Bugs & Bugs: DARPA, bug bounties & thousands of bees

Black Hat & Def Con provided plenty of fodder for our new installment of Bugs & Bugs, as seen in our Facebook Live stream on the latest news about computer bugs and real insects.Network World's Bob Brown and Tim Greene discussed, as you can see in the saved edition of the video below, new research that shows affluent communities tend to attract more different species of insects and other arthropods -- and that's a good thing. We also explored the DARPA Cyber Grand Challenge that took place in Las Vegas on the eve of Def Con and resulted in a $2M first prize for the grand winner of this computer-on-computer Capture the Flag contest.To read this article in full or to leave a comment, please click here

8% to 20% off Multiple Fitbit Tracker Models – Deal Alert

Fitbit trackers come in various models and fitting each individuals fitness needs. Discounts are now being offered for many of these models.  Below are several of the models that are currently discounted on Amazon.Fitbit Flex—a slim, stylish device that tracks all-day activity like steps, distance, calories burned and active minutes. See how every day stacks up with LEDs that light up like a scoreboard as you get closer to your goal. Then wear it at night to measure your sleep quality and wake with a silent, vibrating alarm. Currently available on Amazon at the discounted price of $79.95To read this article in full or to leave a comment, please click here

Worth Reading: Hacking wireless keyboards

You should be able to trust your wireless keyboard. And yet security researchers have been warning people to be suspicious of wireless computer accessories using sketchy radio protocols for years. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, in case you missed that message, the same researchers have extended their attack to millions more devices—and this time, they can not only inject keystrokes, but also read yours, too. —Wired

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Hacking wireless keyboards appeared first on 'net work.

A new $500,000 iOS bug bounty beats Apple’s offer

A security firm is offering up to US$500,000 for information on zero-day vulnerabilities in iOS, surpassing Apple's bug bounty just days after it was announced.On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher. These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iPhones. To read this article in full or to leave a comment, please click here

Windows Secure Boot: Insecure by design and mostly likely can’t be fixed

Encryption backdoors don’t work; the latest proof of that was discovered by security researchers Slipstream and MY123. This time, the security flub-up involves “golden keys” which can unlock Windows devices allegedly protected by Secure Boot.The researchers sounded the alarm, saying Microsoft messed up and accidentally leaked the security key which is supposed to protect Windows devices from attackers as a box boots up. This same flaw could be used by the machine’s owner to jailbreak a locked box and run a different OS like Linux – anything really, so long as it is cryptographically signed.To read this article in full or to leave a comment, please click here

Windows Secure Boot: Insecure by design and mostly likely can’t be fixed

Encryption backdoors don’t work; the latest proof of that was discovered by security researchers Slipstream and MY123. This time, the security flub-up involves “golden keys” which can unlock Windows devices allegedly protected by Secure Boot.The researchers sounded the alarm, saying Microsoft messed up and accidentally leaked the security key which is supposed to protect Windows devices from attackers as a box boots up. This same flaw could be used by the machine’s owner to jailbreak a locked box and run a different OS like Linux – anything really, so long as it is cryptographically signed.To read this article in full or to leave a comment, please click here

Melding Hyperscale And HPC To Reach Exascale

It is going to take a lot of different things to build an exascale system. One of them is money, and the other is a lot of good – and perhaps unconventional – ideas. It may also take more cooperation between the hyperscale and HPC communities, who both stand to benefit from the innovation.

As a professor of computer architectures at the University of Manchester, the director of technology and systems at chip designer ARM, and the founder of a company called Kaleao to create microservers that implement many of his architectural ideas, John Goodacre has some strong opinions about

Melding Hyperscale And HPC To Reach Exascale was written by Timothy Prickett Morgan at The Next Platform.

Raspberry Pi roundup: Keys to Pi foundry changing hands; Pi in the ocean, sky

One reason the Raspberry Pi’s runaway success has been a fun story to cover is that it’s very non-corporate – there’s relatively little branding silliness or careful PR stage management involved, and journalists like me instead get to write about an inventive little tool that is letting normal people around the world accomplish interesting and creative things.Yet the business side does, occasionally, rear its ugly head – late last month, U.S.-based electronics vendor Avnet purchased Premier Farnell, one of two licensed manufacturers of the Raspberry Pi, for about $900 million.+ ALSO ON NETWORK WORLD: How a 96-year-old company modernized its infrastructure by embracing innovation | Oracle says it didn’t ask employee to cook cloud accounts+To read this article in full or to leave a comment, please click here

DC Fabric Segment Routing Use Case (3)

In the second post in this series, we considered the use of IGP-Prefix segments to carry a flow along a specific path in a data center fabric. Specifically, we looked at pulling the green flow in this diagram—

benes-segment-02

—along the path [A,F,G,D,E]. Let’s assume this single flow is an elephant flow that we’re trying to separate out from the rest of the traffic crossing the fabric. So—we’ve pulled the elephant flow onto its own path, but this still leaves other flows to simple ECMP forwarding through the fabric. This means some number of other flows are still going to follow the [A,F,G,D,E] path. The flows that are randomly selected (or selected by the ECMP has) to follow the same path as the elephant flow are still going to contend with the elephant flow for queue space, etc.

