UK government hit with new complaint about hacking abroad

A group of privacy advocates and internet providers has filed a new challenge to the U.K. government's use of bulk hacking abroad. U.K.-based Privacy International and five internet and communications providers aim to "bring the government's hacking under the rule of law," they said in a case lodged Friday with the European Court of Human Rights. Their application challenges the U.K. Investigatory Powers Tribunal's (IPT's) February refusal to rule on whether hacking efforts outside the U.K. by the GCHQ British intelligence service comply with the European Convention on Human Rights. That decision was part of a case brought by Privacy International against GCHQ back in 2014, and it effectively meant that the U.K. government could lawfully conduct bulk hacking of computers, mobile devices, and networks located anywhere outside of the UK, the group said.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For August 5th, 2016

Hey, it's HighScalability time:

 

 

What does a 107 football field long battery building Gigafactory look like? A lot like a giant Costco. (tour)

 

If you like this sort of Stuff then please support me on Patreon.
  • 60 billion: Facebook messages per day; 3x: Facebook messages compared to global SMS traffic; $15: min wage increases job growth; 85,000: real world QPS for Twitter's search; 2017: when MRAM finally arrives; $60M: Bitcoin heist, bigger than any bank robbery; 710m: Internet users in China; 

  • Quotable Quotes:
    • @cmeik: When @eric_brewer told me that Go was good for building distributed systems, I couldn't help but think about this.
    • David Rosenthal: We can see the end of the era of data and computation abundance. Dealing with an era of constrained resources will be very different.In particular, enthusiasm for blockchain technology as A Solution To Everything will need to be tempered by its voracious demand for energy.
    • Dr Werner Vogels: What we’ve seen is a revolution where complete applications are being stripped of all their servers, and only code is being run. Quite a few companies are ripping out big pieces of Continue reading

Worth Reading: Hot Commodities

A Booz Allen Hamilton Industrial Cybersecurity Threat Briefing reports that cyber incidents targeting Integrated Control Systems (ICS), like the ones used to run the nation’s electric grid, reached an all-time high in 2015. The briefing also predicted that the number of these incidents will likely continue to increase, and cited nation-state backed groups as a key threat. —Lawfare

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Hot Commodities appeared first on 'net work.

A Fresh Look at Gaming Devices for Supercomputing Applications

Over the years there have been numerous efforts to use unconventional, low-power, graphics-heavy processors for traditional supercomputing applications—with varying degrees of success. While this takes some extra footwork on the code side and delivers less performance overall than standard servers, the power is far lower and the cost isn’t even in the same ballpark.

Glenn Volkema and his colleagues at the University of Massachusetts Dartmouth are among some of the most recent researchers putting modern gaming graphics cards to the performance per watt and application benchmark test. In looking at various desktop gaming cards (Nvidia GeForce, AMD Fury X, among

A Fresh Look at Gaming Devices for Supercomputing Applications was written by Nicole Hemsoth at The Next Platform.

‘Mayhem’ wins $2M first prize in DARPA Cyber Grand Challenge

Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a DARPA-sponsored Cyber Grand Challenge competition that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers.A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.BLACK HAT: Quick look at hot issuesTo read this article in full or to leave a comment, please click here

Researcher hides stealthy malware inside legitimate digitally signed files

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.The attack method, developed by Tom Nipravsky, a researcher with cybersecurity firm Deep Instinct, might prove to be a valuable tool for criminals and espionage groups in the future, allowing them to get malware past antivirus scanners and other security products.The first part of Nipravsky's research, which was presented at the Black Hat security conference in Las Vegas this week, has to do with file steganography -- the practice of hiding data inside a legitimate file.To read this article in full or to leave a comment, please click here

