WikiLeaks will share CIA hacking details with companies, but can they use it?

WikiLeaks plans to share details about what it says are CIA hacking tools with the tech companies so that software fixes can be developed.But will software companies want it?The information WikiLeaks plans to share comes from 8,700-plus documents it says were stolen from an internal CIA server. If the data is classified -- and it almost certainly is -- possessing it would be a crime.That was underlined on Thursday by White House press secretary Sean Spicer, who advised tech vendors to consider the legal consequences of receiving documents from WikiLeaks.To read this article in full or to leave a comment, please click here

FBI: what to look for in the Trump/AlfaBank connection

As CNN reports, the FBI seems to be looking into that connection between Trump and Alfa Bank. Here are some things to look for.

First, get your own copy of the logs from root name servers. I don't trust the source of the original logs. I suspect they've been edited in order to show a relationship with Alfa Bank. You've got lots of sources both inside government and in private industry that can provide a copy of these logs without a warrant. (Which sucks, you should need a warrant, but that's the current state of affairs).

Second, look at the server in question. It's probably located at 140 Akron Road, Ephrata, PA. What you are looking for are the logs of anything sent from the server during that time, specifically any e-mails.

Third, talk to Cendyn, and ask them what that server was used for during that time. Their current statement is that it was used by the Metron meeting software. In other words, they say that after they stopped using it to send marketing emails, they started using it for their meeting product. They seem a little confused, so it'd be nice to pin them down. Specifically, get Continue reading

It’s official: Disaggregation is here to stay

When Cumulus Networks was first created, disaggregation was completely disruptive. Organizations of all shapes and sizes were running proprietary hardware and software through every single ounce of their data centers. We went into this industry excited to start something new and make networking faster, smarter, scalable and all-around better. We’re thrilled to report that a lot has changed since then.

This week, Arista announced that their operating system, Arista cEOS™, will support virtual machines, containers and third-party merchant silicon-based switches (ya know, like Cumulus Networks has been doing for quite some time now). This seems like a huge jump for Arista, who has been part of the proprietary school of thought from day one, but we’re honestly not surprised. This is an indicator of just how transformative open networking has been for the industry. It’s taking hold, sinking its teeth into tradition and tearing it apart (both literally and figuratively).

Here are a few other recent signifiers that disaggregation is here to stay:

  • Gartner’s recent data showing 30% growth in white-box switching shipments, driven by the flexibility and significant cost reductions network operators are achieving through software operating systems
  • Gartner reporting that by the year 2020, it is expected that over Continue reading

The Linux Migration: Other Users’ Stories, Part 3

Over the last few weeks, I’ve been sharing various users’ stories about their own personal migration to Linux. If you’ve not read them already, I encourage you to check out part 1 and part 2 of this multi-part series to get a feel for why folks are deciding to switch to Linux, the challenges they faced, and the benefits they’ve seen (so far). Obviously, Linux isn’t the right fit for everyone, but at least by sharing these stories you’ll get a better feel whether it’s a right fit for you.

This is Brian Hall’s story of switching to Linux.

Q: Why did you switch to Linux?

I’ve been an OS X user since 2010. It was a huge change coming from Windows, especially since the laptop I bought had the first SSD that I’ve had in my primary machine. I didn’t think it could get any better. Over the years that feeling started to wear off.

OS X started to feel bloated. It seemed like OS X started to get in my way more and more often. I ended up formatting and reinstalling OSX like I used to do with Windows (maybe not quite as often). Setting up Mail to Continue reading

The CIA should help vendors patch the flaws it was exploiting

The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here

The CIA should help vendors patch the flaws it was exploiting

The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here

Intel’s PC chief talks about 5G, changes in chip design

Intel surprised many observers when the company hired outsider Venkata Renduchintala to lead the company's PC, Internet of Things, and Systems Architecture groups.With more than a year under his belt, he's spearheading a cultural change inside the company, getting employees to think beyond PCs and talk about technologies like 5G and IoT.There's been a lot of chatter about changes in the company's chip development strategy, with the recent announcement of the 8th Generation Core processors, an unprecedented fourth chip architecture on the 14-nanometer process. The chip industry veteran sat down with the IDG News Service at Mobile World Congress in Barcelona to talk about what spurred the move and also his thoughts on 5G.To read this article in full or to leave a comment, please click here

