0

The NSA and Skilz: Turning spying on you into a video game

What could possibly be creepier than a government organization (such as the NSA) having nearly unlimited access to your private, personal information (including access to your webcam)? Turns out, the answer is: when it gets turned into a video game. And it appears, they have done this. On Dec. 1, 2016, Wikileaks released a collection of documents relating to the German parliament inquiry of the cooperation between the German foreign intelligence agency (the BND) and the United States’ NSA. One particular document (pdf) within that collection caught my attention. It appears to be a report from an official at the European Cryptologic Center (ECC) from April 13, 2012, detailing how they can improve usage of Xkeyscore (XKS) to collect information about people. To read this article in full or to leave a comment, please click here

0

Containers & Serverless Functions Have Their Day on AWS

AWS goes open source with Blox and seriously revs up Lambda.

0

Get Trained on the AWS Cloud

Date: 6 December 2016
Time: 10am – 1.30pm IST
Location: Online

0

IDG Contributor Network: Solution to JIT-ROP cyber attacks: Scramble code quickly

A new software development technique promises to end destructive exploits from hackers. The concept is to continually, and repeatedly, rearrange the program’s code while it’s running—and do it very quickly. Doing that shuts down the hacker’s “window of opportunity” because he doesn’t know where to find bugs to hit with his poisonous attack. The scrambling occurs over milliseconds.Code reuse attacks are the kind of harmful exploits that can be stopped dead in their tracks, researchers say in an article on Columbia University’s website.To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Solution to JIT-ROP cyber attacks: Scramble code quickly

A new software development technique promises to end destructive exploits from hackers. The concept is to continually, and repeatedly, rearrange the program’s code while it’s running—and do it very quickly. Doing that shuts down the hacker’s “window of opportunity” because he doesn’t know where to find bugs to hit with his poisonous attack. The scrambling occurs over milliseconds.Code reuse attacks are the kind of harmful exploits that can be stopped dead in their tracks, researchers say in an article on Columbia University’s website.To read this article in full or to leave a comment, please click here

0

SDxCentral Weekly News Roundup — December 2, 2016

Kevin Johnson (ex-Juniper) gets a promotion; American Airlines picks IBM Cloud.

0

Butterfly

The post Butterfly appeared first on 'net work.

0

Researchers find a way bypass the iOS activation lock

Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner.The first report came Sunday from an Indian security researcher named Hemanth Joseph, who started investigating possible bypasses after being confronted with a locked iPad he acquired from eBay.The activation lock gets enabled automatically when users turn on the Find My iPhone feature via iCloud. It links the device to their Apple IDs and prevents anyone else from accessing the device without entering the associated password.One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.To read this article in full or to leave a comment, please click here

0

Researchers find a way bypass the iOS activation lock

Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner.The first report came Sunday from an Indian security researcher named Hemanth Joseph, who started investigating possible bypasses after being confronted with a locked iPad he acquired from eBay.The activation lock gets enabled automatically when users turn on the Find My iPhone feature via iCloud. It links the device to their Apple IDs and prevents anyone else from accessing the device without entering the associated password.One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.To read this article in full or to leave a comment, please click here

0

6 Steps for a Successful E-rate Season

E-rate, a government funded program, allows schools and libraries to implement and update in-building network infrastructure. For most school districts, this funding is to make sure all students have reliable access to Wi-Fi to enable digital learning and improve student outcomes. However, the process to apply and receive funding can be a little tedious; therefore, many schools do not finish the process or submit forms incorrectly, leading to a loss in funding.

0

oVirt Newsletter—November 2016

oVirt's development is continuing on pace, as the calendar year draws to a close and we get ready for a new year of development, evangelism, and making virtual machine management a simple process for everyone.

Here's what happened in November of 2016.

Software Releases

oVirt 4.0.6 Third Release Candidate is now available

oVirt 4.1.0 First Beta Release is now available for testing

In the Community

Testing ovirt-engine changes without a real cluster

Request for oVirt Ansible modules testing feedback

Deep Dives and Technical Discussions

Important Open Source Cloud Products [German]

Red Hat IT runs OpenShift Container Platform on Red Hat Virtualization and Ansible

Keynote: Blurring the Lines: The Continuum Between Containers and VMs [Video]

Quick Guide: How to Plan Your Red Hat Virtualization 4.0 Deployment

A Decade of KVM [Chinese]

Expansion of iptables Rules for oVirt 4.0 [Russian]

