NetworkingNexus.net

Joomla websites attacked en masse using recently patched exploits

Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didn't waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites, according to researchers from Web security firm Sucuri.To read this article in full or to leave a comment, please click here

How DNS Works: A Primer

The Domain Name System is critical to fundamental IP networking. Learn DNS basics in this primer.

If Linux never was: Imagining an alternate reality without Linux

Ever read a story so depressing, so utterly devoid of happiness, that you wonder why on Earth any fool would take the time to write it down? Just solid sadness beginning to end.This, right here, is one of those stories.This dismal little tale also makes use of what is quite possibly the most over-used (and over-rated) plot device in the history of mankind: the butterfly effect. You know: the notion that a simple little thing can have extreme consequences. A butterfly flaps its wings in Sheboygan, and two days later, a hurricane hits Walla Walla. Because—the butterfly effect. Just a dreadful crutch used by hack writers to move forward a story when they can’t come up with any original ideas.To read this article in full or to leave a comment, please click here

Broadcom Strikes 100G Ethernet Harder With Tomahawk-II

Because space costs so much money and having multiple machines adds complexity and even more costs on top of that, there is always pressure to increase the density of the devices that provide compute, storage, and networking capacity in the datacenter. Moore’s Law, in essence, doesn’t just drive chips, but also the devices that are comprised of chips.

Often, it is the second or third iteration of a technology that takes off because the economics and density of the initial products can’t match the space and power constraints of a system rack. Such was the case with the initial 100 …

Broadcom Strikes 100G Ethernet Harder With Tomahawk-II was written by Timothy Prickett Morgan at The Next Platform.

What Haunts IT Pros?

Survey shows that data security breaches and service outages top the list of IT managers' fears.

The paranoid user’s guide to Windows 10 privacy

Since its release, a major point of controversy with Windows 10 has been the many ways that it can track your personal activity and gather other data about you. Many people don’t mind sharing personal information in exchange for enabling or enhancing a helpful app or service.To read this article in full or to leave a comment, please click here(Insider Story)

IDG Contributor Network: IT departments becoming ‘obsolete’

Online services and workers choosing the tools they want to work with, rather than employees being dictated to by in-house IT experts, means the IT department’s functions are now primarily redundant, says Japan-based Brother.The printer maker refers to IT departments’ control over technology as “dark days” in its web-based advertorial feature in the British national newspaper the Telegraph in September.To read this article in full or to leave a comment, please click here

IDG Contributor Network: IT departments becoming ‘obsolete’

Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks

The best way to get experience with most jobs or tasks is to do them. It’s difficult to learn how to drive a car without getting behind the wheel. Soldiers need to face the enemy in order to gain combat experience. And IT administrators have to experience and mitigate attacks to learn how to best defend their networks. The problem with these scenarios is that they involve a degree of risk. It’s not all that helpful to learn how to counter a cyberattack if the first one you experience puts your company out of business. That’s where the SafeBreach continuous security validation platform comes in. Deployed as a service, through the cloud or internally, it can show cybersecurity teams exactly where the network vulnerabilities are and how to plug those holes. It can even run wargames so that IT teams can learn the best ways to respond to attacks on their actual networks.To read this article in full or to leave a comment, please click here(Insider Story)

Beat the bad guys at their own game with SafeBreach’s simulated cyberattacks

New products of the week 10.31.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Atlantis Workspace Infrastructure integrated with CitrixKey features: Atlantis integrated workspace infrastructure into the Citrix management suite. The combination of applications, management and infrastructure into a single PaaS solution will lower cost and complexity for managing virtual workspaces. More info.To read this article in full or to leave a comment, please click here

New products of the week 10.31.16

GRE over IPSec Tunnel and NAT Between Cisco and VyOS

The goal of this tutorial is to provide a configuration for Cisco and VyOS network devices with configured PAT (Port Address Translation) that connect two remote sides A and B through point-to-point GRE tunnel encapsulated into a IPsec tunnel. In a previous tutorial we proved that GRE tunnels in conjunction with IPsec tunnels transmit multicast traffic while data integrity, authentication and confidentiality was in place. I also provided a simple configuration of GRE, IPsec tunnel and OSPF routing protocol on the Cisco and VyOS routers. In this tutorial I will go further and provide full configuration of the all network devices including PAT and access-lists. picture1_network_infrastructure

