Apple: Macs and iPhones are safe from newly revealed CIA exploits

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.WikiLeaks released a new set of files Thursday that supposedly came from the CIA. They contain details about the agency’s alleged malware and attack capabilities against iPhones and Mac computers.The documents, dated 2012 and earlier, describe several “implants” that the CIA can install in the low-level extensible firmware interface (EFI) of Mac laptop and desktop computers. These EFI rootkits allow the agency's macOS spying malware to persist even after the OS is reinstalled.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 7 best practices for securing your cloud service

As enterprises move their applications and data to the cloud, executives increasingly face the task of balancing the benefits of productivity gains against significant concerns about compliance and security.Security in the cloud is not the same as security in the corporate data center. Different rules and thinking apply when securing an infrastructure over which one has no real physical control.+ Also on Network World: The tricky, personal politics of cloud security + When leveraging cloud services, enterprises need to evaluate several key factors, including:To read this article in full or to leave a comment, please click here

IDG Contributor Network: 7 best practices for securing your cloud service

As enterprises move their applications and data to the cloud, executives increasingly face the task of balancing the benefits of productivity gains against significant concerns about compliance and security.Security in the cloud is not the same as security in the corporate data center. Different rules and thinking apply when securing an infrastructure over which one has no real physical control.+ Also on Network World: The tricky, personal politics of cloud security + When leveraging cloud services, enterprises need to evaluate several key factors, including:To read this article in full or to leave a comment, please click here

Cloud and Telco Providers Drive Data Center Networking Equipment Revenue

Data center network equipment revenue grew 10 percent in 2016.

Microsoft delays tools for third-party Cortana integrations

Microsoft has delayed the release of its tools for connecting other services to the Cortana virtual assistant, a decision that could cause it to lose ground in a crowded industry.The tech titan announced the Cortana Skills Kit in December of last year, saying at the time that it would be released to the public in February. As Microsoft watcher Brad Sams noted on Twitter, Microsoft missed that deadline, and the Skills Kit remains locked in a private beta with a select group of partners. Microsoft didn’t offer an explanation for the delay, saying in a statement that the kit will be coming soon.To read this article in full or to leave a comment, please click here

Google Play faces cat and mouse game with sneaky Android malware

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store -- where software is vetted – is perhaps the best advice.  But that doesn’t mean Google Play is perfect.Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it."Eventually, every wall can be breached," said Daniel Padon, a researcher at mobile security provider Check Point.To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.To read this article in full or to leave a comment, please click here

Google Play faces cat and mouse game with sneaky Android malware

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store -- where software is vetted – is perhaps the best advice.  But that doesn’t mean Google Play is perfect.Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it."Eventually, every wall can be breached," said Daniel Padon, a researcher at mobile security provider Check Point.To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.To read this article in full or to leave a comment, please click here

Bringing the school to kids: The importance of Internet in times of conflict

Canonical Combines its OpenStack with Huawei’s SDN Controller

They’ll also increase each other’s market reach.

Assembling the 5G Network from the Cloud to the Core

Take a deep-dive on 5G with this SDxCentral ebook.

How to set up two-factor authentication for your Apple ID and iCloud account

If you aren’t using two-factor authentication to protect your Apple ID and iCloud account, you really should do it today. Hackers who claim to have millions of stolen iCloud credentials are demanding Apple pay a ransom or they’ll release them—and ZDNet obtained a sample set of credentials and determined they’re real.But guess what? Using two-factor authentication should protect you completely. It’s easy to set up, so take a minute and do it now.To read this article in full or to leave a comment, please click here

How to set up two-factor authentication for your Apple ID and iCloud account

If you aren’t using two-factor authentication to protect your Apple ID and iCloud account, you really should do it today. Hackers who claim to have millions of stolen iCloud credentials are demanding Apple pay a ransom or they’ll release them—and ZDNet obtained a sample set of credentials and determined they’re real.But guess what? Using two-factor authentication should protect you completely. It’s easy to set up, so take a minute and do it now.To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — March 24, 2017

Cisco completes AppDynamics purchase; Red Hat workloads operate on IBM Private Cloud.

To punish Symantec, Google may distrust a third of the web’s SSL certificates

Google is considering a harsh punishment for repeated incidents in which Symantec or its certificate resellers improperly issued SSL certificates. A proposed plan is to force the company to replace all of its customers’ certificates and to stop recognizing the extended validation (EV) status of those that have it.According to a Netcraft survey from 2015, Symantec is responsible for about one in every three SSL certificates used on the web, making it the largest commercial certificate issuer in the world. As a result of acquisitions over the years the company now controls the root certificates of several formerly standalone certificate authorities including VeriSign, GeoTrust, Thawte and RapidSSL.To read this article in full or to leave a comment, please click here

To punish Symantec, Google may distrust a third of the web’s SSL certificates

Google is considering a harsh punishment for repeated incidents in which Symantec or its certificate resellers improperly issued SSL certificates. A proposed plan is to force the company to replace all of its customers’ certificates and to stop recognizing the extended validation (EV) status of those that have it.According to a Netcraft survey from 2015, Symantec is responsible for about one in every three SSL certificates used on the web, making it the largest commercial certificate issuer in the world. As a result of acquisitions over the years the company now controls the root certificates of several formerly standalone certificate authorities including VeriSign, GeoTrust, Thawte and RapidSSL.To read this article in full or to leave a comment, please click here

Costa Rican Mountains

The post Costa Rican Mountains appeared first on 'net work.

Show 332: Don’t Believe The Programming Hype

Do network engineers need to learn programming if they want to keep their jobs? And just what do we mean by programming anyway? Russ White, Matt Oswalt, and Steve Hood join the Packet Pushers to discuss. The post Show 332: Don’t Believe The Programming Hype appeared first on Packet Pushers.

IDG Contributor Network: Holding your WLAN accountable with service-level expectations

In my last post, “#WirelessSucks: Where do we go from here?” I talked about the need for better insight into the root cause of network problems. All too often, the Wi-Fi infrastructure is blamed for bad network connectivity when, in fact, the wired network (e.g. DNS, DHCP, etc.) and/or the mobile devices may be equally at fault. I identified four components that are required to accurately and easily address this problem: Monitoring networks at a service level Real-time visibility into the state of every wireless user A cloud infrastructure to store and analyze real-time state information and aggregate it to the highest level of commonality Machine learning to automate key operational tasks, such as event correlation and packet captures Let’s go into more detail on the first of these requirements: service-level monitoring and enforcement.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Holding your WLAN accountable with service-level expectations

In my last post, “#WirelessSucks: Where do we go from here?” I talked about the need for better insight into the root cause of network problems. All too often, the Wi-Fi infrastructure is blamed for bad network connectivity when, in fact, the wired network (e.g. DNS, DHCP, etc.) and/or the mobile devices may be equally at fault. I identified four components that are required to accurately and easily address this problem: Monitoring networks at a service level Real-time visibility into the state of every wireless user A cloud infrastructure to store and analyze real-time state information and aggregate it to the highest level of commonality Machine learning to automate key operational tasks, such as event correlation and packet captures Let’s go into more detail on the first of these requirements: service-level monitoring and enforcement.To read this article in full or to leave a comment, please click here

Worth Reading: IoT Under Siege

Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices. —Krebs on Security

The post Worth Reading: IoT Under Siege appeared first on 'net work.