0

Foreign spies used RAT to hack Australian weather bureau with weak security controls

Foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, but the fact that security controls at the bureau were “insufficient” even for common cybercrime threats only helped the “state-sponsored cyber adversaries.”After Australia’s Bureau of Meteorology systems was hacked, unnamed government officials immediately blamed China and China immediately denied the “groundless accusations.” When the hack hit the news in December 2015, the Bureau of Meteorology (BOM) would not confirm if its systems had been compromised. In April, Australian’s Prime Minister did confirm there had been a “significant cyber intrusion” at the Bureau.To read this article in full or to leave a comment, please click here

0

Galaxy Note 7 flameout: Worst-case scenario

As readers are now no doubt aware, the Samsung Galaxy Note 7 phablet has been on fire lately. Literally. To the point where the Korean manufacturer has given up on fixing the design and killed the entire project. Buyers have been told to stop using the phones and return them in, get this, a fireproof box.+ Also on Network World: The Note 7 is dead: What Samsung must do now +Given the Galaxy Note 7’s propensity for spontaneous combustion and Samsung’s inability to definitively fix the problem, the move shouldn’t come as too much of a surprise. Still, the fallout from Galaxy Note 7 debacle will be felt far and wide, and not just by Samsung and the users and sellers of this particularly flawed device.To read this article in full or to leave a comment, please click here

0

TLS nonce-nse

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you can't encrypt blocks with ECB.)

If you think about it, a pure encryption function is just like any other pure computer function: deterministic. Given the same set of inputs (key and message) it will always return the same output (the encrypted message). And we don't want an attacker to be able to tell that two encrypted messages came from the same plaintext.

The solution is the use of IVs (Initialization Vectors) or nonces (numbers used once). These are byte strings that are different for each encrypted message. They are the source of non-determinism that is needed to make duplicates indistinguishable. They are usually not secret, and distributed prepended to the ciphertext since they are necessary for decryption.

The distinction between IVs and nonces is controversial and not binary. Different encryption schemes require different properties to be secure: some just need them to never repeat, in which case we commonly Continue reading

0

Worth Reading Digital Monoculture

While Waze leads us to our destinations via the quickest route, our dependence on this kind of decision support system may also be the quickest route to a monocultural society. You’ve said the word “algorithm” a thousand times this year, and you may have even written out your algorithmic goals in English, but have you ever coded an algorithm? Do you really know how any AI model is performing? What tiny mistakes (or purposeful small changes) are being made to subtly guide our decision-making? —Shelly Palmer

The post Worth Reading Digital Monoculture appeared first on 'net work.

0

KodaCloud Launches AI-Powered WiFi Cloud Service

The company is targeting enterprise customers with the service.

0

War-torn Syrian city gets new fiber link

The northern Syrian city of Aleppo is one of the key battlegrounds of that country’s on-going civil war as well as the epicenter of the European refugee crisis.  The most appropriate United States response to events in Aleppo has become a major foreign policy question among the candidates in this year’s U.S. presidential election.  Experts are now predicting that forces loyal to President Bashar al-Assad, backed by the Russian military, will take control of rebel-held eastern Aleppo within weeks.  The image below (from Wikipedia) illustrates the the current state (as of 9 October 2016) of the conflict in Aleppo, depicting rebel-held regions in green and those under government control in red.

Amidst all of this, the Syrian Communications and Technology Ministry announced this week that they had completed a new fiber optic line connecting the parts of Aleppo loyal to President Assad to the state telecom’s core network in Damascus, increasing available bandwidth for residents.  It had previously been connected by a high-capacity microwave link.

From a BGP routing standpoint, this development was reflected by the disappearance of AS24814 — we first reported the appearance of AS24814 serving Aleppo in 2013.  At 14:42 Continue reading

0

Samsung issues elaborate fireproof boxes for Note7 returns

Samsung has begun sending customers of its discontinued Galaxy Note7 smartphones special boxes designed to protect the fire-prone phablets from doing any damage on their way back to the vendor through the mail. The lithium-ion batteries in the phones are being fingered for the devices overheating, and in some cases, catching on fire.The shipping package, as discussed by XDA Developers, includes an instruction sheet that shows how the Note7 should be insulated before being sent off. First comes a static shield bag, then a small OEM replacement box, then another box and finally a thermal insulated box. Oh, and there's a set of gloves that you're supposed to put on before handling all of the contents.To read this article in full or to leave a comment, please click here

0

BT Selects Nuage’s SD-WAN for Global Reach

THE HAGUE, Netherlands — Nuage Networks has landed its biggest customer yet for software-defined wide-area networking (SD-WAN), as BT plans to offer the service to its enterprise customers globally. More specifically, BT has selected Nuage‘s Virtualized Network Services (VNS), which the vendor considers a superset of SD-WAN. The deal hasn’t been announced, but Neil McRae,... Read more →

0

Lifesize launches new video gear for huddle rooms

In the world of videoconferencing, there’s a gap between the large conference room systems and lecture hall gear, and the individual’s webcam on their computer, tablet or smartphone. For smaller conference rooms, many of which have been renamed “huddle rooms”, neither  option seems appropriate, because of cost (using a larger system) or convenience (2-4 people shouldn’t have to crowd around a laptop screen).Videoconferencing vendors continue to address this need, with Lifesize being the latest – the company announced today its Icon 450 system, a videoconferencing camera and audio system aimed specifically at the huddle room. The system connects to the Lifesize Cloud, the company’s cloud-based videoconferencing platform.To read this article in full or to leave a comment, please click here

0

Tomahawk II – Performance Over Programmability

Broadcom announced a new addition to their growing family of merchant silicon today. The new Broadcom Tomahawk II is a monster. It doubles the speed of it’s first-generation predecessor. It has 6.4 Tbps of aggregate throughout, divided up into 256 25Gbps ports that can be combined into 128 50Gbps or even 64 100Gbps ports. That’s fast no matter how you slice it.

