Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

The new Dell Technologies: 6 things you need to know

Dell and EMC have completed their US$67 billion merger to create Dell Technologies, the world's largest privately held technology company. It's a historic day, far from the PC company that sponsored the "Dude, I've bought a Dell" campaign.The new company will sell PCs, servers, storage, networking and software products. It has an impressive list of assets including Dell's PC and servers, EMC storage, VMWare, RSA, Wyse, Force10, and the Pivotal software and Boomi cloud services.Work has started for the autonomous units to work in unison, but there are also new priorities for the company. Here's what you need to know.Dell Technologies is thinking like Alphabet/Google Dell Technologies will be a mix of independent units tethered to each other. That's similar to Alphabet, which has a bunch of independent units led by Google working closely with each other. The Dell Technologies units will continue to function independently, but also work together to offer integrated products like hyperconverged systems that mix Dell's servers, EMC's storage, VMWare virtualization, and private-public cloud assets.To read this article in full or to leave a comment, please click here

IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness

Seemingly every company under the sun is now a DevOps leader—even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services.  So, it’s nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp—an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here

IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness

Seemingly every company under the sun is now a DevOps leader—even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services.  So, it’s nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp—an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here

VMware NSX gains traction as a security tool

In July of 2012, VMware shocked the world when it shelled out $1.26 billion to purchase software-defined networking (SDN) startup Nicira. The acquisition changed the face of VMware, as it created a big rift between itself and long-time data center partner Cisco. The product, now known as NSX, put VMware squarely in the next-generation network market with one of the top start-ups.+ Also on Network World: NSX, and its new chief, take center stage at VMWorld +To read this article in full or to leave a comment, please click here

Code Generation: The Inner Sanctum of Database Performance

This is guest post by Drew Paroski, architect and engineering manager at MemSQL. Previously he worked at Facebook and developed HHVM, the popular real-time PHP compiler used across the company’s web scale application.

Achieving maximum software efficiency through native code generation can bring superior scaling and performance to any database. And making code generation a first-class citizen of the database, from the beginning, enables a rich set of speed improvements that provide benefits throughout the software architecture and end-user experience.

If you decide to build a code generation system you need to clearly understand the costs and benefits, which we detail in this article. If you are willing to go all the way in the name of performance, we also detail an approach to save you time leveraging existing compiler tools and frameworks such as LLVM in a proven and robust way.

Code Generation Basics

The Vast Potential For VMware’s OpenStack Cloud

While hyperscalers and HPC centers like the bleeding edge – their very existence commands that they be on it – enterprises are a more conservative lot. No IT supplier ever went broke counting on enterprises to be risk adverse, but plenty of companies have gone the way of all flesh by not innovating enough and not seeing market inflections when they exist.

VMware, the virtualization division of the new Dell Technologies empire that formally comes into being this week, does not want to miss such changes and very much wants to continue to extract revenues and profits from its impressively

The Vast Potential For VMware’s OpenStack Cloud was written by Timothy Prickett Morgan at The Next Platform.

Consumers have no right to buy a PC without an OS, European court rules

Bare metal buyers beware: PC makers have no obligation to offer you a machine without an OS, the European Union's highest court has ruled.The case dates back to PC prehistory, a time when Vaio was still a Sony brand and Vista was the latest version of Windows.It all began on Dec. 27, 2008, when Frenchman Vincent Deroo-Blanquart bought a Sony Vaio laptop with Windows Vista Home Premium and various software applications installed. Deroo-Blanquart refused to accept the Vista end-user license agreement (EULA) when he first turned the PC on, and on Dec. 30, asked Sony to refund the part of the computer's €549 (then US$740) purchase price corresponding to the cost of the software.To read this article in full or to leave a comment, please click here

IDG Contributor Network: D-Day: Dell and EMC create a new dawn

Today marks a big day in tech history as two of the biggest names in the game join forces. Sept. 7 will go down in history as one of the largest tech transactions ever to be completed. At an unfathomable $67 billion, I'm pretty sure you will get to witness some fireworks. A couple marketing changes will be most noticeable from day one. Dell becomes: "Dell Technologies" and EMC becomes: "Dell EMC."On Sept. 6, signs were pulled off buildings to make room for the new branding. And the signs are down in Cork, goodbye #emc pic.twitter.com/fJ1BgVdcBtTo read this article in full or to leave a comment, please click here

