IoT security suffers from a lack of awareness

As consumers we have become obsessed with connected devices. We like the idea of smart homes, smart cars, smart TVs, smart refrigerators or any machine that can be automated with sensors and an IP address. Yet fewer tasks in IT today inspire more fear than the prospect of protecting corporate networks from this proliferating wave of connected devices. The internet of things phenomenon expands the threat surface exponentially, in turn boosting business risk.But CIOs often aren’t aware of all of the devices that make inviting targets for hackers. "One of the fundamental issues that faces the internet of things is knowing that they're there and giving them some identity,” says Gartner analyst Earl Perkins. "You can't manage what you can't see."To read this article in full or to leave a comment, please click here

Taking A Long View On HPC And Beyond

Bad things sometimes happen to good companies, but the great ones are resilient; they ride out the difficulties and keep forging ahead. So it will be with Cray, which does not just make massive-scale machines aimed at supercomputing centers but analytics engines that will see wider adoption among enterprises.

We have said it before and we will say it again: You have to take a long view of the high performance computing business – and we are using that term in the broadest sense – and not look at it on a quarter-by-quarter or even year-by-year basis. And so it …

Taking A Long View On HPC And Beyond was written by Timothy Prickett Morgan at The Next Platform.

Buenos Aires

The post Buenos Aires appeared first on 'net work.

Feds need to do a better job of measuring telecommuting benefits

With one of the largest telecommuting communities – over 1 million -- in the country many of the Federal agencies that support it have little information to show about its benefits.Watchdogs at the Government Accountability Office this week issued a report that found that many agencies “had little data to support the benefits or costs associated with their telework programs. All of the selected agencies could provide some supporting documentation for some of the benefits and only two could provide supporting documentation for some of the costs.”+More on Network World: Black Hat: Quick look at hot issues+To read this article in full or to leave a comment, please click here

Feds need to do a better job of measuring telecommuting benefits

With one of the largest telecommuting communities – over 1 million -- in the country many of the Federal agencies that support it have little information to show about its benefits.Watchdogs at the Government Accountability Office this week issued a report that found that many agencies “had little data to support the benefits or costs associated with their telework programs. All of the selected agencies could provide some supporting documentation for some of the benefits and only two could provide supporting documentation for some of the costs.”+More on Network World: Black Hat: Quick look at hot issues+To read this article in full or to leave a comment, please click here

Rackspace Nears a Private Equity Buyout, Report Says

Apollo Global is reportedly negotiated a $3.5B price for the firm.

Why the ‘cyber kill chain’ needs an upgrade

One of the most popular models for analyzing cyberattacks doesn’t focus  enough on what to do after adversaries break into networks successfully, which they inevitable will do, Black Hat 2016 attendees were told this week in Las Vegas.“Every attacker will become an insider if they are persistent enough,” says Sean Malone, a security consultant who spoke at the conference. “We need to operate under a presumption of breach.”MORE: 'Mayhem" wins $2M first prize at DARPA Cyber Grand ChallengeTo read this article in full or to leave a comment, please click here

Why the ‘cyber kill chain’ needs an upgrade

One of the most popular models for analyzing cyberattacks doesn’t focus  enough on what to do after adversaries break into networks successfully, which they inevitable will do, Black Hat 2016 attendees were told this week in Las Vegas.“Every attacker will become an insider if they are persistent enough,” says Sean Malone, a security consultant who spoke at the conference. “We need to operate under a presumption of breach.”MORE: 'Mayhem" wins $2M first prize at DARPA Cyber Grand ChallengeTo read this article in full or to leave a comment, please click here

Python versus Go – Fighting in Prime Time

Which is faster, Python or Go? And by how much? This is the question I found myself asking earlier this week after troubleshooting a script that my son had written in Python to calculate prime numbers.

In The Red Corner – Python

My son worked out a fairly simple algorithm to generate prime numbers which we tweaked slightly to optimize it (things like not bothering to check even numbers, not checking divisors that are larger than 1/3 of the number, not checking any number ending in 5, and so on). I’m not saying that this is production-ready code, nor highly optimized, but it does appear to work, which is what matters. The resulting code looks like this:

#!/usr/bin/python

max = 100000

for tens in xrange(0,max,10):
    for ones in (1, 3, 7, 9):
        a = tens + ones

        halfmax = int(a/3) + 1
        prime = True

        for divider in xrange (3, halfmax, 2):
            if a % divider == 0:
                # Note that it's not a prime
                # and break out of the testing loop
                prime = False
                break

        # Check if prime is true
        if prime == True:
            print(a)

        # Fiddle to print 2 as prime
        if a == 1:
             Continue reading

Show 300: The IETF Is The Best We’ve Got & A Packet Pushers Update

Its Weekly Show 300! Time for an update about how show is doing, our public appearances, and then some tech news on Greg s trip to IETF 96 in Berlin. The post Show 300: The IETF Is The Best We’ve Got & A Packet Pushers Update appeared first on Packet Pushers.

Risk management: Picking the right tool for the job

At the DEFCON hacking conference's Lockpick Village, CSO's Steve Ragan chats with Austin Appel (aka Scorche), from TOOOL, about physical locks, lockpicking and risk management associated with locks.

