IDG Contributor Network: Decoy networks are the secret to deflecting hackers

Attackers have a time advantage over static computer networks because the bad guys can simply hover around the network for long periods, study it and look for an advantage. The computer network is usually just sitting there, dawdling like unfortunate prey silhouetted in a hunter’s rifle scope.The observing hackers can even disappear for a while, return and find nothing’s changed. The vulnerabilities are still in place. Bang! The perp hits when it’s convenient, and it’s all over.The best solution to this time-advantage problem are computer defenses that sense malevolent investigations of the network and then squirt the attack over to a fake network that proffers no intelligence about the genuine network, according to some. They were written about as long ago as 2004 in the International Journal of Digital Evidence (PDF).To read this article in full or to leave a comment, please click here

Designing your business for the 21st century

“Most companies are simply not designed to survive. They become successful on the basis of one big idea or breakthrough product,” says CEO Mike Walsh of Tomorrow, a global consultancy that helps design 21st century businesses. The companies that will thrive in the near future are the ones not only embracing change but breaking the rules. Learn how to leverage disruptive innovation, solve business problems with social networks and apply “the new lean IT mindset” to sharpen your focus on how future customers will think, talk and transact.

IoT malware behind record DDoS attack is now available to all hackers

The source code for a trojan program that infected hundreds of thousands of internet-of-things devices and used them to launch distributed denial-of-service attacks has been published online, paving the way for more such botnets.The code for the trojan, which its creator calls Mirai, was released Friday on an English-language hackers' forum, cybersecurity blogger Brian Krebs reported over the weekend. Krebs' website was the target of a record DDoS attack two weeks ago that was launched from the Mirai botnet.The trojan's creator, who uses the online handle Anna-senpai, said that the decision to release the source code was taken because there's a lot of attention now on IoT-powered DDoS attacks and he wants to get out of this business.To read this article in full or to leave a comment, please click here

IoT malware behind record DDoS attack is now available to all hackers

The source code for a trojan program that infected hundreds of thousands of internet-of-things devices and used them to launch distributed denial-of-service attacks has been published online, paving the way for more such botnets.The code for the trojan, which its creator calls Mirai, was released Friday on an English-language hackers' forum, cybersecurity blogger Brian Krebs reported over the weekend. Krebs' website was the target of a record DDoS attack two weeks ago that was launched from the Mirai botnet.The trojan's creator, who uses the online handle Anna-senpai, said that the decision to release the source code was taken because there's a lot of attention now on IoT-powered DDoS attacks and he wants to get out of this business.To read this article in full or to leave a comment, please click here

Down the rabbit hole, part 3: Linux and Tor are key to ensuring privacy, security

So, I’ve decided I need to improve the privacy and security of my life (especially as it relates to computing). And I’ve come to the conclusion that in order to effectively do this, I need to focus on utilizing open source software as much as possible.  What next? Let’s start at a very simple, basic level: the operating system of my laptop computers (I don’t actually have a desktop currently, but the same ideas will apply) and how they connect to the internet.To read this article in full or to leave a comment, please click here

AMD provides upgrade path to Zen with new business PC chips

AMD's new 7th Generation Pro chips have hooks to let PC users easily upgrade to next-generation Zen chips that could come out next year.The new Pro chips, code-named Bristol Ridge, are for business desktops, and will appear in PCs from HP and Lenovo. The ability to easily upgrade is a big deal because it lets users avoid buying new PCs in order to get the Zen chips when they come out.It'll work like this: users buy a desktop with the new AMD Pro chip, but upgrade to Zen later on by replacing chips in the socket.There's a lot to like in the new AMD Pro chips, but there's even more excitement around Zen, which will provide a 40 percent improvement in CPU performance. The new AMD Pro will be compatible with the AM4 socket, which provides the basis for upgrades to Zen.To read this article in full or to leave a comment, please click here

Panda Banker’s Future DGA

Since we last visited the Panda Bankers at the malware zoo, two new versions have emerged: 2.2.6 and 2.2.7. While sifting through the encrypted strings of the latest version, two interesting ones stood out: dgaconfigs DGA, download “%S”. Tracing the first one through the code does indeed lead to a DGA or a domain generation […]

Data center management in the cloud can predict downtime, vendors say

Data center power management vendor Eaton’s newest product has sensors that that the company says will proactively warn customers of when equipment component failures are likely to occur.Eaton’s announcement today of PulseIngisht Analaytics is part of a broader trend in the data center infrastructure management (DCIM) market moving to cloud-based platforms, says 451 Research director for data center technologies Rhonda Ascierto. Vendors such as Eaton, Schneider Electric and Emerson Network Power are evolving their platforms to collect more data their power systems generate and analyze it to provide customers with detailed information about data center performance, and even help predict and prevent downtime from equipment failure.To read this article in full or to leave a comment, please click here