IDG Contributor Network: D-Day: Dell and EMC create a new dawn

Today marks a big day in tech history as two of the biggest names in the game join forces. Sept. 7 will go down in history as one of the largest tech transactions ever to be completed. At an unfathomable $67 billion, I'm pretty sure you will get to witness some fireworks. A couple marketing changes will be most noticeable from day one. Dell becomes: "Dell Technologies" and EMC becomes: "Dell EMC."On Sept. 6, signs were pulled off buildings to make room for the new branding. And the signs are down in Cork, goodbye #emc pic.twitter.com/fJ1BgVdcBtTo read this article in full or to leave a comment, please click here

Worth Reading: What Facebook learns by shutting down entire facilities

As we have reported before, Facebook has one of the boldest approaches to testing its infrastructure resiliency. The Facebook data center team regularly shuts down entire sites to see how its application will behave and to learn what improvements can be made. During his keynote this morning at the Facebook @Scale conference in San Jose, California, Jay Parikh, the company’s head of engineering and infrastructure, shared some of the big lessons his team has learned so far from these fire drills. —Data Center Knowledge

LinkedInTwitterGoogle+Facebook

The post Worth Reading: What Facebook learns by shutting down entire facilities appeared first on 'net work.

Last-minute iPhone 7 rumors detail new color options, improved water resistance and more

We’re just a few short hours away from Tim Cook and company taking the stage at the Bill Graham Civic Auditorium in San Francisco and taking the wraps off of the highly anticipated iPhone 7. Predictably, the rumor mill has been operating at full throttle over the last few days, and we thought we’d color in some last-minute rumors about the iPhone 7 that you might have missed.+ Also on Network World: How to watch iPhone 7 reveal on Apple, Windows or Android +Over the weekend, KGI Securities analyst Ming-Chi Kuo published an expansive research report detailing a number of previously unknown tidbits about the iPhone 7’s features and specs. While iPhone rumors can sometimes be a dime a dozen, Kuo’s track record has always been rather impressive. So, let’s drive right in.To read this article in full or to leave a comment, please click here

17% off Fujitsu ScanSnap S1300i Mobile Document Scanner – Deal Alert

The ScanSnap S1300i from Fujitsu is the smallest multi-page double-sided ScanSnap scanner for one-button ease of use at the desk or on the road. Just stack up to 10 pages into the feeder and press the blue button. The S1300i features a powerful set of automated image processing functions including auto skew correction, auto orientation, and auto color detection -- all working behind the scenes so your scanned content looks great without effort. Scan directly to Evernote, Google Docs, Salesforce CRM and SharePoint Online. Scanning to the cloud lets you access your documents from just about anywhere. The unit is powered by USB or the included AC power cord. Averaging 4.5 out of 5 stars on Amazon from over 1,400 people (read reviews), the typical $295 list price of this Amazon best-seller has been reduced by $50 to $245. See the discounted Fujitsu ScanSnap S1300i now on Amazon.To read this article in full or to leave a comment, please click here

‘Stupid simple’ attack can steal credentials from locked Windows and Mac computers

Hats off to security researcher Rob Fuller, aka mubix, for spending part of his Labor Day weekend figuring out how to use a spoofed USB Ethernet adapter to steal credentials from logged in but locked Windows and Mac computers. It works!!! Muhahahahah I can steal credentials from a locked computer. Muahahahhahahahah pic.twitter.com/9l3d0tvs8i— Rob Fuller (@mubix) September 4, 2016 Fuller did not use a zero-day; although the attack is “stupid simple” and “should not work,” it does work because most computers automatically install Play-and-Play USB devices. “Even if a system is locked out, the device still gets installed.” There may be restrictions on what devices can be installed when the box is a locked state, but he said, “Ethernet/LAN is definitely on the white list.”To read this article in full or to leave a comment, please click here

‘Stupid simple’ attack can steal credentials from locked Windows and Mac computers

Hats off to security researcher Rob Fuller, aka mubix, for spending part of his Labor Day weekend figuring out how to use a spoofed USB Ethernet adapter to steal credentials from logged in but locked Windows and Mac computers. It works!!! Muhahahahah I can steal credentials from a locked computer. Muahahahhahahahah pic.twitter.com/9l3d0tvs8i— Rob Fuller (@mubix) September 4, 2016 Fuller did not use a zero-day; although the attack is “stupid simple” and “should not work,” it does work because most computers automatically install Play-and-Play USB devices. “Even if a system is locked out, the device still gets installed.” There may be restrictions on what devices can be installed when the box is a locked state, but he said, “Ethernet/LAN is definitely on the white list.”To read this article in full or to leave a comment, please click here

1 2,667 2,668 2,669 2,670 2,671 3,818