0

Review: Top tools for preventing data leaks

Most security tools are focused on keeping external attackers at bay. But what about the sensitive data that lives inside your network? How do you make sure it doesn’t get out, either intentionally or by accident?To read this article in full or to leave a comment, please click here(Insider Story)

0

Top tools for preventing data leaks

Data loss prevention toolsImage by ThinkstockWe tested data loss prevention (DLP) tools from Comodo, Digital Guardian and Forcepoint. These products are designed to stop protected data from being shared in multiple ways, everything from e-mail attachments to printing to even screen captures. Forcepoint Triton was the most mature, easiest to setup and had the most features. Digital Guardian DLP was able to eliminate almost all false positives and would be a good choice for organizations with huge amounts of intellectual property. Comodo DLP offered a lot of flexibility as well as extras like a VPN, firewall, patch and mobile device manager, making it a good choice for organizations getting up to speed with their overall cybersecurity defenses. Read the full review.To read this article in full or to leave a comment, please click here

0

Hot products from VMWorld 2016

Moving to VegasImage by ThinkstockFor the first time VMware has moved its domestic VMWorld conference to Las Vegas – and what better place than under the bright lights of the strip to talk about the latest in virtualization, SDN, containers, hyperconverged infrastructure and mobile management. Check out our compilation of the hottest new products and services being announced and displayed at VMWorld 2016. To read this article in full or to leave a comment, please click here

0

Scaling L3-Only Data Center Networks

Andrew wondered how one could scale the L3-only data center networking approach I outlined in this blog post and asked:

When dealing with guests on each host, if each host injects a /32 for each guest, by the time the routes are on the spine, you're potentially well past the 128k route limit. Can you elaborate on how this can scale beyond 128k routes?

Short answer: it won’t.

Read more ...

0

Cisco DevNet Scavenger Hunt at GSX 17

At Cisco's GSX conference at the start of FY17, the DevNet team made a programming scavenger hunt by posting daily challenges that required using things like containers, Cisco Shipped, Python, and RESTful APIs in Cisco software in order to solve puzzles. In order to submit an answer, the team created an API that contestants had to use (in effect creating another challenge that contestants had to solve).

This post contains the artifacts I created while solving some of the challenges.

0

VMworld 2016 Day 1 Keynote

This is a liveblog of the day 1 keynote at VMworld 2016 in Las Vegas, NV. I managed to snag a somewhat decent seat in the massive bloggers/press/analysts area, though it filled up really quickly. Based on the announcements made this morning, it should be a great general session, and I’m really interested to see how its received by the community.

The keynote starts with a high-energy percussion/DJ session, followed by a talk about tomorrow—from where tomorrow will emerge, what tomorrow will look like, and what tomorrow will care about. Don’t stand in line for tomorrow; you are tomorrow, because tomorrow is about people. Which way will you face? What will you do to bring about tomorrow? All of this lines up, naturally, with VMworld’s “be_Tomorrow” theme.

After that talk Pat Gelsinger, CEO of VMware, takes the stage. He talks briefly about his foot injury, then thanks the 21 “Alumni Elite” who have attended every single VMworld. Gelsinger then moves into a discussion of buzzwords and “digital transformation,” claiming that all businesses are digital businesses, and therefore all businesses need to worry about the challenges that face digital businesses. Gelsinger talks about a couple companies that have Continue reading

0

Opera warns 1.7 million Opera Sync users of breach, forces password reset

About 350 million people use the Opera browser. Of those, 1.7 million received an email from Opera, warning that attackers breached Opera’s cloud Sync service server. Even if a person didn’t check their email, they would have known something was up since Opera forced a password reset for Sync users.Opera announced the breach on Friday. The company said it detected and then “quickly blocked” an attack last week, but “some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.”To read this article in full or to leave a comment, please click here

0

Opera warns 1.7 million Opera Sync users of breach, forces password reset

About 350 million people use the Opera browser. Of those, 1.7 million received an email from Opera, warning that attackers breached Opera’s cloud Sync service server. Even if a person didn’t check their email, they would have known something was up since Opera forced a password reset for Sync users.Opera announced the breach on Friday. The company said it detected and then “quickly blocked” an attack last week, but “some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.”To read this article in full or to leave a comment, please click here

