Worth Reading: Ambry Open Source Object Store

Today, we are announcing that Ambry is now available as an open source project under the Apache 2.0 license. Ambry is optimized to store and serve media. Media content has become critical for any website to increase user engagement, virality and monetization. Media pipelines will need to be supported by more companies, especially with the advancement of video and virtual reality. -LinkedIn Engineering Blog

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Ambry Open Source Object Store appeared first on 'net work.

What are hackers up to these days?

The long answer is more complex, but security vendor Trustwave offered some insights in its 2016 Trustwave Global Security Report, which was released last month."Criminals are getting a lot savvier," says Karl Sigler, Trustwave's threat intelligence manager. "We're seeing their tactics changing a little bit."New bad news In the study, Trustwave found that compromises affecting corporate and internal networks hit 40 percent in 2015, up from 18 percent from the year before."Criminals are discovering that if they can get themselves embedded into a corporate network, there's a wealth of monetizable data in those networks," says Sigler. This could also be a result of what he calls a "drastic decline" in the rate of point-of-sale breaches, which dropped by 18 percentage points from 2014 to 2015, according to the study. "Criminals don't go away. They just shift targets," he says.To read this article in full or to leave a comment, please click here

What are hackers up to these days?

The long answer is more complex, but security vendor Trustwave offered some insights in its 2016 Trustwave Global Security Report, which was released last month."Criminals are getting a lot savvier," says Karl Sigler, Trustwave's threat intelligence manager. "We're seeing their tactics changing a little bit."New bad news In the study, Trustwave found that compromises affecting corporate and internal networks hit 40 percent in 2015, up from 18 percent from the year before."Criminals are discovering that if they can get themselves embedded into a corporate network, there's a wealth of monetizable data in those networks," says Sigler. This could also be a result of what he calls a "drastic decline" in the rate of point-of-sale breaches, which dropped by 18 percentage points from 2014 to 2015, according to the study. "Criminals don't go away. They just shift targets," he says.To read this article in full or to leave a comment, please click here

How data virtualization delivers on the DevOps promise

Using live data in development means you can test real workloads and get realistic results in transactions and reports. It’s also a significant security risk, as U.K. baby retailer Kiddicare recently found out: The company used real customer names, delivery addresses, email addresses and telephone numbers on a test site, only to have the data extracted and used to send phishing text messages to customers.To read this article in full or to leave a comment, please click here(Insider Story)

How data virtualization delivers on the DevOps promise

Using live data in development means you can test real workloads and get realistic results in transactions and reports. It’s also a significant security risk, as U.K. baby retailer Kiddicare recently found out: The company used real customer names, delivery addresses, email addresses and telephone numbers on a test site, only to have the data extracted and used to send phishing text messages to customers.In 2015, Patreon CEO Jack Conte admitted the names, shipping addresses and email addresses for 2.3 million users of the crowdfunding site had been breached, also “via a debug version of our website that was visible to the public” that had a “development server that included a snapshot of our production database.” And earlier this year a developer at Sydney University in Australia lost a laptop containing an unencrypted copy of a database with the personal and medical details of 6,700 disabled students.To read this article in full or to leave a comment, please click here(Insider Story)

A recently patched Flash Player exploit is being used in widespread attacks

It took hackers less than two weeks to integrate a recently patched Flash Player exploit into widely used Web-based attack tools that are being used to infect computers with malware.The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a security alert from Adobe Systems and a patch two days later.To read this article in full or to leave a comment, please click here

A recently patched Flash Player exploit is being used in widespread attacks

It took hackers less than two weeks to integrate a recently patched Flash Player exploit into widely used Web-based attack tools that are being used to infect computers with malware.The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a security alert from Adobe Systems and a patch two days later.To read this article in full or to leave a comment, please click here

Identity and access management infrastructure is misaligned with security

Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e., user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess. Yup, this makes sense. Armed with identity attributes, organizations can make intelligent network access decisions on who gets access to which IT assets regardless of their location. Unfortunately, there is a big problem here. The identity and access management (IAM) infrastructure was built organically over the last 10-15 years, so it depends upon a morass of disconnected and fragile elements. This situation greatly impacts security. To read this article in full or to leave a comment, please click here

Identity and Access Management infrastructure is misaligned with security

Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e., user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.Yup, this makes sense. Armed with identity attributes, organizations can make intelligent network access decisions on who gets access to which IT assets regardless of their location. Unfortunately, there is a big problem here. The identity and access management (IAM) infrastructure was built organically over the last 10-15 years, so it depends upon a morass of disconnected and fragile elements. This situation greatly impacts security. To read this article in full or to leave a comment, please click here

