0

macOS Sierra’s beta cadence points to October launch

Apple's macOS Sierra has been on a slower tempo of preview releases than last year's El Capitan, hinting that the upgrade will launch in October. macOS Sierra's release tempo of developer preview builds (in green) is about two weeks behind the 2015 timetable of El Capitan (in red), hinting at a later launch this year, perhaps around mid-October. Although Apple has been somewhat more transparent in its development process -- earlier this year it launched a new preview program for the Safari browser -- the Cupertino, Calif. company still does not publicly mark release dates on a calendar.To read this article in full or to leave a comment, please click here

0

Keep using password managers — bugs and all

Bugs in several password managers, including the vulnerabilities discovered in LastPass in late July, have scared away some users. But such fears go too far. Millions of users rely on password managers to keep track of passwords for applications and online services, and by all indications, they work better than trying to do it on your own.Security victories should be embraced -- including password managers, which automatically generate complex strings of characters as passwords and deploy a unique password for each site or application. Password managers solve several authentication problems, including easily-cracked passwords and password reuse.To read this article in full or to leave a comment, please click here

0

Keep using password managers — bugs and all

Bugs in several password managers, including the vulnerabilities discovered in LastPass in late July, have scared away some users. But such fears go too far. Millions of users rely on password managers to keep track of passwords for applications and online services, and by all indications, they work better than trying to do it on your own.Security victories should be embraced -- including password managers, which automatically generate complex strings of characters as passwords and deploy a unique password for each site or application. Password managers solve several authentication problems, including easily-cracked passwords and password reuse.To read this article in full or to leave a comment, please click here

0

Ford remains wary of Tesla-like autonomous driving features

At a time when Tesla has already rolled out advanced autonomous driving features in its cars, Ford is proceeding more cautiously because it believes the industry is not ready to hand over such features to consumers.On Tuesday, Ford announced that by 2021 it plans to offer a fully self-driving (autonomous) vehicle for multi-passenger shuttles and ride-hailing services such as Uber. The vehicle will be manufactured with no steering wheel, no gas or brake pedal. In other words, no driver necessary.Well before 2021, Ford will be testing prototypes on U.S. roadways of those fully-autonomous vehicles, according to Randy Visintainer, director of Autonomous Vehicles at Ford. The automaker hopes a fleet of self-driving vehicle shuttles and ride-hailing services can tap into a market that includes the elderly, infirm or young who are not able to drive.To read this article in full or to leave a comment, please click here

0

The 15 most exciting PC games still coming in 2016

The best of what's to comeFeel that chill breeze in the air? Okay, maybe not—it’s still August, after all. But fall will be here soon enough, and with it the vaunted “Holiday Season,” aka the four-month span wherein every publisher releases its most promising video games at the same time in some sort of ridiculous consumer gladiator match.Despite some high-profile games slipping into 2017 already (damn it, Mass Effect Andromeda), there’s still quite a bit to be excited about in 2016. We’ve gone ahead and picked the 15 titles we’re looking forward to most—from Deus Ex (August 23) to South Park (December 6) and everything in between.To read this article in full or to leave a comment, please click here

0

Twitter suspends 360,000 accounts for terrorist ties

Twitter continues to fight to keep terrorist groups and sympathizers from using its service. The social network announced today that in the last six months it has suspended 235,000 accounts for violating its policies related to the promotion of terrorism. In February, Twitter reported that it had suspended 125,000 accounts since mid-2015 for terrorist-related reasons. That means Twitter has suspended 360,000 accounts since the middle of last year. "Since that [February] announcement, the world has witnessed a further wave of deadly, abhorrent terror attacks across the globe," the company wrote in a blog post. "We strongly condemn these acts and remain committed to eliminating the promotion of violence or terrorism on our platform."To read this article in full or to leave a comment, please click here

0

Sample Ansible Networking Playbooks on Github

I spent the last week creating numerous scenarios using Ansible networking modules for my upcoming Network Automation workshop. The scenarios use Cisco IOS and Nexus OS modules as I used VIRL for network simulation, but you could easily adapt them to other networking devices.

All the scenarios I’m covering in the workshop are available in my Github repository; to get the them explained you’ll have to attend the workshop. Enjoy!