Picture 1 - Network Topology

Topology Description - Side A

Each side has a Layer 2 Cisco switch located in a LAN network. A switch connects hosts to its switchports. Each switchport is assigned to a particular VLAN. For instance, a host PC1 is connected to the switch SW1 and the switchport is assigned to a VLAN 100. Hosts in VLAN 100 (subnet 192.168.1.0/24) have guaranteed access to a remote subnet 192.168.2.0/24 via GRE/IPsec tunnel. A NAT access-list configured on a router R1 ensures that IP address of the host in VLAN 100 is not translated by PAT when a destination address is Continue reading

Considerations for Running Docker for Windows Server 2016 with Hyper-V VMs

We often get asked at Docker, “Where should I run my application? On bare metal, virtual or cloud?” The beauty of Docker is that you can run a container anywhere, so we usually answer this question with “It depends.” Not what you were looking for, right?

To answer this, you first need to consider which infrastructure makes the most sense for your application architecture and business goals. We get this question so often that our technical evangelist, Mike Coleman has written a few blogs to provide some guidance:

During our recent webinar, titled “Docker for Windows Server 2016”, this question came up a lot, specifically what to consider when deploying a Windows Server 2016 application in a Hyper-V VM with Docker and how it works. First, you’ll need to understand the differences between Windows Server containers, Hyper-V containers, and Hyper-V VMs before considering how they work together.

A Hyper-V container is a Windows Server container running inside a stripped down Hyper-V VM that is only instantiated for containers.

This provides additional kernel isolation and separation from Continue reading

Black Friday isn’t dead in 2016

The Black Friday 2016 headlines are dire: ”Is Black Friday dead?” “Black Friday: Is the commercial holiday dying?” ”Black Friday is Dead, Long Live Black Friday” But no, Black Friday isn’t really dead and oodles of computers, smartphones, video game consoles and TVs will be snapped up at bargain prices on Friday, Nov. 25 itself, as well as pre-Thanksgiving, on Thanksgiving Day and on the Saturdays leading up to Christmas. Oh, yeah, even Cyber Monday will grab stragglers on Nov. 28.To read this article in full or to leave a comment, please click here

FBI doesn’t have a warrant to review new emails linked to Clinton investigation

After seeing reports that the Justice Department is “furious” at FBI Director Comey for telling Congress about new emails potentially related to Hillary Clinton’s private email server and if she disclosed classified information, the Clinton campaign “made it personal” and accused Comey of a smear campaign. Comey, ironically the same FBI guy who recommended no criminal charges for Clinton, is now being treated like her enemy.“It is pretty strange to put something like that out with such little information right before an election,” Clinton said during a rally at Daytona Beach on Saturday. “In fact, it’s not just strange; it’s unprecedented and deeply troubling.” She added, “So we’ve called on Directory Comey to explain everything right away, put it all out on the table.”To read this article in full or to leave a comment, please click here

FBI doesn’t have a warrant to review new emails linked to Clinton investigation

It’s time to rein in social media services

If you run a social networking service then the one thing you don’t want to be considered to be is a publisher. As a publisher, you become responsible for whatever your users care to post which means when they post something that’s illegal in any way, you are as liable as the poster to be prosecuted. On the other hand, as a “platform”, where no editorial control is exercised, a social media service is only obliged to act on content when they received a court order or a DMCA takedown notice. Pixabay This distinction between being a publisher and a platform is crucial to the major social media services because the cost of vetting and policing user-generated content would be prohibitively expensive even if it were possible (every minute, Twitter generates 350,000 tweets while in the same window 510 comments are posted, 293,000 statuses are updated, and 136,000 photos are uploaded to Facebook).To read this article in full or to leave a comment, please click here

Hacking forum cuts section allegedly linked to DDoS attacks

An online hackers' forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday's massive internet disruption. HackForums.net will be shutting down the "Server Stress Testing" section, the site's admin Jesse "Omniscient" LaBrocca said in a Friday posting. "I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down," he wrote. The section was designed to let members offer so-called stress testing services for websites as a way to check their resiliency. However, security firms claim Hack Forums was actually promoting DDoS-for-hire services that anyone can use to launch cyber attacks.To read this article in full or to leave a comment, please click here

Hacking forum cuts section allegedly linked to DDoS attacks

« Previous 1 … 2,551 2,552 2,553 2,554 2,555 … 3,832 Next »