Your Software is Safer in Docker Containers

The Docker security philosophy is Secure by Default. Meaning security should be inherent in the platform for all applications and not a separate solution that needs to be deployed, configured and integrated.

Today, Docker Engine supports all of the isolation features available in the Linux kernel. Not only that, but we’ve supported a simple user experience by implementing default configurations that provide greater protection for applications running within the Docker Engine, making strong security default for all containerized applications while still leaving the controls with the admin to change configurations and policies as needed.

But don’t take our word for it.  Two independent groups have evaluated Docker Engine for you and recently released statements about the inherent security value of Docker.

Gartner analyst Joerg Fritsch recently published a new paper titled How to Secure Docker Containers in Operation on this blog post.  In it Fritsch states the following:

“Gartner asserts that applications deployed in containers are more secure than applications deployed on the bare OS” because even if a container is cracked “they greatly limit the damage of a successful compromise because applications and users are isolated on a per-container basis so that they cannot compromise other containers or the host OS”.

Additionally, NCC Group contrasted the security Continue reading

Where the monsters live

The monsters read your full network traffic flow if they have your keys or you used weak ones.The monsters are in the hidden partitions of USB flash drives left in parking lots and technical conferences.The monsters are in the weakened smartphone OS that most of your users own.The monsters are in the containers you used from that interesting GitHub pull.The monsters are in the Cisco router where the Zero Day lives waiting for the NSA.The monsters are in the fake certificates your user swallowed in their browsers.The monsters are 10,000 CVEs that you never, ever checked.The monsters live inside your kernel, watching for the network traffic that brings them alive from their zombie state.To read this article in full or to leave a comment, please click here

Where the monsters live

The monsters read your full network traffic flow if they have your keys or you used weak ones.The monsters are in the hidden partitions of USB flash drives left in parking lots and technical conferences.The monsters are in the weakened smartphone OS that most of your users own.The monsters are in the containers you used from that interesting GitHub pull.The monsters are in the Cisco router where the Zero Day lives waiting for the NSA.The monsters are in the fake certificates your user swallowed in their browsers.The monsters are 10,000 CVEs that you never, ever checked.The monsters live inside your kernel, watching for the network traffic that brings them alive from their zombie state.To read this article in full or to leave a comment, please click here

Epic Games forum hack underscores the need to install security patches

A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch.On Monday, Epic Games reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers.  To read this article in full or to leave a comment, please click here

Epic Games forum hack underscores the need to install security patches

A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch.On Monday, Epic Games reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers.  To read this article in full or to leave a comment, please click here

Do what you love?

How many times have you heard this? Or this?

Love-Quote-Do-what-you-love-and-you'll-never-work-a-day-in-your-life 92bce9fa2b136aa1c3ca5839e4aafad9

Two of the most oft repeated, and driven home, ideas in modern times are be true to yourself and do what you love. But just because they’re oft repeated and driven home doesn’t mean they are actually true. The problem with both statements is they have just enough truth to sound really plausible—and yet they are both simplistic enough to be dangerous when taken raw.

Or maybe it’s just that I’m a grumpy old man who’s been in a bad mood for the last couple of weeks, and misery likes company. ?

Let’s try to put some reality into the do what you love statement.

Sometimes you’re just not very good at what you love to do. When I was a kid, I wanted to be an artist. And then a musician. Apparently there are no real jobs for artists or musicians with my somewhat mediocre skills in these two areas. I just have to face it—I’m never going to be a professional basketball player, either. Sometimes it doesn’t matter how much you love something, you just don’t have the skills to master it.

Sometimes there’s just no market for what you Continue reading

MIT researchers discover method to triple wireless speeds

MIT researchers have found a way to transfer wireless data using a smartphone at a speed about three times faster and twice as far as existing technology.The researchers developed a technique to coordinate multiple wireless transmitters by synchronizing their wave phases, according to a statement from MIT on Tuesday. Multiple independent transmitters will be able to send data over the same wireless channel to multiple independent receivers without interfering with each other.Since wireless spectrum is scarce, and network congestion is only expected to grow, the technology could have important implications.ALSO ON NETWORK WORLD 9 tips for speeding up your business Wi-Fi The researchers called the approach MegaMIMO 2.0 (Multiple Input, Multiple Output) .To read this article in full or to leave a comment, please click here

For Your Ears: Citizens of Tech Podcast 40

In this show, we get into what expiration dates on packaged food and drugs really mean. How should you react when the date expires? If you assume, “Throw it out to be safe,” you’d be wrong.

We also chat about dealing with password expiration policies. They must be super complex and changed frequently, right? Maybe not. Super complex and frequently changed means hard to remember, which studies show can lead to less security, not more.

IBM has manufactured an artificial neuron, which isn’t so interesting by itself. We’ve been here before. The interesting bit is the material used to behave like a neuronal membrane. A genuine advance.

Microsoft has announced a smaller XBoxOne S, now with 4K capabilities. Just not gaming 4K capabilities.

