NetworkingNexus.net

Notes on the Apple/NSO Trident 0days

I thought I'd write up some comments on today's news of the NSO malware using 0days to infect human rights activist phones. For full reference, you want to read the Citizen's Lab report and the Lookout report.

Press: it's news to you, it's not news to us

I'm seeing breathless news articles appear. I dread the next time that I talk to my mom that she's going to ask about it (including "were you involved"). I suppose it is new to those outside the cybersec community, but for those of us insiders, it's not particularly newsworthy. It's just more government malware going after activists. It's just one more set of 0days.

I point this out in case press wants to contact for some awesome sounding quote about how exciting/important this is. I'll have the opposite quote.

Don't panic: all patches fix 0days

We should pay attention to context: all patches (for iPhone, Windows, etc.) fix 0days that hackers can use to break into devices. Normally these 0days are discovered by the company itself or by outside researchers intending to fix (and not exploit) the problem. What's different here is that where most 0days are just a theoretical danger, these Continue reading

12 tips to help SMBs select and manage vendors

Picking good suppliers and partners is critical to your company’s success, especially a smaller, growing business. Pick a vendor that is difficult to work with, doesn’t provide a service as promised, isn’t there when you need help and/or hits you with hidden fees, and your company could be in serious trouble. So what steps can you take to help ensure you don’t wind up in a bad business relationship? Here are 12 strategies for selecting the right business partners and suppliers. 1. Make a list of your requirements and expectations. “One of the most important parts of creating and maintaining vendor/partner relationships is to have very clearly spelled out expectations at the onset,” says Diane Helbig of Seize This Day. “Establish an understanding of what each party will bring to the relationship, when and how. That gives you something to measure the relationship against and let’s your partner/vendor know not only what you want from them, but what you will be bringing to the relationship.”To read this article in full or to leave a comment, please click here

Windows 10 troubleshooting and fixes revisited

Long before the Windows 10 Anniversary Update appeared, it was obvious that Microsoft was putting more energy and effort into its troubleshooting tools. These are readily available by typing "trouble" into Cortana (or the search box, if you prefer) and then selecting the Troubleshooting (Control panel) result. What I didn't know at the time was that the future of Windows 10 didn't include fix-its.To read this article in full or to leave a comment, please click here(Insider Story)

Apple patches iOS security flaws found in spyware targeting activist

To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.To read this article in full or to leave a comment, please click here

Apple patches iOS security flaws found in spyware targeting activist

Apple patches iOS against potent zero-day spyware attack

Apple is issuing patches for three iOS zero-day vulnerabilities known as Trident that have been exploited for years by an Israel-based spyware vendor against a human rights activist, an investigative journalist and others.The attack, called Pegasus, is flexible, letting attackers steal a broad range of data from iPhones and iPads, according to the firms that discovered it.“In this case, the software is highly configurable: depending on the country of use and feature sets purchased by the user, the spyware capabilities include accessing messages, calls, emails, logs, and more from apps including Gmail, Facebook, Skype, WhatsApp, Viber, FaceTime, Calendar, Line, Mail.Ru, WeChat, SS, Tango, and others,” according to a blog post by Lookout Security, which, along with Citizen Lab, unearthed the vulnerabilities and Pegasus.To read this article in full or to leave a comment, please click here

Apple patches iOS against potent zero-day spyware attack

PQ Show 91: Intel And 5G Networks (Sponsored)

5G networks will dramatically boost the capability of mobile networks and have a significant impact on industrial networks, IoT, and cloud computing. In this sponsored podcast we talk with Intel about its 5G initiatives The post PQ Show 91: Intel And 5G Networks (Sponsored) appeared first on Packet Pushers.

Worth Reading: Remember the lead time

Disaster recovery is one of those important things that seldom seems to get the attention it deserves. My experience is that most large organizations, and some smaller organizations, have disaster recovery plans that at least get partial testing. —Netcraftsmen

The post Worth Reading: Remember the lead time appeared first on 'net work.

8th Annual v0dgeball Tournament Is Ready for VMworld in Vegas

Get things thrown at you for a good cause.

Informatica CEO: ‘Data security is an unsolved problem’

Companies today are awash in data, but current tools and processes are not enabling them to keep it secure.That's according to Informatica CEO Anil Chakravarthy, whose says his company -- which has traditionally focused on data management and integration -- is embarking on a major push to go further into data security."You hear about breaches all the time -- just imagine all the ones you're not hearing about," Chakravarthy said in a recent interview. "Data security today is an unsolved problem for customers."Last year, Informatica launched a product called Secure@Source that promises a data-centric approach to information security by helping organizations identify and visualize sensitive data wherever it resides.To read this article in full or to leave a comment, please click here

Juniper Data Center Switches Now Certified on VMware NSX

Juniper also expands Lenovo partnership.

