IDG Contributor Network: OwnBackup: Don’t rely on SaaS vendors to do their own backup and recovery

Back when Salesforce and its ilk invented software as a service (SaaS), there was much wailing and gnashing of the teeth about the security around these new, as-yet-unproven approaches to delivering software. Many people suggested that these vendors were fly-by-nighters—that they would fail and customers’ data would be lost forever.A decade or so later, and apart from some high-profile cases (who remembers Magnol.ia?), that doomsday scenario hasn’t occurred. SaaS vendors are safely doing their job and keeping customers’ data safe.+ Also on Network World: Why it takes a cloud service to manage cloud services + Given this fact, you could be forgiven for assuming that there would be no opportunity for a vendor whose core mission is to help users backup their SaaS data. For one thing, SaaS vendors hardly ever fail and for another, even if short-term outages and small-scale losses occur, SaaS vendors can be relied upon to do their own backup and recovery. Right?To read this article in full or to leave a comment, please click here

IDG Contributor Network: OwnBackup: Don’t rely on SaaS vendors to do their own backup and recovery

Back when Salesforce and its ilk invented software as a service (SaaS), there was much wailing and gnashing of the teeth about the security around these new, as-yet-unproven approaches to delivering software. Many people suggested that these vendors were fly-by-nighters—that they would fail and customers’ data would be lost forever.A decade or so later, and apart from some high-profile cases (who remembers Magnol.ia?), that doomsday scenario hasn’t occurred. SaaS vendors are safely doing their job and keeping customers’ data safe.+ Also on Network World: Why it takes a cloud service to manage cloud services + Given this fact, you could be forgiven for assuming that there would be no opportunity for a vendor whose core mission is to help users backup their SaaS data. For one thing, SaaS vendors hardly ever fail and for another, even if short-term outages and small-scale losses occur, SaaS vendors can be relied upon to do their own backup and recovery. Right?To read this article in full or to leave a comment, please click here

IDG Contributor Network: OpenStack: It’s interoperable after all

A few months ago at the OpenStack Summit in Austin, Texas, Don Rippert, IBM’s general manager of cloud strategy, challenged the various players involved in the OpenStack initiative to demonstrate that OpenStack distributions are, in fact, interoperable—between each other and across on-premises, public cloud and hybrid cloud deployments.The Interop Challenge had a very good basis, since one of the major criticisms of OpenStack has been that there is very little consistency between distributions, and as a result, users need to chose their “flavor” of OpenStack and stick to it.To read this article in full or to leave a comment, please click here

General – Why Are Certification Exams Not Higher Quality?

I was reading Ivan’s blog as I often do when I came across this post about why certifications suck.

The author Robert Graham had a sample question from the GIAC Penetration Tester (GPEN) exam. The question looked like this:

By default, which protocol do Linux systems use to transmit packets for tracing a network path?

a) UDP
b) TCP
c) ICMP
d) TTL
e) ECHO

Obviously being a networking expert I have my networking glasses on but I have to respectfully disagree with these gentlemen that I don’t think this is such a bad question at all. Trust me, I’ve seen much worse.

So traceroute works differently on different operating systems. If you work with penetration testing I would argue that you need to have a good understanding of different operating systems. You should know how they behave, what their characteristics are and how you can fingerprint them. The correct answer here is UDP. Linux systems and Cisco devices normally use UDP to send packets for a traceroute while Windows systems use ICMP when doing a traceroute. The answer is of course not TCP because TCP would require the three-way handshake and why would a device want to start a Continue reading

DNS DDOS

The recent attacks on the DNS infrastructure operated by DYN in October 2016 have generated a lot of comment in recent days. Indeed, it’s not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways this DNS DDOS prominence is for all the wrong reasons! I’d like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks.

ARM Predicts Cambrian Server Explosion In The Coming Decades

What happens to the datacenter when a trillion devices embedded in every manner of product and facility are chatting away with each other, trying to optimize the world? There is a very good chance that the raw amount of computing needed to chew on that data at the edge, in the middle, and in a datacenter ­– yes, we will still have datacenters – will absolutely explode.

The supply chain for datacenters – including the ARM collective — is absolutely counting on exponential growth in sensors, which ARM Holding’s top brass and its new owner, Japanese conglomerate SoftBank Group, spent

ARM Predicts Cambrian Server Explosion In The Coming Decades was written by Timothy Prickett Morgan at The Next Platform.

ARM Predicts Cambrian Server Explosion In The Coming Decades

What happens to the datacenter when a trillion devices embedded in every manner of product and facility are chatting away with each other, trying to optimize the world? There is a very good chance that the raw amount of computing needed to chew on that data at the edge, in the middle, and in a datacenter ­– yes, we will still have datacenters – will absolutely explode.

The supply chain for datacenters – including the ARM collective — is absolutely counting on exponential growth in sensors, which ARM Holding’s top brass and its new owner, Japanese conglomerate SoftBank Group, spent

ARM Predicts Cambrian Server Explosion In The Coming Decades was written by Timothy Prickett Morgan at The Next Platform.