0

Packet Blast: Top Tech Blogs, Aug. 19

0

Eddie Bauer is latest retailer to be hit by point-of-sale malware

Clothing retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information. All the retailer’s stores in the U.S. and Canada, numbering about 350, were affected, a company spokesman disclosed Thursday. He added that the retailer is not disclosing the number of customers affected. The card information harvested included cardholder name, payment card number, security code and expiration date. The retailer said that information of payment cards used at its stores on various dates between Jan. 2 and July 17, 2016 may have been accessed, but added that not all cardholder transactions were affected. Payment card information that was used for online purchases at its website was not affected.To read this article in full or to leave a comment, please click here

0

Eddie Bauer is latest retailer to be hit by point-of-sale malware

Clothing retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information. All the retailer’s stores in the U.S. and Canada, numbering about 350, were affected, a company spokesman disclosed Thursday. He added that the retailer is not disclosing the number of customers affected. The card information harvested included cardholder name, payment card number, security code and expiration date. The retailer said that information of payment cards used at its stores on various dates between Jan. 2 and July 17, 2016 may have been accessed, but added that not all cardholder transactions were affected. Payment card information that was used for online purchases at its website was not affected.To read this article in full or to leave a comment, please click here

0

Are your fragile packages safe? Ask Intel’s tiny IoT chip

Tags on a fragile packages may someday be able to say whether the goods are riding safely in the back of a truck or bouncing around in a hazardous way.If Intel follows through on an IoT research project it demonstrated at Intel Developer Forum this week, those tags could report on shipping conditions in real time without needing a battery to stay powered. After the package is delivered, the label might even be disposable. Stephen Lawson Intel demonstrated a prototype "smart tag" for packages at Intel Developer Forum in San Francisco on Aug. 16, 2016. The tag could detect motion and show it on a chart in real time.To read this article in full or to leave a comment, please click here

0

The NSA’s hoard of cyber weapons makes some experts nervous

The disclosure this week of a cache of files supposedly stolen from the National Security Agency has put a spotlight on secret cyber weapons the NSA has been holding -- and whether they should be disclosed.Security researchers have been poring over a sample set of hacking tools that may have been stolen from the NSA.An anonymous group called the Shadow Brokers has posted the samples online and is auctioning off the rest, claiming they contain cyber weapons that rival the Stuxnet computer worm.Experts say the whole matter points to the danger of the NSA hoarding cyber weapons: they could fall into the wrong hands.To read this article in full or to leave a comment, please click here

0

The NSA’s hoard of cyber weapons makes some experts nervous

The disclosure this week of a cache of files supposedly stolen from the National Security Agency has put a spotlight on secret cyber weapons the NSA has been holding -- and whether they should be disclosed.Security researchers have been poring over a sample set of hacking tools that may have been stolen from the NSA.An anonymous group called the Shadow Brokers has posted the samples online and is auctioning off the rest, claiming they contain cyber weapons that rival the Stuxnet computer worm.Experts say the whole matter points to the danger of the NSA hoarding cyber weapons: they could fall into the wrong hands.To read this article in full or to leave a comment, please click here

0

IPv6 Performance – Revisited

Every so often I hear the claim that some service or other has deliberately chosen not to support IPv6, and the reason cited is not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service over IPv6 they would be exposing their clients to an inferior level of performance of the service. But is this really the case?

0

EQGRP tools are post-exploitation

A recent leak exposed hackings tools from the "Equation Group", a group likely related to the NSA TAO (the NSA/DoD hacking group). I thought I'd write up some comments.

Despite the existence of 0days, these tools seem to be overwhelmingly post-exploitation. They aren't the sorts of tools you use to break into a network -- but the sorts of tools you use afterwards.

The focus of the tools appear to be about hacking into network equipment, installing implants, achievement permanence, and using the equipment to sniff network traffic.

Different pentesters have different ways of doing things once they've gotten inside a network, and this is reflected in their toolkits. Some focus on Windows and getting domain admin control, and have tools like mimikatz. Other's focus on webapps, and how to install hostile PHP scripts. In this case, these tools reflect a methodology that goes after network equipment.

