How to keep terrifying medical device hacks from becoming reality

While some of the scariest IoT hacks envisioned – those involving hijacked medical devices such as pacemakers and insulin pumps – have yet to surface in the real world, those in the medical and IT security fields are not letting down their guard. They’ve seen enough ransomware and other attacks on healthcare outfits of late to know they are major cyberattack targets.The reality is that more medical devices are becoming connected ones, and that’s increasing the security threat surface, said panelists this past week at the Security of Things Forum in Cambridge, Mass.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Podium Data wants to offer a complete data wrangling platform

News today from quiet 2-year-old startup Podium Data, which has raised $9.5 million by way of a series A funding round. The round comes from a syndicate of investors led by Malibu Ventures. The company was founded back in 2014, and since then it has quietly been going about building its offering.The founding team has broad experience within the big data industry, having wrangled data warehousing, advanced high-performance computing, systems integrations, business intelligence and database systems within Fortune 100 companies.+ Also on Network World: Data lakes: A better way to analyze customer data +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Podium Data wants to offer a complete data wrangling platform

News today from quiet 2-year-old startup Podium Data, which has raised $9.5 million by way of a series A funding round. The round comes from a syndicate of investors led by Malibu Ventures. The company was founded back in 2014, and since then it has quietly been going about building its offering.The founding team has broad experience within the big data industry, having wrangled data warehousing, advanced high-performance computing, systems integrations, business intelligence and database systems within Fortune 100 companies.+ Also on Network World: Data lakes: A better way to analyze customer data +To read this article in full or to leave a comment, please click here

When the IPv6 Data Changes, so Should Your Opinion

Sky UK recently completed their rollout of IPv6. The uptake statistics are quite remarkable. If you think that people don’t have IPv6-capable devices, or that their home routers can’t handle IPv6…you really need to look at the data, and re-think your opinion.

APNIC has a long-running program collecting data on IPv6 client capability/preference by country and ASN. This graph shows the data for Great Britain:

ipv6_gb

So a year ago we had ~5% takeup, and now it’s 20-25%. And here’s the reason for that big jump from April this year - this graph shows the data for AS5607, BSkyB:

ipv6_bskyb

So > 80% of clients on the BSkyB network are IPv6-capable.

If someone tells you that people don’t have IPv6-capable devices, or routers: the data does not back that up. A few years ago that may have been true, but people don’t access the Internet using Windows XP desktops anymore: They use iOS and Android mobile devices. These have short replacement lifecycles, so people tend to be running newer versions. These are capable of using IPv6, and will prefer it if it is available.

The other related trend is that people have more wireless devices at home, and they have Continue reading

When the IPv6 Data Changes, so Should Your Opinion

Sky UK recently completed their rollout of IPv6. The uptake statistics are quite remarkable. If you think that people don’t have IPv6-capable devices, or that their home routers can’t handle IPv6…you really need to look at the data, and re-think your opinion.

APNIC has a long-running program collecting data on IPv6 client capability/preference by country and ASN. This graph shows the data for Great Britain:

ipv6_gb

So a year ago we had ~5% takeup, and now it’s 20-25%. And here’s the reason for that big jump from April this year – this graph shows the data for AS5607, BSkyB:

ipv6_bskyb

So > 80% of clients on the BSkyB network are IPv6-capable.

If someone tells you that people don’t have IPv6-capable devices, or routers: the data does not back that up. A few years ago that may have been true, but people don’t access the Internet using Windows XP desktops anymore: They use iOS and Android mobile devices. These have short replacement lifecycles, so people tend to be running newer versions. These are capable of using IPv6, and will prefer it if it is available.

The other related trend is that people have more wireless devices at home, and they have Continue reading

Managing Digital Racket

I read this article, long by today’s standards of fleeting attention. TL;DR. Information bombardment addicted the author with negative effects on his life. And while he’s not done making changes in his life, he has broken the cycle.

I’ve had similar challenges to him, and continue to hone my approach to managing digital racket. I know I’ve written about this before, but the art is evolving for me. Chronicling progress, however minor, is cathartic.

I mute nearly all notifications. This cuts down tremendously on mental intrusions, improving my focus and reducing FOMO. While you’d think turning off notifications would increase FOMO, you realize over time that you aren’t actually missing anything substantial. Once you believe this, the anxiety borne of FOMO fades away.

The only notifications I currently receive are as follows.

  1. Phone calls. I don’t get many, and most of them are directly related to my business.
  2. Direct messages from my immediate family.
  3. Direct messages from my three co-workers and a few close collaborators.