Intel’s PC chief talks about 5G, changes in chip design

Intel surprised many observers when the company hired outsider Venkata Renduchintala to lead the company's PC, Internet of Things, and Systems Architecture groups.With more than a year under his belt, he's spearheading a cultural change inside the company, getting employees to think beyond PCs and talk about technologies like 5G and IoT.There's been a lot of chatter about changes in the company's chip development strategy, with the recent announcement of the 8th Generation Core processors, an unprecedented fourth chip architecture on the 14-nanometer process. The chip industry veteran sat down with the IDG News Service at Mobile World Congress in Barcelona to talk about what spurred the move and also his thoughts on 5G.To read this article in full or to leave a comment, please click here

How to achieve security via whitelisting with Docker containers  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Docker containers have become an important means for organizations to build and run applications in the cloud. There’s a lot of flexibility with containers, as they can be deployed on top of any bare-metal server, virtual machine, or platform-as-as-service (PaaS) environment. Developers have embraced Docker containers on public clouds because they don’t need help from an IT operations team to spin them up.A software container is simply a thin package of an application and the libraries that support the application, making it easy to move a container from one operating system to another. This makes it possible for a developer to build an application and then take all the source code and supporting files and basically create something like a zip file so the container can be deployed just about anywhere. It contains everything the application needs to run, including code, runtime, system tools and system libraries.To read this article in full or to leave a comment, please click here

How to achieve security via whitelisting with Docker containers  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Docker containers have become an important means for organizations to build and run applications in the cloud. There’s a lot of flexibility with containers, as they can be deployed on top of any bare-metal server, virtual machine, or platform-as-as-service (PaaS) environment. Developers have embraced Docker containers on public clouds because they don’t need help from an IT operations team to spin them up.A software container is simply a thin package of an application and the libraries that support the application, making it easy to move a container from one operating system to another. This makes it possible for a developer to build an application and then take all the source code and supporting files and basically create something like a zip file so the container can be deployed just about anywhere. It contains everything the application needs to run, including code, runtime, system tools and system libraries.To read this article in full or to leave a comment, please click here

After CIA leak, Intel Security releases detection tool for EFI rootkits

Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.To read this article in full or to leave a comment, please click here

After CIA leak, Intel Security releases detection tool for EFI rootkits

Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.To read this article in full or to leave a comment, please click here

Worth Reading: Keys to solving wicked problems

The incredible pace of change of the Internet — from research laboratory inception to global telecommunication necessity — is due to the continuing pursuit, development and deployment of technology and practices adopted to make the Internet better. This has required continuous attention to a wide variety of problems ranging from “simple” to so-called “wicked problems”. Problems in the latter category have been addressed through collaboration. This post outlines key characteristics of successful collaboration activities. —CircleID

The post Worth Reading: Keys to solving wicked problems appeared first on 'net work.

Microsoft’s .NET Core slowly marches onto Raspberry Pi 3

Microsoft's .NET Core is now making its way to Raspberry Pi developer boards, and an official .NET 2.0 Core is coming from the software company later this year.The .NET Core for Raspberry Pi and instructions to install it are available on the Github site.The .NET platform can be used to develop mobile, PC, and server applications and services. The Raspberry Pi 3 board can serve as an entry-level PC or be used to develop smart gadgets, robots, or internet-of-things devices.Microsoft recently opened up the programming framework for .NET Core, and separate from the Raspberry Pi move, Samsung is adopting it for the Tizen OS platform. Tizen is a Linux-based OS being developed by Samsung used in smartwatches and other devices.To read this article in full or to leave a comment, please click here

