Reverse Turing testing tech support

So I have to get a new Windows license for a new PC. Should I get Windows 10 Home or Windows 10 Professional? What's the difference?

So I google the question, which gives me this website:

Ooh, a button that says "Download Table". That's exactly what I want -- a technical list without all the fluff. I scroll down to the parts that concern me, like encryption.


Wait, what? What's the difference between "Device Encryption" and "BitLocker"? I though BitLocker was Device Encryption?? Well, the purchase screen for Windows 10 has this friendly little pop out offering to help. Of course, as a techy, I know that such things are worse than useless, but I haven't tried one in a while, so I thought if I'd see if anything changed.

So up pops a chat window and we start chatting:

So at first he says they are the same. When I press him on the difference, he then admits they are different. He can't read the document I'm reading, because it's on a non-Microsoft "third party" site. While it's true it's on "windows.net", that's still a Microsoft site, but apparently he's not allowed to access it. Continue reading

This Android malware can secretly root your phone and install programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.To read this article in full or to leave a comment, please click here

This Android malware can secretly root your phone and install programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.To read this article in full or to leave a comment, please click here

Building serverless apps with Docker

Every now and then, there are waves of technology that threaten to make the previous generation of technology obsolete.  There has been a lot of talk about a technique called “serverless” for writing apps. The idea is to deploy your application as a series of functions, which are called on-demand when they need to be run. You don’t need to worry about managing servers, and these functions scale as much as you need, because they are called on-demand and run on a cluster.

But serverless doesn’t mean there is no Docker – in fact, Docker is serverless. You can use Docker to containerize these functions, then run them on-demand on a Swarm. Serverless is a technique for building distributed apps and Docker is the perfect platform for building them on.

From servers to serverless

So how might we write applications like this? Let’s take our example a voting application consisting of 5 services:

Picture1

This consists of:

  • Two web frontends
  • A worker for processing votes in the background
  • A message queue for processing votes
  • A database

The background processing of votes is a very easy target for conversion to a serverless architecture. In the voting app, we can run a Continue reading

EVPN – All-active multihoming

So this is the fourth blog on EVPN, the previous blogs covered the following topics:

  • EVPN basics, route-types and basic L2 forwarding
  • EVPN IRB and Inter-VLAN routing
  • EVPN single-active multi-homing

This post will cover the ability of EVPN to provide all-active multi-homing for layer-2 traffic, where the topology contains two different active PE routers, connecting to a switch via a LAG, the setup is similar to the previous labs. Due to some restrictions and in the interests of simplicity, this lab will cover all-active multi-homing for a single VLAN only, (VLAN 100 in this case) consider the network topology:

Capture5

The topology and general connectivity is the same as the other previous examples, the two big differences are that only VLAN 100 is present here and the connectivity between MX-1 and MX-2 is now using MC-LAG.

The first consideration that needs to be made when running EVPN in all-active mode, is that it must connect to the upstream devices using some sort of LAG, or MC-LAG – consider the wording from the RFC 7432:

https://tools.ietf.org/html/rfc7432#section-14.1.2

“If a bridged network is multihomed to more than one PE in an EVPN network via switches, then the support of All-Active Continue reading

Top website domains are vulnerable to email spoofing

Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to "spoof" emails from some of the most-visited domains, according to new research.Email spoofing — a common tactic of spammers — basically involves forging the sender’s address. Messages can appear as if they came from Google, a bank, or a best friend, even though the email never came from the actual source. The spammer simply altered the email’s "from" address.Authentication systems have stepped in to try and solve the problem. But many of the top website domains are failing to properly use them, opening the door for spoofing, according to Sweden-based Detectify, a security firm.To read this article in full or to leave a comment, please click here

Top website domains are vulnerable to email spoofing

Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to "spoof" emails from some of the most-visited domains, according to new research.Email spoofing — a common tactic of spammers — basically involves forging the sender’s address. Messages can appear as if they came from Google, a bank, or a best friend, even though the email never came from the actual source. The spammer simply altered the email’s "from" address.Authentication systems have stepped in to try and solve the problem. But many of the top website domains are failing to properly use them, opening the door for spoofing, according to Sweden-based Detectify, a security firm.To read this article in full or to leave a comment, please click here