I have deleted most social media apps from my phone. I have a few for the sake of convenience when abroad, but rarely access them. With notifications turned off, the temptation is practically nil. Twitter is my greatest temptation, and therefore do not Continue reading

KrebsOnSecurity moves to Project Shield for protection against DDoS attack censorship

Unless you are a bad guy intent upon nefarious schemes to exploit technology in order to make money, then you probably have a great amount of respect for security reporter Brian Krebs. The crimes, breaches and attacks he has exposed have been so stunning that it boggles the mind. If cyber thugs have a “most wanted” list, then Krebs is likely at, or very near, the top. Yet what kind of messed up world do we live in if criminals can exploit horribly insecure internet-of-things devices with such success that it can silence the voice of a journalist like Krebs?He most recently ticked off allies of vDOS; Krebs wrote about the DDoS-for-hire company and the two teenagers allegedly behind it were arrested. Although it’s nothing new for his site, KrebsOnSecurity, to come under attack, like it did after his vDOS exposé, nearly two weeks later, Krebs’ site was hit “with the largest DDoS the internet has ever seen. 665 Gbps” (gigabits per second). Some of the POST request attacks included the string “freeapplej4ck,” referring to one of the alleged teenage owners of vDOS.To read this article in full or to leave a comment, please click here

KrebsOnSecurity moves to Project Shield for protection against DDoS attack censorship

Unless you are a bad guy intent upon nefarious schemes to exploit technology in order to make money, then you probably have a great amount of respect for security reporter Brian Krebs. The crimes, breaches and attacks he has exposed have been so stunning that it boggles the mind. If cyber thugs have a “most wanted” list, then Krebs is likely at, or very near, the top. Yet what kind of messed up world do we live in if criminals can exploit horribly insecure internet-of-things devices with such success that it can silence the voice of a journalist like Krebs?He most recently ticked off allies of vDOS; Krebs wrote about the DDoS-for-hire company and the two teenagers allegedly behind it were arrested. Although it’s nothing new for his site, KrebsOnSecurity, to come under attack, like it did after his vDOS exposé, nearly two weeks later, Krebs’ site was hit “with the largest DDoS the internet has ever seen. 665 Gbps” (gigabits per second). Some of the POST request attacks included the string “freeapplej4ck,” referring to one of the alleged teenage owners of vDOS.To read this article in full or to leave a comment, please click here

Test-driving arbitrary data publishing over BGP

BGP is a routing protocol known for its strength in scaling and resilience. It is also flexible and extensible.  With its Multi-Protocol extension BGP can support distribution of various data types. Still to extend BGP for every new route data type  requires introduction of new address family(AFI/SAFI) and making BGP aware of the new data … Continue reading Test-driving arbitrary data publishing over BGP

How we brought HTTPS Everywhere to the cloud (part 1)

CloudFlare's mission is to make HTTPS accessible for all our customers. It provides security for their websites, improved ranking on search engines, better performance with HTTP/2, and access to browser features such as geolocation that are being deprecated for plaintext HTTP. With Universal SSL or similar features, a simple button click can now enable encryption for a website.

Unfortunately, as described in a previous blog post, this is only half of the problem. To make sure that a page is secure and can't be controlled or eavesdropped by third-parties, browsers must ensure that not only the page itself but also all its dependencies are loaded via secure channels. Page elements that don't fulfill this requirement are called mixed content and can either result in the entire page being reported as insecure or even completely blocked, thus breaking the page for the end user.

What can we do about it?

When we conceived the Automatic HTTPS Rewrites project, we aimed to automatically reduce the amount of mixed content on customers' web pages without breaking their websites and without any delay noticeable by end users while receiving a page that is being rewritten on the fly.

A naive way Continue reading

Walk, Jog, Run: Getting Smarter About Docker

 

illustration-com-container-party.png

I’ve spent most of the summer traveling to and speaking at a lot of different trade shows: EMC World, Cisco Live!, VMworld, HP Discover, Dockercon, and LinuxCon (as well as some meetups and smaller gatherings). A lot of the time, I’m speaking to people who are just getting familiar with Docker. They may have read an article or have had someone walk into their office and say “This Docker thing, so hot right now. Go figure it out”.

Certainly there are a number of companies running Docker in production, but there are still many who are asking fundamental questions about what Docker is, and how it can benefit their organization. To help folks out in that regard, I wrote an eBook.

After someone gets a grasp on what Docker is, they tend to want to dive in and start exploring, but often times they aren’t sure how to get started.

My advice (based on the approach I took when I joined Docker last year) is to walk, jog, and then run:

Walk: Decide where you want to run Docker, and install it. This could be Docker for Mac, Docker for Windows, or just installing Docker on Linux. Continue reading

Docker Weekly Roundup | September 18, 2016

 

weekly-roundup.png

It’s time for your weekly roundup! Get caught up on the top Docker news including; how to maintain dev environments for Java web apps, scale with Swarm, and make your CI/CD pipeline work for you. As we begin a new week, let’s recap our top five most-read stories of the week of September 18, 2016:


Weekly #Roundup: Top 5 #Docker stories for the week 09/18/16
Click To Tweet

The post Docker Weekly Roundup | September 18, 2016 appeared first Continue reading

