Security analysis of popular IoT devices

Have you wondered if your internet-connected devices are infected with Mirai malware and were part of the DDoS attacks?In response to the recent IoT DDoS attacks, researchers at Zscaler analyzed IoT traffic patterns not only on the days of the DDoS attacks on Dyn and Krebs on Security, but going back to July.While Zscaler does not believe any of the devices connected to Zscaler Cloud had been compromised and used in the IoT botnet attacks, ThreatLabz researchers analyzed the security of five security cameras, three smart TV entertainment devices, three smart network printers and scanners, two DVRs and NVRs, two IP phones and a partridge in a pear tree. The last one of course was just to see if you were paying attention: no partridges were harmed in the course of this research.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What is the General Data Protection Regulation and why should you care?

In 2012, the European Commission proposed new regulations on data protection that would supersede the national laws of the 28 EU member states. It was formally approved in April this year, and it will go into effect May 25, 2018. This General Data Protection Regulation (GDPR) introduces several major changes that will impact many organizations worldwide. The smart move is to familiarize yourself with the incoming regulation now, and begin preparing to comply with your obligations. The GDPR will apply to any business that operates within the EU, but also any company that processes data from EU citizens. It doesn’t matter where the organization is located.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What is the General Data Protection Regulation and why should you care?

In 2012, the European Commission proposed new regulations on data protection that would supersede the national laws of the 28 EU member states. It was formally approved in April this year, and it will go into effect May 25, 2018. This General Data Protection Regulation (GDPR) introduces several major changes that will impact many organizations worldwide. The smart move is to familiarize yourself with the incoming regulation now, and begin preparing to comply with your obligations. The GDPR will apply to any business that operates within the EU, but also any company that processes data from EU citizens. It doesn’t matter where the organization is located.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Is your network a platform for business innovation and growth?

The whole point of a network is just to connect stuff, right? Connect people to people, people to machines, and machines to machines. It’s pipes and plumbing, a necessary part of the business infrastructure and, hopefully, one that costs less and less over time. After all, it’s a cost center not a growth engine. At least, that’s the way it’s treated by most businesses these days.Most, but not all.+ Also on Network World: Accelerating business innovation: Don't let networks get in the way +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Is your network a platform for business innovation and growth?

The whole point of a network is just to connect stuff, right? Connect people to people, people to machines, and machines to machines. It’s pipes and plumbing, a necessary part of the business infrastructure and, hopefully, one that costs less and less over time. After all, it’s a cost center not a growth engine. At least, that’s the way it’s treated by most businesses these days.Most, but not all.+ Also on Network World: Accelerating business innovation: Don't let networks get in the way +To read this article in full or to leave a comment, please click here

Healthcare, retail industries give blockchain a try

The U.S. Department of Health and Human Services hopes to put a new technology to use in its ongoing effort to improve the health and well-being of Americans. The technology in question isn't something one might expect to see in the healthcare IT toolkit; rather, it's blockchain, the technology that underpins cryptocurrency and has primarily been associated with bitcoin. HHS sees blockchain as a potential salve for ills that plague the increasingly complex world of digital health records.To read this article in full or to leave a comment, please click here(Insider Story)

How to Setup HA for RHV-M 4 pt1

Hi folks! After plowing through my home lab, I’m ready to walk you through setting up RHV-M in a “self-hosted engine” (HA) configuration. I’ve talked about this in some previous articles if you need to familiarize yourself with what the significance is or why someone might want to go with this approach over a standard deployment.

Let’s get to it.

Pre-Setup

Sounds funny, right? “Pre-setup”.. like you’re going to setup before you setup? But really, that’s what you need to do. In this case, everything needs to be right before you just dive right into the deep end of the lake, or you’re going to hit rocks. What I mean is that your underlying environment needs to be right, or things will not go smoothly at all.

Specifically, you’re going to need to pay attention to the requirements of the hosts and RHV-M software.. the specs are well published. For example, you need to have fully qualified domain names for all of your hosts and RHV-M, and they need to resolve (forward and reverse!) in some form of DNS. Just using “/etc/hosts” isn’t going to cut it here.. Don’t have running DNS in your lab, don’t sweat it, look Continue reading

Hottest Black Friday 2016 Windows PC, tablet and game deals

Big dealsWhile Windows phone deals are non-surprisingly almost non-existent for Black Friday 2016, there are plenty of Microsoft Windows desktops and laptops, Surface tablets and Xbox gaming deals being touted this holiday shopping season. Come Nov. 25, and even earlier for many retailers, here are some of the best deals around.To read this article in full or to leave a comment, please click here

HP’s power-packed Z2 Mini desktop takes on Apple’s aging Mac Mini

HP has been hoping that sleek, powerful hardware will lure Apple Mac aficionados to switch to its PCs, and now is aiming the new Z2 Mini mini-desktop at Mac Mini users.The Z2 Mini packs the computing power of a full-size desktop into a box that can be held in one hand. Starting at $699, it will be available worldwide starting in December.HP has been excelling in PC design, with innovative desktops like Pavilion Wave, a cylindrical desktop, and Elite Slice, a modular mini-desktop onto which components can be snapped.To read this article in full or to leave a comment, please click here

Comments for my biracial niece

I spent the night after Trump’s victory consoling my biracial niece worried about the election. Here are my comments. You won’t like them, expecting the opposite given the title. But it’s what I said.

