This tool can help weed out hard-coded keys from software projects

A security researcher has developed a tool that can automatically detect sensitive access keys that have been hard-coded inside software projects.The Truffle Hog tool was created by U.S.-based researcher Dylan Ayrey and is written in Python. It searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and which have a high entropy. A high Shannon entropy, named after American mathematician Claude E. Shannon, would suggest a level of randomness that makes it a candidate for a cryptographic secret, like an access token.Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. Unfortunately this practice is very common.To read this article in full or to leave a comment, please click here

This tool can help weed out hard-coded keys from software projects

A security researcher has developed a tool that can automatically detect sensitive access keys that have been hard-coded inside software projects.The Truffle Hog tool was created by U.S.-based researcher Dylan Ayrey and is written in Python. It searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and which have a high entropy. A high Shannon entropy, named after American mathematician Claude E. Shannon, would suggest a level of randomness that makes it a candidate for a cryptographic secret, like an access token.Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. Unfortunately this practice is very common.To read this article in full or to leave a comment, please click here

Atlassian acquires team-management software vendor Trello

Atlassian, the company behind HipChat and the JIRA software development tool, plans to acquire Trello, a vendor of the eponymous collaborative project management software.The deal will give Atlassian users new ways to organize, discuss and complete their work, Mike Cannon-Brookes, Atlassian's co-founder and co-CEO, wrote in a blog post Monday.  "By adding Trello to the Atlassian family, we're giving teams more choice in the tools they use to support the way that they want to work," he said. Trello will offer "a fun new way for teams to organize the often messy range of information that feeds into great teamwork."To read this article in full or to leave a comment, please click here

Huge spike in ransomed MongoDB installs, doubled to over 27,000 in a day

In the span of a day, the number of MongoDB installations that were erased and replaced with ransom notes has more than doubled, spiking to 27,000 as more cyber thugs jump on the ransom bandwagon. Niall Merrigan It started last week when security researcher Victor Gevers discovered that about 200 MongoDB databases had been erased and held for ransom. By Tuesday, 2,000 databases were effected; the number climbed to 10,500 by Friday and kept climbing. Then the ransomed databases jumped from 12,000 to 27,000, according to security researcher Niall Merrigan.To read this article in full or to leave a comment, please click here

Huge spike in ransomed MongoDB installs, doubled to over 27,000 in a day

In the span of a day, the number of MongoDB installations that were erased and replaced with ransom notes has more than doubled, spiking to 27,000 as more cyber thugs jump on the ransom bandwagon. Niall Merrigan It started last week when security researcher Victor Gevers discovered that about 200 MongoDB databases had been erased and held for ransom. By Tuesday, 2,000 databases were effected; the number climbed to 10,500 by Friday and kept climbing. Then the ransomed databases jumped from 12,000 to 27,000, according to security researcher Niall Merrigan.To read this article in full or to leave a comment, please click here

28% off DryGuy Travel Dry DX Boot and Shoe Dryer – Deal Alert

The DryGuy Travel Dry DX Portable Boot Dryer and Shoe Dryer combines traditional convection drying with forced air to create a hybrid system that dries boots and shoes in less time than it takes most other portable dryers, to help prevent bacteria, fungus, and mildew that causes odors and eventually leads to deterioration. An integrated fan at the front of the DX helps draw fresh air over the thermal heating elements, venting warm air throughout the toe box and removing any moisture. The DryGuy Travel DX features an AC/DC power adaptor which means it works in the home or from the car. It will not damage fragile materials. The DryGuy Travel Dry DX Portable Boot Dryer and Shoe Dryer weighs just 1.25 pounds and fits easily into carry-on luggage. Its typical list price of $32 has been reduced to just $23. See it on Amazon.To read this article in full or to leave a comment, please click here

42% off Mr. Beams Motion-Sensing Stick-Anywhere Nightlight, 3-Pack – Deal Alert

Stick these bright battery-powered lights anywhere indoors or out (they're weather-proof). They'll light up when motion is detected within 15-feet, and shut themselves off after 30 seconds of inactivity. Currently a best-seller on Amazon with 4.5 out of 5 stars from over 4,000 reviewers (read recent reviews). Its typical list price of $26.55 has been slashed 42% down to just $15.49 for a set of three, its lowest price. See the discounted Mr. Beams nightlights at their rock-bottom price on Amazon.To read this article in full or to leave a comment, please click here

