IoT botnets powered by Mirai continue to grow

Level 3 Threat Research has noted an uptick in activity by new IoT botnets that are backed by the Mirai malware, with some attacks enlisting 100,000 individual hijacked devices.A significant number of these zombie devices are enslaved by more than one botnet, according to the research described in the Level 3 Beyond Bandwidth blog, and some of these botnets use overlapping infrastructure.Source code for Mirai was released Sept. 30, “which has inspired a significant number of new bad actors, all working to exploit similar pools of vulnerable devices,” the Level 3 researchers write.To read this article in full or to leave a comment, please click here

IoT botnets powered by Mirai continue to grow

Level 3 Threat Research has noted an uptick in activity by new IoT botnets that are backed by the Mirai malware, with some attacks enlisting 100,000 individual hijacked devices.A significant number of these zombie devices are enslaved by more than one botnet, according to the research described in the Level 3 Beyond Bandwidth blog, and some of these botnets use overlapping infrastructure.Source code for Mirai was released Sept. 30, “which has inspired a significant number of new bad actors, all working to exploit similar pools of vulnerable devices,” the Level 3 researchers write.To read this article in full or to leave a comment, please click here

Murphy’s Law: The security version

Since the first of the month, I’ve heard colleagues and others report each of the 10 security variants to Murphy’s Law listed below. Murphy is not only alive but has been reincarnated. It’s worth reminding the gentle reader of various famous last words:1. All documents will be out of date or simply missing Documents will not be maintained. Documents will have pages missing. And authors shall be unavailable for any reason (deployed to Mt. Everest is preferred). No documents shall be in an understandable language, be edited, collated, or have referring URLs that do not 404, 401 or 5XX. Any good documentation shall be the only copy on a laptop that was stolen whilst unencrypted. To read this article in full or to leave a comment, please click here

6 industries that will be affected by virtual reality

VR going mainstream2016 has been a defining moment for virtual and augmented reality. From Pokemon GO to Facebook’s newly announced standalone VR headset, the virtual reality market has taken off and we’ve just scratched the surface in terms of innovation. Previously, virtual reality seemed to be a technology that was reserved only for tech enthusiasts and extreme gamers. However, we are now starting to see its mainstream application. As virtual reality becomes more common in business and personal settings, less expensive equipment is becoming available, providing an opportunity for organizations to adopt the technology at a wider scale.To read this article in full or to leave a comment, please click here

Why cybersecurity certifications suck

Here's a sample question from a GIAC certification test. It demonstrates why such tests suck.
The important deep knowledge you should know about traceroute how it send packets with increasing TTLs to trace the route.

But that's not what the question is asking. Instead, it's asking superfluous information about the default behavior, namely about Linux defaults. It's a trivia test, not a knowledge test. If you've recently studied the subject, your course book probably tells you that Linux traceroute defaults to UDP packets on transmit. So, those who study for the test will do well on the question.

But those with either a lot of deep knowledge or practical experience will find this question harder. Windows and Linux use different defaults (Windows uses ICMP ECHOs, Linux uses UDP). Personally, I'm not sure which is which (well, I am now, 'cause I looked it up, but I'm likely to forget it again soon, because it's a relatively unimportant detail).

Those with deep learning have another problem with the word "protocol". This question uses "protocol" in one sense, where only UDP, TCP, and ICMP are valid "protocols".

But the word can be used in another sense, where "Echo" and "TTL" are also Continue reading

Samsung faces lawsuit from Note7 owners who couldn’t use their phones

Samsung’s problems with lawsuits from alleged victims of overheating batteries in the Galaxy Note7 smartphone could get compounded by consumers suing for compensation of carrier charges.The three plaintiffs in a proposed class action lawsuit in a New Jersey federal court are not suing for compensation for personal or property damage from the at times overheating and even exploding Note7 smartphones.Instead, they are asking the South Korean phone maker to compensate users for the time it took Samsung to replace and eventually discontinue the Note7s, which resulted in users having to pay for device and plan charges to cellular operators “for phones they could not safely use.”To read this article in full or to leave a comment, please click here

Do Enterprises Need VRFs?

One of my readers sent me a long of questions titled “Do enterprise customers REALLY need VRFs?

The only answer I could give is “it depends” (it’s like asking “Do animals need wings?”), and here’s my attempt at building a decision tree:

You can use the decision tree to figure out whether you need VRFs in your data center or in your enterprise WAN.

Read more ...

Trump on cybersecurity: vacuous and populist

Trump has published his policy on cybersecurity. It demonstrates that he and his people do not understand the first thing about cybersecurity.