I preferred Hillary, but that doesn’t mean Trump is an evil choice.

Don’t give into the hate. You get most of your news via social media sites like Facebook and Twitter, which are at best one-sided and unfair. At worst, they are completely inaccurate. Social media posts are driven by emotion, not logic. Sometimes that emotion is love of cute puppies. Mostly it’s anger, fear, and hate. Instead of blindly accepting what you read, challenge it. Find the original source. Find a better explanation. Search for context.

Don’t give into the hate. The political issues that you are most concerned about are not simple and one-sided with obvious answers. They are complex and nuanced. Just because somebody disagrees with you doesn’t mean they are unreasonable or evil. In today’s politics, it has become the norm that we can’t simply disagree with somebody, but must also vilify and hate them. We’ve redefined politics to be the fight between the virtuous (whatever side we are on) and the Continue reading

How to teach endian

On /r/programming is this post about byte-order/endianness. It gives the same information as most documents on the topic. It is wrong. It's been wrong for over 30 years. Here's how it should be taught.

One of the major disciplines in computer science is parsing/formatting. This is the process of converting the external format of data (file formats, network protocols, hardware registers) into the internal format (the data structures that software operates on).

It should be a formal computer-science discipline, because it's actually a lot more difficult than you'd expect. That's because the majority of vulnerabilities in software that hackers exploit are due to parsing bugs. Since programmers don't learn about parsing formally, they figure it out for themselves, creating ad hoc solutions that are prone to bugs. For example, programmers assume external buffers cannot be larger than internal ones, leading to buffer overflows.

An external format must be well-defined. What the first byte means must be written down somewhere, then what the second byte means, and so on. For Internet protocols, these formats are written in RFCs, such as RFC 791 for the "Internet Protocol". For file formats, these are written in documents, such as those describing GIF files, JPEG Continue reading

This malware attack starts with a fake customer-service call

Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments. The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks. On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks.To read this article in full or to leave a comment, please click here

This malware attack starts with a fake customer-service call

Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments. The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks. On Monday, security firm Trustwave said that three of its clients in the past month had encountered malware built with coding found in previous Carbanak attacks.To read this article in full or to leave a comment, please click here

Network Automation Survey

Network Automation is just getting started and it’s odd to say that as IT professionals from other technology disciplines are always surprised to see how much manual interaction there still is between the networking engineering/operations teams and the actual devices they manage.

I’ll never forget the days in 2012-2013 performing my best Google searches to find ways to program or to automate network routers and switches. I didn’t care what programming language was being used or even what tool, but I found nothing. Every time I heard someone say they were using a network script, I’d say “email it to me, that sounds interesting.” Unfortunately, 100% of the time, it ended up being a notepad or a Word file, not a script. What a bummer.

I like to think I’m a solid Googler too. It was amazing though - there was near nothing. Do a search today on network automation or network programming and you’d be amazed on what you’ll find - we’ve come a long way in the past 36 months with respect to network automation, but I truly believe we’re still in the 2nd or 3rd inning (if we were playing a game of baseball, of course).

Continue reading

Network Automation Survey

Network Automation is just getting started and it’s odd to say that as IT professionals from other technology disciplines are always surprised to see how much manual interaction there still is between the networking engineering/operations teams and the actual devices they manage.

I’ll never forget the days in 2012-2013 performing my best Google searches to find ways to program or to automate network routers and switches. I didn’t care what programming language was being used or even what tool, but I found nothing. Every time I heard someone say they were using a network script, I’d say “email it to me, that sounds interesting.” Unfortunately, 100% of the time, it ended up being a notepad or a Word file, not a script. What a bummer.

I like to think I’m a solid Googler too. It was amazing though - there was near nothing. Do a search today on network automation or network programming and you’d be amazed on what you’ll find - we’ve come a long way in the past 36 months with respect to network automation, but I truly believe we’re still in the 2nd or 3rd inning (if we were playing a game of baseball, of course).

Continue reading

1 2,536 2,537 2,538 2,539 2,540 3,853