0

40% off Corsair Waterproof Shockproof 256GB USB 3.0 Flash Drive – Deal Alert

Military-style data transportation. That's how Corsair describes their Flash Survivor Stealth series of USB flash drives. Its anodized, aircraft-grade aluminum housing is waterproof to 200 meters, vibration-resistant, and shock-resistant while small enough to fit on your keychain. USB 3.0 offers read speeds up to four times faster than traditional USB 2.0 drives, so it's fast enough to play most videos directly from it, without having to transfer to a hard drive first. The drive is backwards compatible to 2.0 as well. Just plug it in, and it works with Windows, Mac OS and Linux without any additional software or drivers. This product also comes with a limited 5 year warranty. It averages 4.5 out of 5 stars from over 210 people on Amazon (read reviews), many of which report it's still alive after years of hard use. The 256GB model's list price of $157 has been reduced 40% to $94.62. To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Levi’s Stadium uses IoT to enhance 49ers’ fan experience

The San Francisco 49ers are my home football team. They aren't doing too well in the NFC West standings these days. On the plus side, though, they do have a great stadium.Levi's Stadium is about 40 miles south of San Francisco in Santa Clara, California. It seats more than 65,000 spectators in two bowl-like structures. The logistics are daunting for a stadium that big. Consider the issues involved with getting thousands of fans to their seats quickly and securely in time to enjoy the game. Parking—Purchasing parking passes digitally and providing turn-by-turn directions to the visitor's assigned lot Navigation—Helping fans quickly and easily find their seats Security—Mitigating risks and enabling fans to be the eyes and ears of the stadium and report any security issues that may occur. Refreshments—Ensuring fans get the food and beverages they want, when they want them. Beacons, IoT sensors and sophisticated mobile apps have elevated the experience for 49ers fans and changed the game for venue operators.To read this article in full or to leave a comment, please click here

0

Stuff The Internet Says On Scalability For December 2nd, 2016

Hey, it's HighScalability time:

 

• 18 minutes: latency to Mars; 100TB: biggest dynamodb table; 55M: visits to Kaiser were virtual; $2 Billion: yearly Uber losses; 91%: Apple's take of smartphone profits; 825: AI patents held by IBM; $8: hourly cost of a spot welding in the auto industry; 70%: Walmart website traffic was mobile; $3 billion: online black friday sales; 80%: IT jobs replaceable by automation; $7500: cost of the one terabit per second DDoS attack on Dyn; 


• Quotable Quotes:
  • @BotmetricHQ: #AWS is deploying tens of thousands of servers every day, enough to power #Amazon in 2005 when it was a $8.5B Enterprise. #reInvent
  • bcantrill: From my perspective, if this rumor is true, it's a relief. Solaris died the moment that they made the source proprietary -- a decision so incredibly stupid that it still makes my head hurt six years later.
  • Dropbox: it can take up to 180 milliseconds for data traveling by undersea cables at nearly the speed of Continue reading

0

Remote management app exposes millions of Android users to hacking

Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app itself.AirDroid has access to a device's contacts, location information, text messages, photos, call logs, dialer, camera, microphone and the contents of the SD card. It can also perform in-app purchases, change system settings, disable the screen lock, change network connectivity and much more.To read this article in full or to leave a comment, please click here

0

Remote management app exposes millions of Android users to hacking

Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app itself.AirDroid has access to a device's contacts, location information, text messages, photos, call logs, dialer, camera, microphone and the contents of the SD card. It can also perform in-app purchases, change system settings, disable the screen lock, change network connectivity and much more.To read this article in full or to leave a comment, please click here

0

Worth Reading: Akamai on the Krebs DDoS

Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated. —Krebs on Security

The post Worth Reading: Akamai on the Krebs DDoS appeared first on 'net work.

0

Post Black Friday 2016 deals: Best Buy Special Edition Tech Sale

Just in case you aren't spending enough already on tech products, Best Buy is offering a post-Black Friday 2016 Special Edition Tech Sale featuring super fancy laptops, tablet cases and computer mice. We're talking everything the fashionista or hardcore fanboy/fangirl on your holiday shopping list didn't know they needed. Best Buy's Special Edition Tech collection features 11 items and they'll be available while supplies last starting on Dec. 4 in select stores and online at BestBuy.com. MORE: 50-plus eye-popping Black Friday 2016 tech dealsTo read this article in full or to leave a comment, please click here

0

Show 317: Nuage Networks’ Virtualized Security Services (Sponsored)

Sponsor Nuage Networks joins the Packet Pushers to discuss Virtualized Security Services (VSS), a new security module for real-time analysis, monitoring, and remediation of incidents. The post Show 317: Nuage Networks’ Virtualized Security Services (Sponsored) appeared first on Packet Pushers.

0

Trump cybersecurity dos and don’ts

President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49 percent of cybersecurity professionals said cybersecurity is a critical issue and should be the top national security priority for the next President, while 45 percent said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front line see cybersecurity as a major priority, this should speak volumes to the President-elect. To read this article in full or to leave a comment, please click here