That Hearbleed problem may be more pervasive than you think

 That lingering Hearbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here

69% off Omaker M4 Portable Bluetooth Shower and Outdoor Speaker with 12 Hour Playtime – Deal Alert

The M4 speaker from Omaker is IP54 rated, so its rugged splash, shock and dustproof design makes it ideal for shower and outdoor use. The latest Bluetooth 4.0 technology helps it pair quickly with your device (tap-to-pair with NFC capable devices) and maintain a long 33-foot connection range. Crystal clear sound quality and robust bass is realized through a 3W audio driver and passive subwoofer. The M4 is capable of producing 12 hours of music at 80% volume, up to three times longer than similar-sized portable speakers. It  fully recharges in just 3 hours using an included Micro USB cable. The unit averages 4.5 out of 5 stars from over 4,800 people on Amazon (read reviews), many of which report sound quality that rivals more expensive speakers. Amazon indicates that its list price has been reduced significantly to just $27.99. See the discounted Omaker M4 speaker now on Amazon.To read this article in full or to leave a comment, please click here

36% off iHealth Oxygen level, Pulse rate, and Perfusion Index Monitor – Deal Alert

This handy meter gives fast and reliable readings of your oxygen level, pulse rate, and perfusion index, wirelessly on your smartphone or tablet. Using the iHealth app, easily record and save your data to the secure, HIPPA compliant iHealth cloud for meaningful results you can track over time for yourself or a caregiver. This iHealth monitor typically lists for $69.95, but is currently discounted 36% to $44.79. See the discounted item now on Amazon.To read this article in full or to leave a comment, please click here

And Then They Join You… – Open Source @VMware

This seems significant. VMware has hired a key Linux kernel contributor, specifically Real Time.

We have seen a substantial reversal of open source commitments by many incumbent vendors eg. Cisco in ODL, HPE Openswitch. VMware might be increasing its commitment.

This company that I am now at, VMware, is taking open source seriously. By hiring myself and others, VMware is not just talking about open source, but wants to actively take part in the community. Actions speak much louder than words. Linux and open source has won and is here to stay. Linux is now a key part of enterprise software and companies like VMware acknowledge this, and they are making an effort to join, and become a productive member of the open source community.

And Then They Join You… – Open Source @VMware – VMware Blogs : https://blogs.vmware.com/opensource/2017/01/26/and-then-they-join-you/

The post And Then They Join You… – Open Source @VMware appeared first on EtherealMind.

Is ‘aqenbpuu’ a bad password?

Press secretary Sean Spicer has twice tweeted a random string, leading people to suspect he's accidentally tweeted his Twitter password. One of these was 'aqenbpuu', which some have described as a "shitty password". Is is actually bad?

No. It's adequate. Not the best, perhaps, but not "shitty".


It depends upon your threat model. The common threats are password reuse and phishing, where the strength doesn't matter. When the strength does matter is when Twitter gets hacked and the password hashes stolen.

Twitter uses the bcrypt password hashing technique, which is designed to be slow. A typical desktop with a GPU can only crack bcrypt passwords at a rate of around 321 hashes-per-second. Doing the math (26 to the power of 8, divided by 321, divided by one day) it will take 20 years for this desktop to crack the password.

That's not a good password. A botnet with thousands of desktops, or a somebody willing to invest thousands of dollars on a supercomputer or cluster like Amazon's, can crack that password in a few days.

But, it's not a bad password, either. A hack of a Twitter account like this would be a minor event. It's not Continue reading

Pseudo-Math to Measure Network Fragility Risk

Some of you may have heard me ranting on Packet Pushers on stupid network tricks and why we continue to be forced to implement kluges as a result.  I made some comment about trying to come up with some metric to help measure the deviation of the network from the “golden” desired state to the dirty, dirty thing that it’s become over time due to kluges and just general lack of network hygiene.

So I decided that I would write a bit of code to get the conversation started. All code discussed is available on my github here

The Idea

What I wanted here was to create some pseudo-mathematical way of generating a measurement that can communicate to the management structure WHY the requested change is a really, really, bad idea.

Imagine these two conversations:

bad-conversation

good-conversation

Which conversation would you like to be part of?

Assumptions:

I’m making some assumptions here that I think it’s important to talk about.

  1. You have a source-of-truth defined for your network state. That is you have abstracted your network state into some YAML files or something like that.
  2. You have golden configurations defined in templates (ex Jinja2 ). These templates can be combined with your Continue reading

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

The Last Mile – Helping Accelerate NSX Adoption through Solution Providers

VMware NSX is a network virtualization platform with use cases encompassing security, automation and application continuity. This allows the solution to address the needs of the business today as well as in the future, as new projects and use cases are explored. The VMware Networking and Security Business Unit (NSBU) by extension through VMware Solution Providers, assists customers as they begin their network virtualization journey through our Last Mile Mentoring Program.

