Darkweb marketplaces can get you more than just spam and phish

The underground marketImage by ThinkstockUnderground markets offer a great variety of services for cyber criminals to profit from. These forums offer items ranging from physical world items like drugs and weapons to digital world items such as spam/phishing delivery, exploit kit services, "Crypters", "Binders", custom malware development, zero-day exploits, and bulletproof hosting.To read this article in full or to leave a comment, please click here

Why you need to create a social media policy

Whether it's Facebook, Instagram, Twitter, Snapchat or Reddit, chances are good that your employees are spending some time on at least one of these social networks during work hours. But before you run to IT and install company-wide web filters, there are a few things to consider about your employee's social media habits."Social media is more accessible than ever -- and it isn't going anywhere anytime soon -- so it's a great time for employers to get on board. If a company has a clear policy around social media usage at work and communicates those guidelines effectively, there should not be a need to block the sites, as employees will remain productive and engaged," says Tisha Danehl, vice president of Ajilon Professional Staffing.To read this article in full or to leave a comment, please click here

Hardcore fans mourn the death of Nexus by denouncing the Pixel

It seems Google would like people to think the Pixel is the first phone it has ever produced with its “Made by Google” ad campaign. The most devoted fans of the Android platform have never seen it that way. To them, the Nexus phones were about “pure Android,” but now they’re suddenly finding their phones have been demoted.Google has said there will be no new Nexus phones, and what's more, the Pixel and Pixel XL will get exclusive features that aren’t coming to the current Nexus line, and Nexus owners are understandably upset. How upset? Well, we cannot reprint some of what’s been said, if that gives you an idea.To read this article in full or to leave a comment, please click here

Yahoo shows that breach impacts can go far beyond remediation expenses

Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here

Yahoo shows that breach impacts can go far beyond remediation expenses

Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here

Future of collaboration software all about integration — not consolidation

Enterprise software makers have tried to blend social tools and consumer technology for at least a decade. It's been a slow process, but by 2020 the biggest names in business software will likely be well-known consumer brands, instead of the stalwarts that dominated the market for decades, according to Aaron Levie, CEO of cloud storage service Box. Outsiders are redefining the future of workplace collaboration, and some of these companies, including Facebook, are focused on specific tools or technologies instead of platforms that try to serve every business need. The one-vendor-for-all-things-enterprise approach has no place in today's business landscape, Levie says.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Beyond logging: Using SIEM to combat security, compliance issues

As connectivity grows, so do threats to the IT infrastructures under your care—and, by extension, your organization’s ability to profit and serve its customers. Security strategies that worked fine in the not-so-distant past have grown woefully inadequate as the technology terrain shifts. You’ve probably heard the acronym SIEM being thrown around a lot these days and for good reasons. As security experts, we know that perimeter defenses simply aren’t enough anymore, and we need a holistic view of our IT infrastructures.  + Also on Network World: SIEM market dynamics in play +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Beyond logging: Using SIEM to combat security, compliance issues

As connectivity grows, so do threats to the IT infrastructures under your care—and, by extension, your organization’s ability to profit and serve its customers. Security strategies that worked fine in the not-so-distant past have grown woefully inadequate as the technology terrain shifts. You’ve probably heard the acronym SIEM being thrown around a lot these days and for good reasons. As security experts, we know that perimeter defenses simply aren’t enough anymore, and we need a holistic view of our IT infrastructures.  + Also on Network World: SIEM market dynamics in play +To read this article in full or to leave a comment, please click here

Postman Wants to Be De Facto Standard for APIs

Postman is geared towards internal applications and developer workflows.

Bringing Standards Development And Open Source Projects Together

How CSOs can better manage third-party risks

In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Scott Schneider from CyberGRX, a startup in the third-party risk analysis space, about best practices and tips for CSOs when working on a risk analysis plan with third party vendors.

