2016 State of Bug Bounty report: Bigger bounties, more industries offering programs

The rise in global cyberattacks and the “critical deficit of security talent” helped bug bounty programs grow in the last year and to diversify from those offered by “tech giants” to more traditional industries.One trend over the last year has been for payouts to increase, according to the 2016 State of Bug Bounty report (pdf). Last year, the average bug reward on Bugcrowd’s platform was $200.81; this second annual report shows an increase of 47%, with the average reward rising to $294.70.To read this article in full or to leave a comment, please click here

Worth Reading: Windows WPAD attack

Windows’ WPAD feature has for many years provided attackers and penetration testers a simple way to perform MITM attacks on web traffic. There is, for example, a great blog post by Tod Beardsley called “MS09-008: Web Proxy Auto-Discovery (WPAD), Illustrated” that highlights the problems with WPAD. Now finally, roughly 10 years after WPAD was introduced, the penetration testing framework Metasploit includes support for WPAD via a new auxiliary module located at “auxiliary/server/wpad”. This module, which is written by Efrain Torres, can be used to perform for man-in-the-middle (MITM) attacks by exploiting the features of WPAD. Netresec

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Windows WPAD attack appeared first on 'net work.

Microsoft boosts support for Spark-based big data analytics

Microsoft kicked off the Spark Summit in San Francisco with news of "an extensive commitment for Spark to power Microsoft's big data and analytics offerings, including Cortana Intelligence Suite, Power BI and Microsoft R Server."Spark started as an open source project at the University of California, Berkeley AMPLab in 2009 and was given to the Apache Foundation in 2012. A company to further Spark development was formed called DataBricks.Spark is a significant accelerator for Hadoop, the primary software used in big data analytics, because it does all of the work in memory. Hadoop ran primarily as a disk-based batch process, using a framework called MapReduce to execute a batch process, often overnight. You got your insight the next day. That’s why despite big data’s promise of real-time analytics, it often couldn't deliver.To read this article in full or to leave a comment, please click here

IT pros stress is low, but so is job satisfaction

It's no secret that working IT is stressful, but a new survey from TEKsystems shows that the pressure may be easing for some IT professionals. The 2016 IT Stress and Pride survey from IT talent management and solutions company TEKsystems polled 241 IT workers at all experience levels in April of 2016, and found that just 14 percent of entry-to mid-level IT professionals and 18 percent of senior IT professionals consider the work they are currently doing to be the most stressful of their career.To read this article in full or to leave a comment, please click here

Your step-by-step guide to repairing Windows 10

Though it's showing itself to be a good operating system (in line with Windows XP and Windows 7), sometimes a Windows 10 system will start misbehaving to the point where repair is needed. This often takes the form of worsening performance or stability and can originate from damage to or loss or corruption of Windows system files typically found in the C:\Windows folder hierarchy. When that happens, users would be well advised to break out the following routine to help them set things back to rights.To read this article in full or to leave a comment, please click here(Insider Story)

The 25GbE Datacenter Pipeline

pipeline

SDN may have made networking more exciting thanks to making hardware less important than it has been in the past, but that’s not to say that hardware isn’t important at all. The certainty with which new hardware will come out and make things a little bit faster than before is right there with death and taxes. One of the big announcements yesterday from Hewlett Packard Enterprise (HPE) during HPE Discover was support for a new 25GbE / 100GbE switch architecture built around the FlexFabric 5950 and 12900 products. This may be the tipping point for things.

The Speeds of the Many

I haven’t always been high on 25GbE. Almost two years ago I couldn’t see the point. Things haven’t gotten much different in the last 24 months from a speed perspective. So why the change now? What make this 25GbE offering any different than things from the nascent ideas presented by Arista?

First and foremost, the 25GbE released by HPE this week is based on the Broadcom Tomahawk chipset. When 25GbE was first presented, it was a collection of vendors trying to convince you to upgrade to their slightly faster Ethernet. But in the past two years, most of the Continue reading

Hackers could have changed Facebook Messenger chat logs

Here's a Facebook hack straight from the pages of the novel 1984: A way to rewrite the record of the past."Who controls the past controls the future: who controls the present controls the past," went the ruling party's slogan in George Orwell's dystopian novel.Security researchers have found a way to control the past, by altering Facebook's logs of online chats conducted through its website and Messenger App.Such modified logs could be used to control the future, the researchers suggest, by using them to commit fraud, to falsify evidence in legal investigations, or to introduce malware onto a PC or phone.Roman Zaikin of Check Point Software Technologies discovered a flaw in Facebook's chat system that made it possible for an attacker to modify or remove any sent message, photo, file or link in a conversation they were part of.To read this article in full or to leave a comment, please click here

Hackers could have changed Facebook Messenger chat logs

Here's a Facebook hack straight from the pages of the novel 1984: A way to rewrite the record of the past."Who controls the past controls the future: who controls the present controls the past," went the ruling party's slogan in George Orwell's dystopian novel.Security researchers have found a way to control the past, by altering Facebook's logs of online chats conducted through its website and Messenger App.Such modified logs could be used to control the future, the researchers suggest, by using them to commit fraud, to falsify evidence in legal investigations, or to introduce malware onto a PC or phone.Roman Zaikin of Check Point Software Technologies discovered a flaw in Facebook's chat system that made it possible for an attacker to modify or remove any sent message, photo, file or link in a conversation they were part of.To read this article in full or to leave a comment, please click here

Is IPV6 Dual-Stack really a best method for IPv6 design ?

