IT Outages: The Costly Fallout

And This Is Why Relying on Linux Makes Sense

Most networking operating systems include a mechanism to roll back device configuration and/or create configuration snapshots. These mechanisms usually work only for the device configuration, but do not include operating system images or other components (example: crypto keys).

Now imagine using RFC 1925 rule 6a and changing the “configuration rollback” problem into “file system snapshot” problem. That’s exactly what Cumulus Linux does in its newest release. Does it make sense? It depends.

Cisco faces a tougher collaboration rival in updated Prysm

Collaboration has come a long way from projectors, cable adapters and that long wait for the presenter to make the slides fit on the screen.Cisco Systems made a splash last month with the Spark Board, a meeting-room screen that acts like a giant iPad running the company’s cloud-based collaboration service. But other vendors are streamlining meetings too, including Google, Microsoft, and a number of startups.To read this article in full or to leave a comment, please click here

Dozens of iOS apps fail to secure users’ data, researcher says

Dozens of iOS apps that are supposed to be encrypting their users' data don't do it properly, according to a security researcher.Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post.   TLS is used to secure an app’s communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information.  To read this article in full or to leave a comment, please click here

Dozens of iOS apps fail to secure users’ data, researcher says

Dozens of iOS apps that are supposed to be encrypting their users' data don't do it properly, according to a security researcher.Will Strafach, CEO of Sudo Security Group, said he found 76 iOS apps that are vulnerable to an attack that can intercept protected data.The developers of the apps have accidentally misconfigured the networking-related code so it will accept an invalid Transport Layer Security (TLS) certificate, Strafach claimed in a Monday blog post.   TLS is used to secure an app’s communication over an internet connection. Without it, a hacker can essentially eavesdrop over a network to spy on whatever data the app sends, such as login information.  To read this article in full or to leave a comment, please click here

How to set up the EVE-NG network emulator on a Linux system

EVE-NG is a graphical network emulator that supports both commercial and open-source router images. It’s graphical user interface runs in a web browser. EVE-NG runs in a virtual machine so it can be set up Windows, Mac OS, or Linux computers.

In this post, I will show how to set up an EVE-NG virtual machine on an Ubuntu Linux system. I’ll show the basic steps to creating and running a simple lab consisting of emulated Linux nodes.

To support more complex labs using open-source routers and other open-source network appliances in EVE-NG, we need to create custom templates and build router images specifically for use in EVE-NG. I will cover these topics in a future post. In this post, we’ll focus only on getting an EVE-NG virtual machine set up and running on a Linux system.

EVE-NG Overview

EVE-NG is a clientless network emulator that provides a user interface via a browser. Users may create network nodes from a library of templates, connect them together, and configure them. Advanced users or administrators may add software images to the library and build custom templates to support almost any network scenario.

EVE-NG supports pre-configured multiple hypervisors on one virtual machine. It runs Continue reading

Installing VirtualBox 5.1 on Fedora 25

Last fall, I wrote a piece about why I had switched to VirtualBox (from VMware Fusion) for my Vagrant needs. As part of my switch to Fedora Linux as my primary laptop OS, I revisited my choice of virtualization provider. I’ll describe that re-assessment in a separate post; the “TL;DR” for this post is that I settled on VirtualBox. As it turns out, though, installing VirtualBox 5.1 on Fedora 25 isn’t as straightforward as one might expect.

After a number of attempts (using a test VM to iron out the “best” procedure), here’s the process I found to be the most straightforward:

1. Run dnf check-update and dnf upgrade to pick up the latest packages. If a new kernel version is installed, reboot. (I know this sounds contrived, but I’ve run into issues where some kernel-related packages aren’t available for the kernel version you’re actually running.)

2. Install the RPMFusion repos. You only really need the “free” repository, but you can install the “nonfree” as well if you like (it won’t affect this process). I won’t go through the process for how to do this; it’s really well-documented on the RPMFusion web site and is pretty straightforward.

3. Next, use Continue reading

BrandPost: Ethernet Ports on PCs Are in for a Long Overdue Speed Boost

Every year, the processing power of the CPUs that drive our computing and gaming devices increases, enabling them to ingest, process, and churn out more data faster. When you look at the increases over time, as the folks at Expert Exchange did in 2015, the progress is nothing short of mind-boggling. They found that an Apple iPhone 5 had 2.7 times the processing power of a 1985 Cray-2 supercomputer. And a pair of 2015 Nintendo gaming systems had about the same processing power as the computer that guided Apollo 11 to the moon. We see it in the new models of workstations, PCs and laptops that come out every year, or even every six months – each one faster and smaller than the last. But, as IDC Research Director Linn Huang points out, the same is not true for the wired Ethernet ports on those machines.To read this article in full or to leave a comment, please click here

Juniper founder, CTO Sindhu cuts role to focus on startup

Founder and current CTO of Juniper Pradeep Sindhu says he will reduce his role at the company to focus on developing technology for a startup he co-founded in 2015 called Fungible.On his Juniper blog Sindhu wrote: I am equally passionate about the success of Juniper Networks, the company I founded in 1996. I believe that the technology I am working on at Fungible, in conjunction with Juniper's technologies, have the potential to revolutionize the industry. This is why Juniper has invested in Fungible. To read this article in full or to leave a comment, please click here

