Much ado about the ransomware scourge

The Federal Trade Commission said it will hold a public workshop about all things ransomware on Sept. 7.“With alarming frequency, ransomware hackers are sneaking into consumer and business computers, encrypting files containing photos, documents and other important data, and then demanding a ransom in exchange for the key needed to decrypt the files. Consumers, businesses, and government agencies are falling prey to these schemes, including hospitals whose servers may contain sensitive patient data. New forms of ransomware encrypt files of website operators, threatening not only their files containing stored data, but the very files needed to operate their websites. Other variants of ransomware are now targeting files on mobile devices,” the FTC wrote.To read this article in full or to leave a comment, please click here

Much ado about the ransomware scourge

The Federal Trade Commission said it will hold a public workshop about all things ransomware on Sept. 7.“With alarming frequency, ransomware hackers are sneaking into consumer and business computers, encrypting files containing photos, documents and other important data, and then demanding a ransom in exchange for the key needed to decrypt the files. Consumers, businesses, and government agencies are falling prey to these schemes, including hospitals whose servers may contain sensitive patient data. New forms of ransomware encrypt files of website operators, threatening not only their files containing stored data, but the very files needed to operate their websites. Other variants of ransomware are now targeting files on mobile devices,” the FTC wrote.To read this article in full or to leave a comment, please click here

Much ado about the ransomware scourge

The Federal Trade Commission said it will hold a public workshop about all things ransomware on Sept. 7.“With alarming frequency, ransomware hackers are sneaking into consumer and business computers, encrypting files containing photos, documents and other important data, and then demanding a ransom in exchange for the key needed to decrypt the files. Consumers, businesses, and government agencies are falling prey to these schemes, including hospitals whose servers may contain sensitive patient data. New forms of ransomware encrypt files of website operators, threatening not only their files containing stored data, but the very files needed to operate their websites. Other variants of ransomware are now targeting files on mobile devices,” the FTC wrote.To read this article in full or to leave a comment, please click here

IBM’s big cloud win

IBM today announced that Workday, the popular SaaS-based enterprise application company, will use the SoftLayer cloud as its primary development platform for new applications as part of a multi-year deal worth an undisclosed amount.The move is significant because it comes on the heels of another major SaaS vendor – Salesforce.com – announcing it chose Amazon Web Services as its development partner earlier this year. SaaS vendors are buddying up with IaaS providers to help build out their future applications.+MORE AT NETWORK WORLD: Why Salesforce linking up with Amazon is a big deal in the cloud +To read this article in full or to leave a comment, please click here

12% off Texas Instruments TI-84 Plus Graphics Calculator – Deal Alert

If a graphic calculator is somewhere on your list, consider this 12% discount on the Texas Instruments TI-84 Plus graphing calculator. Building on the hugely popular TI-83 Plus, which is perhaps the best-selling calculator of all time, the TI-84 Plus is completely compatible with its predecessor. From that well-established platform, this new model adds more speed (a processor that's 2.5 times faster), more memory (24 KB RAM and 480 KB of Flash ROM), an enhanced high-contrast display (eight lines by 16 characters), and more Apps. Newly added "USB on the go" feature lets you share with other calculators, or connect to a PC or presentation tool. Ideal for middle school through college. The TI-84 Plus currently averages 4.5 out of 5 stars on Amazon from over 2,900 customers (read reviews). Save 12% off the regular $100 list price on Amazon, and buy it now for $88. Oh, and it might not hurt to drop this in your cart while you're there: Ti-84 Plus Graphing Calculator For Dummies. To read this article in full or to leave a comment, please click here

snaproute Go BGP Code Dive (8): Moving to Open

Last week we left off with our BGP peer in connect state after looking through what this code, around line 261 of fsm.go in snaproute’s Go BGP implementation—

func (st *ConnectState) processEvent(event BGPFSMEvent, data interface{}) {
  switch event {
  ....
    case BGPEventConnRetryTimerExp:
      st.fsm.StopConnToPeer()
      st.fsm.StartConnectRetryTimer()
      st.fsm.InitiateConnToPeer()
....

What we want to do this week is pick up our BGP peering process, and figure out what the code does next. In this particular case, the next step in the process is fairly simple to find, because it’s just another case in the switch statement in (st *ConnectState) processEvent

case BGPEventTcpCrAcked, BGPEventTcpConnConfirmed:
  st.fsm.StopConnectRetryTimer()
  st.fsm.SetPeerConn(data)
  st.fsm.sendOpenMessage()
  st.fsm.SetHoldTime(st.fsm.neighborConf.RunningConf.HoldTime,
    st.fsm.neighborConf.RunningConf.KeepaliveTime)
  st.fsm.StartHoldTimer()
  st.BaseState.fsm.ChangeState(NewOpenSentState(st.BaseState.fsm))
....

