Is ‘aqenbpuu’ a bad password?

Press secretary Sean Spicer has twice tweeted a random string, leading people to suspect he's accidentally tweeted his Twitter password. One of these was 'aqenbpuu', which some have described as a "shitty password". Is is actually bad?

No. It's adequate. Not the best, perhaps, but not "shitty".


It depends upon your threat model. The common threats are password reuse and phishing, where the strength doesn't matter. When the strength does matter is when Twitter gets hacked and the password hashes stolen.

Twitter uses the bcrypt password hashing technique, which is designed to be slow. A typical desktop with a GPU can only crack bcrypt passwords at a rate of around 321 hashes-per-second. Doing the math (26 to the power of 8, divided by 321, divided by one day) it will take 20 years for this desktop to crack the password.

That's not a good password. A botnet with thousands of desktops, or a somebody willing to invest thousands of dollars on a supercomputer or cluster like Amazon's, can crack that password in a few days.

But, it's not a bad password, either. A hack of a Twitter account like this would be a minor event. It's not Continue reading

Pseudo-Math to Measure Network Fragility Risk

Some of you may have heard me ranting on Packet Pushers on stupid network tricks and why we continue to be forced to implement kluges as a result.  I made some comment about trying to come up with some metric to help measure the deviation of the network from the “golden” desired state to the dirty, dirty thing that it’s become over time due to kluges and just general lack of network hygiene.

So I decided that I would write a bit of code to get the conversation started. All code discussed is available on my github here

The Idea

What I wanted here was to create some pseudo-mathematical way of generating a measurement that can communicate to the management structure WHY the requested change is a really, really, bad idea.

Imagine these two conversations:

bad-conversation

good-conversation

Which conversation would you like to be part of?

Assumptions:

I’m making some assumptions here that I think it’s important to talk about.

  1. You have a source-of-truth defined for your network state. That is you have abstracted your network state into some YAML files or something like that.
  2. You have golden configurations defined in templates (ex Jinja2 ). These templates can be combined with your Continue reading

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

The Last Mile – Helping Accelerate NSX Adoption through Solution Providers

VMware NSX is a network virtualization platform with use cases encompassing security, automation and application continuity. This allows the solution to address the needs of the business today as well as in the future, as new projects and use cases are explored. The VMware Networking and Security Business Unit (NSBU) by extension through VMware Solution Providers, assists customers as they begin their network virtualization journey through our Last Mile Mentoring Program.

Setting You Up for Success

The Last Mile Mentoring program is unique in the industry because it pairs VMware and solution provider teams together on customer deployment projects. Throughout a customer deployment, NSBU Solutions Architects shadow solution provider technical teams, providing advisory support through design reviews and implementation oversight throughout the engagement.

Customers can engage with their trusted solution providers on the implementation and deployment of NSX, with VMware providing dedicated resources and direct on-the-job guidance to ensure the success of the deployment at no additional cost.

Key Components of the Last Mile Mentoring Program:

  • Dedicated NSBU Solutions Architect support
  • NSX design & deployment oversight
  • Custom knowledge transfer sessions
  • Shadow opportunities – On-site and Remote

Success Story – The Louisiana Department of Health

Through the NSX Last Mile Continue reading

Cloud growth continues to boost Microsoft’s financials

Microsoft’s focus on the cloud continues to pay off. The tech titan showed growth across all its cloud-based businesses during the last quarter ended Dec. 31, including Office, Dynamics and Azure.Reporting financial results for its fiscal second quarter on Thursday, the company said its Commercial Cloud business is pulling in revenue at the rate of $14 billion per year. During the previous quarter, that rate was $13 billion.Azure growth was especially strong. Azure compute usage more than from a year earlier, and revenue from the business grew by 93 percent.To read this article in full or to leave a comment, please click here

Alphabet earnings surge on mobile, YouTube

Alphabet reported significantly higher revenue for the fourth quarter of 2016 on the back of increased mobile and YouTube video advertising.Revenue in the last three months of the year jumped 22 percent from a year earlier, reaching $26.1 billion, while net income rose 8 percent to $5.3 billion.“2016 was simply a great year for us,” said Ruth Porat, chief financial officer of Alphabet and Google, in a conference call with analysts.The vast majority of the quarter's revenue, $22.4 billion, came from Google's advertising business, with $3.4 billion coming from other business segments such as hardware sales, the Google Play Store and Google's Cloud services.To read this article in full or to leave a comment, please click here

AWS Outlines Current HPC Cloud User Trends

Last week we discussed the projected momentum for FPGAs in the cloud with Deepak Singh, general manager of container and HPC projects at Amazon Web Services. In the second half of our interview, we delved into the current state of high performance computing on Amazon’s cloud.

