Tech jobs report: Security, devops, and big data stay hot

If you're wondering what IT skill sets to acquire, security and devops are doing well in the job market. Pay for cloud skills, however, is eroding.Research firm Foote Partners' latest quarterly IT Skills and Certifications Pay Index determined that the market value for 404 of the 450 IT certifications it tracks had increased for 12 consecutive quarters. Market values rose for noncertified IT skills for the fifth consecutive quarter.[ Don't get left behind -- download the Devops Digital Spotlight, and learn all about the game-changer in app development and deployment. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ] Foote's report is based on data provided by 2,845 North American private and public sector employers, with data compiled from January to April 1. (Noncertified skills include skills that are in demand but for which there is no official certification, Foote spokesman Ted Lane noted.)To read this article in full or to leave a comment, please click here

Tech jobs report: Security, devops, and big data stay hot

If you're wondering what IT skill sets to acquire, security and devops are doing well in the job market. Pay for cloud skills, however, is eroding.Research firm Foote Partners' latest quarterly IT Skills and Certifications Pay Index determined that the market value for 404 of the 450 IT certifications it tracks had increased for 12 consecutive quarters. Market values rose for noncertified IT skills for the fifth consecutive quarter.[ Don't get left behind -- download the Devops Digital Spotlight, and learn all about the game-changer in app development and deployment. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ] Foote's report is based on data provided by 2,845 North American private and public sector employers, with data compiled from January to April 1. (Noncertified skills include skills that are in demand but for which there is no official certification, Foote spokesman Ted Lane noted.)To read this article in full or to leave a comment, please click here

How computer modeling built the 2016 Cadillac CT6

The automotive world is becoming much more dependent on modeling than ever before. Automakers are now using more aluminum parts; vehicles have complex computers on board, often working with each other; and there's an increasing need to make cars safer in the age of the distracted driver.To read this article in full or to leave a comment, please click here(Insider Story)

How to hire for the right big data skill set

Data science is a hot new industry, but what skills and background do you need to break into the field? Essentially, data science, data engineering and data analytics are broad -- and sometimes ambiguous -- terms that describe a litany of skills and job titles in the world of data analytics. "The title of 'data scientist' is broadly applied within different organizations, making it difficult to provide a complete and noncontroversial list of required skills. At a high level, a data scientist needs a mastery of the tools and techniques to access, transform, analyze and leverage the data of their organization," says Kyle Polich, principal data scientist at DataScience. If your company is looking to hire data scientists or analysts, it's important to know what you're hiring for. Data jobs often encompass a lot more than just data; there are people specifically dedicated to each stage of the process from collecting, to warehousing, to analyzing and to using that data to transform the business. Ultimately, a good data strategy relies on a number of qualified individuals who can write algorithms, manage and collate data, interpret the data and communicate it to key stake holders. Data warehousing Warehousing data is a Continue reading

Severe flaws in widely used archive library put many projects at risk

In a world where any new software project is built in large part on existing third-party code, finding and patching vulnerabilities in popular open-source libraries is vital to creating reliable and secure applications.For example, three severe flaws in libarchive, recently found by researchers from Cisco Systems' Talos group, could affect a large number of software products.Libarchive is an open-source library first created for FreeBSD, but since ported to all major operating systems. It provides real-time access to files compressed with a variety of algorithms, including tar, pax, cpio, ISO9660, zip, lha/lzh, rar, cab and 7-Zip.The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS. Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it.To read this article in full or to leave a comment, please click here

Severe flaws in widely used archive library put many projects at risk

In a world where any new software project is built in large part on existing third-party code, finding and patching vulnerabilities in popular open-source libraries is vital to creating reliable and secure applications.For example, three severe flaws in libarchive, recently found by researchers from Cisco Systems' Talos group, could affect a large number of software products.Libarchive is an open-source library first created for FreeBSD, but since ported to all major operating systems. It provides real-time access to files compressed with a variety of algorithms, including tar, pax, cpio, ISO9660, zip, lha/lzh, rar, cab and 7-Zip.The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS. Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it.To read this article in full or to leave a comment, please click here

10 top-ranked tech-focused MBA programs

Top-ranked tech-focused MBA programsImage by ThinkstockThere's a looming executive leadership crisis in today's IT companies, but there's certainly no shortage of excellent, rigorous programs designed to help build the next generation of great leaders. If you're looking for a resume boost or considering a career path that leads to the C-suite, consider an MBA with a technology focus. Based on the 2016 rankings from U.S. News and World Report, here are the top 10 technology-centric MBA programs, their costs and full-time enrollment statistics. Massachusetts Institute of Technology (MIT)Image by Vitor Pamplona/Wikipedia To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hello, world: Welcome to the agile data center

Some of the best technology in the world has begun with a simple "Hello World." I wanted to do the same and introduce myself, along with this new blog entitled "The Agile Data Center." With this blog, I will focus on some of the latest technologies around modernizing data center software and hardware, as well as aligning skill sets and introducing new roles in the IT space. So, what defines an agile data center and why should you care? Growing up in the technology space, I've worked for companies such as VERITAS, Symantec, SAP and EMC. During that time, and especially now, I can see and realize that most companies have not aligned business and IT. While this has "worked" for a number of years, companies are now becoming quickly disrupted by startups that have successfully aligned IT and can keep up with the rapid pace of business.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hello, world: Welcome to the agile data center

Some of the best technology in the world has begun with a simple "Hello World." I wanted to do the same and introduce myself, along with this new blog entitled "The Agile Data Center." With this blog, I will focus on some of the latest technologies around modernizing data center software and hardware, as well as aligning skill sets and introducing new roles in the IT space. So, what defines an agile data center and why should you care? Growing up in the technology space, I've worked for companies such as VERITAS, Symantec, SAP and EMC. During that time, and especially now, I can see and realize that most companies have not aligned business and IT. While this has "worked" for a number of years, companies are now becoming quickly disrupted by startups that have successfully aligned IT and can keep up with the rapid pace of business.To read this article in full or to leave a comment, please click here