Specifically, he wants “the best defense technologies” and “cyber awareness training for all government employees”. These are well known bad policies in the cybersecurity industry. They are the sort of thing the intern with a degree from Trump University would come up with.

Awareness training is the knee-jerk response to any problem. Employees already spend a lot of their time doing mandatory training for everything from environmental friendly behavior, to sexual harassment, to Sarbannes-Oxley financial compliance, to cyber-security. None of it has proven effective, but organizations continue to force it, either because they are required to, or they are covering their asses. No amount of training employees to not click on email attachments helps. Instead, the network must be secure enough that reckless clicking on attachments pose no danger.

Belief in a technological Magic Pill that will stop hackers is common among those who know nothing about cybersecurity. Such pills don’t exist. The least secure networks already have “the best defense technologies”. Things like anti-virus, firewalls, and intrusion prevention systems do not stop hackers Continue reading

Ecuador says it cut WikiLeaks founder’s internet access to prevent U.S. election interference

Ecuador's embassy in the U.K. says it alone was responsible for cutting WikiLeak's founder Julian Assange's internet connection, stating that the country doesn't want to interfere with the U.S. elections."The government of Ecuador respects the principle of non-intervention in the affairs of other countries," it said in a Tuesday statement. "It does not interfere in external electoral processes or support a particular candidate."As result, the government has temporarily cut access to some private communications at the embassy, where Assange has resided for four years.To read this article in full or to leave a comment, please click here

Ecuador says it cut WikiLeaks founder’s internet access to prevent U.S. election interference

Ecuador's embassy in the U.K. says it alone was responsible for cutting WikiLeak's founder Julian Assange's internet connection, stating that the country doesn't want to interfere with the U.S. elections."The government of Ecuador respects the principle of non-intervention in the affairs of other countries," it said in a Tuesday statement. "It does not interfere in external electoral processes or support a particular candidate."As result, the government has temporarily cut access to some private communications at the embassy, where Assange has resided for four years.To read this article in full or to leave a comment, please click here

A New Automation Chapter Begins

Two years ago, while I worked as a network engineer/consultant, I felt strongly that the industry was ripe for change. In February 2015 I jumped feet-first into the world of network automation by going back to my roots in software development, combining those skills with the lessons I learned from 3 years of network engineering. I’ve learned a ton in the last 2 years - not just at the day job but by actively participating in the automation and open source communities.

A New Automation Chapter Begins

Two years ago, while I worked as a network engineer/consultant, I felt strongly that the industry was ripe for change. In February 2015 I jumped feet-first into the world of network automation by going back to my roots in software development, combining those skills with the lessons I learned from 3 years of network engineering. I’ve learned a ton in the last 2 years - not just at the day job but by actively participating in the automation and open source communities.

A New Automation Chapter Begins

Two years ago, while I worked as a network engineer/consultant, I felt strongly that the industry was ripe for change. In February 2015 I jumped feet-first into the world of network automation by going back to my roots in software development, combining those skills with the lessons I learned from 3 years of network engineering.

I’ve learned a ton in the last 2 years - not just at the day job but by actively participating in the automation and open source communities. I’ve co-authored a network automation book. I’ve released an open source project to facilitate automated and distributed testing of network infrastructure. I’ve spoken publicly about many of these concepts and more.

Despite all this, there’s a lot left to do, and I want to make sure I’m in the best place to help move the industry forward. My goal is and has always been to help the industry at large realize the benefits of automation, and break the preconception that automation is only useful for big web properties like Google and Facebook. Bringing these concepts down to Earth and providing very practical steps to achieve this goal is a huge passion of mine.

Automation isn’t just about running Continue reading

VMworld EMEA 2016 Day 2 Keynote

This is a liveblog of the day 2 general session at VMworld EMEA 2016 in Barcelona, Spain. I wasn’t able to write a liveblog of the day 1 session due to some scheduling/logistical conflicts, but managed to get things arranged for day 2 (well, most of it—I’ll have to cut this short so I can get to a customer meeting).

At 9am, Sanjay Poonen takes the stage to kick off the general session. Poonen walks through a number of examples how “digital transformation” is affecting businesses and organizations across a variety of industry verticals. Poonen positions Workplace One as the “Switzerland” solution that bridges different kinds of applications (Windows client-server apps, web apps, and mobile apps) with different kinds of devices (Apple, Google, Samsung, Microsoft). The key ingredients of Workspace One are VDI, EMM, and identity.