It's a good strategy. Finding equipment is easy, and undetectable, just do a traceroute. As long as network equipment isn't causing problems, sysadmins ignore it, so your implants are unlikely to be detected. Internal network equipment is rarely patched, so old exploits are still likely to work. Some tools appear to target Continue reading

0

Intel’s new Atom chips bring 4K video to VR headsets, robots

In 2009, Apple CEO Tim Cook memorably trashed Atom-based netbooks for being "junky" hardware that underperformed. Intel's Atom chips have come a long way since, with the latest generation code-named Broxton boasting the most impressive improvements.The new Atom T5500 and 5700 chips have features found in low-end PC processors, but the chips are instead targeted at robots, drones, wearables, and smart home devices.A standout feature is 4K decoding and encoding capabilities, which could allow the chips to be used in virtual reality and augmented reality headsets.Intel showed smart glasses, a bartending robot, and a smart motorcycle helmet with the Broxton chips at the Intel Developer Forum this week. Intel also said the chips could be used be in storage or media servers.To read this article in full or to leave a comment, please click here

0

VMware NSX Breakout Session Guide – Introductory, Intermediate, Advanced #VMworld 2016

The VMware NSX network virtualization platform is bringing game-changing capabilities and benefits to businesses and organizations across a wide spectrum of industries. We have sessions covering strategic initiatives like security, automation, and application continuity, as well as more tactical use cases like micro-segmentation, IT automating IT, disaster recovery, and more. On top of that, there are sessions covering the NSX platform and operationalizing NSX.  These sessions are offered in a variety of formats and range from introductory sessions perfect for those new to NSX or network virtualization, to intermediate sessions that dive into the deeper technical aspects of NSX, to advanced sessions for NSX veterans and networking experts.

And I know you’ve heard me say this before…but take a look at the list of the breakout sessions below, and then check out the schedule builder on VMworld.com to organize your week.

We’re looking forward to seeing you at VMworld US 2016.

Monday, August 29

Time	Level	Session ID	Session Title
12:30 PM – 1:30 PM	Introductory	NET7834	Introduction to VMware NSX
12:30 PM – 1:30 PM	Introductory	NET8675	The Practical Path to NSX
2:00 PM – 3:00 PM	Introductory	SEC7836	Introduction to Security with VMware NSX
3:30 PM Continue reading

0

A new algorithm can hide messages in your favorite dance music

It's long been known that secret messages can be included in music through techniques such as backmasking, but now a Polish researcher has developed an entirely new approach. By subtly varying the tempo of a particular type of dance music, he's managed to encode information in a way that's completely inaudible to human listeners.StegIbiza is an algorithm for hiding information in a type of dance music known as Ibiza, which originates on the island by the same name in the western Mediterranean Sea. Ibiza music is characterized by its trance-like beat, and that's what Krzysztof Szczypiorski, a professor at Poland's Warsaw University of Technology, made use of.To read this article in full or to leave a comment, please click here

0

A new algorithm can hide messages in your favorite dance music

It's long been known that secret messages can be included in music through techniques such as backmasking, but now a Polish researcher has developed an entirely new approach. By subtly varying the tempo of a particular type of dance music, he's managed to encode information in a way that's completely inaudible to human listeners.StegIbiza is an algorithm for hiding information in a type of dance music known as Ibiza, which originates on the island by the same name in the western Mediterranean Sea. Ibiza music is characterized by its trance-like beat, and that's what Krzysztof Szczypiorski, a professor at Poland's Warsaw University of Technology, made use of.To read this article in full or to leave a comment, please click here

0

HipChat beats Slack to the punch with group video calling

It just became easier for HipChat customers to get some face time with each another whenever they want it. The company has launched new group video calling and screen sharing functionality that lets up to 10 other people share a virtual face-to-face meeting. Users can spin up a call in a HipChat channel, or bring additional people into a one-on-one video call. That way, people who work in far-flung teams can get onto the same page face-to-face, using the same software that they count on for text chat during the day. HipChat's announcement Thursday is a move to compete with both consumer services like Skype and Google Hangouts, as well as workplace videoconferencing systems like Lifesize and Skype for Business. The launch is particularly important for HipChat's competition with Slack, which recently added group voice calls and has video calling on its roadmap. To read this article in full or to leave a comment, please click here