Blackberry is on permanent deathwatch now, as they have begun the, “All else has failed, so let’s litigate,” phase of operations.

All that, plus our regular “Content I Like” and “Today I Learned” features.

Expiring Stochastic Passwords – Citizens of Tech 040

ARM Puts Some Muscle Into Vector Number Crunching

If the ARM processor in its many incarnations is to take on the reigning Xeon champ in the datacenter and the born again Power processor that is also trying to knock Xeons from the throne, it is going to need some bigger vector math capabilities. This is why, as we have previously reported, supercomputer maker Fujitsu has teamed up with ARM holdings to add better vector processing to the ARM architecture.

Details of that new vector format, known as Scalable Vector Extension (SVE), were revealed by ARM at the Hot Chips 28 conference in Silicon Valley, and any licensee

ARM Puts Some Muscle Into Vector Number Crunching was written by Timothy Prickett Morgan at The Next Platform.

IDG Contributor Network: Is the IT services industry at a crossroads?

Much ink has been spilled over the changing IT services industry. Indeed, it is an industry well acquainted with—and perhaps even born out of—change. But the velocity of technological advancement happening today is unprecedented.Is the industry truly at a crossroads?The established industry players are dealing with two distinct macro shifts. IT outsourcing provider Infosys calls them “Renew” and “New.” Allow me to explain.+ Also on Network World: $1 trillion in IT spending to be ‘affected’ by the cloud +To read this article in full or to leave a comment, please click here

OIG finds security flaws in wireless networks at federal health service data centers

Security holes which could lead to “unauthorized access” to personally identifiable information is not something you want to hear in regards to the wireless networks of a federal agency tasked with collecting and storing financial and health care information. Yet a recent Office of Inspector General report did say it found vulnerabilities in the wireless networks of Centers for Medicare & Medicaid Services (CMS); if exploited, it could lead to unauthorized access and even “disruption of critical operations.”The OIG at the Department of Health and Human Services (HHS) conducted a wireless penetration test on 13 CMS data centers and facilities; CMS, an agency within HHS, administers federal healthcare programs such as Medicare, Medicaid and the Children’s Health Insurance Program. The agency “collects, generates and stores financial and health care information.”To read this article in full or to leave a comment, please click here

OIG finds security flaws in wireless networks at federal health service data centers

Security holes which could lead to “unauthorized access” to personally identifiable information is not something you want to hear in regards to the wireless networks of a federal agency tasked with collecting and storing financial and health care information. Yet a recent Office of Inspector General report did say it found vulnerabilities in the wireless networks of Centers for Medicare & Medicaid Services (CMS); if exploited, it could lead to unauthorized access and even “disruption of critical operations.”The OIG at the Department of Health and Human Services (HHS) conducted a wireless penetration test on 13 CMS data centers and facilities; CMS, an agency within HHS, administers federal healthcare programs such as Medicare, Medicaid and the Children’s Health Insurance Program. The agency “collects, generates and stores financial and health care information.”To read this article in full or to leave a comment, please click here

Arista expands its telemetry solution to monitor the heartbeat of the network

An interesting thing happened last week that drove home the importance of network telemetry.My wife saw a calendar invite from Arista where they wanted to pre-brief me on their upcoming telemetry launch. In addition to running ZK Research with me by doing most of the back office work, she is also a cardiac nurse and was interested in the content of the briefing because telemetry is a critical element of her job. In her field, cardiac telemetry is used to constantly monitor the heart and can quickly alert the nurse in real time if something bad is going on. If there’s any problem at all, like arrhythmia, they can use the data to take action and save the patient.To read this article in full or to leave a comment, please click here

Arista expands its telemetry solution to monitor the heartbeat of the network

An interesting thing happened last week that drove home the importance of network telemetry.My wife saw a calendar invite from Arista where they wanted to pre-brief me on their upcoming telemetry launch. In addition to running ZK Research with me by doing most of the back office work, she is also a cardiac nurse and was interested in the content of the briefing because telemetry is a critical element of her job. In her field, cardiac telemetry is used to constantly monitor the heart and can quickly alert the nurse in real time if something bad is going on. If there’s any problem at all, like arrhythmia, they can use the data to take action and save the patient.To read this article in full or to leave a comment, please click here

Worth Reading: A new bit flipping attack

We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips overarbitrary physical memory in a fully controlled way. FFS relies on hardware bugs to induce bit flips over memoryand on the ability to surgically control the physical memory layout to corrupt attacker-targeted data anywhere inthe software stack. We show FFS is possible today with very few constraints on the target data, by implementingan instance using the Rowhammer bug and memory deduplication (an OS feature widely deployed in production).Memory deduplication allows an attacker to reverse-map any physical page into a virtual page she owns as long as the page’s contents are known. Rowhammer, in turn, allows an attacker to flip bits in controlled (initially unknown) locations in the target page. -(PDF) Usenix via Schneier on Security

LinkedInTwitterGoogle+Facebook

The post Worth Reading: A new bit flipping attack appeared first on 'net work.

1 2,724 2,725 2,726 2,727 2,728 3,841