NetworkingNexus.net

The FBI could have saved money with this iPhone 5c hack

The FBI may have paid a small fortune to unlock an iPhone 5c used by the San Bernardino shooter. But a security researcher has demonstrated a way to do it for less than US $100. Sergei Skorobogatov at the University of Cambridge used a technique known as NAND mirroring to bypass the passcode retry limit on an iPhone 5c. Using store-bought equipment, he created copies of the phone’s flash memory to generate more tries to guess the passcode. Skorobogatov detailed the whole process in a new paper that disputes the FBI’s assertion that the San Bernardino shooter’s iPhone couldn’t be accessed with the NAND mirroring technique. To read this article in full or to leave a comment, please click here

As Dell and HPE revamp, Lenovo sets sights on enterprise cloud servers

The cloud -- both on-premise and off-premise -- is transforming servers and data centers, and many companies are getting vendors to customize hardware for specific cloud-based workloads.Lenovo wants a bigger chunk of that market and is working toward offering custom-built converged servers targeted at specific tasks. The company is also looking for a larger opportunity with custom hardware for large-scale customers.Companies like Facebook, Google, and Amazon are designing their own servers for mega-data centers. These servers are designed to handle workloads specific to the company's requirements, like responding to search requests, or recognizing people in uploaded images.To read this article in full or to leave a comment, please click here

Worth Reading: IPv6 versus v4 performance map

This is a world map showing the average value of the relative performance of observed connections in IPv6 compared to IPv4. The values are in units of milliseconds. For each observed dual stack end device, the TCP SYN exchange connection times are recorded and the best IPv6 and IPv4 Round Trip Times (RTT) are retained. …. Where IPv6 is faster, the IPv6 RTT is smaller than the IPv4 RTT and the result of the subtraction is a negative number, displayed as a shade of green in the above map. Where IPv4 is faster the result of the subtraction is a positive number, displayed as a shade of red in the map. —APNIC

The post Worth Reading: IPv6 versus v4 performance map appeared first on 'net work.

Microsoft sets dead date for Insider builds

Microsoft will soon pull the plug on older builds of its Windows 10 previews to again force testers to either abandon the program or update to the newest version.As the company released the latest beta of Windows 10 -- identified as build 14926 -- Microsoft's Insider spokeswoman reminded users that they would start to see on-screen expiration notices.Testers on the Fast "ring" of the Windows Insider program, who receive more builds at a faster clip than others, will begin seeing expiration notices today. "On October 1, these PCs will start rebooting every 3 hours and then on October 15, these PCs will stop booting all together [sic]," said software engineer Dona Sarkar in a post to a company blog.To read this article in full or to leave a comment, please click here

PQ Show 92: Network Or Endpoint: Where To Put Security (Sponsored)

Recorded live at Future:Net, this Priority Queue episode explores the network or endpoint security debate with VMwares Bruce Davie & Bromiums Simon Crosby. The post PQ Show 92: Network Or Endpoint: Where To Put Security (Sponsored) appeared first on Packet Pushers.

Microsoft’s the top open-source contributor on GitHub

The organization with the largest number of contributors to open-source projects over the past year on GitHub is, surprisingly, Microsoft, GitHub announced today.Fully 16,419 contributors affiliated with Microsoft worked on open-source GitHub projects during the past 12 months, GitHub said, ahead of 15,682 from Facebook, 14,059 from Docker and 12,841 from Angular.+ALSO ON NETWORK WORLD: LinuxCon: Q&A with inventor of, um, Microsoft PowerShell + Open source-happy Microsoft joins Eclipse FoundationTo read this article in full or to leave a comment, please click here

Nenshou Fire: Recoil

My daughter has started a new fiction series on her blog; I’ll just link to it here for anyone who’s interested.

A cold circular object is pressed to my head, a hand reaching around to cover my mouth before I can make a sound. My eyes squeeze shut reflexively. Is this it? Is this how I’m going to die? After so much time of hiding, running, escaping the war around me, am I finally reaching the end of my life? My heart explodes inside me, waiting for the explosion of powder, marking the final moments of my life…but nothing comes. I open my eyes, surprised. What is this? Why hasn’t he made that one little motion that would end my life? —Nenshou Fire

The post Nenshou Fire: Recoil appeared first on 'net work.

IDG Contributor Network: Security talent management for the digitization era

Stiff competition for talent and a limited pool of security specialists make information security staffing a perennial challenge. Complicating this is the fact that security has not yet adapted to its changing role as organizations digitize. Now more than ever, information security leaders need to understand the new business environment and adapt how they hire, compete for and manage talent for the digital era.+ Also on Network World: High-demand cybersecurity skill sets +Digitization is transforming organizations’ products, channels and operations. While this change comes with the potential for higher profit margins through enhanced efficiency, it also brings an increase in the number and variety of advanced threats, board oversight and regulatory compliance issues.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Security talent management for the digitization era

SoftBank Invests $9.4M in Bare Metal Cloud Provider Packet

Packet competes with the likes of AWS and Azure.

