HEI Hotels reports point-of-sale terminals breach

HEI Hotels & Resorts has reported a possible compromise of payment card information at its point-of-sale terminals, the latest in a string of attacks on such systems at hotels, hospitals and retailers.The company, which manages close to 60 Starwood, Hilton, Marriott, Hyatt and InterContinental properties, said it appears that malicious software was installed on the payment processing systems at certain properties, with the aim of harvesting the card data as it was routed through the systems.The compromise may have possibly affected the personal information of some hotel customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties.To read this article in full or to leave a comment, please click here

Mom discovered twin daughters’ bedroom being streamed via Live Camera Viewer app

If you were considering potential vacation locations, then the Android app Live Camera Viewer for IP Cams is purportedly “for travelers to have a spy sneak peek at travel destinations.” Yet children’s bedrooms would never occur to me as a travel destination. A heartsick mom in Texas found out her kids’ bedrooms were being live-streamed via the app.ABC News recounted a story that started with a mom and son duo from Oregon; they had been surfing satellite images of Earth. The Oregon mom found the Live Camera Viewer app while looking for more satellite feeds. That’s when she saw a broadcast from Houston, Texas, of a little girl’s bedroom.To read this article in full or to leave a comment, please click here

Mom discovered twin daughters’ bedroom being streamed via Live Camera Viewer app

If you were considering potential vacation locations, then the Android app Live Camera Viewer for IP Cams is purportedly “for travelers to have a spy sneak peek at travel destinations.” Yet children’s bedrooms would never occur to me as a travel destination. A heartsick mom in Texas found out her kids’ bedrooms were being live-streamed via the app.ABC News recounted a story which started with a mom and son duo from Oregon; they had been surfing satellite images of Earth. The Oregon mom found the Live Camera Viewer app while looking for more satellite feeds. That’s when she saw a broadcast from Houston, Texas, of a little girl’s bedroom.To read this article in full or to leave a comment, please click here

Segment Routing on JUNOS – The basics

Anybody who’s been to any seminar, associated with any major networking systems manufacturer or bought any recent study material, will almost certainly have come across something new called “Segment Routing” it sounds pretty cool – but what is it and why has it been created?

To understand this we first need to rewind to what most of us are used to doing on a daily basis – designing/building/maintaining/troubleshooting networks, that are built mostly around LDP or RSVP-TE based protocols. But what’s wrong with these protocols? why has Segment-Routing been invented and what problems does it solve?

Before we delve into the depths of Segment-Routing, lets first remind ourselves of what basic LDP based MPLS is. LDP or “Label Distribution Protocol” was first invented around 1999, superseding the now defunct “TGP” or “Tag distribution protocol” in order to solve the problems of traditional IPv4 based routing. Where control-plane resources were finite in nature, MPLS enabled routers to forward packets based solely on labels, rather than destination IP address, allowing for a much more simple design. The fact that the “M” in MPLS stands for “Multiprotocol” allowed engineers to support a whole range of different services and encapsulations, that could be tunnelled Continue reading

Guccifer 2.0 takes credit for hacking another Democratic committee

The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group.Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and is promising journalists "exclusive materials" if they contact him directly.Although Guccifer 2.0 claims to be a lone hacktivist, some security experts believe he's actually a persona created by Russian government hackers who want to influence the U.S. presidential election.To read this article in full or to leave a comment, please click here

Guccifer 2.0 takes credit for hacking another Democratic committee

The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group.Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and is promising journalists "exclusive materials" if they contact him directly.Although Guccifer 2.0 claims to be a lone hacktivist, some security experts believe he's actually a persona created by Russian government hackers who want to influence the U.S. presidential election.To read this article in full or to leave a comment, please click here

Quiz #25 &#8211 Troubleshooting IPsec Authentication Headers (AH)

Your company has an IPsec tunnel with another company for achieving network connectivity between servers in 10.10.10.0/24 on your side to 10.20.20.0/24 on theirs. Lately they complained that their equipment has problems dealing with ESP and requested to migrate this existing IPsec tunnel from Encapsulating Security Payloads (ESP) to Authentication Headers (AH), since encryption/confidentiality was never a requirement for this tunnel. What could go wrong ?

HP leaks some details on Intel’s Kaby Lake and Apollo Lake chips

HP may have tried, but it couldn't hold the secrets of Intel's unreleased Kaby Lake and Apollo Lake CPU chips close to its chest.Some details on the new chips were unintentionally shared by HP in the maintenance documents of an unannounced PC, the Pavilion x360 m1.PCs with Kaby Lake -- called 7th Generation Core chips -- are expected to ship this quarter. It is a highly anticipated successor to Intel's Skylake chips, with performance and multimedia improvements.Asus announced the Transformer 3 tablet PC with Kaby Lake in June but didn't share specific chip details. Lenovo and Acer will announce new Kaby Lake PCs at the IFA trade show starting at the end of the month.To read this article in full or to leave a comment, please click here