Identity and Access Management (IAM) Infrastructure is Misaligned with Security

Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter.  The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete so security policy enforcement decisions must be driven by identity attributes (i.e. user identity, role, device identity, location, etc.) rather than IP packet attributes.  We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.Yup, this makes sense.  Armed with identity attributes, organizations can make intelligent network access decisions on who gets access to which IT assets regardless of their location.  Unfortunately, there is a big problem here.  The IAM infrastructure was built organically over the last 10-15 years so it depends upon a morass of disconnected and fragile elements.  This situation greatly impacts security. To read this article in full or to leave a comment, please click here

Golang net package: UDP Client with Specific Source Port

Well you found it if you were looking for it. If you are using the Golang net package and need to set a specific source port for the UDP or TCP dial functions, then look no further. Why might you want to control your source port and not leave it to random selection in the range of 1024-65535? Some server software might be hardwired to listen to communications coming from a specific source port and might not respond to packets originating from any other source port on a client. With the IoT world growing rapidly, this issue bit me recently and I didn’t figure it out immediately. Maybe it’s my old school brain not being down with the kids. Who knows. Solved it in the end, so sharing here to help you!

It was late on a Saturday night

Pizza had been eaten. Pepsi was being consumed. A crazy Saturday evening one would say. Alas, a friend and I had decoded the communications of an IoT device and wanted to write some better client software. The software client happened to carry out discovery using a specific source port destined to the same port, then when the mode changed from discovery Continue reading

IDG Contributor Network: JFrog Xray provides application transparency

Applications today look different from how they looked only a few short years ago. Instead of generally monolithic architecture, modern applications take on a far more modular approach leveraging component third-party services, new ways to deploy and interactions with an increasing number of third-party systems and tools. All of this complexity makes it hard for developers, operations teams or a combination thereof to really see what is going on.For that reason, vendors are increasingly looking to offer visibility as a specific product. That is the case for JFrog, which today announced Xray, a tool that aims to deliver transparency across applications. JFrog offers software management and distribution tools. Given that it already helps organizations deploy applications and manage those applications, it is a natural progression to offer visibility across those apps.To read this article in full or to leave a comment, please click here

EIGRP Feasible Successor

One of the advantages of EIGRP Feasible Successor is that it speeds up the EIGRP. In fact, if there is a Feasible Successor in the EIGRP network, such network converges faster than OSPF or IS-IS. But what is EIGRP Feasible Successor and how can we find EIGRP Feasible Successor? Or, if there is EIGRP Feasible […]

The post EIGRP Feasible Successor appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

How Microsoft’s tricky new Windows 10 pop-up deceives you into upgrading

This morning, the unthinkable happened: My wife, an avowed PC user who long ago swore to never touch an Apple device, started shopping around for a Mac Mini. And it’s all thanks to Windows 10. Or rather, the nasty new way that Microsoft’s tricking Windows 7 and 8 users into automatically updating to Windows 10.I adore Windows 10, but I’ve long been a vocal critic of the heavy-handed tactics that Microsoft’s been using to force people into the upgrade, all to hit a goal of migrating 1 billion users to an operating system brimming with freemium services and ads. The annoying “Get Windows 10” pop-up began using deceiving malware-like tactics months ago, but it recently received an overhaul that seems purposefully designed to confuse users who have been wearily slogging through the nagging for half a year now.To read this article in full or to leave a comment, please click here

6 ways to add a second line to your smartphone

About a year ago I started a new business offering interactive "escape room" challenges in the Detroit area. Although I'd hoped to keep it strictly an online affair, with an informative website and simple ticketing system, it quickly became clear I'd need a phone line. Customers needed a way to reach me with questions, booking issues and so on.To read this article in full or to leave a comment, please click here(Insider Story)

7 programming languages we love to hate — but can’t live without

The well-meaning advice to not carry a grudge certainly didn’t come from anyone who’s wrestled with a computer for a living. Toil for anytime with the infernal logic of a programming language and you’ll know the horrors of the inky void where the worst bugs dwell.Sure, everyone loves a computer language when they first encounter it. And why wouldn’t we, with all those “hello world” examples that show how powerful the language can be in three lines of code. Programming languages are defined to be implicitly logical, but that doesn’t mean they spread logic everywhere they go. A pleasant barkeep may make the lives of everyone at the bar happier. A brave firefighter radiates bravery. But the logical mechanisms of programming languages often breed illogic, confusion, and doubt.To read this article in full or to leave a comment, please click here

Open source job market booming

Recruiting open source talent is a top priority for IT recruiters and hiring managers in 2016. According to the 2016 Open Source Jobs Report released today by IT hiring platform Dice.com and The Linux Foundation, 65 percent of hiring managers say open source hiring will increase more than any other part of their business over the next six months, and 79 percent of hiring managers have increased incentives to hold on to their current open source professionals.To read this article in full or to leave a comment, please click here

1 2,873 2,874 2,875 2,876 2,877 3,767