NetworkingNexus.net

A Broken Process Placing Consumers at Risk

Below is a chat session I had with Pearson Vue several months ago as I attempted to schedule a recertification exam. Apparently, I have two accounts with them and that prevents next day test scheduling. To put it mildly, I don’t think they adequately explain how they could possibly guarantee non-disclosure of data with email as a transport. Moreover, this seems to indicate a serious disconnect between security and business operations.

Screen Shot 2016-04-07 at 2.00.18 PM

Image Link – for FULL Size View

I’m not going to explain the problems with this, PacketU readers understand why email is not [in and of itself] a secure method for file transport. When I experience an exchange like this, I see how segregated business practices can be and what a negative impact it can have from an information security perspective. Its not a matter of if, but a matter of when, bad things will happen as a result of not taking security seriously.

—

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

No related content found.

The post A Broken Process Placing Consumers at Risk appeared Continue reading

The US has sanctioned Russia over election hacking

The U.S. government has sanctioned Russia's main two intelligence agencies, four military intelligence officers and is kicking out 35 Russian diplomats over what it says was aggressive harassment of U.S. officials and cyber operations around the 2016 presidential election. The move follows up on a pledge made by President Obama to retaliate against Russia for hacks of the Democratic National Committee and other political targets. The U.S. also released a detailed assessment by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) of the cyber attacks.To read this article in full or to leave a comment, please click here

The US has sanctioned Russia over election hacking

APM Startup AppDynamics Files for IPO

The APM unicorn seems likely to carry high expectations.

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

It’s 2017 and changing other people’s flight bookings is incredibly easy

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people's reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem. Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.To read this article in full or to leave a comment, please click here

It’s 2017 and changing other people’s flight bookings is incredibly easy

brvirt: when brctl meets virsh

Hypervisors diversity is definitely one of the benefits of having Nuage managing your next-generation network. That means that we, as Nuage engineers, have to play with all kinds of hypervisors — like KVM, ESXi and Hyper-V to be more precise. As to me, I love to work with KVM most, simply because it gives you that feel that you

IDG Contributor Network: More file sync and sharing industry FUD

I received a pitch the other day from a vendor in the enterprise file sharing and synchronization (EFSS) space. I won't name the company. I probably should, to really show my scorn, but I'll deny them the Google juice instead.Anyway, the pitch told me about how said vendor made a "startling discovery" as it was planning a routine Google Adwords Campaign. It seemed that searches inadvertently turned up sensitive and confidential materials.Said vendor apparently disclosed the finding to the two other EFSS vendors, who indicated they would address the "security flaw." Now, some three years later, the same thing is happening.To read this article in full or to leave a comment, please click here

PLUMgrid Employees Could Help VMware’s Cloud-Native Push

Networking isn't the only VMware group that stands to benefit.

APIC-EM Path Trace Examples – Overlay Networks

Since seeing the APIC-EM Path Trace demo for the first time and seeing how it represents CAPWAP, I’ve been curious how well it deals with other types of overlay/underlay networking. This article is a brief synopsis of that testing and provides some visuals around what was produced with this free management tool.

TL;DR–APIC-EM adds value to most network path traces and typically represents what it knows. The single exception is with MPLS VPNv4. If the MPLS PE nodes are pulled into the device inventory, path trace has a total lack of understanding around the recursive lookup into the global vrf that is required for VPNv4 functionality.

CAPWAP Representation — The Gold Standard

I wanted to start out by showing what an ideal representation of an overlay network would be for a tool like this. Path Trace understands AND clearly represents both the underlay and the overlay network for traffic flowing through a CAPWAP tunnel. The image below shows the extent of the tunnel (darker gray) and the physical components that are responsible for delivery (both through the tunnel and outside of the tunnel).

Testing Topology

For the additional testing, I built the following topology and integrated APIC-EM into my Continue reading

6 Noteworthy IoT Acquisitions That Happened in 2016

In the IoT space, M&A is the name of the game.

Headcount: The Latest in Hirings, Firings And Retirings for December 2016

Margaret Chiosi joins Huawei; Krish Prabhu leaves AT&T.

Beyond Digitization To Digitalization

Enterprises need to adopt a digital transformation strategy that extends past the process of digitization.

5 signs we’re finally getting our act together on security

The high-water line in information security gets higher each year. Just as we think we’ve finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next.For example, ransomware has surged in the last year. Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently. Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day. A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time. As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said.To read this article in full or to leave a comment, please click here

5 signs we’re finally getting our act together on security

Apple’s 10 biggest wins, fails, and WTF moments of 2016

Apple has been doomed for decades, if the steady stream of headlines about the company, its stock price, and its product lineup are to be believed. If The Macalope has taught us anything, it's that the Apple deathwatch business is a brisk (and bizarre) one. The truth is much more complex. But by any measure, 2016 was a particularly tough year for Apple.The company endured a bitter legal fight with the FBI, saw its first revenue decline in more than a decade, and faced backlash over hardware tweaks in its upgraded flagship products: the iPhone 7’s lack of a 3.5mm audio jack and the overhauled MacBook Pro’s less-than-pro specs for a decidedly pro price.To read this article in full or to leave a comment, please click here

« Previous 1 … 2,403 2,404 2,405 2,406 2,407 … 3,818 Next »

A Broken Process Placing Consumers at Risk

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

The US has sanctioned Russia over election hacking

The US has sanctioned Russia over election hacking

APM Startup AppDynamics Files for IPO

New year’s resolution for IoT vendors: Start treating LANs as hostile

New year’s resolution for IoT vendors: Start treating LANs as hostile

New year’s resolution for IoT vendors: Start treating LANs as hostile

It’s 2017 and changing other people’s flight bookings is incredibly easy

It’s 2017 and changing other people’s flight bookings is incredibly easy

Top Docker content of 2016

Releases

Windows Containers

About Docker

brvirt: when brctl meets virsh

IDG Contributor Network: More file sync and sharing industry FUD

PLUMgrid Employees Could Help VMware’s Cloud-Native Push

APIC-EM Path Trace Examples – Overlay Networks

CAPWAP Representation — The Gold Standard

Testing Topology

6 Noteworthy IoT Acquisitions That Happened in 2016

Headcount: The Latest in Hirings, Firings And Retirings for December 2016

Beyond Digitization To Digitalization

5 signs we’re finally getting our act together on security

5 signs we’re finally getting our act together on security

Apple’s 10 biggest wins, fails, and WTF moments of 2016