Automation key to getting SDN security right

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Where did your network go?  We’re rapidly approaching a time when enterprises won’t be able to actually see their networks’ cables or the blinking router lights. Software defined networks drive efficiency and agility and make businesses more scalable and flexible. But SDNs also incite uncertainty about security because the network is moving out of plain sight.If you can’t see the network, how do you control and secure it?  One useful analogy is the anxiety some people feel when flying; they are afraid of flying yet aren’t at all anxious about driving a car. Yet, statistically, a plane is far safer than the car as a mode of transport.  The key issue here is control.  Sitting in the drivers’ seat, most of us feel in control. We know how to drive the car and how to stay safe. But we’re not at the controls of the plane and, what’s more, most of us don’t know how to fly them. It’s unfamiliar territory, with no visibility.To read this article in full or to leave a comment, please click here

The Cradlepoint NetCloud platform enables Network-as-a-Service  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  There's a lot of innovation going on in the WAN these days. New strategies from a variety of network companies hold the promise of building better security, control and performance into regular broadband and LTE networks.Cradlepoint is the latest vendor to announce its software-defined wide area network architecture. The Cradlepoint NetCloud platform enables software-defined and cloud-based wired and wireless broadband networks for branch, mobile and IoT.To read this article in full or to leave a comment, please click here

Junos Space Log Collector – Utilities

The Juniper documentation on log collector is a bit sparse to be honest, and once it is installed, SSHing to it doesn’t seem to produce a configuration menu any more.  In order to change its config, there are some scripts, but I had to dig around for them:

[root@LOG-COLLECTOR bin]# ls
adhoc.py disableExport.sh logcollectorWatchdog.py selfhealingES.py
agentScript.sh elasticDiskAllocation.py logcollectorWatchdog.pyc selfhealingES.pyc
agentUtilityScript.sh elasticDiskRollover.sh logcolmon.py startService.sh
bashUtils.sh enableExport.sh logcolmon.pyc stopService.sh
cleanZipLogs.sh generateReponse.pl lsStatisticsupdate.sh subsequentBootupdate.sh
collectSystemLogs.sh getMountLocation.sh monitorPacketDrop.sh support-diagnostics.sh
configureMailSetup.sh getRebootDetails.pl mountNfs.sh syslogForwardToggle.sh
configureNameServer.sh getSystemInfo networkScript.sh updateEtcHosts.sh
configureNode.sh getZipLogs.pl resizeFS.sh updateIndexerip.sh
configureNtp.sh initConf.pl resourceMonitoring validateIpAddress.sh
configureTimeZone.sh loadFirewal.sh rootWrapper whiteList.sh

[root@LOG-COLLECTOR bin]#

They are in this directory:

[root@LOG-COLLECTOR bin]# pwd
/opt/jnpr/bin
[root@LOG-COLLECTOR bin]#

 

An important thing to be sure of is that log collector does not have two interfaces – it should have only eth0.   If it gets an IP address on eth1, you might find that logging does not work.  This is probably because it received a DHCP address on eth1, Continue reading

IDG Contributor Network: Hired guns: The rise of the virtual CISO

The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety—and a widening gap in the skills required to identify and combat them. Having someone who knows how to lead the charge in identifying and analyzing threats, creating strategic security plans and ensuring compliance requires the right level of expertise.+ Also on Network World: Why you need a CSO/CISO +The Information Systems Security Association spoke of a “missing generation” in information security, pointing to an estimated 300,000 to 1 million vacant cybersecurity jobs. To further complicate the labor shortfall, security professionals at enterprises understand they are in demand, and it is understood that employees will be receiving offers from other companies. According to a Ponemon study, senior security executives on average leave after 30 months on the job.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hired guns: The rise of the virtual CISO

The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety—and a widening gap in the skills required to identify and combat them. Having someone who knows how to lead the charge in identifying and analyzing threats, creating strategic security plans and ensuring compliance requires the right level of expertise.+ Also on Network World: Why you need a CSO/CISO +The Information Systems Security Association spoke of a “missing generation” in information security, pointing to an estimated 300,000 to 1 million vacant cybersecurity jobs. To further complicate the labor shortfall, security professionals at enterprises understand they are in demand, and it is understood that employees will be receiving offers from other companies. According to a Ponemon study, senior security executives on average leave after 30 months on the job.To read this article in full or to leave a comment, please click here

