Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints

With so many elements in information security -- application, network infrastructure, the endpoint, perimeter defenses, and data-centric approaches -- it's easy to fall in the trap of touting one as more important than the other. But it's a mistake to consider information security as a series of silos when it's actually an intersection of different areas. That overlap is most evident with application and endpoint security.For Jeremiah Grossman, the new chief security strategist at security vendor Sentinel One, application security and endpoint security are just different steps in the kill chain. As the founder and former CTO of the consultancy WhiteHat Security, Grossman has been the go-to-expert for web application security for years, and his new focus on endpoint security at Sentinel One does not mean that he has given up on securing web applications.To read this article in full or to leave a comment, please click here

What security pros can learn from the networking team

No need to fightImage by Flickr/Peretz Partensky/REMIXEDIt's a familiar scenario: your security team wants—needs—to lock down part of your enterprise's network. And yet the network team resists you at every turn. Don't they understand that security is paramount? Do they want to get hacked?To read this article in full or to leave a comment, please click here

How to contract for outsourcing agile development

Agile software development methodologies are hardly new. But figuring out a way to adequately contract for them in IT outsourcing deal is.“Under traditional contracting approaches, there is an assumption that the development team can define, with some specificity, the ultimate ‘thing’ to be created supported by a detailed project plan and key milestones tied to client acceptance and financial payment triggers,” says Derek J. Schaffner, attorney in the Washington, D.C. office of law firm Mayer Brown. “These concepts are very easy to memorialize in a development agreement due to the linear nature of a traditional software development approach that commences with detailed planning, followed by design, coding, testing and deployment.”To read this article in full or to leave a comment, please click here

IDG Contributor Network: Videoconferencing leaks get plugged

Trade secret leaks through videoconference camera angles are about to become a thing of the past, according to scientists at Duke University.The researchers there say they’ve developed a system that will block camera shots that include confidential information, such as whiteboard presentations. The blocking advantage being that one will no longer have to carefully sweep an office backdrop for secrets, or disable the camera even, before placing or receiving videoconference calls—the call can simply be placed.Duke’s under-development system also works for smartphone camera shots of receipts, say, for expense accounting.To read this article in full or to leave a comment, please click here

Thwarting APT Attacks

Typical SDN Architectures

Now that we know which definitions of SDN make no sense (and which one might) let’s see what a typical architecture of an SDN solution might look like.

I described some of them in the SDN 101 webinar, for more details watch the SDN Architectures and Deployment Guidelines webinar.

HPE has won $3 billion in a lawsuit against Oracle

Hewlett Packard Enterprise has been awarded $3 billion in a lawsuit it brought against Oracle five years ago over a now largely forgotten Intel processor.The two sides had been fighting over Oracle's decision to stop developing versions of its software for Intel's Itanium, a server chip that never found much success in the market. After the jury verdict Thursday, Oracle said it planned to appeal.It's Oracle's second big court loss in as many months. In May, a jury rejected Oracle's claim that Google infringed its copyright when it copied parts of Java into Android. Oracle was seeking nearly $9 billion in that case. It plans to appeal that outcome, too.To read this article in full or to leave a comment, please click here

Tesla’s autopilot is being investigated after a fatal crash

Federal regulators are investigating Tesla's autopilot feature after a fatal crash involving a tractor trailer and one of its Model S cars.The U.S. National Highway Traffic Safety Administration opened the investigation after a man was killed while driving a Model S with the self-driving mode engaged."This is the first known fatality in just over 130 million miles where Autopilot was activated," Tesla said in a statement Thursday. It called the incident a "tragic loss."The car was on a divided highway when a tractor trailer made a left turn in front of the Tesla at an intersection. "Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied," Tesla said.To read this article in full or to leave a comment, please click here

This mobile Trojan from China fills your phone with porn apps

Malware that secretly installs porn apps on your phone is infecting devices by the millions, becoming the world’s largest mobile Trojan.The malware, called "Hummer," is a family of Trojans that imitate Android apps before striking, according to Cheetah Mobile, a maker of security and utility apps.The company’s researchers have been tracking Hummer since 2014. It's been infecting more than 1 million devices per day, far outpacing other kinds of mobile Trojans, the company said in a post on Wednesday.India, Indonesia, Turkey, China and Mexico are the top five countries where the Trojan has been spreading the most, but it's also hit victims in the U.S. and Europe.To read this article in full or to leave a comment, please click here

This mobile Trojan from China fills your phone with porn apps

Malware that secretly installs porn apps on your phone is infecting devices by the millions, becoming the world’s largest mobile Trojan.The malware, called "Hummer," is a family of Trojans that imitate Android apps before striking, according to Cheetah Mobile, a maker of security and utility apps.The company’s researchers have been tracking Hummer since 2014. It's been infecting more than 1 million devices per day, far outpacing other kinds of mobile Trojans, the company said in a post on Wednesday.India, Indonesia, Turkey, China and Mexico are the top five countries where the Trojan has been spreading the most, but it's also hit victims in the U.S. and Europe.To read this article in full or to leave a comment, please click here

Meet Mojatatu: A Quiet Company That Verizon Chose for SDN

It built its SDN on the ForCES architecture.