So we need more than just a way to pull an elephant flow onto a specific path. In fact, we also need a way to pull a specific set of flows off a particular path in the ECMP set. Returning to our diagram, assume we want all the traffic other than the elephant flow to be load shared between H and B, and Continue reading

Nervana CEO on Intel Acquisition, Future Technology Outlook

Following yesterday’s acquisition of deep learning chip startup Nervana Systems by Intel, we talked with the company’s CEO, Naveen Rao, about what plans are for both the forthcoming hardware and internally developed Neon software stack now that the technology is under a much broader umbrella.

Media outlets yesterday reported the acquisition was $350 million, but Rao tells The Next Platform it was not reported correctly and is actually more than that. He was not allowed to state the actual amount but said it was quite a bit higher than the figure given yesterday.

Nervana had been seeking a way to

Nervana CEO on Intel Acquisition, Future Technology Outlook was written by Nicole Hemsoth at The Next Platform.

Docker Online Meetup # 41: Docker Captains Share their Tips and Tricks for Built In Docker Orchestration

It’s been nearly two weeks since Docker released Docker 1.12 as generally available for production environments, introducing a number of new features and concepts to the Docker project. Our #DockerCaptain team has already started to dig in and share their learnings with the community via blog posts, talks and peer-to-peer help. Docker Captains are technology experts who have been awarded the distinction of being a Docker Captain in part because of their passion for sharing their Docker knowledge with others. So, we’ve invited three of our Docker Captains to speak at the next Docker Online Meetup on August 31st and share their tips and tricks for using Docker 1.12. Continue reading

Disable WPAD now or have your accounts and private data compromised

The Web Proxy Auto-Discovery Protocol (WPAD), enabled by default on Windows and supported by other operating systems, can expose computer users' online accounts, web searches, and other private data, security researchers warn.Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections, said Alex Chapman and Paul Stone, researchers with U.K.-based Context Information Security, during the DEF CON security conference this week.WPAD is a protocol, developed in 1999 by people from Microsoft and other technology companies, that allows computers to automatically discover which web proxy they should use. The proxy is defined in a JavaScript file called a proxy auto-config (PAC) file.To read this article in full or to leave a comment, please click here

Disable WPAD now or have your accounts and private data compromised

The Web Proxy Auto-Discovery Protocol (WPAD), enabled by default on Windows and supported by other operating systems, can expose computer users' online accounts, web searches, and other private data, security researchers warn.Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections, said Alex Chapman and Paul Stone, researchers with U.K.-based Context Information Security, during the DEF CON security conference this week.WPAD is a protocol, developed in 1999 by people from Microsoft and other technology companies, that allows computers to automatically discover which web proxy they should use. The proxy is defined in a JavaScript file called a proxy auto-config (PAC) file.To read this article in full or to leave a comment, please click here

Disable WPAD now or have your accounts and private data compromised

The Web Proxy Auto-Discovery Protocol (WPAD), enabled by default on Windows and supported by other operating systems, can expose computer users' online accounts, web searches, and other private data, security researchers warn.Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections, said Alex Chapman and Paul Stone, researchers with U.K.-based Context Information Security, during the DEF CON security conference this week.WPAD is a protocol, developed in 1999 by people from Microsoft and other technology companies, that allows computers to automatically discover which web proxy they should use. The proxy is defined in a JavaScript file called a proxy auto-config (PAC) file.To read this article in full or to leave a comment, please click here

Worth Reading: Exploiting man in the middle against HTTPS

A key guarantee provided by HTTPS encryption is that the addresses of visited websites aren’t visible to attackers who may be monitoring an end user’s network traffic. Now, researchers have devised an attack that breaks this protection. The attack can be carried out by operators of just about any type of network, including public Wi-Fi networks, which arguably are the places where Web surfers need HTTPS the most. It works by abusing a feature known as WPAD—short for Web Proxy Autodisovery—in a way that exposes certain browser requests to attacker-controlled code. —ARS Technica

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Exploiting man in the middle against HTTPS appeared first on 'net work.

Four things to consider before upgrading your data center net to 25G

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Hyperscale public cloud providers and social media giants have already made the jump to 40Gbps Ethernet for their server and storage connectivity for lower total cost of ownership (TCO) and operational efficiency, and now they are migrating to 50 and 100Gbps Ethernet.Forward thinking enterprises are looking at these hyperscale giants and trying to understand how to achieve Webscale IT efficiencies on an enterprise scale IT budget. Rather than bolting from 10Gbps server connectivity straight to 100Gbps, many are considering 25Gbps as an affordable and less disruptive step that will still provide significant performance improvements.To read this article in full or to leave a comment, please click here

1 2,721 2,722 2,723 2,724 2,725 3,809