Companies say IoT matters but don’t agree how to secure it

A majority of enterprises say the internet of things is strategic to their business, but most still take a piecemeal approach to IoT security.Those results from a global IDC survey conducted in July and August reveal both the promise and the growing pains of IoT, a set of technologies that may help many industries but can’t simply be plugged in. The 27-country survey had more than 4,500 respondents, all from organizations with 100 or more employees.For 56 percent of enterprises, IoT is part of their strategic plans for the next two or three years, IDC analyst Carrie MacGillivray said on a webcast about the results. But the state of adoption varies widely among industries. Manufacturing companies are investing the most in the technology, with retail and financial services – especially insurance – also on the cutting edge.To read this article in full or to leave a comment, please click here

A robot fish is helping the Navy improve underwater movement

Oscar Curet is an assistant professor at Florida Atlantic University. For the past couple of years, he's studied the movement of the Knifefish, an animal native to the Amazon River, that uses a long ribbon fin to propel itself through the water and navigate its complex environment.  "As a engineer, we try to solve problems, and nature has solved some of the problems that we are facing, and one of them is mobility," Curet said. Curet, along with other researchers from Florida Atlantic University (FAU), has created a robot fish to identify the differences between engineering systems and what occurs in nature. The prototype is composed of 3D-printed materials, 16 motors, and a number of sensors. The team also recently received a grant from the U.S. Navy to equip their prototype with a Volumetric Particle Image Velocity System, or PIV. The system, which uses four cameras synchronized with a laser light to capture currents in three dimensions, will help researchers measure how fluid dynamics interact with the flexible propulsors the team has developed to make underwater vehicles more maneuverable. To read this article in full or to leave a comment, please click here

Cisco, IBM may be interested in buying Imperva

Security vendor Imperva is shopping itself around and may be attractive to the likes of Cisco and IBM, according to Bloomberg.The Motley Fool reports that Imperva’s stock rose 20% today after Bloomberg’s report, which the Fool notes could actually drive buyers away because it would mean a more costly deal.Bloomberg named a number of other possible buyers including Forecpoint (owned by Raytheon and Vista Equity Partners), Akamai and Fortinet.To read this article in full or to leave a comment, please click here

Cisco, IBM may be interested in buying Imperva

Security vendor Imperva is shopping itself around and may be attractive to the likes of Cisco and IBM, according to Bloomberg.The Motley Fool reports that Imperva’s stock rose 20% today after Bloomberg’s report, which the Fool notes could actually drive buyers away because it would mean a more costly deal.Bloomberg named a number of other possible buyers including Forecpoint (owned by Raytheon and Vista Equity Partners), Akamai and Fortinet.To read this article in full or to leave a comment, please click here

Best Deals of the Week, September 19th – September 23rd – Deal Alert

Best Deals of the Week, September 19th - September 23rd - Deal AlertCheck out this roundup of the best deals on gadgets, gear and other cool stuff we have found this week, the week of September 19th. All items are highly rated, and dramatically discounted!1 Free Amazon Echo Dot When You Buy 5Echo Dot is a hands-free, voice-controlled device that uses Alexa to play & control music (either on its own, or through a connected speaker/receiver), control smart home devices, provide information, read the news, set alarms, and more. If you’re looking to buy them as gifts, or for different homes or rooms, Amazon will throw in a free one ($50 value) when you buy 5, or two free ones when you buy 10 (a $100 value). To take advantage of this limited time offer, select 6 or 12 in the quantity dropdown and add to your Shopping Cart. Enter promo code DOT6PACK or DOT12PACK at checkout where you will see the discount applied. The new Amazon Echo Dot comes in black, and now also white.  See the new Amazon Echo Dot now on Amazon.To read this article in full or to leave a comment, please click here

Announcing the new Docs Repo on GitHub!

By John Mulhausen

The documentation team at Docker is excited to announce that we are consolidating all of our documentation into a single GitHub Pages-based repository on GitHub.

When is this happening?

  • The new repo is public now at https://github.com/docker/docker.github.io.
  • During the week of Monday, September 26th, any existing docs PRs need to be migrated over or merged.
  • We’ll do one last “pull” from the various docs repos on Wednesday, September 28th, at which time the docs/ folders in the various repos will be emptied.
  • Between the 28th and full cutover, the docs team will be testing the new repo and making sure all is well across every page.
  • Full cutover (production is drawing from the new repo, new docs work is pointed at the new repo, dissolution of old docs/ folders) is complete on Monday, October 3rd.

The problem with the status quo

  • Up to now, the docs have been all inside the various project repos, inside folders named “docs/” — and to see the docs running on your local machine was a pain.
  • The docs were built around Hugo, which is not natively supported by GitHub, and took minutes to build, and even longer for us Continue reading

Worth Reading: Organizational Doxing and Disinformation

In the past few years, the devastating effects of hackers breaking into an organization’s network, stealing confidential data, and publishing everything have been made clear. It happened to the Democratic National Committee, to Sony, to the National Security Agency, to the cyber-arms weapons manufacturer Hacking Team, to the online adultery site Ashley Madison, and to the Panamanian tax-evasion law firm Mossack Fonseca. —Schneier on Security

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Organizational Doxing and Disinformation appeared first on 'net work.

1 2,570 2,571 2,572 2,573 2,574 3,763