Data hoarding site represents the dark side of data breach monitoring

A site that's been warning the public about data breaches might actually be doing more harm than good.Enter LeakedSource, a giant repository online that can potentially make hacking easier. Your email address and the associated Internet accounts -- including the passwords -- is probably in it.In fact, the giant repository is made up of stolen databases taken from LinkedIn, Myspace, Dropbox, and thousands of other sites. It bills itself as a data breach monitoring site and for months now, it's been collecting details on hacks, both old and new, and alerting the media about them.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Zuznow (who?) offers a Siri-like tool for developers

Zuznow is a little-known vendor that offers a mobile development platform. Essentially Zuznow is focused on enabling businesses, even those businesses without technical development resource on staff, to create mobile applications. It’s a busy space, and it's getting busier—large vendors (Salesforce, BMC), smaller vendors (Caspio, Mendix) and standalone mobile application development platforms (Xamarin) are all trying to solve this problem.+ Also on Network World: Will companies trust their communications to AI chatbots? + Zuznow wants to steal a march on the opposition with the introduction of its intelligent voice assistant. The tool can be thought of as a plug-and-play Siri. Indeed Zuznow has even called the offering Susie, as an homage of Apple’s Siri voice assistant. Zuznow promises that it is delivering the world's first intelligent assistant plugin that brings voice-control and chatbots to any enterprise mobile app within hours. To read this article in full or to leave a comment, please click here

BackConnect’s Suspicious BGP Hijacks

Earlier this month, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.”  Afterwards, Krebs noticed that vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect, which claims to be the “world’s first and leading open source based DDoS and network security provider.”

Bryant Townsend, CEO of BackConnect, confirmed to Krebs that they had indeed conducted a BGP hijack on vDOS, but claimed that it was for “defensive purposes.”  In an email to the NANOG list, Townsend explained that in doing so they “were able to collect intelligence on the actors behind the botnet as well as identify the attack servers used by the booter service,” implying this was a one-time event.  Krebs then contacted Dyn for some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year.  What emerges from this analysis is that the hijack against vDOS probably wasn’t the first time BackConnect used BGP hijacks in the course of its business.  And via the use of Continue reading

BrandPost: Driven to Connect

Businesses large and small are under the gun to satisfy network access for varied constituencies: not only centralized and remote workers, but outsiders ranging from consumers to partners. Typically, that means supporting multiple access technologies such as a secure virtual private network (VPN) and any number of Wi-Fi guest access devices.Businesses typically have spent years trying to catch up with the access needs of their workers. Larger firms may use a variety of networking technologies from high-performing carrier-based Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), campus or metro Ethernet local area networks (LANs), and public internet VPNs. Smaller organizations are more likely inclined to the public internet options.To read this article in full or to leave a comment, please click here

Multi-site with Cross-VC NSX and Palo Alto Networks Security

In a prior post, Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites, we discussed how Cross-VC NSX provides micro-segmentation and consistent security across multiple sites. We looked at five reasons to seriously consider Cross-VC NSX for a multi-site solution in terms of security alone: centralized management, consistent security across vCenter domains/sites, security policies follow the workload(s), ease of security automation across vCenter domains/sites, and enhanced disaster recovery use case. In this post, we’ll discuss how advanced third party security services can also be leveraged in a Cross-VC NSX environment. 

Prior Cross-VC NSX Blogs:
Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites
Cross-VC NSX: Multi-site Deployments with Ease and Flexibility
NSX-V: Multi-site Options and Cross-VC NSX Design Guide
Enhanced Disaster Recovery with Cross-VC NSX and SRM
Cross-VC NSX for Multi-site Solutions

NSX provides a solid platform for security in general: inherent isolation via logical networks, micro-segmentation via distributed firewall, edge firewall capabilities, third party guest introspection services, third party network introspection services, and a robust security policy orchestration and automation framework.

With Cross-VC NSX, micro-segmentation and consistent security policies for workloads expands beyond a single vCenter boundary. Typically, customers who have multiple sites also have multiple vCenters – at least one vCenter Continue reading

Live Debugging Java in Docker – Just in time for JavaOne!

