HTTP/2 promises better performance — but with security caveats

The new Internet communication protocol, HTTP/2, is now being used by 11 percent of websites -- up from just 2.3 percent a year ago, according to W3Techs.The new protocol does offer better performance, but there is no particular rush to upgrade, and it's backwards-compatible with the previous protocol, HTTP/1.1.No security problems have been found in the protocol itself, but there are vulnerabilities in some implementations and the possibility of lower visibility into internet traffic, so it's worth waiting for everything to shake out.The pressure to switch is likely to come from lines of business, said Graham Ahearne, director of product management at security firm Corvil.To read this article in full or to leave a comment, please click here

49% off CyberPower Surge Protector 3-AC Outlet with 2 USB (2.1A) Charging Ports – Deal Alert

The Professional Surge Protector CSP300WUR1 safeguards common home and office devices, such as computers and electronics, by absorbing spikes in energy caused by storms and electrical power surges. Designed for convenience, the portable CSP300WUR1 is ideal for travelers. It provides 600 joules of protection, has three surge-protected outlets, and a folding wall tap plug. Two USB ports (2.1 Amp shared) charge personal electronics, including smartphones, digital cameras, MP3 players, and other devices. A Limited-Lifetime Warranty ensures that this surge suppressor has passed high quality standards in design, assembly, material or workmanship and further protection is offered by a $50,000 Connected Equipment Guarantee. It currently averages 4 out of 5 stars on Amazon, where its typical list price of $22 has been reduced 49% to just $11.27. See the discounted CSP300WUR1 on Amazon.To read this article in full or to leave a comment, please click here

49% off CyberPower Surge Protector 3-AC Outlet with 2 USB (2.1A) Charging Ports – Deal Alert

The Professional Surge Protector CSP300WUR1 safeguards common home and office devices, such as computers and electronics, by absorbing spikes in energy caused by storms and electrical power surges. Designed for convenience, the portable CSP300WUR1 is ideal for travelers. It provides 600 joules of protection, has three surge-protected outlets, and a folding wall tap plug. Two USB ports (2.1 Amp shared) charge personal electronics, including smartphones, digital cameras, MP3 players, and other devices. A Limited-Lifetime Warranty ensures that this surge suppressor has passed high quality standards in design, assembly, material or workmanship and further protection is offered by a $50,000 Connected Equipment Guarantee. It currently averages 4 out of 5 stars on Amazon, where its typical list price of $22 has been reduced 49% to just $11.27. See the discounted CSP300WUR1 on Amazon.To read this article in full or to leave a comment, please click here

BlackBerry hands its brand to TCL, maker of its last smartphones

The BlackBerry smartphone is dead: Long live the BlackBerry smartphone.A week after it officially pulled out of the smartphone market, BlackBerry has agreed to license its brand to handset manufacturer TCL.The Chinese company will make and market future BlackBerry handsets worldwide except for India, Indonesia, Bangladesh, Sri Lanka and Nepal, where BlackBerry has already struck local licensing deals.This is hardly new territory for TCL, which manufactured BlackBerry's last two handsets, the Android-based DTEK50 and DTEK60.To read this article in full or to leave a comment, please click here

BlackBerry hands its brand to TCL, maker of its last smartphones

The BlackBerry smartphone is dead: Long live the BlackBerry smartphone.A week after it officially pulled out of the smartphone market, BlackBerry has agreed to license its brand to handset manufacturer TCL.The Chinese company will make and market future BlackBerry handsets worldwide except for India, Indonesia, Bangladesh, Sri Lanka and Nepal, where BlackBerry has already struck local licensing deals.This is hardly new territory for TCL, which manufactured BlackBerry's last two handsets, the Android-based DTEK50 and DTEK60.To read this article in full or to leave a comment, please click here

Evernote backs off from privacy policy changes, says it ‘messed up’

Evernote has reversed proposed changes to its privacy policy that would allow employees to read user notes to help train machine learning algorithms.CEO Chris O’Neill said the company had “messed up, in no uncertain terms.”The move by the note-taking app follows protests from users, some of whom have threatened to drop the service after the company announced that its policy would change to improve its machine learning capabilities by letting a select number of employees, who would assist with the training of the algorithms, view the private information of its users. The company claims 200 million users around the world. To read this article in full or to leave a comment, please click here

