NetworkingNexus.net

When anti-malware vendors get into a slap fight, users lose

All is quiet on the Microsoft front, but there are other technology issues to address, which I will be doing in the next few blogs. The first is about a battle between two anti-malware vendors: PC Pitstop and Malwarebytes. --------------------------------------------------------Most software markets tend to consolidate around a handful or even one or two vendors. How many competitors are there for Photoshop, after all? But there are two markets that thrive and have a large number of players: gaming and anti-virus/anti-malware. It started about a month ago. On Dec. 7, PC Pitstop, maker of the PC Matic repair software and those obnoxious TV commercials, posted a ransomware test performed by AV Comparatives that included its PC Matic product and its many competitors, including Malwarebytes, the latter included for the first time. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Using artificial intelligence to teach computers to see

Creating a self-driving car should not be difficult, but it’s taking a while. Autonomous vehicles have been making headlines for years now, yet few of us have ever been in one or even seen one. We know that flying planes is more difficult than driving cars, yet pilots have enjoyed autopilot for decades. What gives?The answer is clear, or more precisely, clear vision. Pilots have used autopilot for decades in clear, open skies. Roads are more complex.The actual mechanics of operating a vehicle (accelerating, braking, steering, etc.) are all well understood and programmable. Most of the rules and logic of driving are programmable, too. But understanding and instructing vision is very complex. The good news is that incredible progress is being made, and the technology will have far-reaching implications.To read this article in full or to leave a comment, please click here

Samsung expects big profit despite Note7 crisis

The financial impact of the Note7 recall seems to be largely behind Samsung Electronics, which on Friday forecast that its profit has grown year-on-year by close to 50 percent in the fourth quarter.A major proportion of the profit of the largest smartphone company is expected to come from components such as memory chips and display panels, rather than from smartphones, according to analysts, a shift that was noticed in the third quarter as well."They were fortunate that their memory and displays businesses could offset the doom and gloom resulting from the Note 7 debacle last quarter," said Bryan Ma, vice president for devices research at IDC.To read this article in full or to leave a comment, please click here

Notes about the FTC action against D-Link

Today, the FTC filed a lawsuit[*] against D-Link for security problems, such as backdoor passwords. I thought I'd write up some notes.

The suit is not "product liability", but "unfair and deceptive" business practices for promising "security". In addition, they interpret "security" different from the cybersecurity community.

This needs to be stressed because right now in our industry, there is a big discussion of product liability, insisting that everything attached to the Internet needs to be secured. People will therefore assume the FTC action is based on "liability".

Instead, all six counts are based upon the fact that D-Link offers its products for securing networks, and claims they are secure. Because they have backdoor passwords, clear-text passwords, command-injection bugs, and public private-keys, the FTC feels the claims of security to be untrue.

The key point I'm trying to make is that D-Link can resolve the suit (in theory) by simply removing all claims of "security". Sure, it can claim it supports stateful-inspection firewalls and WPA2, but not things like "WPA2 security". (Sure, the FTC may come back with a new lawsuit -- but it would solve the points raised in this one).

On the other hand, while "deception" Continue reading

Profs: you should use JavaScript to teach Computer Science

Universities struggle with the canonical programming language they should teach students for Computer Science. Ideally, as they take computer science classes, all the homework assignments and examples will be in the same language. Today, that language is usually Java or Python. It should be JavaScript.

The reason for this is simple: whatever language you learn, you will also have to learn JavaScript, because it's the lingua franca of web browsers.

Python is a fundamentally broken language. Version 3 is incompatible with version 2, but after a decade, version 2 is still more popular. It's still unforgivably slow: other languages use JITs as a matter of course to get near native speed, while Python is still nearly always interpreted. Python isn't used in the real world, it's far down the list of languages programmers will use professionally. Python is primarily a middlware language, with neither apps nor services written in it.

