Dec. 2016 Patch Tuesday: Microsoft releases 12 security bulletins, 6 rated critical

For the last Patch Tuesday of 2016, Microsoft issued 12 security bulletins, half of which are rated critical due to remote code execution vulnerabilities. Get ready for restarts. Please do not delay deploying patches since three do address vulnerabilities which had been publicly disclosed.Rated criticalMS16-144 pertains to patching a plethora of bugs in Internet Explorer: two scripting engine memory corruption vulnerabilities, two memory corruption vulnerabilities, a security feature bypass bug, and two information disclosure flaws and one Windows hyperlink object library information disclosure vulnerability.To read this article in full or to leave a comment, please click here

Dec. 2016 Patch Tuesday: Microsoft releases 12 security bulletins, 6 rated critical

For the last Patch Tuesday of 2016, Microsoft issued 12 security bulletins, half of which are rated critical due to remote code execution vulnerabilities. Get ready for restarts. Please do not delay deploying patches since three do address vulnerabilities which had been publicly disclosed.Rated criticalMS16-144 pertains to patching a plethora of bugs in Internet Explorer: two scripting engine memory corruption vulnerabilities, two memory corruption vulnerabilities, a security feature bypass bug, and two information disclosure flaws and one Windows hyperlink object library information disclosure vulnerability.To read this article in full or to leave a comment, please click here

WIth Apple CEO Tim Cook on board, MIT pulls off first 2017 commencement speaker coup

MIT, which not surprisingly has a good track record of securing techie leaders for its commencement speakers, has signed on Apple CEO Tim Cook to do the honors on June 9, 2017.It will mark the first time one of Apple's leaders delivers a commencement address at MIT. Past MIT speakers from the technology field have included United States CTO Megan Smith (2015), Dropbosx CEO Drew Houston (2013) and Digital Equipment Corp. Founder Ken Olsen (1987).Cook in 2015, as George Washington University's commencement speaker, told grads to ignore the cynics and change the world like Steve Jobs did (see Cook's GW commencement speech transcript).To read this article in full or to leave a comment, please click here

IPv6, DHCP, and Unintended Consequences

I ran into an interesting paper on the wide variety of options for assigning addresses, and providing DNS information, in IPv6, over at ERNW. As always, with this sort of thing, it started me thinking about the power of unintended consequences, particularly in the world of standardization. The authors of this paper noticed there are a lot of different options available in the realm of assigning addresses, and providing DNS information, through IPv6.

Alongside these various options, there are a number of different flags that are supposed to tell the host which of these options should, and which shouldn’t, be used, prioritized, etc. The problem is, of course, that many of these flags, and many of the options, are, well, optional, which means they may or may not be implemented across different versions of code and vendor products. Hence, combining various flags with various bits of information can have a seemingly random impact on the IPv6 addresses and DNS information different hosts actually use. Perhaps the most illustrative chart is this one—

Each operating system tested seems to act somewhat differently when presented with all possible flags, and all possible sources of information. As the paper notes, this can cause Continue reading

Just how slow is government IT?

Almost all of the 300 federal government workers who responded to a recent survey by application performance management vendor Riverbed said slow IT issues impact their jobs.The results shine a startling light on inefficiencies in the federal government stemming from a lack of investment in new technologies, vendor Riverbed says.+ MORE AT NETWORK WORLD: Federal cyber incidents grew an astounding 1,300% between '06 and '15 +The survey asked workers, most of whom are supervisors at more than 30 civilian and defense government agencies, what their greatest frustrations are in IT operations and what the impact of those problems is.To read this article in full or to leave a comment, please click here

Facebook helps companies detect rogue SSL certificates for domains

Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best, researchers could scan the entire web and collect those certificates being used on public servers. This made it very hard to discover cases where CAs issued certificates for domain names without the approval of those domains' owners.To read this article in full or to leave a comment, please click here

Facebook helps companies detect rogue SSL certificates for domains

Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best, researchers could scan the entire web and collect those certificates being used on public servers. This made it very hard to discover cases where CAs issued certificates for domain names without the approval of those domains' owners.To read this article in full or to leave a comment, please click here

U.S. DOT advances mandate for vehicle-to-vehicle communications technology

Looking to put a high-tech solution to a deadly problem the U.S. Department of Transportation has issued a proposed rule to standardize the development and implementation of vehicle communications technologies in cars and trucks. The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing “hundreds of thousands of crashes every year by helping vehicles “talk” to each other,” the DOT stated.+More on Network World: Six key challenges loom over car communication technology+To read this article in full or to leave a comment, please click here

U.S. DOT advances mandate for vehicle-to-vehicle communications technology

Looking to put a high-tech solution to a deadly problem the U.S. Department of Transportation has issued a proposed rule to standardize the development and implementation of vehicle communications technologies in cars and trucks. The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing “hundreds of thousands of crashes every year by helping vehicles “talk” to each other,” the DOT stated.+More on Network World: Six key challenges loom over car communication technology+To read this article in full or to leave a comment, please click here

A Scalable Alternative to RESTful Communication: Mimicking Google’s Search Autocomplete with a Single MigratoryData Server

This is a guest post by Mihai Rotaru, CTO of MigratoryData.