0

Building a Raspberry Pi-powered Barkometer, Part 1

I recently had a visit from my local animal control department. A youthful, uniformed guy rang the doorbell and handed me a letter. He told me that there had been a complaint from a neighbor (he, of course, was not at liberty to reveal the identity of the neighbor) about my dog barking. This was unexpected because my dog, Harvey (he’s an Australian Shepherd), doesn’t bark that much and when he does, it’s usually just a couple of midrange yelps. He mostly barks when he exits the back door (he always assumes that there’s some critter that needs to be dealt with) and occasionally, if the birds dare to land on our trees, he'll shout a few times but even then, it’s a brief protest rather than a drawn out rager. I’d argue that other neighbors' dogs are far noisier than my dog.To read this article in full or to leave a comment, please click here

0

Connecting Python To Slack For Testing And Development

The scripting language Python can retrieve information from or publish information into the messaging app Slack. This means you can write a program that puts info into Slack for you, or accepts your queries using Slack as the interface. This is useful if you spend a lot of time in Slack, as I do.

The hard work of integrating Slack and Python has been done already. Slack offers an API, and there are at least two open source Python libraries that make leveraging these APIs in your Python code a simple task. I chose slacker after a bit of googling, but it’s not a preference borne of experience. The community seems to be behind slacker as opposed to Slack’s own python-slackclient, so I went that direction.

Steps

1. I’ll assume you’ve got Python installed already. My environment is Ubuntu Server 16.04 with Python 2.7.12.
2. Install the python package manger pip, if you don’t already have it.
   sudo apt install python-pip
3. Install the slacker python library.
   pip install slacker
4. Generate a testing and dev token at the Slack API web site.
   https://api.slack.com/web
   
5. The token will be everything required for authentication to your Slack group. Protect it Continue reading

0

It takes a village: Change management with Office 365

One of the key benefits of leveraging Office 365 for your SharePoint solutions is that you will be able to take advantage of all of the latest and greatest advances in the platform as they are launched. This means that you don’t have to worry about managing upgrades and fixes – and this should save time and resources associated with platform management. But, it also means that you have less control over when changes happen in your environment – and that means you need to stay on top of what Microsoft is planning. Successful change management is a lot about managing expectations. When people are fully informed and aware of changes to the software they use every day, the changes can be easier to accept – especially if you have evaluated the impact of these changes in advance. To ensure that your continuously evolving Office 365 environment is not disruptive to your users, you need to monitor what is happening with the platform with a multi-faceted “lens” – looking at upcoming changes from multiple perspectives. For that, it takes a village.To read this article in full or to leave a comment, please click here

0

Unregenerate 20160827 – The Week Gone By or To Come

Looking backward at last week or forward into next week.  unregenerate – adj. not reformed, unreconstructed, obstinate, stubborn —- Current Status Arrived in Las Vegas VMworld early for Vmworld as press/media. I’m presenting on the big stage at Future:Net – an [invitation only conference on the future of networking – on Thursday Morning “Breakfast With […]

The post Unregenerate 20160827 – The Week Gone By or To Come appeared first on EtherealMind.

0

mVPN Fun in the Lab: Following the Labels – Part 3 of 6

In our last blog (MPLS Fun in the Lab: Connect a Customer – Part 2) we added a customer to our MPLS cloud and we got a ping successfully across. Now?  Now we Follow the Labels of that successful ping.... Read More ›

The post mVPN Fun in the Lab: Following the Labels – Part 3 of 6 appeared first on Networking with FISH.

0

Notes on that StJude/MuddyWatters/MedSec thing

I thought I'd write up some notes on the StJude/MedSec/MuddyWaters affair. Some references: [1] [2] [3] [4].

The story so far

St Jude Medical (STJ) is one of the largest providers of pacemakers (aka. cardiac devices) in the country, around ~$2.5 billion in revenue, which accounts for about half their business. They provide "smart" pacemakers with an on-board computer that talks via radio-waves to a nearby monitor that records the functioning of the device (and health data). That monitor, "Merlin@Home", then talks back up to St Jude (via phone lines, 3G cell phone, or wifi). Pretty much all pacemakers work that way (my father's does, although his is from a different vendor).

MedSec is a bunch of cybersecurity researchers (white-hat hackers) who have been investigating medical devices. In theory, their primary business is to sell their services to medical device companies, to help companies secure their devices. Their CEO is Justine Bone, a long-time white-hat hacker. Despite Muddy Waters garbling the research, there's no reason to doubt that there's quality research underlying all this.