Was the Dyn DDoS attack actually a script kiddie v. PSN?

The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint.“Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically uses and reads of the forum “hackforums.net,” according to a blog by Allison Nixon, director of security research at Flashpoint.She says the company has discovered the infrastructure used in the Dyn attack also targeted “a well-known video game company” that she doesn’t name. A post on hackforums.net seems to agree with this possibility. It indicates the target was PlayStation Network and that Dyn was hit because it provides DNS services to PSN. Going after the name servers (NS) that provide lookups for PSN would prevent traffic from reaching PSN.To read this article in full or to leave a comment, please click here

Was the Dyn DDoS attack actually a script kiddie v. PSN?

The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint.“Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the English-language hacking forum community, specifically uses and reads of the forum “hackforums.net,” according to a blog by Allison Nixon, director of security research at Flashpoint.She says the company has discovered the infrastructure used in the Dyn attack also targeted “a well-known video game company” that she doesn’t name. A post on hackforums.net seems to agree with this possibility. It indicates the target was PlayStation Network and that Dyn was hit because it provides DNS services to PSN. Going after the name servers (NS) that provide lookups for PSN would prevent traffic from reaching PSN.To read this article in full or to leave a comment, please click here

Dyn attack: US Senator wants to know why IoT security is so anemic

The security around the development of Internet of Things products is weak and U.S. Sen. Mark R. Warner (D-Va.) today sent a letter to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS) to ask why and what can be done to fix the problem. Sen. Mark Warner (D-VA) In the letter Warner, who is member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, asked questions such as: What types of network management practices are available for internet service providers to respond to DDoS threats? And would it be a reasonable network management practice for ISPs to designate insecure network devices as “insecure” and thereby deny them connections to their networks, including by refraining from assigning devices IP addresses?To read this article in full or to leave a comment, please click here

Dyn attack: US Senator wants to know why IoT security is so anemic

The security around the development of Internet of Things products is weak and U.S. Sen. Mark R. Warner (D-Va.) today sent a letter to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS) to ask why and what can be done to fix the problem. Sen. Mark Warner (D-VA) In the letter Warner, who is member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, asked questions such as: What types of network management practices are available for internet service providers to respond to DDoS threats? And would it be a reasonable network management practice for ISPs to designate insecure network devices as “insecure” and thereby deny them connections to their networks, including by refraining from assigning devices IP addresses?To read this article in full or to leave a comment, please click here

18% off Blue Snowball iCE Condenser Microphone – Deal Alert

At home, a dorm, or in the office, the Snowball iCE USB microphone delivers crystal clear high quality audio for vocals, podcasts, narrations, Skype calls, and everything else in between. Simply mount Snowball iCE on the included adjustable stand, plug the USB cable into your Mac or PC and that’s it. You’re ready to sit back and start recording crystal-clear audio for any project. The Snowball iCE mic currently averages 4.5 out of 5 stars on Amazon from over 1,700 people (read reviews). Its typical list price of $59.99 has been reduced 18% to $49.To read this article in full or to leave a comment, please click here

Apple sales, profits fall again but a brighter outlook ahead

Apple recorded its third consecutive quarter of lower revenue as it fought lower demand for the iPhone and tough competition from lower-priced competitors.Revenue in the quarter, between July and September, was US $46.9 billion, down 9 percent on the same period last year and exactly in line with analyst estimates. Net income came in at $9 billion, down 19 percent, the company said Tuesday.Apple CEO Tim Cook called the results "strong" and said he was "thrilled with the customer response to iPhone 7, iPhone 7 Plus, and Apple Watch Series 2, as well as the incredible momentum of our Services business."+ ALSO ON NETWORK WORLD: Why is Apple letting Macs rot on the tree? +To read this article in full or to leave a comment, please click here

AWS quietly launches tool for migrating on-premesis apps to the cloud

Amazon is trying to simplify the process of moving legacy applications to the cloud with a new service that it quietly launched this week.  The aptly named Server Migration Service is designed to help IT teams set up the incremental replication of virtual machines from their on-premises infrastructure to Amazon's cloud.More companies are adopting the public cloud to take advantage of performance benefits and cost savings. But getting legacy apps into the cloud can be a pain, especially for those applications that require high uptime but take time to migrate. Server Migration Service helps simplify that process and may lead to additional cloud adoption.To read this article in full or to leave a comment, please click here

TrickBot Banker Insights

A new banking trojan, TrickBot, has seemingly risen from the ashes left behind by the November 2015 takedown of Dyreza/Dyre infrastructure and the arrests of threat actors identified by Russian authorities. Dyreza was used to target customers of over 1000 U.S. and U.K. banks and other companies during the peak of operations. Researchers at Threat Geek […]
1 2,571 2,572 2,573 2,574 2,575 3,841