While the company tends to offer generalizations versus specific breakdowns of “typical” workloads for different HPC application types, the insight reveals a continued emphasis on pushing new instances to feed both HPC and machine learning, continued drive to push ISVs to expand license models, and continued work to make running complex workflows more seamless.

AWS Outlines Current HPC Cloud User Trends was written by Nicole Hemsoth at The Next Platform.

U.S. companies spending millions to satisfy Europe’s GDPR

Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million, says Jay Cline, PwC’s U.S. privacy leader.Cline says PwC ‘slatest survey showed that fear remains the biggest motivator for U.S. CIOs, who are “connecting the dots” after watching data breaches lead to lost revenues, regulatory fines and the erosion of consumer trust. “U.S. companies see the connection between doing privacy well and greater revenues and consumer trust,” says Cline, who surveyed 200 CIOs, CISOs and other C-suite executives.To read this article in full or to leave a comment, please click here

U.S. companies spending millions to satisfy Europe’s GDPR

Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million, says Jay Cline, PwC’s U.S. privacy leader.Cline says PwC ‘slatest survey showed that fear remains the biggest motivator for U.S. CIOs, who are “connecting the dots” after watching data breaches lead to lost revenues, regulatory fines and the erosion of consumer trust. “U.S. companies see the connection between doing privacy well and greater revenues and consumer trust,” says Cline, who surveyed 200 CIOs, CISOs and other C-suite executives.To read this article in full or to leave a comment, please click here

Google wants to add AI to gadgets made using Raspberry Pi

Google wants to bring smarts to cool gadgets and devices made using Raspberry Pi 3 or Intel's Edison.The company is chasing makers with open-source tools needed to add artificial intelligence to consumer, industrial, and retail devices made using board computers.The plan may include machine-learning tools, which are central to AI. AI helps Apple's Siri, Amazon's Alexa, and Microsoft's Cortana answer questions, and also helps self-driving cars cruise the streets safely."We don't have any specifics to announce right now, but we're excited to keep sharing open-source machine learning tools with the community -- stay tuned for more this year," a Google spokesman said in an email.To read this article in full or to leave a comment, please click here

Nasuni CEO: ‘We’re going to liberate you from the bottleneck around your files’

When it comes to file systems, scale is the enemy, according to Andres Rodriguez, CEO of Nasuni. And the best weapon in the battle for scale is the cloud. Nasuni claims to have developed the first cloud-native file system, delivering not only virtually unlimited scale in the cloud but rapid access to files from locations around the world. To read this article in full or to leave a comment, please click here(Insider Story)

Nasuni CEO: ‘We’re going to liberate you from the bottleneck around your files’

When it comes to file systems, scale is the enemy, according to Andres Rodriguez, CEO of Nasuni. And the best weapon in the battle for scale is the cloud. Nasuni claims to have developed the first cloud-native file system, delivering not only virtually unlimited scale in the cloud but rapid access to files from locations around the world. To read this article in full or to leave a comment, please click here(Insider Story)

As Baby Boomers retire, the shortage of mainframe professionals grows more acute  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  For years we have been hearing about critical IT skills shortages. Companies just can’t find enough (or the right) people with expertise in mobility, cybersecurity, data storage, networking, cloud and other important areas.There’s one area, however, where the shortage is becoming acute, and affected companies that don’t act now might soon find themselves in a world of hurt. I’m talking about the business-critical discipline of mainframe stewardship.Experts have been warning about this for at least a decade, and the days of reckoning are here, driven largely by the fact that mainframe champions are retiring from the workforce in droves. People who started their IT careers in the 1970’s and 1980’s – when the mainframe was king – are now baby boomers at the end of their careers. The generations behind them took up different computing platforms, meaning there are few people to pass the mainframe torch to. By some estimates there will be more than 84,000 open positions in this field by 2020.To read this article in full or to leave a comment, please click here

Worth Reading: IPv6 server addressing strategies

In this post, I’ll discuss configuration approaches for systems that usually have been configured with “static” IP parameters in the IPv4 age/context (for example, servers in data centres). When it comes to IPv6 there are more options and we’ll have a look at their implications and potential advantages/disadvantages. —APNIC

The post Worth Reading: IPv6 server addressing strategies appeared first on 'net work.

Gmail will block JavaScript attachments, a common source of malware

Starting Feb. 13, Google will no longer allow JavaScript attachments on its Gmail service, killing one of the main methods of malware distribution over the past two years.Users will no longer be able to attach .JS files to emails in Gmail, regardless of whether they attach them directly or they include them in archives like .gz, .bz2, .zip or .tgz. For those rare cases when such files need to be shared via email, users can upload them to a storage service like Google Drive and then share the link.The .JS file extension will be added an existing list of other banned file attachments that includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF and .WSH. Most of these file types have long been abused by cybercriminals to send malware via email.To read this article in full or to leave a comment, please click here

1 2,375 2,376 2,377 2,378 2,379 3,858