UK government hit with new complaint about hacking abroad

A group of privacy advocates and internet providers has filed a new challenge to the U.K. government's use of bulk hacking abroad. U.K.-based Privacy International and five internet and communications providers aim to "bring the government's hacking under the rule of law," they said in a case lodged Friday with the European Court of Human Rights. Their application challenges the U.K. Investigatory Powers Tribunal's (IPT's) February refusal to rule on whether hacking efforts outside the U.K. by the GCHQ British intelligence service comply with the European Convention on Human Rights. That decision was part of a case brought by Privacy International against GCHQ back in 2014, and it effectively meant that the U.K. government could lawfully conduct bulk hacking of computers, mobile devices, and networks located anywhere outside of the UK, the group said.To read this article in full or to leave a comment, please click here

UK government hit with new complaint about hacking abroad

A group of privacy advocates and internet providers has filed a new challenge to the U.K. government's use of bulk hacking abroad. U.K.-based Privacy International and five internet and communications providers aim to "bring the government's hacking under the rule of law," they said in a case lodged Friday with the European Court of Human Rights. Their application challenges the U.K. Investigatory Powers Tribunal's (IPT's) February refusal to rule on whether hacking efforts outside the U.K. by the GCHQ British intelligence service comply with the European Convention on Human Rights. That decision was part of a case brought by Privacy International against GCHQ back in 2014, and it effectively meant that the U.K. government could lawfully conduct bulk hacking of computers, mobile devices, and networks located anywhere outside of the UK, the group said.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For August 5th, 2016

Hey, it's HighScalability time:

 

What does a 107 football field long battery building Gigafactory look like? A lot like a giant Costco. (tour)

 

If you like this sort of Stuff then please support me on Patreon.

• 60 billion: Facebook messages per day; 3x: Facebook messages compared to global SMS traffic; $15: min wage increases job growth; 85,000: real world QPS for Twitter's search; 2017: when MRAM finally arrives; $60M: Bitcoin heist, bigger than any bank robbery; 710m: Internet users in China; 


• Quotable Quotes:
  • @cmeik: When @eric_brewer told me that Go was good for building distributed systems, I couldn't help but think about this.
  • David Rosenthal: We can see the end of the era of data and computation abundance. Dealing with an era of constrained resources will be very different.In particular, enthusiasm for blockchain technology as A Solution To Everything will need to be tempered by its voracious demand for energy.
  • Dr Werner Vogels: What we’ve seen is a revolution where complete applications are being stripped of all their servers, and only code is being run. Quite a few companies are ripping out big pieces of Continue reading

Worth Reading: Hot Commodities

A Booz Allen Hamilton Industrial Cybersecurity Threat Briefing reports that cyber incidents targeting Integrated Control Systems (ICS), like the ones used to run the nation’s electric grid, reached an all-time high in 2015. The briefing also predicted that the number of these incidents will likely continue to increase, and cited nation-state backed groups as a key threat. —Lawfare

The post Worth Reading: Hot Commodities appeared first on 'net work.

A Fresh Look at Gaming Devices for Supercomputing Applications

Over the years there have been numerous efforts to use unconventional, low-power, graphics-heavy processors for traditional supercomputing applications—with varying degrees of success. While this takes some extra footwork on the code side and delivers less performance overall than standard servers, the power is far lower and the cost isn’t even in the same ballpark.

Glenn Volkema and his colleagues at the University of Massachusetts Dartmouth are among some of the most recent researchers putting modern gaming graphics cards to the performance per watt and application benchmark test. In looking at various desktop gaming cards (Nvidia GeForce, AMD Fury X, among …

A Fresh Look at Gaming Devices for Supercomputing Applications was written by Nicole Hemsoth at The Next Platform.

Black Hat 2016 wrap-up: Same stuff, different year?

IDG editors and writers Steve Ragan (CSO), Fahmida Rashid (InfoWorld) and Lucian Constantin (IDG News Service) offer their impressions of this year's Black Hat security conference.

‘Mayhem’ wins $2M first prize in DARPA Cyber Grand Challenge

Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a DARPA-sponsored Cyber Grand Challenge competition that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers.A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.BLACK HAT: Quick look at hot issuesTo read this article in full or to leave a comment, please click here

Researcher hides stealthy malware inside legitimate digitally signed files

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process.The attack method, developed by Tom Nipravsky, a researcher with cybersecurity firm Deep Instinct, might prove to be a valuable tool for criminals and espionage groups in the future, allowing them to get malware past antivirus scanners and other security products.The first part of Nipravsky's research, which was presented at the Black Hat security conference in Las Vegas this week, has to do with file steganography -- the practice of hiding data inside a legitimate file.To read this article in full or to leave a comment, please click here

Automation key to getting SDN security right

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Where did your network go?  We’re rapidly approaching a time when enterprises won’t be able to actually see their networks’ cables or the blinking router lights. Software defined networks drive efficiency and agility and make businesses more scalable and flexible. But SDNs also incite uncertainty about security because the network is moving out of plain sight.If you can’t see the network, how do you control and secure it?  One useful analogy is the anxiety some people feel when flying; they are afraid of flying yet aren’t at all anxious about driving a car. Yet, statistically, a plane is far safer than the car as a mode of transport.  The key issue here is control.  Sitting in the drivers’ seat, most of us feel in control. We know how to drive the car and how to stay safe. But we’re not at the controls of the plane and, what’s more, most of us don’t know how to fly them. It’s unfamiliar territory, with no visibility.To read this article in full or to leave a comment, please click here