Java is a fine language, but there's a problem with it: it's fundamentally controlled by a single company, Oracle, who is an evil company. Consumer versions of Java come with viruses. They sue those who try to come up with competing versions of Java. It's not an "open" system necessary Continue reading

FBI dispute with DNC over hacked servers may fuel doubt on Russia role

The FBI may have been forced into a misstep when investigating whether Russia hacked the Democratic National Committee -- the agency never directly examined the DNC servers that were breached.Instead, the FBI had to rely on forensic evidence provided by third-party cybersecurity firm CrowdStrike, which the DNC hired to mitigate the breach.“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed,” the agency said on Thursday in a statement.The incident threatens to spark more skepticism over whether the U.S. properly arrived at its conclusion that Russian cyberspies were responsible for the breach.To read this article in full or to leave a comment, please click here

FBI dispute with DNC over hacked servers may fuel doubt on Russia role

MP on Vertitech IT’s “Best IT Blogs 2017”

This is a quick post to say thanks to the folks at Vertitech IT for listing movingpackets.net among their Best IT Blogs for 2017 (“Must-Read Resources for CIOs, IT & Security Pros”).

In their own words:

VertitechIT’s top 50 IT blogs were selected because they are among the most current, frequently updated, credible, and informative sources of information related to IT on the web today. From musings of industry leaders, to the veteran guys and gals in the trenches who chronicle their IT journeys, these 50 blogs all have something important to say about the IT world of today, and tomorrow.

Vertitech’s list is definitely worth a browse; I’m very flattered to be listed in such amazing company. I was also delighted to see that NetworkingNerd, Jeremy Stretch and Chris Wahl were featured as well; are all blogs I follow from people I respect.

Some other highlights include Cisco, Gigaom, the Forrester Blog for CIOs, Solarwinds’ Geek Speak (for whom – along with other contributors – I have written a number of blog posts), SC Magazine and TechCrunch Enterprise.

I’m delighted to even be on the same page as these other outlets. Go check the list out and perhaps you’ll also find some great Continue reading

A new Wi-Fi spec will help smart homes run like clockwork

Wi-Fi is an obvious candidate for connecting almost any device that can be plugged into a wall, because it’s already running in nearly every home that has broadband. But can all those products work in lockstep when timing matters, like while video and audio are streaming on several devices?The Wi-Fi Alliance says it has a way to make sure they do. On Thursday at CES, the industry group announced Wi-Fi Certified TimeSync, a specification for precise time synchronization among Wi-Fi devices. It’s expected to be available in the middle of this year.When Wi-Fi began as a wireless way to send packets of data between computers, synchronized clocks didn’t matter. When the packets arrived, the screen appeared or the page was printed. But now that Wi-Fi has a growing role in home entertainment, timing matters.To read this article in full or to leave a comment, please click here

KillDisk cyber sabotage tool evolves into ransomware

A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations, cutting power for thousands of people. A month before that, it was used against a major news agency in Ukraine.Since then, KillDisk has been used in other attacks, most recently against several targets from the shipping sector, according to security researchers from antivirus vendor ESET.However, the latest versions have evolved and now act like ransomware. Instead of wiping the data from the disk, the malware encrypts it and displays a message asking for 222 bitcoins to restore them. That's the equivalent of $216,000, an unusually large sum of money for a ransomware attack.To read this article in full or to leave a comment, please click here

KillDisk cyber sabotage tool evolves into ransomware

Microsoft is bundling cloud services to make cars smarter

CES has turned into the first car show of the year, with major automakers choosing to show off upcoming features in Las Vegas. Microsoft wants to help make cars more intelligent, and it unveiled a new suite of services Thursday to do so.The Connected Vehicle Platform brings together a smorgasbord of services from Microsoft, including Azure IoT Hub, Cortana Intelligence Suite, Microsoft Dynamics and many others. In addition, Office 365, Skype for Business and Cortana can be integrated with the platform.It’s not a surprising move. Microsoft frequently packages cloud services as suites, then markets them for kick-starting particular applications. Furthermore, the company has been saying for some time that its goal in car tech is to support carmakers rather than build its own connected cars.To read this article in full or to leave a comment, please click here

Why We Wear Seat Belts On Airplanes

This post is inspired by Matt Simmons‘ fantastic post on why we still have ashtrays on airplanes, despite smoking being banned over a decade ago. This time, I’m going to cover seat belts on airplanes. I’ve often heard people balking at the practice for being somewhat arbitrary and useless, much like balking at turning off electronic devices before takeoff. But while some rules in commercial aviation are a bit arbitrary, there is a very good reason for seat belts.

