How Facebook and Google are battling internet terrorism

WASHINGTON -- Social media heavyweights like Facebook and YouTube have been working with the U.S. government and other international partners as they look to take a more active role in combating terrorist propaganda and other extremist messages that have gained traction online.Officials from the popular social network and YouTube parent Google addressed the issue here at a recent tech policy conference, where they described efforts to go beyond simply removing extremist content, and actually engaging in counter-messaging programs to present alternative narratives to those advanced by groups like ISIS."We're really focused on utilizing the strength that comes out of YouTube to push back on these messages," said Alexandria Walden, Google's counsel on free expression and human rights. "We know the power of our platform, and so we know that the best way to counter messages of hate and violence is to promote messages that push back against that, that push back against the hate and extremism and xenophobia around the world."To read this article in full or to leave a comment, please click here

In major AI win, Libratus beats four top poker pros

Marking a major step forward for artificial intelligence (AI), Libratus, an AI developed by Carnegie Mellon University (CMU), has resoundingly beaten four of the best heads-up no-limit Texas hold'em poker players in the world in a marathon, 20-day competition.After 20 days and a collective 120,000 hands played, Libratus closed out the competition Monday leading the pros by a collective $1,766,250 in chips."I'm just impressed with the quality of poker Libratus plays," pro player Jason Les, a specialist in heads-up no-limit Texas hold'em like the other three players, said at a press conference yesterday morning. "They made algorithms that play this game better than us. We make a living trying to find vulnerabilities in strategies. That's what we do every day when we play heads-up no-limit. We tried everything we could and it was just too strong."To read this article in full or to leave a comment, please click here

Net neutrality policy still up in the air under Trump

During his campaign, U.S. President Donald Trump called the Federal Communications Commission's net neutrality rules a "top-down power grab," leading many observers to expect a quick repeal.Trump's presidency is still in its infancy and it's unclear what his administration will do about the hot-button issue.It's difficult to determine what direction the unpredictable Trump administration will take, said Nathan White, senior legislative manager at Access Now, a digital rights group."The world is a very complicated place right now," he said. "I don't think we can get too far out front and predict the future."To read this article in full or to leave a comment, please click here

Net neutrality policy still up in the air under Trump

During his campaign, U.S. President Donald Trump called the Federal Communications Commission's net neutrality rules a "top-down power grab," leading many observers to expect a quick repeal.Trump's presidency is still in its infancy and it's unclear what his administration will do about the hot-button issue.It's difficult to determine what direction the unpredictable Trump administration will take, said Nathan White, senior legislative manager at Access Now, a digital rights group."The world is a very complicated place right now," he said. "I don't think we can get too far out front and predict the future."To read this article in full or to leave a comment, please click here

Tim Cook: Apple may take legal action over immigration restrictions

After sending an email to employees expressing Apple’s opposition to the Trump administration’s new immigration restrictions, Apple CEO Tim Cook is now making a forceful stand.“More than any country in the world, this country is strong because of our immigrant background and our capacity and ability as people to welcome people from all kinds of backgrounds,” Cook told the Wall Street Journal. “That’s what makes us special. We ought to pause and really think deeply through that.”To read this article in full or to leave a comment, please click here

Samsung’s Tizen 4.0 OS is in development and due out in September

A new version of Samsung's Tizen OS, version 4.0, is now under development for mobile devices, wearables and smart gadgets and is due for release in September. Tizen is mainly used in Samsung products. The release date of Tizen 4.0 is listed on the OS's developer website, which also states that the first beta of the OS will come out in June. The Tizen 4.0 release date is listed as part of the Tizen .NET roadmap. The page states that "the first official version of Tizen .NET will be released in September 2017 as a part of Tizen 4.0." The page went up recently, and an image detailing the roadmap seems to have  typographical errors. The chart is supposed to show a timeline for Tizen .NET releases extending into 2017, but the release date of Tizen 4.0 is listed for September 2016, in an apparent mistake.To read this article in full or to leave a comment, please click here

ARM Server Chips Challenge X86 in the Cloud

The idea of ARM processors being used in datacenter servers has been kicking around more most of the decade. The low-power architecture dominates the mobile world of smartphones and tablets as well as embedded IoT devices, and with datacenters increasingly consuming more power and generating more heat, the idea of using highly efficient ARM chips in IT infrastructure systems gained steam.

That was furthered by the rise of cloud computing environments and hyperscale datacenters, which can be packed with tens of thousands of small servers running massive numbers of workloads. The thought of using ARM-based server chips that are more

ARM Server Chips Challenge X86 in the Cloud was written by Nicole Hemsoth at The Next Platform.

Riding The Coattails Of Google Kubernetes And AWS Lambda

There are individuals and companies that create whole new technologies for their own consumption and that sometimes open source them for others to help steer their development and fix their bugs. And then there are still other companies that polish these tools, giving them some enterprise fit and finish, and thereby make it possible for others to deploy a particular technology without having to have PhDs, who are not available anyway, on staff.

From the enterprise perspective, the Apache web server and related Tomcat application server needed its Big Blue, the Linux operating system needed its Red Hat, and the

Riding The Coattails Of Google Kubernetes And AWS Lambda was written by Timothy Prickett Morgan at The Next Platform.

Protecting everyone from WordPress Content Injection

Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress.