Mirantis’ Kubernetes Plan Advances With TCP Cloud

Another step toward infrastructure-as-code.

28% off Western Digital 2TB My Passport Ultra Portable External Hard Drive – Deal Alert

If you're looking for a ton of portable storage at a rock bottom price, you may want to consider this deal currently available on Amazon. Rated 4.5 out of 5 stars from nearly 5,500 people (read reviews), this Western Digital external hard drive features fast USB 3.0 connectivity, is compatible with both PC and Mac, has optional 256-bit AES hardware encryption, automatic cloud backup, and comes with a 3-year warranty. List price is $119.99 but with the current 28% discount you can buy it now for $86.50 (See it on Amazon). To read this article in full or to leave a comment, please click here

How to tackle business disruption

Southwest Airlines CIO Randy Sloan remained in the airline's Dallas headquarters for nearly 40 hours last in July, as he and his team scrambled to find the technical problems that grounded 2,300 flights. Hunkering down, checking IT systems and strategizing in office war rooms for hours isn't ideal for any employee, let alone the IT chief. Southwest Airlines CIO Randy Sloan.To read this article in full or to leave a comment, please click here

Security through Community: Introducing the Vendor Security Alliance

Today Docker is proud to announce that we are founding member of the Vendor Security Alliance (VSA), a coalition formed to help organizations streamline their vendor evaluation processes by establishing a standardized questionnaire for appraising a vendor’s security and compliance practices.The VSA was established to solve a fundamental problem: how can IT teams conform to its existing security practices when procuring and deploying third-party components and platforms?

The VSA solves this problem by developing a required set of security questions that will allow vendors to demonstrate to their prospective customers that they are doing a good job with security and data handling. Good security is built on great technology paired with processes and policies. Until today, there was no consistent way to discern if all these things were in place. Doing a proper security evaluation today tends to be a hard, manual process. A large number of key questions come to mind when gauging how well a third-party company manages security.

As an example, these are the types of things that IT teams must be aware of when assessing a vendor’s security posture:

Do they securely handle sensitive customer data?
Do they have the ability to detect when attacks occur on their Continue reading

Federal CISO’s define greatest challenges to authority

If you are a federal Chief Information Security Officers – or even if you are not, you face some serious trials just to do your difficult job.Federal agencies in particular lack clarity on how to ensure that their CISOs have adequate authority to effectively carry out their duties in the face of numerous challenges, a report out this week form the watchdogs at the Government Accountability Office stated.+More on Network World: The 7 most common challenges to cloud computing+The GAO said that 13 of the 24 agencies it reviewed – including the Departments of Defense, Commerce Energy, Justice and State-- for its report “had not fully defined the role of their CISO in accordance with these requirements. For example, these agencies did not always identify a role for the CISO in ensuring that security controls are periodically tested; procedures are in place for detecting, reporting, and responding to security incidents; or contingency plans and procedures for agency information systems are in place. Thus, CISOs' ability to effectively oversee these agencies' information security activities can be limited,” the GAO stated.To read this article in full or to leave a comment, please click here

Federal CISO’s define greatest challenges to authority

IDG Contributor Network: Got milk? IoT and LoRaWAN modernize livestock monitoring

With each head of cattle costing more than $2,000, care for the herd is important. Tracking individual cows moving over large areas is challenging, though, especially when they all look alike. Harsh farming conditions and limited budgets add to the technical hurdles.Cattle Traxx, which recently exhibited its system at TechCrunch Disrupt, has an answer. Livestock monitoring that includes an IoT solution of ruggedized sensors, LoRaWAN mesh networking, geofencing and cloud-based analytics.Solution design SensorsTo read this article in full or to leave a comment, please click here

Chrome OS gets cryptographically verified enterprise device management

Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.On Thursday, Google announced a new feature and administration API called Verified Access. The API relies on digital certificates stored in the hardware-based Trusted Platform Modules (TPMs) present in every Chrome OS device to certify that the security state of those devices has not been altered.Many organizations have access controls in place to ensure that only authorized users are allowed to access sensitive resources and they do so from enterprise-managed devices conforming to their security policies.To read this article in full or to leave a comment, please click here

Chrome OS gets cryptographically verified enterprise device management

« Previous 1 … 2,590 2,591 2,592 2,593 2,594 … 3,764 Next »