Microsoft’s May 2016 patches fix a boatload of vulnerabilities, including a zero-day

Hello, zero-days. And yes, you should be busy patching them, but Adobe isn’t releasing one of the zero-day fixes for Flash Player until tomorrow (May 12)—even though it is currently being used in real-world attacks.Microsoft released 16 security bulletins, eight of which are rated critical for remote code execution (RCE) and includes a fix for zero-day.Put another way by Bobby Kuzma, CISSP, systems engineer at Core Security: “Another fun and delightful Patch Tuesday, with a number of vulnerabilities with exploits in the wild!”To read this article in full or to leave a comment, please click here

The Death of TRILL

wasteland_large

Networking has come a long way in the last few years. We’ve realized that hardware and ASICs aren’t the constant that we could rely on to make decisions in the next three to five years. We’ve thrown in with software and the quick development cycles that allow us to iterate and roll out new features weekly or even daily. But the hardware versus software battle has played out a little differently than we all expected. And the primary casualty of that battle was TRILL.

Symbiotic Relationship

Transparent Interconnection of Lots of Links (TRILL) was proposed as a solution to the complexity of spanning tree. Radia Perlman realized that her bridging loop solution wouldn’t scale in modern networks. So she worked with the IEEE to solve the problem with TRILL. We also received Shortest Path Bridging (SPB) along the way as an alternative solution to the layer 2 issues with spanning tree. The motive was sound, but the industry has rejected the premise entirely.

Large layer 2 networks have all kinds of issues. ARP traffic, broadcast amplification, and many other numerous issues plague layer 2 when it tries to scale to multiple hundreds or a few thousand nodes. The general rule Continue reading

Performance and Scaling in Enterprise Systems

This is a guest post from Vlad Mihalcea the author of the High-Performance Java Persistence book, on the notion of performance and scalability in enterprise systems.

An enterprise application needs to store and retrieve as much data and as fast as possible. In application performance management, the two most important metrics are response time and throughput.

The lower the response time, the more responsive an application becomes. Response time is, therefore, the measure of performance. Scaling is about maintaining low response times while increasing system load, so throughput is the measure of scalability.

Response time and throughput

US sounds alarm after SAP bug found affecting multinationals

The U.S. government is warning major corporations to check the configuration of their SAP software systems after a computer security company discovered at least 36 global enterprises were still vulnerable to a significant bug patched more than five years ago.The bug allows hackers to remotely gain full administrative access to SAP systems and affects at least 18 of the company's software systems, according to security vendor Onapsis.Using it, attackers can gain "complete control of the business information and processes on these systems, as well as potential access to other systems," the U.S. Department of Homeland Security said in a bulletin. It's only the third time this year the department has issued such a notice.To read this article in full or to leave a comment, please click here

US sounds alarm after SAP bug found affecting multinationals

The U.S. government is warning major corporations to check the configuration of their SAP software systems after a computer security company discovered at least 36 global enterprises were still vulnerable to a significant bug patched more than five years ago.The bug allows hackers to remotely gain full administrative access to SAP systems and affects at least 18 of the company's software systems, according to security vendor Onapsis.Using it, attackers can gain "complete control of the business information and processes on these systems, as well as potential access to other systems," the U.S. Department of Homeland Security said in a bulletin. It's only the third time this year the department has issued such a notice.To read this article in full or to leave a comment, please click here

Catch up on Interop 2016 with these videos

Last week, the Network World and IDG.TV video crew was out in Las Vegas gathering interviews at the Interop 2016 event. We tallied up 10 interviews at the show, ranging in topics from networking to security to Wi-Fi. If you missed the show and want to get a sense of some of the companies and issues discussed, take a look below: Cisco: How the Digital Network Architecture can help the network Cisco had a big presence at Interop (it was the first booth you saw when you entered the expo hall). We got a chance to speak with Jeff Reed, a Cisco SVP and one of the Internet keynoters. In the video, he explains a little bit more about what its Digital Network Architecture (DNA) can do for the future of the enterprise network.To read this article in full or to leave a comment, please click here

Do you know what your APIs are doing?

Almost every company is using at least some cloud services today, and they’re not just using packaged SaaS apps, PaaS services and IaaS virtual machines. Websites and custom apps are built using application programming interfaces (API) for everything from mapping and messaging, to analytics, fraud detection and speech recognition.Software-as-a-service (SaaS) offerings often offer APIs that let you work with them through third-party apps and services, or even build your own. For example, more than 50 percent of Salesforce’s traffic — and revenue — comes through its APIs, rather than directly from its own Web-based service. For eBay, it’s 60 percent, and for Expedia it’s 90 percent. If you use Twilio for sending text messages for customer support or MasterCard fraud detection services, you’re relying on those APIs for your own key business processes. How do you measure and monitor them to find out if you’re getting an acceptable level of service?To read this article in full or to leave a comment, please click here