Physical Security in a Virtual World – NSX Securing “Anywhere”

blog2-pic1This is the second blog post in our Micro-segmentation Defined – NSX Securing “Anywhere” blog series. This blog post walks through security requirements that exist in environments with mixed workload deployment types. A mixed workload environment is one utilizing multiple application deployment models, including applications deployed on both virtual machines and legacy physical servers. We demonstrate how the necessary security requirements for mixed workload environments can be met through using VMware NSX as a platform for micro-segmentation and advanced security services. This blog focuses on the following:

  1. Defining security requirements based on application deployment model or environment type
  2. Understanding methods of protection in modern data centers
  3. How NSX provides micro-segmentation for both physical and virtual workloads
  4. How integration with ecosystem security and network controls functions

Security Requirements Differ in Heterogeneous Environments

Due to the evolving threat landscape and growing sophistication of cyber-attacks and threat actors, a single static policy or blanket approach to securing modern data centers is no longer adequate. These types of policies are difficult to manage and take a narrow-focused approach to what needs to be a much broader solution. Today’s private cloud environments are comprised of a variety of workloads and deployment models, whether it be Continue reading

Apstra comes out of stealth, solves the multi-vendor SDN challenge

Earlier this month I wrote a post asking the question: “Who speaks for multi-vendor environments?” Since then, I’ve had a few vendors reach out to me about their solutions that could indeed meet the needs of a vendor-agnostic data center. One of the most interesting, Apstra, came out of stealth mode this week and has a solution that’s certainly up to the challenge that I laid out in my blog.Apstra’s solution automates the data center operations across the lifecycle of the network—from the design/build phase through deployment/operate. The Apstra Operating System (AOS) takes an integrated approach to managing the data center that starts with business intent and is fed into a closed loop system. The data center operator then selects a pre-configured, and a validated template applies any constraints to it, which creates a blueprint for deployment.To read this article in full or to leave a comment, please click here

Apstra comes out of stealth, solves the multi-vendor SDN challenge

Earlier this month I wrote a post asking the question: “Who speaks for multi-vendor environments?” Since then, I’ve had a few vendors reach out to me about their solutions that could indeed meet the needs of a vendor-agnostic data center. One of the most interesting, Apstra, came out of stealth mode this week and has a solution that’s certainly up to the challenge that I laid out in my blog.Apstra’s solution automates the data center operations across the lifecycle of the network—from the design/build phase through deployment/operate. The Apstra Operating System (AOS) takes an integrated approach to managing the data center that starts with business intent and is fed into a closed loop system. The data center operator then selects a pre-configured, and a validated template applies any constraints to it, which creates a blueprint for deployment.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

phpipam API clients

To simplify API calls etc. I created a separate GitHub repository to have a collection of phpipam API clients for different languages etc. If you created a client and want to share it head over to https://github.com/phpipam/phpipam-api-clients and share yours !

 

To start I created a php class to work as API client, now available in repo in php-client folder.
https://github.com/phpipam/phpipam-api-clients/tree/master/php-client

It supports all API calls, also encrypted requests are supported by setting $api_key variable in config file. Supported output formats are json/xml/array/object.

 

Here is a short example of working with client.

  1. Copy config.dist.php to config.php and enter details for you installation / API to provided variables. You can also specify each parameter when initialising client directly.
  2. Make calls ?

Here is a short example how to get details for specific section:
<?php
include config file and api client class file
require("api-config.php");
require("class.phpipam-api.php");

# init object with settings from config file or specify your own
$API = new phpipam_api_client ($api_url, $api_app_id, $api_key, $api_username, $api_password, $result_format);
# debug - output curl headers it some problems occur
$API->set_debug (false);
# execute call
$API->execute ("GET", "sections", array(5), "", $token_file);
# ger result
$result = $API->get_result();

# Continue reading

Forensic Lab Game Zero – Level 2 Results

Below are my solutions to the level 2 of the forensics lab game zero. The solutions to  the level 1 of the game are posted here.

1. Find way to reset root's account password and retrieve flag from /root/flag.txt

Reboot the VM and press 'e ' edit inside the Grub menu screen. Add command init=/bin/bash at the end of the line starting with linux and press F10. Thne mount file system as read-write.

root@(none):/# mount -n -o remount,rw /

Change password for user root.
root@(none):/# passwd

root@(none):/# cat /root/flag.txt
8d55761dfafe912daa2fa6c38e05435093f7f636

root@(none):/# echo -n '8d55761dfafe912daa2fa6c38e05435093f7f636' | sha1sum
0166bc38c1165d0ba783ea722b84ed3a0d2547f8

Restart the virtual machine and switch to the root account.

2. There is a memory dump of the windows machine is stored in file /root/memdump.mem. Find the flag among commands executed on that machine

Find info about our memory dump with imageinfo plugin.

root@debian1989:/home/kassad# python /opt/tools/volatility-2.4/vol.py imageinfo -f /root/memdump.mem | grep Profile
Volatility Foundation Volatility Framework 2.4
Suggested Profile(s) : Win7SP0x86, Win7SP1x86

To avoid typing chosen profile --profile=Win7SP1x86 every time vol.py is called, export the profile.

root@debian1989:/home/kassad# export VOLATILITY_PROFILE=Win7SP1x86

To avoid typing path to memory dump file, export memory dump location so you do not need to add argument -f Continue reading

1 2,839 2,840 2,841 2,842 2,843 3,808