This looks like the right place—we’re looking at events that occur while in the connect state, and the result seems to be sending an open message. Before we move down this path, however, I’d like to be certain I’m chasing the right call chain, or logical thread. How can I do this? This code is called when (st *ConnectState) processEvent is called with an event Continue reading

Cisco uncovers security threat in industrial control system

Cisco’s security intelligence and research group Talos, said that it had reported a serious vulnerability in Rockwell Automation’s industrial control system – the MicroLogix 1400 programmable logic controller (PLC).The Simple Network Management Protocol exploit could let an attacker take complete remote control of the MicroLogix system and modify the device firmware, letting an invader run his own malicious code on the device.   Rockwell Automation Rockwell Automation’s MicroLogix systemTo read this article in full or to leave a comment, please click here

Cisco uncovers security threat in industrial control system

Cisco’s security intelligence and research group Talos, said that it had reported a serious vulnerability in Rockwell Automation’s industrial control system – the MicroLogix 1400 programmable logic controller (PLC).The Simple Network Management Protocol exploit could let an attacker take complete remote control of the MicroLogix system and modify the device firmware, letting an invader run his own malicious code on the device.   Rockwell Automation Rockwell Automation’s MicroLogix systemTo read this article in full or to leave a comment, please click here

Your next 10 security pain points

Going to security conferences always stimulates my imagination. It makes me think outside of the box and remove the cruff that develops when I sit inside my lab too long—staring at vCenter monitors, 10 open bash sessions, security consoles, and emails from colleagues swallowing Xanax.+ Also on Network World: Cyber attacks are on the rise +If advanced persistent threats (APTs), certificate authorities (CAs) with IQs of 77, vendor patches bordering on oxymoronic, and hyper-aggressive agile development weren’t enough, I’ll summarize what I believe are your next 10 security pain points.To read this article in full or to leave a comment, please click here

Getting Cloud Out Of A Fugue State

The polyphonic weavings of a fugue in baroque music is a beautiful thing and an apt metaphor for how we want orchestration on cloud infrastructure to behave in a harmonic fashion. Unfortunately, most cloudy infrastructure is in more of a fugue state, complete with multiple personalities and amnesia.

A startup founded by some architects and engineers from Amazon Web Services wants to get the metaphor, and therefore the tools, right and have just popped out of stealth mode with a company aptly called Fugue to do just that.

Programmers are in charge of some of the largest and most profitable

Getting Cloud Out Of A Fugue State was written by Timothy Prickett Morgan at The Next Platform.

How PayPal Scaled to Billions of Transactions Daily Using Just 8VMs

How did Paypal take a billion hits a day system that might traditionally run on a 100s of VMs and shrink it down to run on 8 VMs, stay responsive even at 90% CPU, at transaction densities Paypal has never seen before, with jobs that take 1/10th the time, while reducing costs and allowing for much better organizational growth without growing the compute infrastructure accordingly? 

PayPal moved to an Actor model based on Akka. PayPal told their story here: squbs: A New, Reactive Way for PayPal to Build Applications. They open source squbs and you can find it here: squbs on GitHub.

The stateful service model still doesn't get enough consideration when projects are choosing a way of doing things. To learn more about stateful services there's an article, Making The Case For Building Scalable Stateful Services In The Modern Era, based on an great talk given by Caitie McCaffrey. And if that doesn't convince you here's WhatsApp, who used Erlang, an Akka competitor, to achieve incredible throughput: The WhatsApp Architecture Facebook Bought For $19 Billion.

I refer to the above articles because the PayPal article is short on architectural details. It's more about the factors the led the selection of Akka and the Continue reading

IDG Contributor Network: Blockchain ripe for IoT security and monetization

Both the securing of the Internet of Things, as well as the monetizing of it, are roles for blockchain technology, experts say.In one developing case, the Isle of Man, a self-governing British dependency located just off the U.K. mainland, is testing the use of a blockchain prototype to try to preemptively see-off IoT hacking, according to Financial News, which wrote about the island’s efforts.The island is a financial center and is looking to expand its offerings through fintech. It’s already involved in digital currency.To read this article in full or to leave a comment, please click here

Pokémon Go ransomware creates Windows backdoor account, spreads to all other drives

If you build it and it’s popular, they will come; it being an app, and they being cyber criminals. This time it’s Pokémon Go ransomware, which goes the extra mile by adding a hidden backdoor Windows admin account, spreading to other drives and creating network shares.Michael Gillespie discovered Hidden Tear ransomware disguised as a Pokémon Go app on a Windows Phone. But it’s not the standard ransomware. Bleeping Computer explained, “This developer has put in extra time to include features that are not found in many, if any, other ransomware variants.”To read this article in full or to leave a comment, please click here

Pokémon Go ransomware creates Windows backdoor account, spreads to all other drives

If you build it and it’s popular, they will come; it being an app, and they being cyber criminals. This time it’s Pokémon Go ransomware, which goes the extra mile by adding a hidden backdoor Windows admin account, spreading to other drives and creating network shares.Michael Gillespie discovered Hidden Tear ransomware disguised as a Pokémon Go app on a Windows Phone. But it’s not the standard ransomware. Bleeping Computer explained, “This developer has put in extra time to include features that are not found in many, if any, other ransomware variants.”To read this article in full or to leave a comment, please click here

1 2,722 2,723 2,724 2,725 2,726 3,819