Tempered Networks Scores $10M in Series B Funding

Identity-driven networking technology is intended to keep IoT networks secure.

IDG Contributor Network: Survey: Kids now online at age 3

The Internet has changed young children’s lives and they now are as comfortable picking up an iPad as they are a coloring book.Kids now spend twice as much time on the Internet as they did 10 years ago, and it’s escalating, research from an age-verification software developer has discovered.UK-based Agechecked says that over a quarter of kids there (28 percent) are using the Internet before they attend their first school. The statutory school age there is from five years old.And “one in six children, or 16 percent, begin their online experience at age three or under” the report (PDF) claims. Parents need to get aware, the company believes, and they should be acquainting themselves with their kids’ habits.To read this article in full or to leave a comment, please click here

12 most powerful hyperconverged infrastructure vendors

For organizations that want the agility of public cloud infrastructure but want the security and peace of mind of hosting the hardware on their own premises, hyperconverged infrastructure has emerged as a dominant hardware platform for hosting private clouds, virtual desktops and new application development environments. Over the past five years the hyperconverged infrastructure (HCI) market has evolved out of its preceding converged infrastructure (CI). Like CI, HCI’s foundational elements include an integrated compute, network and storage infrastructure offering. Unlike CI, HCI goes a step further with a software that sits atop the virtualized components that control the entire system. This creates software-defined storage, networking and compute, allowing resources to be spun up and down rapidly and through API calls. Research firm Forrester predicts that HCI systems will “become ubiquitous” as a common platform for deploying on-premises infrastructure.To read this article in full or to leave a comment, please click here

Why cloud architecture matters: The advantages of multi-instance vs. multi-tenant

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

The first public cloud services went live in the late 1990s using a legacy construct called a multi-tenant architecture, and while features and capabilities have evolved, many cloud services are still based on this 20^th century architecture. That raises serious questions about how legacy clouds prepare for calamity. While all architectures are susceptible to hardware failures and other issues that cause outages, the clouds that use a multi-instance architecture can better minimize the impact of an outage.

To read this article in full or to leave a comment, please click here

Why cloud architecture matters: The advantages of multi-instance vs. multi-tenant

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.The first public cloud services went live in the late 1990s using a legacy construct called a multi-tenant architecture, and while features and capabilities have evolved, many cloud services are still based on this 20th century architecture. That raises serious questions about how legacy clouds prepare for calamity. While all architectures are susceptible to hardware failures and other issues that cause outages, the clouds that use a multi-instance architecture can better minimize the impact of an outage. To read this article in full or to leave a comment, please click here

How CloudHealth Technologies keeps your clouds healthy

The world of cloud management is a fractured and busy one. There are cloud managers that help you control costs, ones that help you track usage, ones that monitor performance and others that provide infrastructure provisioning.Cloud Health Technologies Founder and CTO Joe Kinsella saw an opportunity in the market four years ago for another type of cloud management product: One that integrates all of those disparate cloud management tools together and provides centralized visibility into them. CloudHealth Technologies was born.+MORE AT NETWORK WORLD: 4 Tips for buying cloud management software +To read this article in full or to leave a comment, please click here

50% off Sennheiser PC 363D High Performance Surround Sound Gaming Headset – Deal Alert

Combining Sennheiser headphone and microphone engineering with Dolby Laboratory 7.1 surround sound techhologies takes gaming to another dimension. Sennheiser's technology angles the drivers in the ear cups channeling the sound directly into your ears. This improves sonic detail, definition and dynamics. Dolby's 7.1 technology comes via a USB sound card providing headphone control and remarkable spacial effects letting you accurately pin point sounds with 3D like dimensionality. Averaging 4.5 out of 5 stars on Amazon (read reviews), the list price of $299.95 has been reduced a significant 50% to just $149.95. See the discounted Sennheiser PC 363D surround sound gaming headset now on Amazon.To read this article in full or to leave a comment, please click here

STP/RSTP election process

Just a quick reminder on STP election process (thanks to Dmitry Figol): Choose Root bridge: lowest Bridge ID (priority + system mac) all ports on a Root bridge are designated Choose Root port on each non-root bridge: lowest path cost to the root lowest neighbor Bridge ID lowest neighbor’s Port ID (port priority + internal port number)

« Previous 1 … 2,711 2,712 2,713 2,714 2,715 … 3,836 Next »