Evernote backs off from privacy policy changes, says it ‘messed up’

Evernote has reversed proposed changes to its privacy policy that would allow employees to read user notes to help train machine learning algorithms.CEO Chris O’Neill said the company had “messed up, in no uncertain terms.”The move by the note-taking app follows protests from users, some of whom have threatened to drop the service after the company announced that its policy would change to improve its machine learning capabilities by letting a select number of employees, who would assist with the training of the algorithms, view the private information of its users. The company claims 200 million users around the world. To read this article in full or to leave a comment, please click here

Hacker allegedly stole logins from a US election agency

A Russian-speaking hacker has been found selling stolen login credentials for a U.S. agency that tests and certifies voting equipment, according to a security firm.The hacker was attempting to sell more than 100 allegedly compromised login credentials belonging to the U.S. Election Assistance Commission (EAC), the security firm Record Future said in a Thursday blog post. The company said it discovered online chatter about the breach on Dec. 1.Some of these credentials included the highest administrative privileges. With such access, an intruder could steal sensitive information from the commission, which the hacker claimed to have done, Recorded Future said.To read this article in full or to leave a comment, please click here

Hacker allegedly stole logins from a US election agency

A Russian-speaking hacker has been found selling stolen login credentials for a U.S. agency that tests and certifies voting equipment, according to a security firm.The hacker was attempting to sell more than 100 allegedly compromised login credentials belonging to the U.S. Election Assistance Commission (EAC), the security firm Record Future said in a Thursday blog post. The company said it discovered online chatter about the breach on Dec. 1.Some of these credentials included the highest administrative privileges. With such access, an intruder could steal sensitive information from the commission, which the hacker claimed to have done, Recorded Future said.To read this article in full or to leave a comment, please click here

DNS and BIND demonstration using the Cloonix network emulator

The Domain Name System (DNS) is a fundamental Internet technology. Network emulators like Cloonix offer a way for researchers and students to experiment with the DNS protocol and with the various open-source implementations of DNS, such as BIND.

In this post, I will install Cloonix from the Github source code repository. I will run the Cloonix DNS demo script to create a simple DNS scenario and then run some experiments with DNS. Along the way, I will demonstrate some of the new Cloonix version 33 features.

Cloonix version 33

In this demonstration, I am using Cloonix version 33. I last used Cloonix when it was at version 29 and version 33 offers some significant changes and improvements. Compared to version 29, the major changes in version 33 are:

  • The Cloonix source code is now hosted on Github
  • The cloonix-ctrl commands have been renamed to cloonix-cli
  • The Cloonix lan object is now much simpler
  • Cloonix adds a simple GUI called cloonix_zor for managing Cloonix servers that have been started
  • The nat object replaces the cloonix slirp LAN
  • New demo scripts have been added. One of which, the DNS demo script, we will use in this demonstration

Using Cloonix version 33

If Continue reading

Introduction to StackStorm

Earlier I wrote about some fundamental principles that I believe apply to any form of automation, whether it’s network automation, or even building a virtual factory. One of the most important concepts in mature automation is autonomy; that is, a system that is more or less self-sufficent. Instead of relying on human beings for input, always try to provide that input with yet another automated piece of the system. There are several benefits to this approach:

Introduction to StackStorm

Earlier I wrote about some fundamental principles that I believe apply to any form of automation, whether it’s network automation, or even building a virtual factory.

One of the most important concepts in mature automation is autonomy; that is, a system that is more or less self-sufficent. Instead of relying on human beings for input, always try to provide that input with yet another automated piece of the system. There are several benefits to this approach:

  • Humans Make Mistakes - This is also a benefit of automation in general, but autonomy also means mistakes are lessened on the input as well as the output of an automation component.
  • Humans Are Slow - we have lives outside of work, and it’s important to be able to have a system that reacts quickly, instead of waiting for us to get to work. We need a system that is “programmed” by us, and is able to do work on our behalf.
  • Signal To Noise - Sometimes humans just don’t need to be involved. We’ve all been there - an inbox full of noisy alerts that don’t really mean much. Instead, configure specific triggers that act on your behalf when certain conditions are Continue reading

The Linux Migration: Initial Progress Report

About 4 years ago, I discussed some changes in the Apple ecosystem that might lead me to move away from OS X. To be honest, I’ve made only token efforts since that time to actually migrate away, even though the forces that I described in that post are still in full effect. In fact, some might say that the “iOS-ification” of OS X (now rebranded as “macOS”) is even stronger now. As a result, I’ve stepped up my work on a Linux migration, and I’m happy to report that I’ve made some progress.

