NetworkingNexus.net

Rise of the IoT machines

Friday’s distributed denial-of-service attack on domain name service provider Dyn may have seemed like the end of the world for millions of Netflix, Twitter and Spotify users, but security professionals say the service disruption was merely a nuisance attack – although an eye opening one – compared to the potential damage that can be unleashed by billions of unsecure IoT devices.“It’s really just the tip of the iceberg,” says Nicholas Evans, vice president and general manager within the Office of the CTO at Unisys, where he leads its worldwide applied innovation program. “You can grade the threat intensity as the IoT devices become more autonomous, like self-driving cars, or more controllable, like some of factory-type devices that actually manipulate the physical environment. That’s where the real threat is.”To read this article in full or to leave a comment, please click here

Worth Reading: IPv6 and the DNS

The exhortations about the Internet’s prolonged transition to version 6 of the Internet Protocol continue, although after some two decades the intensity of the rhetoric has faded and, possibly surprisingly, it has been replaced by action in some notable parts of the Internet. But how do we know there is action? How can we tell whether, and where, IPv6 is being deployed in today’s Internet? —Potaroo

The post Worth Reading: IPv6 and the DNS appeared first on 'net work.

Will AT&T’s $85B Acquisition of Time Warner Help or Hinder 5G?

CEO says the deal will accelerate 5G, but some are skeptical.

Mirai Botnet: Now the Government Is Involved

Can the FCC really do anything about botnets?

Microsoft expands laptop trade-in program to cover Macs

Perhaps Microsoft smells blood in the water because it's getting more aggressive with its laptop trade-in program. A while back it launched a program to trade in old laptops incapable of being upgraded to Windows 10. Now it has a new program, this time targeting old MacBooks.According to the trade-in page, users can send in almost any type of MacBook Air or MacBook Pro and they will be eligible for the discount. You might not get very much, and you might be better off selling the thing yourself on Craigslist. Then again, a lot of people are nervous about doing sales like that.To read this article in full or to leave a comment, please click here

Reaction: DevOps and Security

Over at TechBeacon, my friend Chris Romeo has an article up about DevOps and security. It’s interesting to me because this is actually an area I’d never thought about before, even though it makes sense. Given DevOps is essentially writing software to control infrastructure (like routers, compute, and storage), and software needs to be written in a way that is secure, then it should be obvious that DevOps software should be developed with good security principles gleaned from software development as part of the foundation.

And here we face a challenge, as Chris says—

There is no standard that defines security for DevOps, and the chances of a standard ever developing is small because different organizations are doing things their own way, and can’t even agree on a standard name. And while there is a standard for the secure development lifecycle (ISO/IEC 27034-1), few organizations are ever validated against it.

The key point in here is that every organization is doing things their own way. This isn’t wrong, of course, because every organization must have some “snowflakiness” to justify its existence, and that “snowflakiness” is often likely to show up, in a large way, in something like handling resources within Continue reading

DoJ: What does it take to prosecute federal computer crimes?

The need for vigorous criminal enforcement of cybercrime laws will only become more important as networked computers and the criminals who target them grow.That was how the Department of Justice started a blog post this week that defined how it decides whether or not to prosecute a federal computer-related crime.+More on Network World: Gartner: Artificial intelligence, algorithms and smart software at the heart of big network changes+To read this article in full or to leave a comment, please click here

IDG Contributor Network: Residential routers easy to hack

The infamous “admin” user ID and hackable, weak passwords are prevalent on large numbers of home routers, says a security firm. That’s despite the public's increasing awareness of vulnerabilities and associated hacking.Researchers at ESET recently tested more than 12,000 home routers and found that many of the devices are insecure. Firmware was flawed in some cases.+ Also on Network World: Answers to ‘Is the internet broken?’ and other Dyn DDoS questions +“Approximately 7 percent of the routers tested show vulnerabilities of high or medium severity,” ESET says in an article on its Welivesecurity editorial website. “Fifteen percent of the tested routers used weak passwords, with ‘admin’ left as the username in most cases.”To read this article in full or to leave a comment, please click here

Berkshire’s Masergy Acquisition Will Fuel Growth, New Products

The deal will help Masergy expand geographically and add more products.

