Nmap security scanner gets new scripts, performance boosts

The Nmap Project just released the Holiday Edition of its open source cross-platform security scanner and network mapper, with several important improvements and bug fixes.New features in Nmap 7.40 include Npcap 0.78r5, for adding driver signing updates to work with Windows 10 Anniversary Update; faster brute-force authentication cracking; and new scripts for Nmap Script Engine, the project’s maintainer Fyodor wrote on the Nmap mailing list.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] The de facto standard network mapping and port scanning tool, Nmap (Network Mapper) Security Scanner is widely used by IT and security administrators for network mapping, port-scanning, and network vulnerability testing. Administrators can run Nmap against the network to find open ports, determine what hosts are available on the network, identify what services those hosts are offering, and detect any network information leaked, such as the type of packet filters and firewalls in use.To read this article in full or to leave a comment, please click here

Nmap security scanner gets new scripts, performance boosts

The Nmap Project just released the Holiday Edition of its open source cross-platform security scanner and network mapper, with several important improvements and bug fixes.New features in Nmap 7.40 include Npcap 0.78r5, for adding driver signing updates to work with Windows 10 Anniversary Update; faster brute-force authentication cracking; and new scripts for Nmap Script Engine, the project’s maintainer Fyodor wrote on the Nmap mailing list.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] The de facto standard network mapping and port scanning tool, Nmap (Network Mapper) Security Scanner is widely used by IT and security administrators for network mapping, port-scanning, and network vulnerability testing. Administrators can run Nmap against the network to find open ports, determine what hosts are available on the network, identify what services those hosts are offering, and detect any network information leaked, such as the type of packet filters and firewalls in use.To read this article in full or to leave a comment, please click here

NEXT PLAY — 2017

2017 tech outlook — and saving predictions from the digital dustbin

Anyone who has ever done any news video knows that much of what originally gets recorded winds up on the cutting room floor, or these days, in the digital dustbin. That's usually for the best and that was the case recently when myself and other IDG editors were asked to share our 2017 tech predictions, as seen in the embedded video here. But since I went to the effort of coming up with another prediction, beyond expecting 5G hype to crank up in 2017, and looked back to see how my 2016 predictions fared, I figured I'd lay that all out here. My other prediction, which was essentially thrust upon me every time I attended a conference in the second half of 2016, or more recently, peered into my email inbox, is that enterprise IT staffs are going to be inundated with requests by higher ups and end users to support conversational interfaces and chatbots.To read this article in full or to leave a comment, please click here

Our Most Popular Blog Posts of 2016

2016, what a year. Ansible upgrades galore, Tower 3 was released, a tipping point for DevOps, and much more.

All these themes were reflected in our blog this year. From doing more with automation, working across platforms (think Windows automation), orchestrating containers at scale, to exploring all the great new features in Tower 3, we covered a lot.

Just in case you missed them, here are our 10 most viewed blog posts of the year (plus a sneaky few honorable mentions).

1. 6 Ways Ansible Makes Docker-Compose Better

Containers are an integral part of DevOps workflows. With containers you can be sure that if you build an application once, you can run it in the same way across every environment along the application lifecycle. That’s great, until one developer announces the need for a second, third, or fourth container. More of them, all doing different things, and all connecting together – somehow. But how? Docker has a tool that can help – docker-compose. But it’s limited to environments with a Docker-centric view of the world and doesn’t solve non-Docker orchestration problems. That’s where Ansible comes in. Read more

2. Testing Ansible Roles with Docker

Ansible plus Docker was a big deal in 2016, Continue reading

Sponsored Post: Loupe, New York Times, ScaleArc, Aerospike, Scalyr, VividCortex, MemSQL, InMemory.Net, Zohocorp

Who's Hiring?

Fun and Informative Events

• Your event here!

Cool Products and Services

• A note for .NET developers: You know the pain of troubleshooting errors with limited time, limited information, and limited tools. Log management, exception tracking, and monitoring solutions can help, but many of them treat the .NET platform as an afterthought. You should learn about Loupe...Loupe is a .NET logging and monitoring solution made for the .NET platform from day one. It helps you find and fix problems fast by tracking performance metrics, capturing errors in your .NET software, identifying which errors are causing the greatest impact, and pinpointing root causes. Learn more and try it free today.


• ScaleArc's database load balancing software empowers you to “upgrade your apps” to consumer Continue reading

BrandPost: Assess Your Organization’s DevOps Maturity

Portions of this post were originally posted on the Puppet blog, and republished here with Puppet's permission.DevOps practices and cultural norms positively impact IT and organizational performance. Our annual State of DevOps Report demonstrates how DevOp improves operational efficiency, creates space for innovation and increases employee engagement.To read this article in full or to leave a comment, please click here

Protect your privacy with surveillance-defeating sunglasses

Have you done something for yourself lately? If you end up with holiday money to spare, then you might consider buying yourself a cool pair of shades that would help protect your privacy while you are out in public.I saw Reflectacles on Kickstarter a few weeks ago, but since this is likely my last article of 2016, then I wanted to make sure you know about these surveillance-defeating glasses as well.The glasses are the brainchild of Scott Urban who claims that wearing Reflectables “ensure you’re noticed and anonymous at the same time.” The anonymous portion is due to light-reflecting frames which can end up looking like a big, shiny blur when captured by CCTV. Since the wearer’s face can’t be seen in any detail behind the bright glare of the glasses, it renders facial recognition tech useless.To read this article in full or to leave a comment, please click here

Ingenu and Sigfox Expand IoT Networks in U.S. Cities

Getting permits to deploy its network proved challenging for Ingenu.