Here’s a quick update on where things stand so far.

Linux Distribution

I’ve looked at a fair number of Linux distributions. I tried Elementary OS, which some have raved about but which I found too simplistic. I also went back and looked again at Ubuntu derivatives like Linux Mint. Given that Ubuntu is itself derived from Debian, I also took a look at Debian “Jessie”. Finally, I tested Fedora 25. For a number of reasons—which I’ll describe in more detail in a moment—I’ve settled on Ubuntu 16.04.

So, why Ubuntu 16.04 “Xenial Xerus”? Keep in mind that the reasons I list below are my Continue reading

Introduction to StackStorm

Earlier I wrote about some fundamental principles that I believe apply to any form of automation, whether it’s network automation, or even building a virtual factory.

One of the most important concepts in mature automation is autonomy; that is, a system that is more or less self-sufficent. Instead of relying on human beings for input, always try to provide that input with yet another automated piece of the system. There are several benefits to this approach:

  • Humans Make Mistakes - This is also a benefit of automation in general, but autonomy also means mistakes are lessened on the input as well as the output of an automation component.
  • Humans Are Slow - we have lives outside of work, and it’s important to be able to have a system that reacts quickly, instead of waiting for us to get to work. We need a system that is “programmed” by us, and is able to do work on our behalf.
  • Signal To Noise - Sometimes humans just don’t need to be involved. We’ve all been there - an inbox full of noisy alerts that don’t really mean much. Instead, configure specific triggers that act on your behalf when certain conditions are Continue reading

10 hot Cascading Style Sheet Libraries (Collection 1)

CSS3Image by Mark Gibbs / NikotafAlong with HTML5 and JavaScript, Cascading Style Sheets (particularly version 3) have evolved into a cornerstone of modern Web content design. CSS is used to not only set the visual style of a Web page and its contents, it also allows for sophisticated control of user interaction and animation, printing, and device detection. In this roundup, I’m highlighting some of the most powerful and novel pure CSS libraries (pure, as in they work their magic without the aid of JavaScript or anything else). If you have a favorite CSS3 library, pure or not, you think I should include in the next collection, let me know.To read this article in full or to leave a comment, please click here

New OS X Tools for Photographers

If you’re into photography you’ll probably have tried all sorts of software tools in the quest for the perfect image. Over the years my favorite apps for managing, tweaking, and massaging images have been Adobe Lightroom and, when I want very specific results, Adobe Photoshop. The problem that I have had with Photoshop, in common with many other people, is that getting really good at correcting problems takes a lot of time and experience; Photoshop is not only complex but its features are so remarkably broad that photo editing becomes death by choices.Recently I’ve come across some software titles for OS X (macOS … whatever) that makes much of the power of Photoshop available in what you might consider pre-packaged forms for very reasonable prices. And, as we will see, some of the apps also operate as Photoshop plug-ins making serious photo editing easier.  To read this article in full or to leave a comment, please click here

Leaving it to the Last Second

Thanks to the moon, the earth's rate of rotation is slowing down. To compensate, we periodically adjust Universal Coordinated Time. On Saturday 31st December 2016, the last minute of 2016 will be extended to be 61 seconds long, creating the the timestamp 24:59:60. Previous leap seconds have not gone completely smoothly, and there is no particular reason to think that much will have changed for this leap second.

Non-malware attacks are on the rise

Security pros need to pay attention to malicious activities that don’t rely on actual malware to succeed, according to a study by Carbon Black.Attacks that exploited applications and processes legitimately running on systems – non-malware incidents – have risen from representing about 3% of all attacks in January to about 13% in November, the company’s “Non-malware attacks and ransomware take center stage in 2016” report says.“Non-malware attacks are at the highest levels we have seen and should be a major focus for security defenders during the coming year,” it says.The research included data from more than 1,000 Carbon Black customers that represent 2.5 million-plus endpoints. For measuring the non-malware attacks, the authors considered the malicious use of PowerShell and Windows Management Instrumentation were considered.To read this article in full or to leave a comment, please click here

1 2,423 2,424 2,425 2,426 2,427 3,818