Data center management in the cloud can predict downtime, vendors say

Data center power management vendor Eaton’s newest product has sensors that that the company says will proactively warn customers of when equipment component failures are likely to occur.Eaton’s announcement today of PulseIngisht Analaytics is part of a broader trend in the data center infrastructure management (DCIM) market moving to cloud-based platforms, says 451 Research director for data center technologies Rhonda Ascierto. Vendors such as Eaton, Schneider Electric and Emerson Network Power are evolving their platforms to collect more data their power systems generate and analyze it to provide customers with detailed information about data center performance, and even help predict and prevent downtime from equipment failure.To read this article in full or to leave a comment, please click here

Waratek upgrades Java protection

Waratek is introducing a feature to its Java-protection platform that enables upgrading to the current version of Java without having to install Java updates or touch the apps running within the Java virtual machine.The latest version of its AppSecurity for Java uses secure virtual containers around the entire Java application stack to apply the security and performance features of the current Java 8 platform’s security and performance levels without having to install Java 8, the company says.The alternative would be to replace the Java Runtime Environment (JRE) and upgrade the application code directly. That would involve taking the application offline while the upgrades are performed.To read this article in full or to leave a comment, please click here

Waratek upgrades Java protection

Waratek is introducing a feature to its Java-protection platform that enables upgrading to the current version of Java without having to install Java updates or touch the apps running within the Java virtual machine.The latest version of its AppSecurity for Java uses secure virtual containers around the entire Java application stack to apply the security and performance features of the current Java 8 platform’s security and performance levels without having to install Java 8, the company says.The alternative would be to replace the Java Runtime Environment (JRE) and upgrade the application code directly. That would involve taking the application offline while the upgrades are performed.To read this article in full or to leave a comment, please click here

EU gets ready to fine Google in Android antitrust suit

The European Commission is preparing to fine Google for paying smartphone makers to exclusively use its search engine on their mobile devices, according to Reuters.The European Union's antitrust authority filed a so-called statement of objections against Google in April, accusing it of forcing smartphone makers to exclusively use its search engine if they want access to the Play Store, through which phone users can download and purchase other apps.Now the Commission has sent a redacted copy of that statement of objections to complainants, Reuters reported after seeing the document.To read this article in full or to leave a comment, please click here

ICANN will generate new DNSSec key

Rotating cryptographic keys is a security best practice, so it's good news that ICANN has begun the process to change the root key pair underpinning the security of the DNS. While the chances of a misstep is small, the fact remains that changing the root key pair has never been done before. A mistake can potentially -- temporarily -- break the Internet.No pressure, ICANN.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security newsletter. ] As the phone book of the Internet, DNS translates easy-to-remember domain names into IP addresses so that users don't have to remember strings of numbers in order to access web applications and services. However, attackers can hijack legitimate DNS requests to divert users to fraudulent sites through DNS cache poisoning or DNS spoofing.To read this article in full or to leave a comment, please click here

Discussing Disruption to IT

Disruption has come to mean different things in the realm of IT. It’s difficult to read social media for a day without seeing the word "disruption" abused by the great marketing machine.

Using this word in the context of "disruption to service" or put it another way, "What happens when something doesn’t work?", it’s difficult to come up with a good anecdote to describe the impact of something going wrong when you’re in front of customers without sounding like another marketeer. I firmly believe in delivering value by "showing" as opposed to just battering your audience with slide ware. 

Still, in networking we are actually going through a period of huge change. The CLI skill set is still dominant and I’m not scare mongering when I say over time this will change. It will. It just won’t change as fast as some people will have you believe. Anyway, I digress. 

Fred

At college, I studied the greatest passion in life I had at the time, which was electronics. The local college department was ok and the material was industry standard stuff. Nothing crazy and out there, but useful and real. We had one super hero in the Continue reading

New products of the week 10.3.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Daptiv TTMKey features: With Daptiv TTM, teams can better track tasks and submit timesheets, stakeholders get a more accurate view of project status, and initiatives move forward on time and on budget. More info.To read this article in full or to leave a comment, please click here

New products of the week 10.3.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Daptiv TTMKey features: With Daptiv TTM, teams can better track tasks and submit timesheets, stakeholders get a more accurate view of project status, and initiatives move forward on time and on budget. More info.To read this article in full or to leave a comment, please click here

1 2,551 2,552 2,553 2,554 2,555 3,763