but what is it? Is it a router? Is it a switch? Is it software? Is it hardware? Is it a service?""It's a solution."Qualcomm's solution to people underestimating all that its Snapdragon processors do, and to distinguish them from lower-end products in its line, is to introduce a "new naming structure" to, you guessed it, "represent [our] full suite of solutions."To read this article in full or to leave a comment, please click here

Community Forum Launches the Search for 25 Under 25

Today, the Internet Society hosted a special Community Forum, “Youth on the Internet.” Hundreds of participants from across 6 continents joined the conversation to share their views on what the Internet means to them.

A special thanks to our Next Generation Leaders who were panellists - Evelyn Namara (Uganda), Veronica Arroyo (Peru), Yuza Setiawan (Indonesia) for a vibrant discussion on topics such as how young people can address privacy and security concerns, and how the Internet can help close the gender gap.

Toral Cowieson
1 2,187 2,188 2,189 2,190 2,191 3,808