Developing Java web applications often requires that they can be deployed on multiple technology stacks. These typically include an application server and a database, but these components can vary from deployment to deployment. Building and managing multiple development stacks in a development environment can be a time consuming task often requiring unique configurations for each stack.

Docker can simplify the process of building and maintaining develop environments for Java web applications by building custom images that application developers can create on demand and use for development, testing and debugging applications. We have recently published a tutorial for building a Java web application using containers and three popular Java IDEs.  Docker enables developers to debug their code as it runs in containers. The tutorial covers setting up a debug session with an application server in Docker using IDEs that developers typically use such as Eclipse, IntelliJ IDEA and Netbeans. Developers can build the application, change code, and set breakpoints while the application is running in the container. The tutorials use a simple Spring MVC application to illustrate how use containers when developing Java applications

The tutorial is available on GitHub in our Docker Labs repository. These tutorials show you how to:

IDG Contributor Network: Mobile IoT provider applies military techniques to improve IoT resiliency

The military knows how to operate in chaotic situations.Where should resources be deployed? How should isolated platoons be managed? How should field units and central command coordinate activities when communication lines are broken? How can communications be secured? How can systems be made more resilient?  Many military techniques can be adpated to enhance IoT resiliency.Lessons from the Art of War Military communications or “comms" are activities, equipment and tactics the military uses on the battlefield. They include measurement systems, cryptography and robust communication channels. Military doctrine combines centralized intent with decentralized execution. Four key design principles are applied:To read this article in full or to leave a comment, please click here

SIEM market dynamics in play

When I started focusing on the security market 14 years ago, the security information and event management (SIEM) market was a burgeoning market populated by vendors such as CA, e-Security, Intellitactics and NetForensics. In the intervening timeframe, the SIEM market has grown, thrived and changed every few years. SIEM started as a central repository for event correlation for perimeter security devices. It then morphed into a reporting engine for governance and compliance. In a subsequent phase, SIEM became more of a query and log management tool for security analysts. Fast forward to 2016, and SIEM has taken on a much bigger scope—an enterprise software platform that anchors security operations centers (SOCs). In this role, SIEM platforms can also include:To read this article in full or to leave a comment, please click here

SIEM Market Dynamics in Play

When I started focusing on the security market 14 years ago, the SIEM market was burgeoning market populated by vendors such as CA, e-Security, Intellitactics, and NetForensics. In the intervening timeframe, the SIEM market has grown, thrived, and changed every few years.  SIEM started as a central repository for event correlation for perimeter security devices.  It then morphed into a reporting engine for governance and compliance.  In a subsequent phase, SIEM became more of a query and log management tools for security analysts. Fast forward to 2016 and SIEM has taken on a much bigger scope – an enterprise software platform that anchors security operations centers (SOCs).  In this role, SIEM platforms can also include:To read this article in full or to leave a comment, please click here

Worth Reading: Long secret Stingray manuals detail phone spying

Harris Corp’s Stingray surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. —The Intercept

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Long secret Stingray manuals detail phone spying appeared first on 'net work.

Researchers demonstrate remote attack against Tesla Model S

Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world -- among other things, it has a bug bounty program. But that doesn't mean the software in its cars is free of security flaws.Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the breaking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other."As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the researchers from Tencent's Keen Security Lab said in a blog post Monday. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."To read this article in full or to leave a comment, please click here

Researchers demonstrate remote attack against Tesla Model S

Tesla Motors is considered one of the most cybersecurity-conscious car manufacturers in the world -- among other things, it has a bug bounty program. But that doesn't mean the software in its cars is free of security flaws.Researchers from Chinese technology company Tencent found a series of vulnerabilities that, when combined, allowed them to remotely take over a Tesla Model S car and control its sunroof, central display, door locks and even the breaking system. The attack allowed the researchers to access the car’s controller area network (CAN) bus, which lets the vehicle’s specialized computers communicate with each other."As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars," the researchers from Tencent's Keen Security Lab said in a blog post Monday. "We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected."To read this article in full or to leave a comment, please click here