Latest Windows 10 preview gets loose early

Microsoft had planned to release a Windows 10 update to the company's beta testers today, but the build got loose prematurely, ending up on some users' PCs late Tuesday.After Microsoft realized that build 14342 had escaped its confines, it continued to push it to customers."Some #WindowsInsiders have reported getting PC build 14342. We were staging this for tomorrow and looks like it published too far," tweeted Gabriel Aul, engineering general manager for Microsoft's operating systems group late Tuesday.A few minutes later, Aul added, "I think we'll just keep pushing out, but it may not be fully staged yet."To read this article in full or to leave a comment, please click here

FBI/Apple privacy fight left out a major player: the data carriers

The recent standoff between Apple and the FBI over the agency’s demand that the company provide a way to unlock the iPhone of a dead terrorist, was "resolved" when the FBI “bought a tool,” according to Director James Comey.But that, of course, didn’t resolve the fundamental, ongoing conflict between the government's need for digital surveillance capabilities to assist with law enforcement and national security on one side, and the American commitment to personal privacy on the other.To read this article in full or to leave a comment, please click here

Networks need automation — just ask the U.S. military

IT professionals are looking to software-defined networking to automate what are still complex and vulnerable systems controlled by human engineers. Major General Sarah Zabel knows where they’re coming from.Zabel is the vice director of the Defense Information Systems Agency (DISA), which provides IT support for all U.S. combat operations. Soldiers, officers, drones, and the president all rely on DISA to stay connected. Its network is the epitome of a system that’s both a headache to manage and a prime hacking target.Zabel was a featured speaker on Tuesday at the Open Networking User Group conference, a Silicon Valley gathering of enterprise IT leaders who want to steer vendors toward technologies that meet their real needs. Members include large retailers, financial institutions, and manufacturers.To read this article in full or to leave a comment, please click here

Networks need automation — just ask the U.S. military

IT professionals are looking to software-defined networking to automate what are still complex and vulnerable systems controlled by human engineers. Major General Sarah Zabel knows where they’re coming from.Zabel is the vice director of the Defense Information Systems Agency (DISA), which provides IT support for all U.S. combat operations. Soldiers, officers, drones, and the president all rely on DISA to stay connected. Its network is the epitome of a system that’s both a headache to manage and a prime hacking target.Zabel was a featured speaker on Tuesday at the Open Networking User Group conference, a Silicon Valley gathering of enterprise IT leaders who want to steer vendors toward technologies that meet their real needs. Members include large retailers, financial institutions, and manufacturers.To read this article in full or to leave a comment, please click here

Networks need automation — just ask the U.S. military

IT professionals are looking to software-defined networking to automate what are still complex and vulnerable systems controlled by human engineers. Major General Sarah Zabel knows where they’re coming from.Zabel is the vice director of the Defense Information Systems Agency (DISA), which provides IT support for all U.S. combat operations. Soldiers, officers, drones, and the president all rely on DISA to stay connected. Its network is the epitome of a system that’s both a headache to manage and a prime hacking target.Zabel was a featured speaker on Tuesday at the Open Networking User Group conference, a Silicon Valley gathering of enterprise IT leaders who want to steer vendors toward technologies that meet their real needs. Members include large retailers, financial institutions, and manufacturers.To read this article in full or to leave a comment, please click here

IBM Research Lead Charts Scope of Watson AI Effort

Over the past few years, IBM has been devoting a great deal of corporate energy into developing Watson, the company’s Jeopardy-beating supercomputing platform. Watson represents a larger focus at IBM that integrates machine learning and data analytics technologies to bring cognitive computing capabilities to its customers.

To find out about how the company perceives its own invention, we asked IBM Fellow Dr. Alessandro Curioni to characterize Watson and how it has evolved into new application domains. Curioni, will be speaking on the subject at the upcoming ISC High Performance conference. He is an IBM Fellow, Vice President Europe and

IBM Research Lead Charts Scope of Watson AI Effort was written by Nicole Hemsoth at The Next Platform.

Hackers exploit unpatched Flash Player vulnerability, Adobe warns

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion.The Flash Player vulnerability is being tracked as CVE-2016-4117 and affects Flash Player versions 21.0.0.226 and earlier for Windows, OS X, Linux, and Chrome OS. Successful exploitation can allow attackers to take control of affected systems."Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild," the company said in an advisory published Tuesday. "Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12."To read this article in full or to leave a comment, please click here

Hackers exploit unpatched Flash Player vulnerability, Adobe warns

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion.The Flash Player vulnerability is being tracked as CVE-2016-4117 and affects Flash Player versions 21.0.0.226 and earlier for Windows, OS X, Linux, and Chrome OS. Successful exploitation can allow attackers to take control of affected systems."Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild," the company said in an advisory published Tuesday. "Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12."To read this article in full or to leave a comment, please click here

1 2,899 2,900 2,901 2,902 2,903 3,767