From scratch: why these mass scans are important

The way the Internet works is that "packets" are sent to an "address". It's the same principle how we send envelopes through the mail. Just put an address on it, hand it to the nearest "router", and the packet will get forwarded hop-to-hop through the Internet in the direction of the destination.

What you see as the address at the top of your web browser, like "www.google.com" or "facebook.com" is not the actual address. Instead, the real address is a number. In much the same way a phonebook (or contact list) translates a person's name to their phone number, there is a similar system that translates Internet names to Internet addresses.

There are only 4 billion Internet addresses. It's a number between between 0 and 4,294,967,296. In binary, it's 32-bits in size, which comes out to that roughly 4 billion combinations.

For no good reason, early Internet pioneers split up that 32-bit number into four 8-bit numbers, which each has 256 combinations (256 × 256 × 256 × 256 = 4294967296). Thus, why write Internet address like "192.168.38.28" or "10.0.0.1". 

Yes, as you astutely point out, there are many more than 4 billion devices Continue reading

Review: Hot new tools to fight insider threats

In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.An entire industry has sprung up to provide a defense against insider threats. We tested products from Fortscale, Avanan, and PFU Systems, with each one concentrating on a different aspect of the problem.To read this article in full or to leave a comment, please click here(Insider Story)

3 top tools to fight insider threats

Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here

3 top tools to fight insider threats

Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here

Review: Hot new tools to fight insider threats

In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.To read this article in full or to leave a comment, please click here(Insider Story)

Intel beefs up VR ammo with Extreme Edition Core i7 chips

Intel considers virtual reality a key growth vector as it reshapes to survive in a post-PC world, and new Core i7 Extreme Edition chips will play a big role in that transition.The new chips, code-named Broadwell-E, are speed demons with up to 10 cores, a new high for Intel PC chips. Primarily for gaming PCs, the new chips will also go in desktops certified to work with headsets like Oculus Rift and HTC Vive.The Core i7-6900 series and 6800 series chips are targeted at enthusiasts looking for the latest and greatest technologies in PCs. These chips can be overclocked and unlocked, which could instantly upgrade PC performance by cranking up CPU frequency.To read this article in full or to leave a comment, please click here

VRRP Skew Time (and always be learning…)

It’s funny how you can work with something for years, but miss a small detail. This week I learnt about Skew Time for VRRP. The reason for it is completely obvious once you think about it, but for some reason the detail had escaped me for all these years.

VRRP Hellos

VRRP sends out a “hello” multicast every <hello> seconds. Usually this is something like every 1 or 3 seconds. Unlike HSRP, only the current master sends out hello messages. This contains the current master priority & status.

The backup devices listen out for this hello message. If they think they have a higher priority, or if they fail to hear the hello message, they will assume the role of master.

Down Interval

Changing from backup to master because of one missed hello could cause network instability. There’s a common rule used for all keepalive-type messages, where backup devices will wait for three missed polls/keepalives before declaring something ‘down.’

NB: HSRP is slightly different here – the holdtime can be manually specified, including to a shorter time than the hello time, if you’re feeling spectacularly stupid.

VRRP is similar. It waits three poll intervals before declaring the master ‘down,’ and attempting to Continue reading

Spousetivities at DockerCon 2016

Long-time readers of my site know that my wife, Crystal, launched what is now known as Spousetivities at VMworld 2008. Since that time, she’s been able to organize activities for hundreds of companions at dozens of events around the world. This year she’s adding another event to the roster: DockerCon 2016 in Seattle!

That’s right, Crystal and Spousetivities will be available at DockerCon in Seattle. Here’s a quick look at some of the things she’s got planned:

  • Morning yoga on both Monday and Tuesday (both days of the conference), led by a Docker employee
  • Food tour plus a visit to Woodland Park Zoo (great option for attendees traveling with kids)
  • Tours of Seattle on both Monday and Tuesday, including stops at the Space Needle, Pioneer Square, Pike Place Market, and the Kerry Park scenic overlook.
  • Wine and chocolate tastings plus a visit to Sqonalmie Falls

All in all, it sounds like a great set of activities. Also, I’m very impressed that DockerCon is also offering childcare during the event. Between Spousetivities offering kid-friendly events both days and DockerCon providing childcare, there’s no reason not to bring the family with you to Seattle.