Using the RESTful HTTP request-response approach can become very inefficient for websites requiring real-time communication. We propose a new approach and exemplify it with a well-known feature that requires real-time communication, and which is included by most websites: search box autocomplete.

Google, which is one of the most demanding web search environments, seems to handle about 40,000 searches per second according to an estimation made by Internet Live Stats. Supposing that for each search, a number of 6 autocomplete requests are made, we show that MigratoryData can handle this load using a single 1U server.

More precisely, we show that a single MigratoryData server running on a 1U machine can handle 240,000 autocomplete requests per second from 1 million concurrent users with a mean round-trip latency of 11.82 milliseconds.

The Current Approach and Its Limitations

Worth Reading: W3C at the crossroads

The World Wide Web Consortium (W3C) has a hard decision to make: a coalition including the world’s top research institutions; organizations supporting blind users on three continents; security firms; blockchain startups; browser vendors and user rights groups have asked it not to hand control over web video to some of the biggest companies in the world. For their part, those multinational companies have asked the W3C to hand them a legal weapon they can use to shut down any use of online video they don’t like, even lawful fair use. —EFF

LinkedInTwitterGoogle+Facebook

The post Worth Reading: W3C at the crossroads appeared first on 'net work.

What the mainstream media didn’t tell you about fake news

If fake news reports by the mainstream news media are true, all it takes to create fake news are some clever Romanian or Macedonian teenagers with malicious intent and a website—and shazam the fake news propagates throughout Facebook. The reality is SEO, backlinks, paid promotion and other content strategies play a key role.It is odd that mainstream news media would miss the most critical issue because after all, organic and paid promotion of internet traffic is what has put most of them on financial life support.How fake news starts Promotion starts with a fake news site with a credible URL name, such as realtruenews.org, probably built with WordPress and themed to look like a real news site. The end goal is to get tens or hundreds of thousands of gullible people to share the stories onto Facebook. Gullible reporters help, too.To read this article in full or to leave a comment, please click here

DNS provider ChangeIP cites MySQL database crash for days-long outage

ChangeIP, which refers to itself as a "rockstar, low-cost and high-touch web host," has hit a sour note with customers over the past few days. The company on Monday afternoon reported that it "suffered a system wide DB failure that cascaded to all of our DB systems. Restore been on going since yesterday [Sunday, Dec. 11]." ChangeIP said that due to the size of its MySQL database, recovery was taking longer than anticipated and it was hard to say when a total restore would take place. Early on Tuesday (eastern time), the company said its DNS service had been restored, but that it was still working to restore its database and get web, dynamic DNS and control panel functions back in working order.To read this article in full or to leave a comment, please click here

Convert ASP.NET Web Servers to Docker with Image2Docker

A major update to Image2Docker was released last week, which adds ASP.NET support to the tool. Now you can take a virtualized web server in Hyper-V and extract a Docker image for each website in the VM – including ASP.NET WebForms, MVC and WebApi apps. 

image2docker

Image2Docker is a PowerShell module which extracts applications from a Windows Virtual Machine image into a Dockerfile. You can use it as a first pass to take workloads from existing servers and move them to Docker containers on Windows.

The tool was first released in September 2016, and we’ve had some great work on it from PowerShell gurus like Docker Captain Trevor Sullivan and Microsoft MVP Ryan Yates. The latest version has enhanced functionality for inspecting IIS – you can now extract ASP.NET websites straight into Dockerfiles.

In Brief

If you have a Virtual Machine disk image (VHD, VHDX or WIM), you can extract all the IIS websites from it by installing Image2Docker and running ConvertTo-Dockerfile like this:

Install-Module Image2Docker
Import-Module Image2Docker
ConvertTo-Dockerfile -ImagePath C:\win-2016-iis.vhd -Artifact IIS -OutputPath c:\i2d2\iis

That will produce a Dockerfile which you can build into a Windows container image, using docker build.

How It Works

The Image2Docker Continue reading

1 2,433 2,434 2,435 2,436 2,437 3,818