Laptop updaters riddled with security holes

A recent test of pre-installed updater software on 10 laptops showed that every single one had security problems."We went and bought about 10 laptops," said Darren Kemp, security researcher at Duo Security. "And every single vendor had their own piece of software to perform software updates, including the Microsoft Signature Editions, and they were all pretty terrible."For example, some laptop manufacturers weren't using encryption in their updaters."We found exploitable vulnerabilities in every vendor," he said.We found exploitable vulnerabilities in every vendor. Darren Kemp, security researcher at Duo SecurityTo read this article in full or to leave a comment, please click here

IDG Contributor Network: Alibaba invests in ecommerce search game

Ecommerce vendors are increasingly under pressure to deliver the most relevant products to site visitors. As choices available to consumers increase, so too does the requirement to filter the myriad of options and offer the most relevant products in response to a consumer's search. It is for this reason that ecommerce search tools from companies such as SLI Systems are increasingly important.Another player in the space is stealth Israeli company Twiggle. Twiggle combines the buzzwords du jour—machine learning, artificial intelligence and natural language processing—and delivers them within the context of ecommerce search.To read this article in full or to leave a comment, please click here

Startup Nervana joins Google in building hardware tailored for neural networks

At the MIT EmTech Digital conference, startup Nervana announced plans to design and build a custom ASIC processor for neural networks and machine learning applications that the company’s CEO, Naveen Rao, claims will run 10 times faster than graphic processor units (GPU).The news comes after Google last week announced it had secretly deployed its neural network and machine-learning-tailored processors in its data centers about a year ago. The company reported that its custom processor had improved performance by an order of magnitude. Google’s approach and improvements in performance validate Nervana’s technical strategy.To read this article in full or to leave a comment, please click here

65 million Tumblr account records are up for sale on the underground market

A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.To read this article in full or to leave a comment, please click here

65 million Tumblr account records are up for sale on the underground market

A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Components of modern hacking operations

During my conversations with security executives, a topic that consistently comes up is what, exactly, constitutes a modern hacking operation. Security professionals understand they’re no longer facing script kiddies who lack a comprehensive plan. However, they’re also not fully aware of how detail-oriented adversaries are when developing an attack campaign.Today’s hacking operations are well-organized and developed by well-funded teams of highly trained adversaries who have diverse experiences and backgrounds. In fact, attack planning is handled like a business operation and includes hiring plans, budgets and timelines.To help security professionals better understand the attacks they’re facing, I thought I’d share some of my observations on the work that goes into planning a hack.To read this article in full or to leave a comment, please click here

Cisco’s evolution: Technology and branding changes over the years

From niche router vendor to all things networkingCisco’s new campaign “There’s Never Been A Better Time” urges everyone to consider how the network can solve the world’s biggest problems. The company is on a mission to change the world, but it didn’t start out that way. As Cisco evolved from a niche router vendor to the de facto standard for all things networking, so too has its message to the world.    To read this article in full or to leave a comment, please click here

Overclockers have pushed Intel’s new Broadwell chip to 5.7GHz

Intel's new 10-core Broadwell-E gaming chip is only a few hours old, but already overclockers have pushed a 3GHz version of the chip to 5.7GHz and they say they're only just getting started.Overclocking is the process by which software commands and extreme cooling are used to push processors to run faster than they are typically designed to run -- the chip equivalent of putting your foot on the gas and flooring it while keeping your car under control.At an overclocking event at the Computex trade show in Taipei on Tuesday, large tanks of liquid nitrogen stood on the ready to help overclockers keep the processors cool.To read this article in full or to leave a comment, please click here

From scratch: why these mass scans are important

The way the Internet works is that "packets" are sent to an "address". It's the same principle how we send envelopes through the mail. Just put an address on it, hand it to the nearest "router", and the packet will get forwarded hop-to-hop through the Internet in the direction of the destination.

What you see as the address at the top of your web browser, like "www.google.com" or "facebook.com" is not the actual address. Instead, the real address is a number. In much the same way a phonebook (or contact list) translates a person's name to their phone number, there is a similar system that translates Internet names to Internet addresses.

There are only 4 billion Internet addresses. It's a number between between 0 and 4,294,967,296. In binary, it's 32-bits in size, which comes out to that roughly 4 billion combinations.

For no good reason, early Internet pioneers split up that 32-bit number into four 8-bit numbers, which each has 256 combinations (256 × 256 × 256 × 256 = 4294967296). Thus, why write Internet address like "192.168.38.28" or "10.0.0.1". 