Docker Weekly | Roundup

This week, we’re taking a look at how to quickly create a Docker swarm cluster, setup a mail forwarder on Docker, and better understand the new Docker 1.12.0 load-balancing feature. As we begin a new week, let’s recap our top 5 most-read stories for the week of August 7, 2016:

Continue reading

Worth Reading: Email optimization

In Part 1 of this series, we introduced the problem of email volume optimization. We showed that on the one hand, email is among the principal drivers of engagement, but on the other hand, excessive email volume results in increased negative responses such as members unsubscribing from an email type or reporting emails as spam. We discussed an approach for email volume optimization that minimizes email volume while maximizing downstream sessions and minimizing the number of member complaints (unsubscribes and spam reports). In this post, we’ll discuss our learnings from this approach and describe our new, improved approach that has resulted. —LinkedIn Engineering Blog

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Email optimization appeared first on 'net work.

The telecom money pit: How to use audits to find significant discrepancies and big savings

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month. On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates.  These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges. To read this article in full or to leave a comment, please click here

The telecom money pit: How to use audits to find significant discrepancies and big savings

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month. On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates.  These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges. To read this article in full or to leave a comment, please click here

The telecom money pit: How to use audits to find significant discrepancies and big savings

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month.

On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates.  These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges. 

To read this article in full or to leave a comment, please click here

Do you trust your cloud provider? Addressing these questions will help put you at ease

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.Finding a cloud provider you can trust has become a major responsibility.  Cloud providers come in all shapes and sizes—from global organizations delivering a range of services to small shops specializing in a limited number of capabilities. To normalize the differences you need to ask consistent questions about key issues.Security should be at or near the very top of your list, with their answers providing the transparency which will help build trust.  An essential first step is to avoid making assumptions on what security is and isn’t with respect to a provider. Every provider is different, with different rules, service-level agreements (SLAs), and terms and conditions. Make sure you thoroughly understand what each service provider commits to you, the customer.To read this article in full or to leave a comment, please click here

Do you trust your cloud provider? Addressing these questions will help put you at ease

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.

Finding a cloud provider you can trust has become a major responsibility.  Cloud providers come in all shapes and sizes—from global organizations delivering a range of services to small shops specializing in a limited number of capabilities. To normalize the differences you need to ask consistent questions about key issues.

Security should be at or near the very top of your list, with their answers providing the transparency which will help build trust.  An essential first step is to avoid making assumptions on what security is and isn’t with respect to a provider. Every provider is different, with different rules, service-level agreements (SLAs), and terms and conditions. Make sure you thoroughly understand what each service provider commits to you, the customer.

To read this article in full or to leave a comment, please click here

Auto Renew Let’s Encrypt Certificates

I’m a big fan of Let’s Encrypt (free, widely trusted SSL certificates) but not a big fan of most of the client software available for requesting and renewing certificates. Unlike a typical certificate authority, Let’s Encrypt doesn’t have a webui for requesting/renewing certs; everything is driven via an automated process that is run between a Let’s Encrypt software client and the Let’s Encrypt web service.

Since the protocols that Let’s Encrypt uses are standards-based, there are many open source clients available. Being security conscious, I have a few concerns with most of the clients:

  • Complication. Many of the clients are hundreds of lines long and unnecessarily complicated. This makes the code really hard to audit and since this code is playing with my crypto key material, I do want to audit it.
  • Elevated privilege. At least one of the clients I saw required root permission. That’s a non starter.

I can’t remember how, but I discovered a very clean, very simple client called acme-tiny at github.com/diafygi/acme-tiny. This script was obviously written by someone who shares the same concerns as I do and I highly recommend it to others.

I used acme-tiny to request my initial certificates — and it Continue reading

10 key considerations when building a private cloud

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.A private cloud enables enterprises to secure and control applications and data while providing the ability for development teams to deliver business value faster and in a frictionless manner. But while building a private cloud can transform IT, it can also be an expensive science experiment without careful planning and preparation.  Here are ten considerations that will help ensure success.1. Involve the stakeholders.  Private clouds are not purely an IT project. The various business units that will be the actual users should be involved in figuring out the specifications and deliverables. A cloud changes the transactional relationship between IT and business. Both sides have to be engaged in figuring out and accepting how that relationship changes with a private cloud.To read this article in full or to leave a comment, please click here

10 key considerations when building a private cloud

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

A private cloud enables enterprises to secure and control applications and data while providing the ability for development teams to deliver business value faster and in a frictionless manner. But while building a private cloud can transform IT, it can also be an expensive science experiment without careful planning and preparation.  Here are ten considerations that will help ensure success.

1. Involve the stakeholders.  Private clouds are not purely an IT project. The various business units that will be the actual users should be involved in figuring out the specifications and deliverables. A cloud changes the transactional relationship between IT and business. Both sides have to be engaged in figuring out and accepting how that relationship changes with a private cloud.

To read this article in full or to leave a comment, please click here

1 2,700 2,701 2,702 2,703 2,704 3,793