Private search firm migrates to OpenStack as it adopts automation

Nate Baechtold, Enterprise Architect at EBSCO Information Services, says it was going to be too hard to automate the company’s VMware environment so the firm shifted to OpenStack, which natively abstracts underlying components much like AWS.  But the next sticking point was how to enable developers to build in load balancing?  A self-service model using the existing hardware-based system was too complex, Baechtold tells Network World Editor in Chief John Dix, but a new software-defined tool fit the bill. EBSCO Information Services Nate Baechtold, Enterprise Architect at EBSCO Information ServicesTo read this article in full or to leave a comment, please click here

Private search firm migrates to OpenStack as it adopts automation

Nate Baechtold, Enterprise Architect at EBSCO Information Services, says it was going to be too hard to automate the company’s VMware environment so the firm shifted to OpenStack, which natively abstracts underlying components much like AWS.  But the next sticking point was how to enable developers to build in load balancing?  A self-service model using the existing hardware-based system was too complex, Baechtold tells Network World Editor in Chief John Dix, but a new software-defined tool fit the bill. EBSCO Information Services Nate Baechtold, Enterprise Architect at EBSCO Information ServicesTo read this article in full or to leave a comment, please click here

After WikiLeaks’ CIA dump, China tells U.S. to stop spying

China today asked the U.S. government to stop spying on it, China's first reaction to WikiLeaks' disclosure of a trove of CIA documents that alleged the agency was able to hack smartphones, personal computers, routers and other digital devices worldwide."We urge the U.S. to stop listening in, monitoring, stealing secrets and [conducting] cyber-attacks against China and other countries," said Geng Shuang, a Foreign Ministry spokesman said today in a Beijing press briefing.Geng also said that China would protect its own networks, was willing to work with others toward what he called "orderly cyberspace," and repeated his government's stock denunciation of hacking.To read this article in full or to leave a comment, please click here

After WikiLeaks’ CIA dump, China tells U.S. to stop spying

China today asked the U.S. government to stop spying on it, China's first reaction to WikiLeaks' disclosure of a trove of CIA documents that alleged the agency was able to hack smartphones, personal computers, routers and other digital devices worldwide."We urge the U.S. to stop listening in, monitoring, stealing secrets and [conducting] cyber-attacks against China and other countries," said Geng Shuang, a Foreign Ministry spokesman said today in a Beijing press briefing.Geng also said that China would protect its own networks, was willing to work with others toward what he called "orderly cyberspace," and repeated his government's stock denunciation of hacking.To read this article in full or to leave a comment, please click here

Google launches official Gmail Add-on program

Google is making it possible for developers to bring their services into Gmail using new integrations called Add-ons.It’s built so that developers can write one set of code in Google’s Apps Script language and have their integration run in Gmail on the web, as well as inside Google’s Android and iOS apps for the service. For example, a QuickBooks add-on would let users easily send invoices to people who they’re emailing.  Google already offers Add-ons for its Docs word processing and Sheets spreadsheet software.This sort of system could be useful for users because it helps them get work done without leaving Gmail. It also helps draw users into Google’s official email app, rather than use one of the many other clients that can access the service, including Microsoft Outlook.To read this article in full or to leave a comment, please click here

After the WikiLeaks dump: Do nothing

You heard it here first. Don’t do a damn thing in response to the WikiLeaks dump that you’re not already doing. Don’t sit still, be vigilant, keep your eye on the targets. Because this isn’t news.What? Not news?!?No. Between the three-letter agencies, if they want you, they have you. They’ll find a way. It’s a matter of time. But they’re largely ahead of the ne’er-do-wells. You should expect this.+ Also on Network World: Apple, Cisco, Microsoft and Samsung react to CIA targeting their products + If hardware and device makers gasp that their stuff is crackable, it’s only time to snicker. Nothing is foolproof because 1) fools are so ingenious and 2) with a big enough hammer you can crack anything. Even you. You are not impregnable. It’s a matter of degree—and if you can detect the breach quickly.To read this article in full or to leave a comment, please click here

1 2,194 2,195 2,196 2,197 2,198 3,795