Buy-in from top execs is key to cloud transitions, AWS executive says

As the head of Amazon Web Services, Andy Jassy has seen a lot of big organizations start using the public cloud. The biggest indicator of success for a cloud transition is simple, he says: Has the business' senior staff bought into it?In his view, organizations will usually stick with their status quo on-premises data centers unless leaders are ready to promote the use of public cloud services. "And it sounds a little bit simple, but the reality is that there's so much inertia all over these organizations in continuing to things the same way they've been done for the last number of years, for a variety of different reasons," Jassy said at the AWS Summit in Washington, D.C., on Tuesday. To read this article in full or to leave a comment, please click here

IT workers at Tennessee insurer on edge amid outsourcing rumors

The IT employees at Unum Group, a Chattanooga, Tenn.-based insurer, are alert to the possibility that their employer may shift work to an offshore outsourcing firm. The employees don't know much yet, but they know enough to be alarmed -- and a letter sent out last week by the CIO did little to change that.The news about Unum, which reported nearly $11 billion in revenues last year, originated in a recent blog post by Sara Blackwell, a labor attorney in Florida who represents former Disney IT workers in a lawsuit after that firm replaced them with offshore outsourcer workers. Some of the replacements were on H-1B visas.To read this article in full or to leave a comment, please click here

A FireEye chat with Kevin Mandia

In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO. My colleague Doug Cahill had a chance to catch up with Mandia yesterday to get his perspectives on FireEye, enterprise security and the threat landscape amongst others. Here are a few highlights:On FireEye’s direction: In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye. Normally, this vision would be equated with security products alone, but Mandia believes products can anchor services as well.  This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation. To accomplish this, FireEye products must be “best in class” for threat detection on a stand-alone basis. The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here

A FireEye Chat with Kevin Mandia

In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO.  My colleague Doug Cahill had a chance to catch up with Kevin yesterday to get his perspectives on FireEye, enterprise security, and the threat landscape amongst others.  Here are a few highlights:On FireEye’s direction:  In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye.  Normally, this vision would be equated with security products alone but Kevin’s believes that products can anchor services as well.  This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation.  To accomplish this, FireEye products must be “best-in-class” for threat detection on a stand-alone basis.  The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here

A FireEye Chat with Kevin Mandia

In early May, FireEye announced that company president Kevin Mandia would replace industry veteran Dave DeWalt as CEO.  My colleague Doug Cahill had a chance to catch up with Kevin yesterday to get his perspectives on FireEye, enterprise security, and the threat landscape amongst others.  Here are a few highlights:On FireEye’s direction:  In spite of lots of distraction, Mandia is focused on driving “engineering innovation” at FireEye.  Normally, this vision would be equated with security products alone but Kevin’s believes that products can anchor services as well.  This involves installing FireEye’s endpoint and network security products on a customer network, collecting telemetry, comparing it to current threat intelligence, detecting malicious activities, and then working with customers on remediation.  To accomplish this, FireEye products must be “best-in-class” for threat detection on a stand-alone basis.  The FireEye staff is then available to add brain power and muscle to help product customers as needed.To read this article in full or to leave a comment, please click here

Security of “high-impact” federal systems not exactly rock-solid

In the face of relentless attacks – via malware, DDOS and malicious email – the defenses that protect the nation’s most “high impact” systems are spotty at best and could leave important programs open to nefarious activities, according to a new report from the Government Accountability Office.+More on Network World: Not dead yet: 7 of the oldest federal IT systems still wheezing away+At issue here the GAO wrote is the weakness of “high impact” system protection because the government describes those “that hold sensitive information, the loss of which could cause individuals, the government, or the nation catastrophic harm,” and as such should be getting increased security to protect them.To read this article in full or to leave a comment, please click here

Security of “high-impact” federal systems not exactly rock-solid

In the face of relentless attacks – via malware, DDOS and malicious email – the defenses that protect the nation’s most “high impact” systems are spotty at best and could leave important programs open to nefarious activities, according to a new report from the Government Accountability Office.+More on Network World: Not dead yet: 7 of the oldest federal IT systems still wheezing away+At issue here the GAO wrote is the weakness of “high impact” system protection because the government describes those “that hold sensitive information, the loss of which could cause individuals, the government, or the nation catastrophic harm,” and as such should be getting increased security to protect them.To read this article in full or to leave a comment, please click here

1 2,869 2,870 2,871 2,872 2,873 3,837