Poonen quickly transitions into a demo of Workspace One on an iPhone, showing off how VMware employees use Workspace One to run apps like Workday, Concur, ADP, Boxer (VMware’s mobile e-mail client), AirWatch Content Locker, and others. The demo then moves into a demonstration of VDI, including 3-D accelerated graphics, on a Samsung Android tablet. Following the demo, Poonen kicks off a customer testimonial Continue reading

A New Automation Chapter Begins

Two years ago, while I worked as a network engineer/consultant, I felt strongly that the industry was ripe for change. In February 2015 I jumped feet-first into the world of network automation by going back to my roots in software development, combining those skills with the lessons I learned from 3 years of network engineering.

I’ve learned a ton in the last 2 years - not just at the day job but by actively participating in the automation and open source communities. I’ve co-authored a network automation book. I’ve released an open source project to facilitate automated and distributed testing of network infrastructure. I’ve spoken publicly about many of these concepts and more.

Despite all this, there’s a lot left to do, and I want to make sure I’m in the best place to help move the industry forward. My goal is and has always been to help the industry at large realize the benefits of automation, and break the preconception that automation is only useful for big web properties like Google and Facebook. Bringing these concepts down to Earth and providing very practical steps to achieve this goal is a huge passion of mine.

Automation isn’t just about running Continue reading

Facebook’s 100-gigabit switch design is out in the open

Facebook’s bid to open up networking is moving up into nosebleed territory for data centers. The company’s 100-gigabit switch design has been accepted by the Open Compute Project, a step that should help to foster an open ecosystem of hardware and software on high-speed networking gear.The 32-port Wedge 100 is the follow-on to Facebook’s Wedge 40, introduced about two years ago and now in use in practically all of the company’s data centers, said Omar Baldonado, director of software engineering on Facebook’s networking team. Mostly, it’s a faster version of that switch, upping the port speed to 100Gbps (bits per second) from 40Gbps. But Facebook also added some features to make service easier, like a cover that can be removed without tools and LED status lights to check the condition of a the cooling fans from a distance.To read this article in full or to leave a comment, please click here

Facebook’s 100-gigabit switch design is out in the open

Facebook’s bid to open up networking is moving up into nosebleed territory for data centers. The company’s 100-gigabit switch design has been accepted by the Open Compute Project, a step that should help to foster an open ecosystem of hardware and software on high-speed networking gear.The 32-port Wedge 100 is the follow-on to Facebook’s Wedge 40, introduced about two years ago and now in use in practically all of the company’s data centers, said Omar Baldonado, director of software engineering on Facebook’s networking team. Mostly, it’s a faster version of that switch, upping the port speed to 100Gbps (bits per second) from 40Gbps. But Facebook also added some features to make service easier, like a cover that can be removed without tools and LED status lights to check the condition of a the cooling fans from a distance.To read this article in full or to leave a comment, please click here

Gartner Top 10 technology trends you should know for 2017

Considering how much significance Gartner is placing the future influence of artificial intelligence and algorithms, it comes as little surprise that the group is saying that technology will be one of the most strategic and potentially disruptive for 2017. At its Gartner Symposium/ITxpo, David Cearley, vice president and Gartner Fellow detailed the key technology trends for 2017 as the group sees them including how data science technologies are evolving to include advanced machine learning and artificial intelligence is helping create intelligent physical and software-based systems that are programmed to learn and adapt. Other key trends include the impact of melding of the physical and digital environments and how digital technology platforms are influencing the enterprise.To read this article in full or to leave a comment, please click here

Gartner Top 10 technology trends you should know for 2017

Considering how much significance Gartner is placing the future influence of artificial intelligence and algorithms, it comes as little surprise that the group is saying that technology will be one of the most strategic and potentially disruptive for 2017. At its Gartner Symposium/ITxpo, David Cearley, vice president and Gartner Fellow detailed the key technology trends for 2017 as the group sees them including how data science technologies are evolving to include advanced machine learning and artificial intelligence is helping create intelligent physical and software-based systems that are programmed to learn and adapt. Other key trends include the impact of melding of the physical and digital environments and how digital technology platforms are influencing the enterprise.To read this article in full or to leave a comment, please click here

Gartner Top 10 technology trends you should know for 2017

Considering how much significance Gartner is placing the future influence of artificial intelligence and algorithms, it comes as little surprise that the group is saying that technology will be one of the most strategic and potentially disruptive for 2017. At its Gartner Symposium/ITxpo, David Cearley, vice president and Gartner Fellow detailed the key technology trends for 2017 as the group sees them including how data science technologies are evolving to include advanced machine learning and artificial intelligence is helping create intelligent physical and software-based systems that are programmed to learn and adapt. Other key trends include the impact of melding of the physical and digital environments and how digital technology platforms are influencing the enterprise.To read this article in full or to leave a comment, please click here

1 2,601 2,602 2,603 2,604 2,605 3,854