IDG Contributor Network: Lax IoT device security threatens to pollute the internet

DVRs, IP cameras and other smart products could become the next wave of pollutants that threaten how we live if the security issues around Internet of Things (IoT) devices aren’t addressed.We’ve already seen that too much IoT pollution can wreck our computing environment. The October DDoS attack that brought down Twitter, Netflix and other major websites for a large portion of the U.S. was launched by a botnet comprised of Web cameras, printers and other IoT devices.+ Also on Network World: 2017 security predictions + And while having those sites offline was an inconvenience, the results of that attack weren’t devastating. But future DDoS attacks that throw terabits of data at servers could have more disastrous results. Instead of going after an internet traffic management company, the attackers could target a hospital or a utility provider. Not being able to binge-watch Netflix shows pales in seriousness when compared to cities not having electricity or a doctor being unable to access electronic medical records.To read this article in full or to leave a comment, please click here

IDG Contributor Network: This holiday, design your cloud for data

It’s that time of the year. Ready, set, shop. Whether it's an iPad, a new car or a big egg with a light-up bird inside—like this year’s Hatchimals—every holiday season is filled with the must-have gifts that send consumers into a shopping frenzy.For retailers, the good news is consumers are in the mood to spend during the holiday season. The challenge is meeting consumer demands and battling intensifying competition.The National Retail Federation (NRF) expects retail sales in November and December (excluding autos, gas and restaurants) to reach $655.8 billion. Online sales are forecasted to reach $117 billion this season. And, of course, Cyber Monday plays a huge role in online sales.To read this article in full or to leave a comment, please click here

Worth Reading: The spillover effect

At the same time that default and end-to-end encryption enables dissidents to communicate, it also enables terrorists and other criminals to plot and plan without fear of detection. It means that even when a judge signs off on a warrant based on probable cause to believe that a particular device or account contains evidence of a crime that has been or is about to be committed, law enforcement cannot unlock the smartphone or obtain the relevant data in readable form. The concern is that criminals may go free, and dangerous plots may be left undetected. Comey and other law enforcement officials want US-based companies to provide sought-after data in readable form and to maintain the technological capacity to do so. But the approach is controversial; a powerful coalition of companies, civil liberties groups, and many others decries such efforts at mandated access as undercutting security for us all. —The Hoover Institution

The post Worth Reading: The spillover effect appeared first on 'net work.

VMware removes hard-coded root access key from vSphere Data Protection

VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.To read this article in full or to leave a comment, please click here

NFV Popularity Makes MANO a Higher Priority

NFV popularity is forcing more companies to make MANO a higher priority so they can combat virtual server sprawl.

Tata Picks Versa for SD-WAN in its Global Network

The global carrier Tata is using Versa for one SD-WAN option.

Microsoft launches a Windows error code troubleshooting site

If you have used Windows for any length of time, you've undoubtedly been hit with an error code during an Update that told you absolutely nothing. "Error code: 0x80070422?" What the hell does that mean? If you were industrious, you could Google the code and maybe find a post on a Microsoft forum or elsewhere that offered some kind of clue as to what the error was and perhaps a solution. Now Microsoft has given us something a little more official. It’s a web page on the company’s support site called Fix Windows Update Errors that aims to help Windows users resolve update-related errors.To read this article in full or to leave a comment, please click here

A Very WebP New Year from Cloudflare

Cloudflare has an automatic image optimization feature called Polish, available to customers on paid plans. It recompresses images and removes unnecessary data so that they are delivered to browsers more quickly.

Up until now, Polish has not changed image types when optimizing (even if, for example, a PNG might sometimes have been smaller than the equivalent JPEG). But a new feature in Polish allows us to swap out an image for an equivalent image compressed using Google’s WebP format when the browser is capable of handling WebP and delivering that type of image would be quicker.

CC-BY 2.0 image by John Stratford

What is WebP?

The main image formats used on the web haven’t changed much since the early days (apart from the SVG vector format, PNG was the last one to establish itself, almost two decades ago).

WebP is a newer image format for the web, proposed by Google. It takes advantage of progress in image compression techniques since formats such as JPEG and PNG were designed. It is often able to compress the images into a significantly smaller amount of data than the older formats.

WebP is versatile and able to replace the three main Continue reading

What India’s Banking Industry Breach Can Teach Us About the Importance of Collaboration

Dan Geer Revisits 2014 BlackHat Recommendations: More Industry Recognition of the Problem, Much Left To Do

Princeton’s “War of The Lights” – The Pitfalls of Enterprise-Level IoT Projects