Cross-VC NSX: Multi-site Deployments with Ease and Flexibility

As discussed in prior Cross-VC NSX/multi-site blogs, Cross-VC NSX allows for NSX logical networking and security across multiple vCenter domains which may also be across multiple sites. The benefits of this capability are immediately clear in terms of workload mobility, resource pooling, central management and application of consistent security policies across vCenter domains/sites, and disaster recovery. More details on these use cases can be found in the prior Cross-VC NSX blogs listed below or in the recently published NSX-V: Multi-site Options and Cross-VC NSX Design Guide. This blog post, focuses on the ease and flexibility in terms of application of Cross-VC NSX for multi-site.

Prior Cross-VC NSX Blogs:
NSX-V: Multi-site Options and Cross-VC NSX Design Guide
Enhanced Disaster Recovery with Cross-VC NSX and SRM
Cross-VC NSX for Multi-site Solutions

In this example, vCenter, the primary NSX Manager, and the Universal Controller Cluster (UCC) is deployed at site 1. A secondary NSX Manager which is registered with the primary NSX Manager is deployed at site 2 along with its corresponding vCenter. For a quick overview on primary NSM Manager, secondary NSX Manager, and the UCC see this prior blog. For more detailed information, see the NSX-V: Multi-site Options and Cross-VC NSX Continue reading

Apple losing smartphone share in India despite big efforts

Apple’s CEO Tim Cook has described India as one of the company's fastest growing markets and has proposed to the government a program to offer refurbished phones in the country as a way to get around the high prices of its devices in a price-sensitive market.Cook is also said to have discussed with India's Prime Minister Narendra Modi in May the "possibilities of manufacturing and retailing in India," a move that would help the company avoid the high import duties on smartphones and other products that the authorities have imposed to encourage local manufacture.To read this article in full or to leave a comment, please click here

In DARPA challenge, smart machines compete to fend off cyberattacks

The first all-machine hacking competition is taking place today in Las Vegas.Seven teams, each running a high-performance computer and autonomous systems, are going head-to-head to see which one can best detect, evaluate and patch software vulnerabilities before adversaries have a chance to exploit them.It’s the first event where machines – with no human involvement – are competing in a round of "capture the flag, according to DARPA (Defense Advanced Research Projects Agency), which is sponsoring and running the event. DARPA is the research arm of the U.S. Defense Department.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The teams are vying for a prize pool of $3.75 million, with the winning team receiving $2 million, the runner-up getting $1 million and the third-place team taking home $750,000. The winner will be announced Friday morning.To read this article in full or to leave a comment, please click here

In DARPA challenge, smart machines compete to fend off cyberattacks

The first all-machine hacking competition is taking place today in Las Vegas.Seven teams, each running a high-performance computer and autonomous systems, are going head-to-head to see which one can best detect, evaluate and patch software vulnerabilities before adversaries have a chance to exploit them.It’s the first event where machines – with no human involvement – are competing in a round of "capture the flag, according to DARPA (Defense Advanced Research Projects Agency), which is sponsoring and running the event. DARPA is the research arm of the U.S. Defense Department.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The teams are vying for a prize pool of $3.75 million, with the winning team receiving $2 million, the runner-up getting $1 million and the third-place team taking home $750,000. The winner will be announced Friday morning.To read this article in full or to leave a comment, please click here

Illinois hospital chain to pay record $5.5M for exposing data about millions of patients

Illinois' largest hospital chain today agreed to pay a $5.5 million fine by the government for lax data security that led to the exposure of more than 4 million electronic patient records.The fine against Advocate Health Care Network, the largest ever levied under Health Insurance Portability and Accountability Act (HIPAA) regulations, is a result of the "extent and duration of the alleged noncompliance."The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) began its investigation in 2013, when the healthcare chain submitted three breach notification reports pertaining to separate and distinct incidents involving its subsidiary, Advocate Medical Group (AMG).To read this article in full or to leave a comment, please click here

1 2,718 2,719 2,720 2,721 2,722 3,795