Eyefi leaves some card owners stranded, highlighting IoT hazards

Older networked flash cards from Eyefi will become the next IoT devices to effectively die in consumers’ hands when the company cuts off support for older models in September.Eyefi's cards store data like other SD cards but also include a Wi-Fi radio so users can send photos straight from a camera to their laptop or phone. When Eyefi's first card went on sale in 2007, it already had some of the qualities of what’s now called an IoT device: It was remarkably small and had no display but could connect to a local network or the Internet over the air.The products are also tied into a cloud-based service, which they usually rely on to get configured each time they’re used. Important functions of the device don’t work without a service that has to be maintained throughout the life of the product.To read this article in full or to leave a comment, please click here

DNC hacker Guccifer 2.0 denies Russian links and mocks security firms

The hacker who claims to have breached the Democratic National Committee’s networks is trying to beat back accusations that he’s linked with the Russian government.The intrusion, which stole confidential files from the DNC, was his “personal project,” hacker Guccifer 2.0 said in a Thursday blog post.Security firms and the DNC may be trying to blame the attack on Russia, but “they can prove nothing!” Guccifer 2.0 added.“All I hear is blah-blah-blah, unfounded theories, and somebody’s estimates,” he wrote.Guccifer 2.0 appeared on the web just a day after the DNC revealed it had been hacked. To prove he was behind the breach, the hacker began posting the files he stole. This included opposition research on presidential candidate Donald Trump, along with donor lists and foreign policy files. To read this article in full or to leave a comment, please click here

DNC hacker Guccifer 2.0 denies Russian links and mocks security firms

The hacker who claims to have breached the Democratic National Committee’s networks is trying to beat back accusations that he’s linked with the Russian government.The intrusion, which stole confidential files from the DNC, was his “personal project,” hacker Guccifer 2.0 said in a Thursday blog post.Security firms and the DNC may be trying to blame the attack on Russia, but “they can prove nothing!” Guccifer 2.0 added.“All I hear is blah-blah-blah, unfounded theories, and somebody’s estimates,” he wrote.Guccifer 2.0 appeared on the web just a day after the DNC revealed it had been hacked. To prove he was behind the breach, the hacker began posting the files he stole. This included opposition research on presidential candidate Donald Trump, along with donor lists and foreign policy files. To read this article in full or to leave a comment, please click here

23% off Segway miniPRO Personal Transporter, Now Shipping – Deal Alert

Forget hoverboards. The Segway miniPRO is a smarter, stronger and safer personal transporter, UL 2272 Certified for the highest standards of electrical and fire safety requirements established by Underwriter Laboratories. The miniPRO has large air-filled tires suitable for almost any terrain. Its innovative knee bar makes steering easy and precise, and its powerful lithium-ion battery will take you up to 14 miles on a single charge at speeds of up to 10 miles per hour. Automatic head and tail-lights produce maximum visibility night or day, personalized from a spectrum of 16 million color variations. It comes with a full-featured app, available for iOS and Android, that lets you personalize your miniPRO, activate anti-theft features, control your miniPRO remotely, and much more. It's available to ship now, and its initial list price of $1,299 has been reduced for launch to $999. See or buy it now on Amazon.To read this article in full or to leave a comment, please click here

Android N is neither 3 Musketeers nor Snickers: Just plain Nougat

The suspense is over: Google has revealed the sweet nickname for its newest edition of the Android operating system -- Nougat. Google, which had been calling the in-progress OS Android N, disclosed the news initially via Snapchat and Twitter.Google has a history of naming Android versions after sweet treats, with Kitkat, Lollipop and Marshmallow being the most recent three. The company solicited suggestions for the latest name following its recent Google I/O event.Google CEO Sundar Pichai earlier this year hinted that an Indian delight could be in the offing as a nickname, and indeed nougat is popular in India. It's also contained in popular candy bars such as 3 Muskateers and Snickers.To read this article in full or to leave a comment, please click here

Check out the 2016 SDN Controller and NV Report Survey

Take survey and enter to win one of two $200 Amazon Gift Cards.

Worth Reading: Independence from L2 data centers

We’ve all been there. That “non-disruptive” maintenance window that should “only be a blip”. You sit down at the terminal at 10pm expecting that adding a new server to the MLAG domain or upgrading a single switch will be a simple process, only to lose the rack of dual-attached servers and spend the rest of your Thursday night frantically trying to bring the cluster back online. If I never spend another evening troubleshooting an outage caused by MLAG, I’ll die happy! -Cumulus

The post Worth Reading: Independence from L2 data centers appeared first on 'net work.

Inside Look at Key Applications on China’s New Top Supercomputer

As the world is now aware, China is now home to the world’s most powerful supercomputer, toppling the previous reigning system, Tianhe-2, which is also located in the country.

In the wake of the news, we took an in-depth look at the architecture of the new Sunway TiahuLight machine, which will be useful background as we examine a few of the practical applications that have been ported to and are now running on the 10 million-core, 125 petaflop-capable supercomputer.

The sheer size and scale of the system is what initially grabbed headlines when we broke news about the system last …

Inside Look at Key Applications on China’s New Top Supercomputer was written by Nicole Hemsoth at The Next Platform.

DockerCon 2016: Part 2 of Top 10 Videos

We received lots of positive feedback from DockerCon 2016 attendees on the content presented at the conference!

“Best keynote I’ve seen in a long time” 
“The talk challenged some ideas I had – which is exactly what I would hope for” 
“Too many awesome talks at DockerCon – it was so hard to choose!” 

DockerCon 2016 attendees voted for their favorite sessions from the conference through the mobile app, powered by Docker. Yesterday, we published five of the top ten talks and today, we are happy to share the next five! Below are the recorded videos along with slides from those sessions at DockerCon 2016 sessions. Continue reading