The Porcupine Attack: investigating millions of junk requests

We extensively monitor our network and use multiple systems that give us visibility including external monitoring and internal alerts when things go wrong. One of the most useful systems is Grafana that allows us to quickly create arbitrary dashboards. And a heavy user of Grafana we are: at last count we had 645 different Grafana dashboards configured in our system!

grafana=> select count(1) from dashboard;  
 count
-------
   645
(1 row)

This post is not about our Grafana systems though. It's about something we noticed a few days ago, while looking at one of those dashboards. We noticed this:

This chart shows the number of HTTP requests per second handled by our systems globally. You can clearly see multiple spikes, and this chart most definitely should not look like a porcupine! The spikes were large in scale - 500k to 1M HTTP requests per second. Something very strange was going on.

Tracing the spikes1

Our intuition indicated an attack - but our attack mitigation systems didn't confirm it. We'd seen no major HTTP attacks at those times.

It would be bad if we were under such heavy HTTP attack and our mitigation systems didn't notice it. Without more ideas, we Continue reading

Automation For All The Things! What Happens Next?

Over the last five years, there has been increasing noise about whether the growing automation and orchestration of networks (and infrastructure in general) will lead to our jobs being eliminated. Concerns about mass layoffs are understandable given what happened when large scale automation was introduced to manufacturing.

Mr Bucket and the Toothpaste Factory (without automation)

What is left after automation has taken its toll on an industry? Presumably there is work for those who create and maintain the automation systems and there will be a need for workers to do the tasks which cannot be adequately automated, but the people who don’t fit into these categories might be facing a tough future. Some workers will retrain or adapt their skills to shift themselves into one of the “needed” categories, but since the idea of automation in most industries is to reduce the need for salaried humans be more agile and respond faster to customer needs, the competition for those positions is likely to be strong.

Does Automation Mean A Bleak Future?

Up front let me say that I believe that the predictions of imminent doom are utter codswallop. In order for the jobocalypse to occur, automation has to be present across the every industry because IT infrastructure exists pretty much everywhere as a business enabler, but only in subset of industries (e.g. Continue reading

IBM scores most patents in 2016, Apple just misses top 10

The five companies that earned the most U.S. patents last year are the same five companies that dominated the 2015 ranking of top patent recipients: IBM, Samsung, Canon, Qualcomm and Google. IBM earned the No. 1 slot for the 24th consecutive year with 8,088 patents granted to its inventors in 2016. Samsung, again ranked second, earned 5,518 patents, and Canon came away with 3,665. Rounding out the Top 5 just as they did in 2015 are Qualcomm with 2,897 patents and Google with 2,835 patents. Overall, 2016 saw 304,126 utility patent grants, which is the most on record in a single year, according to data compiled by IFI CLAIMS Patent Services.  IFI, which specializes in patent analysis, tracks utility patents from the U.S. Patent and Trademark Office (USPTO), and each year it releases its annual ranking of the top 50 recipients.To read this article in full or to leave a comment, please click here

IBM scores most patents in 2016, Apple just misses top 10

The five companies that earned the most U.S. patents last year are the same five companies that dominated the 2015 ranking of top patent recipients: IBM, Samsung, Canon, Qualcomm and Google. IBM earned the No. 1 slot for the 24th consecutive year with 8,088 patents granted to its inventors in 2016. Samsung, again ranked second, earned 5,518 patents, and Canon came away with 3,665. Rounding out the Top 5 just as they did in 2015 are Qualcomm with 2,897 patents and Google with 2,835 patents. Overall, 2016 saw 304,126 utility patent grants, which is the most on record in a single year, according to data compiled by IFI CLAIMS Patent Services.  IFI, which specializes in patent analysis, tracks utility patents from the U.S. Patent and Trademark Office (USPTO), and each year it releases its annual ranking of the top 50 recipients.To read this article in full or to leave a comment, please click here