Broadcom is aiming to push these switches into niches like High-Performance Computing (HPC) and massive data centers doing big data/analytics or video processing to start. The use cases for 25/50Gbps haven’t really changed. What Broadcom is delivering now is port density. I fully expect to see top-of-rack (ToR) switches running 25Gbps down to the servers with new add-in cards connected to 50Gbps uplinks that deliver them to the massive new Tomahawk II switches running in the spine or end-of-row (EoR) configuration for east-west traffic disbursement.

Another curious fact of the Tomahawk II is the complete lack of 40Gbps support. Granted, the support was only paid lip service in the Tomahawk I. The real focus was on shifting to 25/50Gbps instead of the weird 10/40/100Gbps split we had in Trident II. I talked about this a couple of Continue reading

0

10 highest-paying IT security jobs

Highest-paying IT security jobsImage by ThinkstockData breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com. 1. Lead Software Security EngineerImage by ThinkstockTo read this article in full or to leave a comment, please click here

0

10 highest-paying IT security jobs

Highest-paying IT security jobsImage by ThinkstockData breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com. 1. Lead Software Security EngineerImage by ThinkstockTo read this article in full or to leave a comment, please click here

0

First look: Chef’s Habitat puts automation in the app

Deploying new software to production can be hard -- really hard. If you’re among the many businesses adopting new infrastructure and deployment technology today, you’re keenly aware of how difficult it can be. Even as you adopt modern devops tools to streamline development, test, deployment, and ongoing management, and to bring development and operations teams closer together, it often seems you're only creating new silos.To read this article in full or to leave a comment, please click here(Insider Story)

0

First look: Chef’s Habitat puts automation in the app

Deploying new software to production can be hard -- really hard. If you’re among the many businesses adopting new infrastructure and deployment technology today, you’re keenly aware of how difficult it can be. Even as you adopt modern devops tools to streamline development, test, deployment, and ongoing management, and to bring development and operations teams closer together, it often seems you're only creating new silos.To read this article in full or to leave a comment, please click here(Insider Story)

0

Outsourced IT workers ask Feinstein for help, get form letter in return

A University of California IT employee whose job is being outsourced to India recently wrote Sen. Dianne Feinstein (D-Calif.) for help.Feinstein's office sent back a letter addressing manufacturing job losses, not IT, and offered the worker no assistance.The employee is part of a group of 50 IT workers and another 30 contractors facing layoffs after the university hired an offshore outsourcing firm. The firm, India-based HCL, won a contract to manage infrastructure services.That contract is worth about $50 million over five years and can be leveraged by other university campuses -- meaning they could also bring in HCL if they so choose.To read this article in full or to leave a comment, please click here

0

12 hardware and software vulnerabilities you should address now

It's not a stretch to say that most organizations have at least some old hardware and software still in use. An old computer that's still chugging along, running an old operating system and perhaps an application that is hard to replace, doesn't necessarily raise a red flag with IT staff. Why spend money on new equipment or software if what's already in-house is adequate and functioning?To read this article in full or to leave a comment, please click here(Insider Story)

0

12 hardware and software vulnerabilities you should address now

It's not a stretch to say that most organizations have at least some old hardware and software still in use. An old computer that's still chugging along, running an old operating system and perhaps an application that is hard to replace, doesn't necessarily raise a red flag with IT staff. Why spend money on new equipment or software if what's already in-house is adequate and functioning?Walker White, president of BDNA, a company that tracks and analyzes end-of-life (EOL) data for hardware, software and medical devices, says that the main problem with out-of-date software and legacy hardware is that once they pass their EOL cycle, the vendor no longer maintains or supports the products, resulting in security vulnerabilities and risk to organizations. As BDNA's State of the Enterprise Report (Q2 2016) indicates, many organizations are unaware of the potential liabilities, which can cost millions of dollars in the case of a successful attack after a vulnerability is exploited.To read this article in full or to leave a comment, please click here(Insider Story)

0

10 Free Network Management Tools

0

Leaky IoT devices help hackers attack e-commerce sites

Millions of IoT devices are misconfigured so that they can forward messages -- which, combined with default admin settings, allows them to be used to attack e-commerce and other websites, a new report says.The problem is well known and has been around for a more than a decade, said Ryan Barnett, principal security researcher at Akamai Technologies, which produced the report.The problem first came to Akamai's attention when the content delivery network noticed attacks against its customers where the attackers were checking to see whether particular user name and password combinations were valid on the site.To read this article in full or to leave a comment, please click here

0

Leaky IoT devices help hackers attack e-commerce sites

Millions of IoT devices are misconfigured so that they can forward messages -- which, combined with default admin settings, allows them to be used to attack e-commerce and other websites, a new report says.The problem is well known and has been around for a more than a decade, said Ryan Barnett, principal security researcher at Akamai Technologies, which produced the report.The problem first came to Akamai's attention when the content delivery network noticed attacks against its customers where the attackers were checking to see whether particular user name and password combinations were valid on the site.To read this article in full or to leave a comment, please click here