Setting You Up for Success

The Last Mile Mentoring program is unique in the industry because it pairs VMware and solution provider teams together on customer deployment projects. Throughout a customer deployment, NSBU Solutions Architects shadow solution provider technical teams, providing advisory support through design reviews and implementation oversight throughout the engagement.

Customers can engage with their trusted solution providers on the implementation and deployment of NSX, with VMware providing dedicated resources and direct on-the-job guidance to ensure the success of the deployment at no additional cost.

Key Components of the Last Mile Mentoring Program:

  • Dedicated NSBU Solutions Architect support
  • NSX design & deployment oversight
  • Custom knowledge transfer sessions
  • Shadow opportunities – On-site and Remote

Success Story – The Louisiana Department of Health

Through the NSX Last Mile Continue reading

Cloud growth continues to boost Microsoft’s financials

Microsoft’s focus on the cloud continues to pay off. The tech titan showed growth across all its cloud-based businesses during the last quarter ended Dec. 31, including Office, Dynamics and Azure.Reporting financial results for its fiscal second quarter on Thursday, the company said its Commercial Cloud business is pulling in revenue at the rate of $14 billion per year. During the previous quarter, that rate was $13 billion.Azure growth was especially strong. Azure compute usage more than from a year earlier, and revenue from the business grew by 93 percent.To read this article in full or to leave a comment, please click here

Alphabet earnings surge on mobile, YouTube

Alphabet reported significantly higher revenue for the fourth quarter of 2016 on the back of increased mobile and YouTube video advertising.Revenue in the last three months of the year jumped 22 percent from a year earlier, reaching $26.1 billion, while net income rose 8 percent to $5.3 billion.“2016 was simply a great year for us,” said Ruth Porat, chief financial officer of Alphabet and Google, in a conference call with analysts.The vast majority of the quarter's revenue, $22.4 billion, came from Google's advertising business, with $3.4 billion coming from other business segments such as hardware sales, the Google Play Store and Google's Cloud services.To read this article in full or to leave a comment, please click here

AWS Outlines Current HPC Cloud User Trends

Last week we discussed the projected momentum for FPGAs in the cloud with Deepak Singh, general manager of container and HPC projects at Amazon Web Services. In the second half of our interview, we delved into the current state of high performance computing on Amazon’s cloud.

While the company tends to offer generalizations versus specific breakdowns of “typical” workloads for different HPC application types, the insight reveals a continued emphasis on pushing new instances to feed both HPC and machine learning, continued drive to push ISVs to expand license models, and continued work to make running complex workflows more seamless.

AWS Outlines Current HPC Cloud User Trends was written by Nicole Hemsoth at The Next Platform.

U.S. companies spending millions to satisfy Europe’s GDPR

Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million, says Jay Cline, PwC’s U.S. privacy leader.Cline says PwC ‘slatest survey showed that fear remains the biggest motivator for U.S. CIOs, who are “connecting the dots” after watching data breaches lead to lost revenues, regulatory fines and the erosion of consumer trust. “U.S. companies see the connection between doing privacy well and greater revenues and consumer trust,” says Cline, who surveyed 200 CIOs, CISOs and other C-suite executives.To read this article in full or to leave a comment, please click here

U.S. companies spending millions to satisfy Europe’s GDPR

Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million, says Jay Cline, PwC’s U.S. privacy leader.Cline says PwC ‘slatest survey showed that fear remains the biggest motivator for U.S. CIOs, who are “connecting the dots” after watching data breaches lead to lost revenues, regulatory fines and the erosion of consumer trust. “U.S. companies see the connection between doing privacy well and greater revenues and consumer trust,” says Cline, who surveyed 200 CIOs, CISOs and other C-suite executives.To read this article in full or to leave a comment, please click here

Google wants to add AI to gadgets made using Raspberry Pi

Google wants to bring smarts to cool gadgets and devices made using Raspberry Pi 3 or Intel's Edison.The company is chasing makers with open-source tools needed to add artificial intelligence to consumer, industrial, and retail devices made using board computers.The plan may include machine-learning tools, which are central to AI. AI helps Apple's Siri, Amazon's Alexa, and Microsoft's Cortana answer questions, and also helps self-driving cars cruise the streets safely."We don't have any specifics to announce right now, but we're excited to keep sharing open-source machine learning tools with the community -- stay tuned for more this year," a Google spokesman said in an email.To read this article in full or to leave a comment, please click here

1 2,358 2,359 2,360 2,361 2,362 3,841