In addition to being a very, very frequent flier (I just hit 1 million miles on United), I’m also a licensed fixed wing pilot and skydiving instructor. Part of the training of any new skydiver is what we call the “pilot briefing”. And as part of that briefing we talk about the FAA rules for seat belts: They should be on for taxi, take-off, and landing. That’s true for commercial flights as well.

Some people balk at the idea of seat belts on commercial airliners. After all, if you fly into the side of a mountain, a seat belt isn’t going to help much. But they’re still important.

84271048

Your Seat Belt Is For Me, My Seat Belt Is For You

Let’s Encrypt with DANE

For many years we’ve seen Domain Name certificates priced as a luxury add-on, costing many times more than the original name registration fees. Let’s Encrypt has broken that model and now basic security is now freely available to anyone. But the CA model itself is not all that robust, and there are still some critical vulnerabilities that can be exploited by a well-resourced attacker. Adding DANE TSLA records to the DNS signed zone, and equipping user applications, such as browsers, with an additional DNS lookup to fetch and validate the TLSA record is a small step, but a significant improvement to the overall security picture.

Nvidia & Audi Set a 2020 Timeframe for Level 4 Autonomous Cars

Level 4 is one step below a fully driverless car.

20% off Spigen 42mm Apple Watch Case and 2 Screen Protectors – Deal Alert

For the ultimate protection against drops and scratches, Spigen has invented the Rugged Armor case for your 42mm Apple Watch. The case features glossy accents and carbon fiber textures, and air absorption for superior shock protection. The product ships with 2 screen protectors as well, and is currently listed for just $11.99, 20% off its list price. See the deal on Amazon.To read this article in full or to leave a comment, please click here

8K matures at CES, but your PC may not be ready

In 2020, 4K will be passe. The 2020 Tokyo Olympics will be broadcast in the 8K resolution, which is four times deeper than 4K.The 8K resolution -- 7680 x 4320 pixels -- will make movies will look stunning, and gaming will be even better than on today's PlayStation Pro or Xbox One S.There's a good chance you aren't thinking of 8K yet because you haven't even moved to 4K. The early 8K adopters will be gamers looking to buy the latest and greatest hardware, and creative professionals making 8K content.Content creation is as important as the hardware itself, and efforts to broadcast at 8K are underway. PCs are getting ready: Microsoft has said Windows 10 will support 8K.To read this article in full or to leave a comment, please click here

8K matures at CES, but your PC may not be ready

Attending DockerCon? Choose what workshop to attend

Following in last year’s major success, we are excited to be bringing back and expand the paid workshops at DockerCon 2017. The pre-conference workshops will focus on a range of subjects from Docker 101 to deep dives in networking, Docker for JAVA and advanced orchestration. Each workshop is designed to give you hands-on instruction and insight on key Docker topics, taught by Docker Engineers and Docker Captains. The workshops are a great opportunity to get better acquainted and excited about Docker technology to start off DockerCon week.

DockerCon workshops

Take advantage of the lowest DockerCon pricing and get your Early Bird Ticket + Workshop now! Early Bird Tickets are limited and will sell out in the next two weeks!

Here are the basics of the DockerCon workshops:

Date: Monday, April 17, 2017

Time: 2:00pm – 5:00pm

Where: Austin Convention Center – 500 E. Cesar Chavez Street, Austin, TX

Cost: $150

Class size: Classes will remain small and are limited to 50 attendees per class.

Registration: The workshops are only open to DockerCon attendees. You can register for the workshops as an add-on package through the registration site here.

DockerCon workshops

Below are overviews of each workshop. To learn more about each topic head over Continue reading

FTC goes after D-Link for shoddy security in routers, cameras

The U.S. Federal Trade Commission is cracking down on D-Link for selling wireless routers and internet cameras that can easily be hacked, the regulator said Thursday.Thousands of consumers are at risk, the FTC said in a complaint filed against the Taiwanese manufacturer charging D-Link with repeatedly failing to take reasonable measures to secure the products.The action comes as hackers have been hijacking poorly secured internet-connected products to launch massive cyberattacks that can force websites offline. Recently, a notorious malware known as Mirai has been found infecting routers, cameras, and DVRs built with weak default passwords.To read this article in full or to leave a comment, please click here

« Previous 1 … 2,366 2,367 2,368 2,369 2,370 … 3,794 Next »