IDG Contributor Network: EU will offer free Wi-Fi in villages and towns

If you’re in the Wi-Fi network installation business in Europe, you might be about to get extremely busy. The head of the politico-economic union said its member states will be investing dramatically in Wi-Fi connectivity. The reason: to “empower” its subjects.“Every European village and every city” will be equipped with a total of an equivalent of 134 million dollars-worth of non-payment, free wireless Internet by 2020.” The installs will occur around the “main centers of public life,” Jean-Claude Juncker, president of the European Union’s executive body, said in a state of the union address a few days ago.To read this article in full or to leave a comment, please click here

Triple-helix touted for tech growth

Jyväskylä, Finland -- The 11th European Conference on Innovation and Entrepreneurship was held last week at this picturesque university town in the central Finnish “Lake District.”Stanford University’s Henry Etzkovitz gave the opening keynote on “Triple Helix Innovation in a Crisis.”Etzkovitz originated the concept of “Triple Helix,” for the combined efforts of government, industry, and academia in regional economic development. He declared that in the knowledge era, the academic strand of the helix is the critical component.Cities and regions who deploy their academic resources wisely will prosper most in an era of global economic turmoil. “The entrepreneurial university” in particular can drive innovation because of its continuous waves of students, who can work on faculty-directed projects that do not have to meet direct economic goals, as corporations do.To read this article in full or to leave a comment, please click here

61% off Panasonic ErgoFit In-Ear Comfort Fit Noise Isolating Earbuds – Deal Alert

If you believe the reviewers on Amazon, you may not find a better sounding pair of earbuds at this price point, which at the current 61% discount is just $11.24. The ErgoFit earbuds from Panasonic are designed to fit comfortably and securely in your ear, isolating outside noise while delivering great sound with a wider frequency range than most comparable buds. The earbuds come in various colors and features a generous 3.6 ft. cord that easily fits through or around your clothes, coats and bags. The ErgoFit earbuds average 4.5 stars from nearly 36,000 people on Amazon (read reviews) which lends some credibility to Panasonic's claim that the earbuds deliver dynamic, crystal clear sound while successfully blocking ambient noise. Its typical list price of $29 has been reduced 61% to just $11.24.To read this article in full or to leave a comment, please click here

59% off Panasonic ErgoFit In-Ear Comfort Fit Noise Isolating Earbuds – Deal Alert

If you believe the reviewers on Amazon, you may not find a better sounding pair of earbuds at this price point, which at the current 59% discount is just $11.99. The ErgoFit earbuds from Panasonic are designed to fit comfortably and securely in your ear, isolating outside noise while delivering great sound with a wider frequency range than most comparable buds. The earbuds come in various colors and features a generous 3.6 ft. cord that easily fits through or around your clothes, coats and bags. The ErgoFit earbuds average 4.5 stars from nearly 36,000 people on Amazon (read reviews) which lends some credibility to Panasonic's claim that the earbuds deliver dynamic, crystal clear sound while successfully blocking ambient noise. Its typical list price of $29 has been reduced 59% to just $11.99.To read this article in full or to leave a comment, please click here

Figuring out the screwy smartphone pricing on Glyde

With the release of the iPhone 7, I was hoping to get a bargain on the iPhone 6 Plus. There was nothing in the 6S that appealed to me, and the 6 would be cheaper. So, I checked out the iPhone offerings on Glyde, where I have done business before to my satisfaction. As of last Wednesday, an iPhone 6 Plus, 16GB, on AT&T was $374. I decided to wait for a price drop. Two days later, the price fell remarkably to $311. Well, that's going in the right direction. I decided to wait for more changes. The next day, last Saturday, the price spiked to $455. That's definitely going in the wrong direction.To read this article in full or to leave a comment, please click here

Researchers remotely hack Tesla Model S while it is being driven

Chinese researchers from Keen Security Lab of Tencent announced that they could chain multiple vulnerabilities together, which allowed them to remotely hack the Tesla Model S P85 and 75D from as far as 12 miles away.The researchers said: As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.To read this article in full or to leave a comment, please click here

1 2,515 2,516 2,517 2,518 2,519 3,697