Juniper founder, CTO Sindhu cuts role to focus on startup

Founder and current CTO of Juniper Pradeep Sindhu says he will reduce his role at the company to focus on developing technology for a startup he co-founded in 2015 called Fungible.On his Juniper blog Sindhu wrote: I am equally passionate about the success of Juniper Networks, the company I founded in 1996. I believe that the technology I am working on at Fungible, in conjunction with Juniper's technologies, have the potential to revolutionize the industry. This is why Juniper has invested in Fungible. To read this article in full or to leave a comment, please click here

Juniper founder, CTO Sindhu cuts role to focus on startup

Founder and current CTO of Juniper Pradeep Sindhu says he will reduce his role at the company to focus on developing technology for a startup he co-founded in 2015 called Fungible.On his Juniper blog Sindhu wrote: I am equally passionate about the success of Juniper Networks, the company I founded in 1996. I believe that the technology I am working on at Fungible, in conjunction with Juniper's technologies, have the potential to revolutionize the industry. This is why Juniper has invested in Fungible. To read this article in full or to leave a comment, please click here

US House approves new privacy protections for email and the cloud

The U.S. House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months. The House approved the bill by voice vote, and it now goes the Senate for consideration.The Email Privacy Act would update a 31-year-old law called the Electronic Communications Privacy Act (ECPA). Some privacy advocates and tech companies have pushed Congress to update ECPA since 2011. Lax protections for stored data raise doubts about U.S. cloud services among consumers and enterprises, supporters of the bill say.To read this article in full or to leave a comment, please click here

US House approves new privacy protections for email and the cloud

The U.S. House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months. The House approved the bill by voice vote, and it now goes the Senate for consideration.The Email Privacy Act would update a 31-year-old law called the Electronic Communications Privacy Act (ECPA). Some privacy advocates and tech companies have pushed Congress to update ECPA since 2011. Lax protections for stored data raise doubts about U.S. cloud services among consumers and enterprises, supporters of the bill say.To read this article in full or to leave a comment, please click here

The key functions to consider when building or buying a log analysis platform

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. “Life is really simple, but we insist on making it complicated.”  The immortal words of Confucius resonate with anyone who has ever tried to glean useful information from log data. There are consensus-driven definitions of what exactly log analysis is, but a simplified, accessible explanation might be: to organize log entries into a human-friendly display and make business decisions based on what you learn.To read this article in full or to leave a comment, please click here

The key functions to consider when building or buying a log analysis platform

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.“Life is really simple, but we insist on making it complicated.”  The immortal words of Confucius resonate with anyone who has ever tried to glean useful information from log data.There are consensus-driven definitions of what exactly log analysis is, but a simplified, accessible explanation might be: to organize log entries into a human-friendly display and make business decisions based on what you learn.To read this article in full or to leave a comment, please click here

The key functions to consider when building or buying a log analysis platform

ZeroStack Adds Machine Learning to Its ‘Hands-Off’ Cloud

Another step toward automating the private cloud.

17% off MAXSA Innovations Park-Right Laser Garage Parking Device – Deal Alert

An innovative and unique device to help you park your cars, Park-Right automatically shines a laser on your car to guide you to the perfect parking spot every time. Simply drive into your garage and follow the laser. Once the laser is shining on the designated spot on your car, you are parked perfectly. The lasers are adjustable, allowing you to pick the ideal location on your car, so parking is consistent and accurate. Right now this parking gadget averages 4.5 out of 5 stars on Amazon from over 1,300 reviewers (read reviews). It's discounted 17% off its typical list price of $25, so you can save a few bucks and pick it up for $20.68. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Lenovo’s ThinkPad P71 will work with HTC, Oculus VR headsets

Lenovo's ThinkPad P71 is one superfast laptop that can work with HTC's Vive and the Oculus Rift VR headsets.It's technically a workstation and is targeted at professionals creating VR content, editing movies, or running engineering applications. Headsets are needed to create VR content.The laptop, which weighs 3.4 kilograms, has a 17-inch screen and is equipped with Intel's latest Xeon E3-v6 mobile chips, based on the Kaby Lake architecture. It can be configured with an Nvidia mobile Quadro GPU like the P5000M, which aid in the content creation and virtual reality experiences.The laptop will be available in April, starting at US$1,849. The laptop by default comes with an HD screen but can be configured with a 4K screen. It also supports a Thunderbolt 3 slot.To read this article in full or to leave a comment, please click here

DDoS Ransom: An Offer You Can Refuse

Cloudflare has covered DDoS ransom groups several times in the past. First, we reported on the copycat group claiming to be the Armada Collective and then not too long afterwards, we covered the "new" Lizard Squad. While in both cases the groups made threats that were ultimately empty, these types of security events can send teams scrambling to determine the correct response. Teams in this situation can choose from three types of responses: pay the ransom and enable these groups to continue their operations, not pay and hope for the best, or prepare an action plan to get protected.

Breaking the Ransom Cycle

We can’t stress enough that you should never pay the ransom. We fully understand that in the moment when your website is being attacked it might seem like a reasonable solution, but by paying the ransom, you only perpetuate the DDoS ransom group’s activities and entice other would be ransomers to start making similar threats. In fact, we have seen reports of victim organizations receiving multiple subsequent threats after they have paid the ransom. It would seem these groups are sharing lists of organizations that pay, and those organizations are more likely to be targeted again in Continue reading