If you’re interested in signing up for any Continue reading

Can != Should, Is != Ought

Maybe I’m getting too old for my own good. Or maybe studying philosophy is making me older. Here in the US, though, it is Memorial Day, a day where people normally grill burgers and dogs, throw a few back, and forget to ask why. It’s just another day off, and days off are good for—well, for something.

Memorial Day, in the US, stands in memorial for those who fought—and, specifically died—for our freedom. But what is freedom? In my world, there are two types of freedom: freedom from, and freedom to. Two pieces this week made me think through this difference once again, and how we are increasingly confusing the two concepts.

But the big thing that changed this week is a Google home device is no longer a theoretical possibility. It’s here. And on a sunny day at the outdoor amphitheater, just a half mile away from the Googleplex, the audience watched as a video showed the device at work in the home of a typical American family. There was laughter when the dad broadcast his playlist into every room in the home, waking up his sleeping children — and then later remotely turned on the lights to make Continue reading

Stealth Falcon group uses custom spyware, fake journalists to target UAE dissidents

Meet Stealth Falcon, a sophisticated and likely state-sponsored cyberespionage group, which is hell bent on conducting targeted spyware attacks “against Emriati journalists, activists and dissidents.” The digital attacks started in 2012 and are still being carried out against United Arab Emirates (UAE) dissidents. It’s not “just” spying with custom spyware that leads to dissidents being “arbitrarily detained;” once identified as criticizing the authorities, UAE dissidents can be forcibly disappeared.“The UAE has gotten much more sophisticated since we first caught them using Hacking Team software in 2012,” Bill Marczak, a senior researcher at Citizen Lab told the New York Times. “They've clearly upped their game. They're not on the level of the United States or the Russians, but they're clearly moving up the chain.”To read this article in full or to leave a comment, please click here

Stealth Falcon group uses custom spyware, fake journalists to target UAE dissidents

Meet Stealth Falcon, a sophisticated and likely state-sponsored cyberespionage group, which is hell bent on conducting targeted spyware attacks “against Emriati journalists, activists and dissidents.” The digital attacks started in 2012 and are still being carried out against United Arab Emirates (UAE) dissidents. It’s not “just” spying with custom spyware that leads to dissidents being “arbitrarily detained;” once identified as criticizing the authorities, UAE dissidents can be forcibly disappeared.“The UAE has gotten much more sophisticated since we first caught them using Hacking Team software in 2012,” Bill Marczak, a senior researcher at Citizen Lab told the New York Times. “They've clearly upped their game. They're not on the level of the United States or the Russians, but they're clearly moving up the chain.”To read this article in full or to leave a comment, please click here

Move over Skylake: An Asus PC with Intel’s Kaby Lake chip is coming in Q3

The wait for Intel's Kaby Lake chip will end in the third quarter this year, as the first PC with the 7th Generation Core chip was announced at Computex. Kaby Lake, the successor to Intel's Skylake Core processor chips, will be in the Asus Transformer 3 tablet. The device is much like Microsoft's Surface Pro 4, and will ship in the third quarter starting at US$799, according to a blog entry on Microsoft's website. The Transformer 3 was among a gaggle of PC and phone products announced by Asus at Computex. No other Kaby Lake PC has been announced yet, but expect Lenovo, HP, Dell and others to follow suit.To read this article in full or to leave a comment, please click here

Nvidia chief downplays challenge from Google’s AI chip

Nvidia has staked a big chunk of its future on supplying powerful graphics chips used for artificial intelligence, so it wasn't a great day for the company when Google announced two weeks ago that it had built its own AI chip for use in its data centers.Google's Tensor Processing Unit, or TPU, was built specifically for deep learning, a branch of AI through which software trains itself to get better at deciphering the world around it, so it can recognize objects or understand spoken language, for example.To read this article in full or to leave a comment, please click here

Nvidia chief downplays challenge from Google’s AI chip

Nvidia has staked a big chunk of its future on supplying powerful graphics chips used for artificial intelligence, so it wasn't a great day for the company when Google announced two weeks ago that it had built its own AI chip for use in its data centers.Google's Tensor Processing Unit, or TPU, was built specifically for deep learning, a branch of AI through which software trains itself to get better at deciphering the world around it, so it can recognize objects or understand spoken language, for example.To read this article in full or to leave a comment, please click here

Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk

Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.To read this article in full or to leave a comment, please click here

Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk

Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.To read this article in full or to leave a comment, please click here