Yes, as you astutely point out, there are many more than 4 billion devices Continue reading

Review: Hot new tools to fight insider threats

In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.An entire industry has sprung up to provide a defense against insider threats. We tested products from Fortscale, Avanan, and PFU Systems, with each one concentrating on a different aspect of the problem.To read this article in full or to leave a comment, please click here(Insider Story)

3 top tools to fight insider threats

Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here

3 top tools to fight insider threats

Lurking insideImage by Flickr/Dennis SkleyWe tested three products, each concentrating on a different aspect of the insider threat problem. Fortscale did an amazing job protecting a traditional network. Its machine learning capabilities and concentration on access and authentication logs gives it an extremely high accuracy rate. Cloud-based insider threats can be even harder to detect, yet Avanan uniquely protects against threats related to trusted insiders within the cloud. PFU Systems applies insider threat security to mobile devices with their iNetSec system. (Read the full review.) Here are the individual reviews:To read this article in full or to leave a comment, please click here

Review: Hot new tools to fight insider threats

In the 1979 film When a Stranger Calls, the horror is provided when police tell a young babysitter that the harassing phone calls she has been receiving are coming from inside the house. It was terrifying for viewers because the intruder had already gotten inside, and was presumably free to wreak whatever havoc he wanted, unimpeded by locked doors or other perimeter defenses. In 2016, that same level of fear is being rightfully felt towards a similar danger in cybersecurity: the insider threat.To read this article in full or to leave a comment, please click here(Insider Story)

Intel beefs up VR ammo with Extreme Edition Core i7 chips

Intel considers virtual reality a key growth vector as it reshapes to survive in a post-PC world, and new Core i7 Extreme Edition chips will play a big role in that transition.The new chips, code-named Broadwell-E, are speed demons with up to 10 cores, a new high for Intel PC chips. Primarily for gaming PCs, the new chips will also go in desktops certified to work with headsets like Oculus Rift and HTC Vive.The Core i7-6900 series and 6800 series chips are targeted at enthusiasts looking for the latest and greatest technologies in PCs. These chips can be overclocked and unlocked, which could instantly upgrade PC performance by cranking up CPU frequency.To read this article in full or to leave a comment, please click here

VRRP Skew Time (and always be learning…)

It’s funny how you can work with something for years, but miss a small detail. This week I learnt about Skew Time for VRRP. The reason for it is completely obvious once you think about it, but for some reason the detail had escaped me for all these years.

VRRP Hellos

VRRP sends out a “hello” multicast every <hello> seconds. Usually this is something like every 1 or 3 seconds. Unlike HSRP, only the current master sends out hello messages. This contains the current master priority & status.

The backup devices listen out for this hello message. If they think they have a higher priority, or if they fail to hear the hello message, they will assume the role of master.

Down Interval

Changing from backup to master because of one missed hello could cause network instability. There’s a common rule used for all keepalive-type messages, where backup devices will wait for three missed polls/keepalives before declaring something ‘down.’

NB: HSRP is slightly different here – the holdtime can be manually specified, including to a shorter time than the hello time, if you’re feeling spectacularly stupid.

VRRP is similar. It waits three poll intervals before declaring the master ‘down,’ and attempting to Continue reading

Spousetivities at DockerCon 2016

Long-time readers of my site know that my wife, Crystal, launched what is now known as Spousetivities at VMworld 2008. Since that time, she’s been able to organize activities for hundreds of companions at dozens of events around the world. This year she’s adding another event to the roster: DockerCon 2016 in Seattle!

That’s right, Crystal and Spousetivities will be available at DockerCon in Seattle. Here’s a quick look at some of the things she’s got planned:

  • Morning yoga on both Monday and Tuesday (both days of the conference), led by a Docker employee
  • Food tour plus a visit to Woodland Park Zoo (great option for attendees traveling with kids)
  • Tours of Seattle on both Monday and Tuesday, including stops at the Space Needle, Pioneer Square, Pike Place Market, and the Kerry Park scenic overlook.
  • Wine and chocolate tastings plus a visit to Sqonalmie Falls

All in all, it sounds like a great set of activities. Also, I’m very impressed that DockerCon is also offering childcare during the event. Between Spousetivities offering kid-friendly events both days and DockerCon providing childcare, there’s no reason not to bring the family with you to Seattle.

If you’re interested in signing up for any Continue reading

Worth Reading: Plumgrid, Cumulus, and SDN

With the advent of Software Defined Networking, enterprises are able to manage their network through a series of abstracted layers, offering a flexibility that was out of reach even 10 years ago. While this may seem futuristic to some, SDN is quickly becoming the new standard when working with containers, networks, and VMs at scale. The New Stack

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Plumgrid, Cumulus, and SDN appeared first on 'net work.

1 2,897 2,898 2,899 2,900 2,901 3,808