There are mainly three IPv6 transition methods; Dual-Stack, Tunnelling and Translation. Careful engineers can understand the difference between IPv6 migration and IPv6 transition. All of these three technologies are used to bring IPv6 protocol capabilities in addition to IPv4, they are not migration mechanisms. Migration means removing IPv4 completely and running only IPv6 only in […]

The post Is IPV6 Dual-Stack really a best method for IPv6 design ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

A.T. Still University greatly improves firewall performance and security with cost-effective VMware NSX solution

ATSU revolutionized its schools and clinics with the cost-effective security solution, VMware NSX, which increases firewall performance, meets HIPAA compliance, automates services, and improves agility, resulting in more affordable tuition and better healthcare services.

Some of the business benefits:

  • easy implementation
  • cost effective
  • better application performance

“VMware NSX is the most revolutionary development in our data center security in more than a decade. Not only do we save a significant amount of money in hardware costs, the micro-segmentation available through VMware NSX provides a dramatically more secure design than we could get with a physical firewall with DMZs.” — Iain Leiter, Network Engineer, A.T. Still University

Download the case study

The post A.T. Still University greatly improves firewall performance and security with cost-effective VMware NSX solution appeared first on The Network Virtualization Blog.

SIEM: 14 questions to ask before you buy

Demand for security information and event management (SIEM) technology is high, but that doesn’t mean businesses are running these products and services smoothly.According to a report from Gartner, large companies are reevaluating SIEM vendors due to partial, marginal or failed deployments. While the core technology has changed little in the last decade, its use cases and the pace at which businesses have adopted it have prompted a transformation, experts say.“SIEM was a complex technology for the most entrenched, smartest companies, but today we see it adopted by less-mature organizations,” says Anton Chuvakin, research VP at Gartner. “That’s caused the evolution in the tech that we’ve witnessed recently. It’s getting more brain power.”To read this article in full or to leave a comment, please click here(Insider Story)

Emergency responders might share their LTE network with the rest of us

A national LTE network for U.S. public-safety agencies would also give consumers better mobile service if a startup gets to build a futuristic network-sharing system.The company, Rivada Mercury, is one of the players that wants to build the so-called FirstNet LTE network, the government's plan to unify mobile communications for first responders. The federal government is allocating a block of spectrum and about $6.5 billion in funding for the network, which is supposed to start going live next year.Rivada Mercury is a partnership that includes major mobile network vendors, Intel Security and other companies. At the center of this group is Rivada Networks, a startup with a technology called DSA (Dynamic Spectrum Arbitrage).To read this article in full or to leave a comment, please click here

How to make your USB drive faster and free

Why is your USB drive so slow? If your drive is formatted in FAT32 or exFAT (the latter of which can handle larger capacity drives), you have your answer.USB drive vendors tend to format their drives at the factory with FAT32/exFAT because every device that can read USB mass storage can read and write to these well-known formats. That includes, but is not limited to: Windows PCs, cell phones, car radios, Linux, and OS X/iOS devices. If you want maximum read/write compatibility, format with exFAT.To read this article in full or to leave a comment, please click here

What’s going on with IT hiring?

CompTIA, an industry group, said about 96,000 IT jobs were lost last month across all industries, not just the technology sector. That figure includes the impact of the approximately 37,000 telecommunications jobs sidelined by the Verizon strike, which was settled this month. But it was a rough month, by some estimates.Analysts have been generally cautious this year about IT hiring trends. Although the unemployment rate for IT professionals is about half the national average of 4.7%, said CompTIA, some analysts use terms ranging from "modest" to "pre-recession" to describe IT hiring.To read this article in full or to leave a comment, please click here

How to survive in the CISO hot-seat

The CISO is a precarious job. Research studies indicate that CISOs typically survive just 18 months to two years in a job which is increasingly complex and multi-skilled.After all, information security is no longer solely about managing firewalls and patch management, but rather a varied role encompassing business and technical skills. Add into that continual issues around funding, reporting lines, governance and a lack of support from the board and you can see why the role is not to be taken lightly.Indeed, Deloitte says that the CISO today must have four ‘faces’; the strategist, the adviser, the guardian (protecting business assets by understanding the threat landscape and maintaining security programs) and the technologist.To read this article in full or to leave a comment, please click here

How to configure your Chromebook for ultimate security

A Chromebook is already an ultra-secure computer straight out of the box. Since it doesn’t run a traditional operating system and takes advantage of various Google-powered security measures, Chrome OS is well-guarded against all the miscreants lurking out there on the Web.But you can always do more, particularly if you want to minimize traces of your Internet wanderings, or prevent your every online action from contributing to an advertising profile.You may share a Chromebook with others or desire a setup that’s impervious to the latest security threats. Perhaps it’s time for a little de-Googling in your life, as the Mountain View giant can collect a lot of information about you.To read this article in full or to leave a comment, please click here

1 2,863 2,864 2,865 2,866 2,867 3,795