31% off Logitech Harmony Smart Control with Smartphone App and Simple All In One Remote – Deal Alert

The Logitech Harmony Smart Control systems turns you smartphone or tablet into a one-touch universal remote. Now you can control your entire entertainment system with the smartphone or tablet you already own. The Harmony Hub combined with a powerful app give you personalized control of up to 8 devices and works with over 270,000 devices including cable TV boxes, Apple TV, Roku, Sonos, Amazon Fire TV, Phillips Hue, Xbox One, PS3, and TV-connected PC or Mac—even through closed cabinets and walls. Plus, you get a simple Harmony remote for everyone in the house to use when your smartphone isn’t handy.  This system currently averages 4 out of 5 stars on Amazon from 1,900+ people (read reviews) and its list price of $129.99 has been reduced to $89.99.To read this article in full or to leave a comment, please click here

So your company’s been hacked: How to handle the aftermath

After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss.It's usually not a pretty scene.It's not as if heads are exploding. It is more like what some might call a tense "come to Jesus" moment."It's not good," said cyber security expert Tyler Cohen Wood. She's participated in post-hack forensics sessions at companies and has witnessed the faces of panicked executives firsthand. Inspired eLearning Tyler Cohen Wood is cyber security advisor to elearning company Inspired eLearning, and was previously a Defense Intelligence Agency cyber deputy division chief.To read this article in full or to leave a comment, please click here

So your company’s been hacked: How to handle the aftermath

After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss.It's usually not a pretty scene.It's not as if heads are exploding. It is more like what some might call a tense "come to Jesus" moment."It's not good," said cyber security expert Tyler Cohen Wood. She's participated in post-hack forensics sessions at companies and has witnessed the faces of panicked executives firsthand. Inspired eLearning Tyler Cohen Wood is cyber security advisor to elearning company Inspired eLearning, and was previously a Defense Intelligence Agency cyber deputy division chief.To read this article in full or to leave a comment, please click here

VR, machine learning drive tech job market

Free catered lunch and a dog-friendly office are two of the perks offered by an educational technology company in Palo Alto, Calif., that’s looking to hire a machine learning engineer. The position, posted on Dice, will pay between $140,000 and $160,000 to the right candidate who’s skilled in machine learning platforms as well as data mining, statistical modeling, and natural language processing.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco boots Nutanix from partner program

Cisco Cuts Nutanix from the Partner Portal Less than a week after Nutanix issued a press release announcing their independently validated ability to run on Cisco UCS, Nutanix has been booted from the Cisco Solution Partner Program. Cisco has its own hyperconverged solution utilizing UCS hardware, bundled together through an agreement with software company Springpath, which they call Hyperflex.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco boots Nutanix from partner program

Cisco Cuts Nutanix from the Partner Portal Less than a week after Nutanix issued a press release announcing their independently validated ability to run on Cisco UCS, Nutanix has been booted from the Cisco Solution Partner Program. Cisco has its own hyperconverged solution utilizing UCS hardware, bundled together through an agreement with software company Springpath, which they call Hyperflex.To read this article in full or to leave a comment, please click here

How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks

How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks

The mission of the United State's Government's Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. It's ironic then that the CPSC is playing an unwitting role in most of the largest DDoS attacks seen on the Internet. To understand how, you need to understand a bit about how you launch a high volume DDoS.

How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks Logo of the Consumer Product Safety Commission

Amplification

DDoS attacks are inherently about an attacker sending more traffic to a victim than the victim can handle. The challenge for an attacker is to find a way to generate a large amount of traffic. Launching a DDoS attack is a criminal act, so an attacker can't simply go sign up for large transit contracts. Instead, attackers find ways to leverage other people's resources.

One of the most effective strategies is known as an amplification attack. In these attacks, an attacker can amplify their resources by reflecting them off other resources online that magnify the level of traffic. The most popular amplification vector is known as DNS reflection.

DNS Reflection

We've written about DNS reflection attacks in detail before. The basics are that an attacker generates DNS requests from a network that allows Continue reading

Cisco starts patching firewall devices against NSA-linked exploit

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.To read this article in full or to leave a comment, please click here

Cisco starts patching firewall devices against NSA-linked exploit

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.To read this article in full or to leave a comment, please click here

Cisco starts patching firewall devices against NSA-linked exploit

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Web Search Engines for IoT: The new frontier

We are all intimately familiar with the experience of “googling” a keyword(s) on a Web browser search engine to find related websites. For example, searching for “best French restaurant” in Google or Yahoo will return a list of many websites that are related to this topic. However, this key feature of the current Web will have to be fundamentally reworked for the new types of devices that are expected to join the Web as part of the Internet of Things (IoT). I mean, just how is it going to work when your fridge needs to do a search for something - and it will before too long?Traditional Web Search EnginesWhen thinking about any technology evolution, it is useful to first understand how the current generation of technology works before we try to predict what will happen in the future. So let’s briefly review how search engines work today.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hack the vote: How attackers could meddle in November’s elections