Continue reading

0

Medical device security ignites an ethics firestorm

One security research company is taking a controversial approach to disclosing vulnerabilities: It’s publicizing the flaws as a way to tank a company’s stock.The security firm, MedSec, made news on Thursday when it claimed that pacemakers and other health care products from St. Jude Medical contain vulnerabilities that expose them to hacks.However, MedSec is also cashing in on the disclosure by partnering with an investment firm that’s betting against St. Jude Medical’s stock.The whole affair is raising eyebrows around the security community. It may be the first time someone has tried to get compensated for discovering vulnerabilities by shorting a stock, said Casey Ellis, CEO of Bugcrowd, a bug bounty platform.To read this article in full or to leave a comment, please click here

0

Medical device security ignites an ethics firestorm

One security research company is taking a controversial approach to disclosing vulnerabilities: It’s publicizing the flaws as a way to tank a company’s stock.The security firm, MedSec, made news on Thursday when it claimed that pacemakers and other health care products from St. Jude Medical contain vulnerabilities that expose them to hacks.However, MedSec is also cashing in on the disclosure by partnering with an investment firm that’s betting against St. Jude Medical’s stock.The whole affair is raising eyebrows around the security community. It may be the first time someone has tried to get compensated for discovering vulnerabilities by shorting a stock, said Casey Ellis, CEO of Bugcrowd, a bug bounty platform.To read this article in full or to leave a comment, please click here

0

Weekly Roundup: Top 5 Docker Articles for this week

Here’s the buzz from this week we think you should know about! We shared a preview of Microsoft’s Docker container monitoring, reviewed the Docker Engine security feature set, and delivered a quick tutorial for getting 1.12.1 running on Raspberry Pi 3. As we begin a new week, let’s recap our top five most-read stories for the week of August 21, 2016:

 

 

• Docker security: the Docker Engine has strong security default for all containerized applications.

• 1.12.1 on Raspberry Pi 3: five minute guide for getting Docker 1.12.1 running on Raspberry Pi 3 by Docker Captain Ajeet Singh Raina.

• Securing the Enterprise: how Docker’s security features can be used to provide active and continuous security for a software supply chain.

• Docker + NATS for Microservices: building a microservices control plane using NATS and Docker v1.12 by Wally Quevedo.

• Container Monitoring: Microsoft previews open Docker container monitoring. Aimed at users who want a simplified view of containers’ usage, to diagnose issues whether containers are running in the cloud or on-premises by Sam Dean.  

---

Weekly roundup: Top 5 #Docker stories of the week
Click To Tweet

---

The post Weekly Continue reading

0

Debunking the most common big data backup and recovery myths

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.Big data has become a priority for most organizations, which are increasingly aware of the central role data can play in their success.  But firms continue to struggle with how to best protect, manage and analyze data within today's modern architectures. Not doing so can result in extended downtime and potential data loss costing the organization millions of dollars.Unlike traditional data platforms (Oracle, SQL*Server, etc.), which are managed by IT professionals, big data platforms (Hadoop, Cassandra, Couchbase, HPE Vertica, etc.) are often managed by engineers or DevOps groups and there are some common misconceptions around big data backup and recovery that need to be cleared up.  To read this article in full or to leave a comment, please click here

0

Fake resumes, jobs, lead to real guilty plea in H-1B fraud case

A Virginia couple has pled guilty to H-1B fraud charges in a scheme that made them millions, the U.S. Department of Justice announced Thursday.A married couple -- Raju Kosuri, 44, and Smriti Jharia, 45 -- created a visa-for-sale system involving some 900 H-1B visa petitions over a multi-year period, according to the U.S. attorney in the Eastern District of Virginia.Court records detail an elaborate operation that required a series of fictions to pull off.Through a series of shell companies that purported to provide IT staffing and services to corporate clients, the defendants H-1B visa petitions on behalf of workers. These workers had to pay the visa fees, legal and administrative costs -- as much as $4,000 -- in violation of the visa program's rules.To read this article in full or to leave a comment, please click here

0

Worth Reading: Is Openstack becoming Trumpstack?

Tired of hearing about Pets vs. Cattle? Most of us are. The underlying concept is important. While OpenStack, and most private and public cloud platforms, is geared towards workloads that have resiliency build into the application, many of the folks in the industry just aren’t there yet. The question comes to OpenStack advocates now: Should we push away potential adopters of the platform because they may have workloads that aren’t entirely appropriate for a typical “cloud” infrastructure? —DiscoPosse

The post Worth Reading: Is Openstack becoming Trumpstack? appeared first on 'net work.