How to teach endian

On /r/programming is this post about byte-order/endianness. It gives the same information as most documents on the topic. It is wrong. It's been wrong for over 30 years. Here's how it should be taught.

One of the major disciplines in computer science is parsing/formatting. This is the process of converting the external format of data (file formats, network protocols, hardware registers) into the internal format (the data structures that software operates on).

It should be a formal computer-science discipline, because it's actually a lot more difficult than you'd expect. That's because the majority of vulnerabilities in software that hackers exploit are due to parsing bugs. Since programmers don't learn about parsing formally, they figure it out for themselves, creating ad hoc solutions that are prone to bugs. For example, programmers assume external buffers cannot be larger than internal ones, leading to buffer overflows.

An external format must be well-defined. What the first byte means must be written down somewhere, then what the second byte means, and so on. For Internet protocols, these formats are written in RFCs, such as RFC 791 for the "Internet Protocol". For file formats, these are written in documents, such as those describing GIF files, JPEG Continue reading

This malware attack starts with a fake customer-service call

Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments. The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks. On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks.To read this article in full or to leave a comment, please click here

This malware attack starts with a fake customer-service call

Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments. The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks. On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks.To read this article in full or to leave a comment, please click here

Network Automation Survey

Network Automation is just getting started and it’s odd to say that as IT professionals from other technology disciplines are always surprised to see how much manual interaction there still is between the networking engineering/operations teams and the actual devices they manage.

I’ll never forget the days in 2012-2013 performing my best Google searches to find ways to program or to automate network routers and switches. I didn’t care what programming language was being used or even what tool, but I found nothing. Every time I heard someone say they were using a network script, I’d say “email it to me, that sounds interesting.” Unfortunately, 100% of the time, it ended up being a notepad or a Word file, not a script. What a bummer.

I like to think I’m a solid Googler too. It was amazing though - there was near nothing. Do a search today on network automation or network programming and you’d be amazed on what you’ll find - we’ve come a long way in the past 36 months with respect to network automation, but I truly believe we’re still in the 2nd or 3rd inning (if we were playing a game of baseball, of course).

Continue reading

Network Automation Survey

Network Automation is just getting started and it’s odd to say that as IT professionals from other technology disciplines are always surprised to see how much manual interaction there still is between the networking engineering/operations teams and the actual devices they manage.

I’ll never forget the days in 2012-2013 performing my best Google searches to find ways to program or to automate network routers and switches. I didn’t care what programming language was being used or even what tool, but I found nothing. Every time I heard someone say they were using a network script, I’d say “email it to me, that sounds interesting.” Unfortunately, 100% of the time, it ended up being a notepad or a Word file, not a script. What a bummer.

I like to think I’m a solid Googler too. It was amazing though - there was near nothing. Do a search today on network automation or network programming and you’d be amazed on what you’ll find - we’ve come a long way in the past 36 months with respect to network automation, but I truly believe we’re still in the 2nd or 3rd inning (if we were playing a game of baseball, of course).

Continue reading

GE buys ServiceMax for $915M to boost its IoT power

General Electric’s US$915 million acquisition of field service management company ServiceMax on Monday should help enterprises combine what GE does for industrial products and assets with more tools for those who work on them.GE Digital, the division that’s buying ServiceMax, sells software and services for connecting industrial assets and products in the field, then collecting and analyzing data about them. ServiceMax has a cloud-based platform for tasks like scheduling maintenance calls and making sure the right technician is on each job with the right part.To read this article in full or to leave a comment, please click here

Networking Field Day 13 – Sneak Preview

This is going to be a busy week for the Tech Field Day family. They have delegates en-route to Tech Field Day 12 this morning, and Wednesday the crew for Network Field day 13 arrive. I can’t express how excited I am about going to Networking Field Day 13 this week. I haven’t been to an actual NFD event since NFD2, although I did get to go to the TFD9 event in Austin a couple years ago. I can’t wait to land in San Jose. For those new to this concept, Networking Field day is an event that is focused on bringing together IT product vendors and thought leaders in the industry to share information and opinions in a presentation and discussion format. Please be sure to read my disclaimer page on this topic. These events are streamed live, so if you want to listen in while we talk about the latest and greatest technologies from the vendors we’re meeting with, or if you just want to listen to us moan and groan at the occasional Gartner or NASCAR slides… you should tune in. On the menu for this week we have a number of exciting companies that I’d Continue reading

12 steps to lower your espionage risk

"What company would not like to know exactly what its competitor is doing?"When we talk about corporate espionage, we're talking about companies stealing information that gives them a competitive or economic advantage, writes Chuck Easttom in the new 3rd edition of his book Computer Security Fundamentals. It's not showy, often low-tech and sometimes downright dirty, as exemplified by Oracle CEO Larry Ellison's admission that he "hire[d] private investigators to sift through Microsoft garbage in an attempt to garner information."To read this article in full or to leave a comment, please click here(Insider Story)

Worth Reading: IoT Goes Nuclear

Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. —Eyal Ronen

LinkedInTwitterGoogle+Facebook

The post Worth Reading: IoT Goes Nuclear appeared first on 'net work.