Samsung hikes recall incentives to retain Note7 customers

In a bid to retain customers, Samsung Electronics is giving larger financial incentives to people who choose to exchange the ill-fated Galaxy Note7 for another smartphone from the company, rather than seek a refund.In the U.S., the company is giving customers a US$25 bill credit through carriers and retailers to customers who return a Note7 for a refund or for any other branded smartphone. But if they choose to exchange the Note7 for any Samsung smartphone, they will get a whopping $100 bill credit from select retailers and carriers. The company did not immediately provide further details on the program.The company had earlier announced a $25 incentive for customers exchanging their Note7 for another Samsung product.To read this article in full or to leave a comment, please click here

OpenStack SDN – Distributed Virtual Routing

In this post we’ll explore how DVR is implemented in OpenStack Neutron and what are some of its benefits and shortcomings.

Network Automation RFP Requirements

After finishing the network automation part of a recent SDN workshop I told the attendees “Vote with your wallet. If your current vendor doesn’t support the network automation functionality you need, move on.”

Not surprisingly, the next question was “And what shall we ask for?” Here’s a short list of ideas, please add yours in comments.

FCIP Cheat Sheet Released

FCIP Cheat Sheet Released

Here is the FCIP Cheat Sheet however, There is not much detail and terms about FCIP really, it's a straight forward protocol.

All the best and please report in case of any bug.

Click here to download FCIP Cheat Sheet

IBM’s Cleversafe storage platform is becoming a cloud service

If dispersing data among storage nodes can make it more secure and less prone to loss, wouldn’t spreading it across far-flung cloud data centers make it even more so?If so, IBM has the right idea with its Cloud Object Storage service, which uses SecureSlice object storage technology that it acquired by buying Cleversafe last year.The storage-as-a-service offering becomes generally available on Thursday. It lets enterprises use both on-premises gear and the IBM Cloud to store unstructured data objects, which can include things like videos, photos and genomic sequencing data.To read this article in full or to leave a comment, please click here

Microsoft snags Stephen Hawking as keynote speaker

Famed physicist and author Stephen Hawking will deliver a keynote address and a at Microsoft's Future Decoded conference on Nov. 1-2 in London. The conference will focus on doing digital business, exploiting the power of algorithms and data. Hawking will deliver the closing speech on the first day of the event and speak about artificial intelligence and how it might impact people. Hawking, who has a form of amyotrophic lateral sclerosis (ALS), uses a computer-based communication provided by Intel to speak, and actually does use both Microsoft Windows and Skype, according to his web page.To read this article in full or to leave a comment, please click here

Authenticated access to Kubernetes pods

When running a micro-services style application in a public cloud, one of the problems to solve is how to provide access to debug information. At Laserlike, we run our application stack on GKE. Most of the stack consists of golang Pods that run an HTTP listener that serves /debug and /metrics handlers.

For metrics scrapping we use prometheus; and grafana for visualization. Our grafana server is nodePort service behind a GCE Load Balancer which uses oauth2 based authentication for access. This still leaves a gap in terms of access to the pod debug information such as /debug/vars or /debug/pprof.

In order to address this gap, we created a simple HTTP proxy for kubernetes services and endpoints. We deploy this proxy behind a oauth2 authenticator which is then exposed via an external load balancer.

The service proxy uses the kubernetes client library in order to consume annotations on the service objects. For example, the following annotation, instructs the service proxy to expose the debug port of the endpoints of the specified service:

metadata:
  annotations:
    k8s-svc-proxy.local/endpoint-port: "8080"

The landing page on the proxy then displays a set of endpoints:

Authenticated access to Kubernetes pods

When running a micro-services style application in a public cloud, one of the problems to solve is how to provide access to debug information. At Laserlike, we run our application stack on GKE. Most of the stack consists of golang Pods that run an HTTP listener that serves /debug and /metrics handlers.

For metrics scrapping we use prometheus; and grafana for visualization. Our grafana server is nodePort service behind a GCE Load Balancer which uses oauth2 based authentication for access. This still leaves a gap in terms of access to the pod debug information such as /debug/vars or /debug/pprof.

In order to address this gap, we created a simple HTTP proxy for kubernetes services and endpoints. We deploy this proxy behind a oauth2 authenticator which is then exposed via an external load balancer.

The service proxy uses the kubernetes client library in order to consume annotations on the service objects. For example, the following annotation, instructs the service proxy to expose the debug port of the endpoints of the specified service:

metadata:
  annotations:
    k8s-svc-proxy.local/endpoint-port: "8080"

The landing page on the proxy then displays a set of endpoints: