10 companies that can help you fight phishing

According to the most recent Verizon data breach report, a phishing email is often the first phase of an attack. That's because it works well, with 30 percent of phishing messages opened, but only 3 percent reported to management.But when employees are trained on how to spot phishing emails, and then get tested with mock phishing emails, the percent who fall victim decreases with each round.Of course, it's impossible to get to a zero response rate. The criminals are becoming extremely clever with their messages. Fortunately, it's not necessary. If enough employees forward phishing emails to security, then the company becomes aware that it is the target of a campaign, and be prepared to deal with those messages that do slip through.To read this article in full or to leave a comment, please click here

Microsoft plugs 300M Windows 10 devices, reiterates July end to free upgrade

Microsoft today said that 300 million "active devices" are running Windows 10, a boost of 30 million, for an increase of 11%, in the last five weeks.The Redmond, Wash. company also warned customers that the Windows 10 free upgrade offer would end July 29, and urged them to grab the deal before it vanishes."Time is running out. The free upgrade offer will end on July 29 and we want to make sure you don't miss out," said Yusuf Mehdi, a senior executive in the Windows and devices group, in a post to a company blog Thursday.To read this article in full or to leave a comment, please click here

Pivotal raises $253M led by Ford, Microsoft

Pivotal, the platform as a service company spun out from VMware and EMC three years ago, today announced plans to close a series C financing round worth $253 million led by Ford, Microsoft and its existing investors GE and its two parent companies.Pivotal is one of the leading vendors behind the Cloud Foundry PaaS, the commercialized version of the open source project. Cloud Foundry provides an environment for developers to build applications; it provisions the infrastructure needed to run and scale them.Perhaps most interesting about the announcement are the new investors: Ford and Microsoft. Ford follows GE as an investor in the company, indicating its heavy use of CF and its desire to ensure the company’s future viability and success. Ford last week launched FordPass, a consumer platform that the company says was built with Pivotal.To read this article in full or to leave a comment, please click here

5 products Intel could cut in its reshuffle

Intel had some wild product ideas that were duds, like the OnCue TV streaming service, WiMax, and smartphone chips. Now, more products are likely to be axed as the company looks to a post-PC world.The chipmaker promised last month to review and cut some products as part of a restructuring plan that included laying off 12,000 employees. The Atom smartphone chips were the first to go while Intel redirects resources to profitable products in areas like servers, 5G connectivity, gaming PCs, and hybrid devices.To read this article in full or to leave a comment, please click here

The Long Future Ahead For Intel Xeon Processors

The personal computer has been the driver of innovation in the IT sector in a lot of ways for the past three and a half decades, but perhaps one of the most important aspects of the PC business is that it gave chip maker Intel a means of perfecting each successive manufacturing technology at high volume before moving it over to more complex server processors that would otherwise have lower yields and be more costly if they were the only chips Intel made with each process.

That PC volume is what gave Intel datacenter prowess, in essence, and it is

The Long Future Ahead For Intel Xeon Processors was written by Timothy Prickett Morgan at The Next Platform.

Why passwords fail end users

At the 2016 Interop show, Network World got a quick demo of Keeper Security's password management and vault app. The company's CEO, Darren Guccione, also explained why most password methods fail end users, and whether biometrics (beyond the fingerprint) will ever catch on as an authentication method.

Tech groups call on presidential candidates to support encryption, embrace other IT issues

U.S. presidential candidates should embrace encryption and narrow government access to Internet users' data as part of a comprehensive technology agenda, IT trade groups say.While the FBI and some lawmakers have pushed in recent months for encryption workarounds in criminal investigations, presidential candidates should "recognize encryption as a critical security tool," 13 tech trade organizations said in a set of tech policy recommendations released late Wednesday.By narrowly targeting governments' access to consumer data, the next president can promote global trust in digital goods and services, said the groups, representing hundreds of tech companies. Trade groups signing the letter included the Telecommunications Industry Association, the Consumer Technology Association, and BSA.To read this article in full or to leave a comment, please click here

Tech groups call on presidential candidates to support encryption, embrace other IT issues

U.S. presidential candidates should embrace encryption and narrow government access to Internet users' data as part of a comprehensive technology agenda, IT trade groups say.While the FBI and some lawmakers have pushed in recent months for encryption workarounds in criminal investigations, presidential candidates should "recognize encryption as a critical security tool," 13 tech trade organizations said in a set of tech policy recommendations released late Wednesday.By narrowly targeting governments' access to consumer data, the next president can promote global trust in digital goods and services, said the groups, representing hundreds of tech companies. Trade groups signing the letter included the Telecommunications Industry Association, the Consumer Technology Association, and BSA.To read this article in full or to leave a comment, please click here

Cisco patch stops attackers from taking over TelePresence systems

Cisco Systems has fixed a critical vulnerability that could allow attackers to take over TelePresence systems,  and patched other high-severity flaws in Cisco FirePOWER and Adaptive Security Appliance devices.The TelePresence software vulnerability stems from an improper authentication mechanism for the XML application programming interface (API). Attackers could exploit it by sending crafted HTTP requests to the XML API in order to bypass authentication and execute unauthorized configuration changes and commands on the system.To read this article in full or to leave a comment, please click here

Cisco patch stops attackers from taking over TelePresence systems

Cisco Systems has fixed a critical vulnerability that could allow attackers to take over TelePresence systems,  and patched other high-severity flaws in Cisco FirePOWER and Adaptive Security Appliance devices.The TelePresence software vulnerability stems from an improper authentication mechanism for the XML application programming interface (API). Attackers could exploit it by sending crafted HTTP requests to the XML API in order to bypass authentication and execute unauthorized configuration changes and commands on the system.To read this article in full or to leave a comment, please click here

Cisco patch stops attackers from taking over TelePresence systems

Cisco Systems has fixed a critical vulnerability that could allow attackers to take over TelePresence systems,  and patched other high-severity flaws in Cisco FirePOWER and Adaptive Security Appliance devices.The TelePresence software vulnerability stems from an improper authentication mechanism for the XML application programming interface (API). Attackers could exploit it by sending crafted HTTP requests to the XML API in order to bypass authentication and execute unauthorized configuration changes and commands on the system.To read this article in full or to leave a comment, please click here

Berkeley Packet Filter (BPF)

Linux bridge, macvlan, ipvlan, adapters discusses how industry standard sFlow technology, widely supported by data center switch vendors, has been extended to provide network visibility into the Linux data plane. This article explores how sFlow's lightweight packet sampling mechanism has been implemented on Linux network adapters.

Linux Socket Filtering aka Berkeley Packet Filter (BPF) describes the recently added prandom_u32() function that allows packets to be randomly sampled in the Linux kernel for efficient monitoring of production traffic.
Background: Enhancing Network Intrusion Detection With Integrated Sampling and Filtering, Jose M. Gonzalez and Vern Paxson, International Computer Science Institute Berkeley, discusses the motivation for adding random sampling BPF and the email thread [PATCH] filter: added BPF random opcode describes the Linux implementation and includes an interesting discussion of the motivation for the patch.
The following code shows how the open source Host sFlow agent implements random 1-in-256 packet sampling as a BPF program:
ld rand
mod #256
jneq #1, drop
ret #-1
drop: ret #0
A JIT for packet filters discusses the Linux Just In Time (JIT) compiler for BFP programs, delivering native machine code performance for compiled filters.

Minimizing cost of visibility describes why low overhead monitoring is an Continue reading