Your security mirages

Yes, I was hit last week. Forensics are in progress. I got doxxed, too.It has made me realize that most of systems security is an illusion. Here are my favorite alternate realities:1. Everything is safe behind the firewall.Ever heard of UBFWI—as in User’s Been Fooling With It? While IPD/IPS and firewall networked-technology has improved so vastly, there’s nothing like a user with an infected laptop to bring in a lulu.2. Obscure operating systems never get hit. Hackers only go for the gold with Windows.Here, let me laugh out loud and roll on the floor. Mine was an obscure server version on an obscure branch of an obscure BSD limb. Listen to the sound of lunch getting eaten: mine. Chomp, chomp, burp.To read this article in full or to leave a comment, please click here

Your security mirages

Yes, I was hit last week. Forensics are in progress. I got doxxed, too.It has made me realize that most of systems security is an illusion. Here are my favorite alternate realities:1. Everything is safe behind the firewall.Ever heard of UBFWI—as in User’s Been Fooling With It? While IPD/IPS and firewall networked-technology has improved so vastly, there’s nothing like a user with an infected laptop to bring in a lulu.2. Obscure operating systems never get hit. Hackers only go for the gold with Windows.Here, let me laugh out loud and roll on the floor. Mine was an obscure server version on an obscure branch of an obscure BSD limb. Listen to the sound of lunch getting eaten: mine. Chomp, chomp, burp.To read this article in full or to leave a comment, please click here

Best Black Friday 2016 deals on Apple iPhones, iPads, watches and more

Apple appetiteApple traditionally gives retailers little leeway on iPhone, iPad and Mac promotions, even around Black Friday, but retailers do find ways around these restrictions by bundling phones with gift cards and other goodies. Apple typically slips a few Black Friday deals out close to the Thanksgiving holiday. But here are deals we know about already on iPhones, iPads, Apple Watches and more. (Black Friday watchers such as BFads and Best Black Friday have been a big help in keeping tabs on deals.)To read this article in full or to leave a comment, please click here

6 tips for buying or selling a smart home

Recently, one of our neighbors sold their home and they had a Google Nest thermostat. This became an issue during the sale process. The prospective buyers wanted the Nest to remain, but current owners wanted to take it with them.To read this article in full or to leave a comment, please click here(Insider Story)

BGP Tools for the DFZ (2)

In the last post in this series, I looked at the whois database to make certain the registration information for a particular domain name is correct. Now it’s time to dig a little deeper into the DFZ to see what we can find. To put this series in the widest context possible, we will begin by assuming we don’t actually know the Autonomous System number associated with the domain name we’re looking for—which means we will need to somehow find out which AS number belongs to the organization who’s routes we are trying to understand better. The best place to start in our quest for an AS number that matches a domain name is peeringdb. The front page of peeringdb looks like this—

peering-db-01

As the front page says, peeringdb primarily exists to facilitate peering among providers. Assume you find you are a large college, and you find you have a lot of traffic heading to LinkedIn—that, in fact, this traffic is consuming a large amount of your transit traffic through your upstream provider. You would really like to offload this traffic in some way directly to LinkedIn, so you can stop paying the transit costs to this particular network. But Continue reading

19% off Motorola MR350R 35-Mile Range FRS/GMRS Two-Way Radio – Deal Alert

Motorola Talkabout MR350 is the ultimate communication tool for the outdoor enthusiast. It boasts a range of up to 35 miles (actual mileage will vary based on a variety of conditions) and is loaded with every possible radio feature. It's also both lightweight and rugged, with extra large buttons to help you operate even with gloves on. The MR350 features 11 weather channels (7 NOAA) with alert features, 22 channels each with 121 privacy codes for superior interference protection, iVOX hands-free communication, and a built-in flashlight. Currently averaging 4 out of 5 stars on Amazon from over 1,300 people (read reviews), its list price of $79.99 has been discounted to $64.99 for a pair of two radios. See it now on Amazon.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why you need a digital workplace

In February of 2013, Yahoo! CEO Marissa Mayer banned working from home across the entire company. Even employees who were hired on as fulltime remote workers were asked to relocate their desks to the Yahoo offices or lose their jobs.The reasoning?According to Mayer's memo: “To become the absolute best place to work, communication and collaboration will be important, so we need to be working side-by-side. That is why it is critical that we are all present in our offices. … Speed and quality are often sacrificed when we work from home.”To read this article in full or to leave a comment, please click here

1 2,518 2,519 2,520 2,521 2,522 3,834