CC BY-SA 2.0 image by Nicola Sap De Mitri

The problem was found by the team at Sucuri and reported to WordPress. The WordPress team worked with WAF vendors, including Cloudflare, to roll out protection before the patch became available.

Earlier this week we rolled out two rules to protect against exploitation of this issue (both types mentioned in the Sucuri blog post). We have been monitoring the situation and have not observed any attempts to exploit this vulnerability before it was announced publicly.

Customers on a paid plan will find two rules in WAF, WP0025A and WP0025B, that protect unpatched WordPress sites from this vulnerability. If the Cloudflare WordPress ruleset is enabled then these rules are automatically turned on and blocking.

Protecting Everyone

As we have in the past with other serious and critical vulnerabilities like Shellshock and previous issues with JetPack, we have enabled these two rules for our free customers as well.

Free customers who want full protection for their WordPress sites can upgrade to a Continue reading

Serverless computing’s future is now – and why you should care

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.

Serverless computing, a disruptive application development paradigm that reduces the need for programmers to spend time focused on how their hardware will scale, is rapidly gaining momentum for event-driven programming. Organizations should begin exploring this opportunity now to see if it will help them dramatically reduce costs while ensuring applications run at peak performance.

For the last decade, software teams have been on a march away from the practice of directly managing hardware in data centers toward renting compute capacity from Infrastructure as a Service (IAAS) vendors such as Amazon Web Services (AWS) and Microsoft Azure. It is rare that a software team creates unique value by managing hardware directly, so the opportunity to offload that undifferentiated heavy lifting to IaaS vendors has been welcomed by software teams worldwide.

To read this article in full or to leave a comment, please click here

Serverless computing’s future is now – and why you should care

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors. Serverless computing, a disruptive application development paradigm that reduces the need for programmers to spend time focused on how their hardware will scale, is rapidly gaining momentum for event-driven programming. Organizations should begin exploring this opportunity now to see if it will help them dramatically reduce costs while ensuring applications run at peak performance. For the last decade, software teams have been on a march away from the practice of directly managing hardware in data centers toward renting compute capacity from Infrastructure as a Service (IAAS) vendors such as Amazon Web Services (AWS) and Microsoft Azure. It is rare that a software team creates unique value by managing hardware directly, so the opportunity to offload that undifferentiated heavy lifting to IaaS vendors has been welcomed by software teams worldwide.To read this article in full or to leave a comment, please click here

Mobile security firm offers cash to hackers for their old exploits

Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications -- for example, arbitrary code execution.To read this article in full or to leave a comment, please click here

Mobile security firm offers cash to hackers for their old exploits

Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications -- for example, arbitrary code execution.To read this article in full or to leave a comment, please click here

Help Wanted: Stitching a Federated SDN on OpenStack with EVPN

I am working with a client that has a rather unique problem and I’m looking for help on the possible solution.

For unusual, but practical, reasons there is a need to deploy three SDN solutions.

  1. VMware Integrated OpenStack with NSX
  2. Mirantis OpenStack with OpenContrail
  3. BGP-EVPN for existing and future

What I need help with is the stitching these different overlays together so that high bandwidth (>500Gbps), low latency (<5ms) data can flow in between virtual and physical networks.

There is no alignment to a hardware vendor and will buy whatever hardware can meet the requirements based on its software features.

SDN Federation in 3 parts (24-01-2017, 11-15-21).png

Questions

  1. I know that each of these solution supports VXLAN overlay and can be terminated (VTEP) in hardware. But which hardware ? What operating systems ? What protocols are used for any given hardware/software platform  ?
  2.  What is the configuration of the VTEP devices and can they be integrated into an orchestration (self-developed) ? What APIs are used to configure the VTEP instances ?
  3. What are the performance considerations around VTEP ?
  4. Is is practical to stitch a BGP-EVPN physical underlay to an SDN overlay such as NSX or OpenContrail ?

Discussion

I would be interested in talking to anyone who could offer advice and input Continue reading

Worth Reading: Running from DDoS

As we look back over 2016, one of the most obvious stories will be the dramatic rise in the weaponization and size of DDoS attacks. At the beginning of 2016 we noted the largest attack being approximately 500Gbps. In the later months of 2016, we saw the monetization of multiple IoT-based botnet DDoS attacks that were close to breaking the 1 Tbps mark. —Arbor

The post Worth Reading: Running from DDoS appeared first on 'net work.

Cisco unveils Tetration 2.0, focuses on application security

The middle of last year, Cisco held an event in New York to release its newest product, Tetration. The product moved Cisco into the analytics market, with the information being used to help customers better understand application performance and improve data center security. This week, Cisco announced the next version of Tetration Analytics, which is focused at providing security at the application layer. Cisco also released some new deployment options to make it easier for customers to get started with Tetration. To read this article in full or to leave a comment, please click here

Cisco unveils Tetration 2.0, focuses on application security

The middle of last year, Cisco held an event in New York to release its newest product, Tetration. The product moved Cisco into the analytics market, with the information being used to help customers better understand application performance and improve data center security. This week, Cisco announced the next version of Tetration Analytics, which is focused at providing security at the application layer. Cisco also released some new deployment options to make it easier for customers to get started with Tetration. To read this article in full or to leave a comment, please click here

1 2,199 2,200 2,201 2,202 2,203 3,697