How to land the job you want

If finding a new job is one of your New Year's resolutions, you're in luck -- 2017 should bring a healthy employment market, and there's no better time than now to turn your career-related resolutions into reality.To read this article in full or to leave a comment, please click here(Insider Story)

11 predictions for the future of programming

The only thing that flies faster than time is the progress of technology. Once after lunch, a chip-designing friend excused himself quickly with the deft explanation that Moore’s Law meant that he had to make his chip set 0.67 percent faster each week, even while on vacation. If he didn’t, the chips wouldn’t double in speed every two years.Now that 2017 is here, it’s time to take stock of the technological changes ahead, if only to help you know where to place your bets in building programming skills for the future.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan. 15, 2017: Use code 8TIISZ4Z. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ] From the increasing security headache of the internet of things to machine learning everywhere, the future of programming keeps getting harder to predict.To read this article in full or to leave a comment, please click here

Japanese insurer to replace humans with A.I.

A Japanese insurance company reportedly is replacing 34 workers with an artificial intelligence system, and industry analysts say the same could start happening in the U.S. this year.Fukoku Mutual Life Insurance Company, a 94-year-old company based in Tokyo, is getting ready to replace human workers with an IBM Watson artificial intelligence-based system, ABC News in Australia reported.A spokesperson for Fukoku Life could not be reached and IBM did not respond to a request for comment, but ABC News said that 34 employees will lose their jobs by the end of March, when the Watson system takes over handling insurance payouts by culling hospital records, patient medical histories and injury data.To read this article in full or to leave a comment, please click here

New York gets smarter, one tech trial at a time

Smart city technology beta projects and pilot programs are gaining ground in New York City. Walk around the Big Apple, as Computerworld did recently, and you encounter everything from free public Wi-Fi to smart park benches and even sophisticated listening devices that can detect gunshots to allow a quick police response.Much of this wide-ranging tech focus goes back to 2014 when Mayor Bill de Blasio appointed the city's first Chief Technology Officer. He picked private sector tech veteran Minerva Tantoco for the role. During her tenure, she made a practice of pushing for small tech trials that could be modified and adjusted before being expanded.To read this article in full or to leave a comment, please click here

How to close up the holes in your network

The cloud is now a mainstream IT platform. Through its unlimited economies of scale and its ability to deliver IT resources dynamically whenever users need them, the cloud’s popularity permeates through businesses of all sizes and industries.To read this article in full or to leave a comment, please click here(Insider Story)

How to close up the holes in your network

The cloud is now a mainstream IT platform. Through its unlimited economies of scale and its ability to deliver IT resources dynamically whenever users need them, the cloud’s popularity permeates through businesses of all sizes and industries.While they enjoy cloud benefits, many in IT still feel challenged to fully secure the new platform. There might be one or more cloud services linking to your corporate and partner network, all being accessed by both mobile and traditional users. How can you enforce internal policies and industry compliance mandates when there’s no longer an identifiable network perimeter?Ganesh Kirti, CTO and co-founder of Palerra, shows a few related issues worrying chief information security officers (CISO) when it comes to securing the cloud:To read this article in full or to leave a comment, please click here(Insider Story)

Intel’s new Kaby Lake processors: No performance gains

Intel recently released its newest generation of processors, the "Kaby Lake" generation, and performance tests are coming up wanting. It seems there is little to no gain at all from Kaby Lake over the prior generation, known as Skylake. I first heard of this a month ago, when the Chinese hobbyist site Expreview published a series of tests of Kaby Lake vs. Skylake. Kaby Lake runs at a higher clock speed than Skylake, but in one test they altered the clock so the two CPUs both ran at the same clock speed. At their stock settings, the Core i7-7700K (Kaby Lake) is up to 7.40 percent faster on average in single-threaded and up to 8.88 percent faster on average in multi-threaded performance compared to the Core i7-6700K (Skylake) when run at the stock settings. To read this article in full or to leave a comment, please click here

10 ways to put your old Android phone or tablet to use

Give your old phone or tablet a new lease on lifeImage by Derek WalterSo, you have a new phone that doesn’t leave your side. Sure, you can get rid of the old one through a resale site or donation, but there is another option: give it a second life with a different purpose.To read this article in full or to leave a comment, please click here