AppViewX Gives Users an Application Perspective View

Deploying applications from the application's perspective.

Robocall Strike Force set to take wraps off battle plan

Two months after accepting its marching orders, the federal Robocall Strike Force chaired by AT&T CEO Randall Stephenson and featuring industry heavyweights such as Verizon, Google and Apple, will tomorrow make public its plan for dramatically reducing the torrent of automated phone calls.“The Robocall Strike Force is an industry-led group which has been working to develop comprehensive solutions to prevent, detect, and filter unwanted robocalls,” says the FCC. “Robocalls and telemarketing calls are the number one source of consumer complaints received by the FCC. However, giving consumers meaningful control over the calls and texts they receive requires collective action by the industry.”To read this article in full or to leave a comment, please click here

Robocall Strike Force set to take wraps off battle plan

Workstation software flaw exposes industrial control systems to hacking

The software used to program and deploy code to various Schneider Electric industrial controllers has a weakness that could allow hackers to remotely take over engineering workstations.The software, known as Unity Pro, runs on PCs used by engineers and includes a simulator for testing code before deploying it to programmable logic controllers (PLCs). These are the specialized hardware devices that monitor and control mechanical processes -- spinning motors, opening and closing valves, etc. -- inside factories, power stations, gas refineries, public utilities and other industrial installations.Researchers from industrial cybersecurity firm Indegy found that unauthenticated attackers could execute malicious code on Windows computers where the Unity Pro PLC simulator is installed. That code would run with debug privileges leading to a complete system compromise.To read this article in full or to leave a comment, please click here

Workstation software flaw exposes industrial control systems to hacking

Critical account creation flaws patched in popular Joomla CMS

The Joomla developers are warning website administrators to apply an update for the popular content management system that fixes two critical vulnerabilities.The flaws are serious enough that the Joomla project released a prenotification about the planned update on Friday, urging everyone to be prepared to install it as soon as possible. This suggests that attacks targeting these vulnerabilities are expected to follow shortly.Joomla 3.6.4, released Tuesday, fixes a high-priority flaw in the account creation component that could be exploited to create accounts on a Joomla-based website even if user registration has been disabled on it.To read this article in full or to leave a comment, please click here

Critical account creation flaws patched in popular Joomla CMS

Microsoft wants to bring machine learning into the mainstream

Microsoft just released the open-source licensed beta release of the Microsoft Cognitive Toolkit on Github. This announcement represents a shift in Microsoft’s customer focus from research to implementation. It is an update to the Computational Network Toolkit (CNTK). The toolkit is a supervised machine learning system in the same category of other open-source projects such as Tensorflow, Caffe and Torch. Microsoft is one of the leading investors in and contributors to the open machine learning software and research community. A glance at the Neural Information Processing Systems (NIPS) conference reveals that there are just four major technology companies committed to moving the field of neural networks forward: Microsoft, Google, Facebook and IBM.To read this article in full or to leave a comment, please click here

Yahoo! User Data Breach: The Case for Pervasive Security and Monitoring

ARM builds up security in the tiniest IoT chips

IoT is making devices smaller, smarter, and – we hope – safer. It’s not easy to make all those things happen at once, but chips that can help are starting to emerge.On Tuesday at ARM TechCon in Silicon Valley, ARM will introduce processors that are just a fraction of a millimeter across and incorporate the company’s TrustZone technology. TrustZone is hardware-based security built into SoC (system on chip) processors to establish a root of trust.It’s designed to prevent devices from being hacked and taken over by intruders, a danger that’s been in the news since the discovery of the Mirai botnet, which recently took over thousands of IP cameras to mount denial-of-service attacks.To read this article in full or to leave a comment, please click here

ARM builds up security in the tiniest IoT chips

« Previous 1 … 2,495 2,496 2,497 2,498 2,499 … 3,763 Next »