Political action committees aren’t the only entities attempting to influence the upcoming U.S. presidential election. Supposedly, Russia wants a say in who should lead the country. At least that’s the opinion you could form after reading the many news stories that allege Russia is behind the recent hacks targeting the Democratic National Committee and the Democratic Congressional Campaign Committee.Attack attribution aside (I shared my thoughts on that topic in last month’s blog), these data breaches raise the question of whether attackers could actually impact an election’s outcome.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hack the vote: How attackers could meddle in November’s elections

Political action committees aren’t the only entities attempting to influence the upcoming U.S. presidential election. Supposedly, Russia wants a say in who should lead the country. At least that’s the opinion you could form after reading the many news stories that allege Russia is behind the recent hacks targeting the Democratic National Committee and the Democratic Congressional Campaign Committee.Attack attribution aside (I shared my thoughts on that topic in last month’s blog), these data breaches raise the question of whether attackers could actually impact an election’s outcome.To read this article in full or to leave a comment, please click here

Linux at 25: Linus Torvalds on the evolution and future of Linux

The last time I had the occasion to interview Linus Torvalds, it was 2004, and version 2.6 of the Linux kernel had been recently released. I was working on a feature titled “Linux v2.6 scales the enterprise.” The opening sentence was “If commercial Unix vendors weren’t already worried about Linux, they should be now.” How prophetic those words turned out to be.More than 12 years later -- several lifetimes in the computing world -- Linux can be found in every corner of the tech world. What started as a one-man project now involves thousands of developers. On this, its 25th anniversary, I once again reached out to Torvalds to see whether he had time to answer some questions regarding Linux’s origins and evolution, the pulse of Linux’s current development community, and how he sees operating systems and hardware changing in the future. He graciously agreed.To read this article in full or to leave a comment, please click here

New York Public Library reads up on the cloud

Four years ago, the New York Public Library began to move its web properties to the cloud.Today, the library system has all of its approximately 80 web sites in the cloud. The library has shrunk the number of on-premise servers by 40% and is running those web properties 95% more cheaply than if it had bought the hardware and software to do it all by itself.The library took a risk on the cloud, and on Amazon Web Services (AWS), and it paid off."We've grown but we've grown in the cloud," said Jay Haque, director of DevOps and Enterprise Computing at the library. "Today, we're primarily focused on the digital identity of the NYPL. How our properties look. How they merge and integrate. How our patrons use the site … Without the cloud, we wouldn't have the time to focus on the customer experience."To read this article in full or to leave a comment, please click here

Proposed ‘social media ID, please’ law draws outrage

A plan by the U.S. government to require some foreign travelers to provide their social media IDs on key travel documents is drawing outrage.People who responded to the government’s request for comment about the proposal spared little in their criticisms. They call it “ludicrous,” an “all-around bad idea,” “blatant overreach,” “desperate, paranoid heavy-handedness,” “preposterous,” “appalling,” and “un-American.”But the feds are most serious about it.The plan affects people traveling from “visa waiver” countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand -- 38 countries in total.To read this article in full or to leave a comment, please click here

Data lakes security could use a life preserver

As big data initiatives gain steam at organizations, many companies are creating “data lakes” to provide a large number of users with access to the data they need. And as with almost every type of new IT initiative, this comes with a variety of security risks that enterprises must address.Data lakes are storage repositories that hold huge volumes of raw data kept in its native format until it’s needed. They’re becoming more common as organizations gather enormous amounts of data from a variety of resources.The growing business demand for analytics is helping to fuel the move to large repositories of data. And data lakes are likely to take on even more significance with the growth of the internet of things (IoT), in which companies will gather data from and about countless networked objects.To read this article in full or to leave a comment, please click here

Data lakes security could use a life preserver

As big data initiatives gain steam at organizations, many companies are creating “data lakes” to provide a large number of users with access to the data they need. And as with almost every type of new IT initiative, this comes with a variety of security risks that enterprises must address.Data lakes are storage repositories that hold huge volumes of raw data kept in its native format until it’s needed. They’re becoming more common as organizations gather enormous amounts of data from a variety of resources.The growing business demand for analytics is helping to fuel the move to large repositories of data. And data lakes are likely to take on even more significance with the growth of the internet of things (IoT), in which companies will gather data from and about countless networked objects.To read this article in full or to leave a comment, please click here

New collision attacks against triple-DES, Blowfish break HTTPS sessions

There is now a practical, relatively fast attack on 64-bit block ciphers that lets attackers recover authentication cookies and other credentials from HTTPS-protected sessions, a pair of French researchers said. Legacy ciphers Triple-DES and Blowfish need to go the way of the broken RC4 cipher: Deprecated and disabled everywhere.Dubbed Sweet32, researchers were able to take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access victim accounts, said the researchers, Karthikeyan Bhargavan and Gaëtan Leurent of INRIA in France. The attack highlights why it is necessary for sites to stop using legacy ciphers and upgrade to modern, more secure ciphers.To read this article in full or to leave a comment, please click here