Why passwords fail end users

At the 2016 Interop show, Network World got a quick demo of Keeper Security's password management and vault app. The company's CEO, Darren Guccione, also explained why most password methods fail end users, and whether biometrics (beyond the fingerprint) will ever catch on as an authentication method.

Tech groups call on presidential candidates to support encryption, embrace other IT issues

U.S. presidential candidates should embrace encryption and narrow government access to Internet users' data as part of a comprehensive technology agenda, IT trade groups say.While the FBI and some lawmakers have pushed in recent months for encryption workarounds in criminal investigations, presidential candidates should "recognize encryption as a critical security tool," 13 tech trade organizations said in a set of tech policy recommendations released late Wednesday.By narrowly targeting governments' access to consumer data, the next president can promote global trust in digital goods and services, said the groups, representing hundreds of tech companies. Trade groups signing the letter included the Telecommunications Industry Association, the Consumer Technology Association, and BSA.To read this article in full or to leave a comment, please click here

Tech groups call on presidential candidates to support encryption, embrace other IT issues

U.S. presidential candidates should embrace encryption and narrow government access to Internet users' data as part of a comprehensive technology agenda, IT trade groups say.While the FBI and some lawmakers have pushed in recent months for encryption workarounds in criminal investigations, presidential candidates should "recognize encryption as a critical security tool," 13 tech trade organizations said in a set of tech policy recommendations released late Wednesday.By narrowly targeting governments' access to consumer data, the next president can promote global trust in digital goods and services, said the groups, representing hundreds of tech companies. Trade groups signing the letter included the Telecommunications Industry Association, the Consumer Technology Association, and BSA.To read this article in full or to leave a comment, please click here

Cisco patch stops attackers from taking over TelePresence systems

Cisco Systems has fixed a critical vulnerability that could allow attackers to take over TelePresence systems,  and patched other high-severity flaws in Cisco FirePOWER and Adaptive Security Appliance devices.The TelePresence software vulnerability stems from an improper authentication mechanism for the XML application programming interface (API). Attackers could exploit it by sending crafted HTTP requests to the XML API in order to bypass authentication and execute unauthorized configuration changes and commands on the system.To read this article in full or to leave a comment, please click here

Cisco patch stops attackers from taking over TelePresence systems

Cisco Systems has fixed a critical vulnerability that could allow attackers to take over TelePresence systems,  and patched other high-severity flaws in Cisco FirePOWER and Adaptive Security Appliance devices.The TelePresence software vulnerability stems from an improper authentication mechanism for the XML application programming interface (API). Attackers could exploit it by sending crafted HTTP requests to the XML API in order to bypass authentication and execute unauthorized configuration changes and commands on the system.To read this article in full or to leave a comment, please click here

Cisco patch stops attackers from taking over TelePresence systems

Cisco Systems has fixed a critical vulnerability that could allow attackers to take over TelePresence systems,  and patched other high-severity flaws in Cisco FirePOWER and Adaptive Security Appliance devices.The TelePresence software vulnerability stems from an improper authentication mechanism for the XML application programming interface (API). Attackers could exploit it by sending crafted HTTP requests to the XML API in order to bypass authentication and execute unauthorized configuration changes and commands on the system.To read this article in full or to leave a comment, please click here

Berkeley Packet Filter (BPF)

Linux bridge, macvlan, ipvlan, adapters discusses how industry standard sFlow technology, widely supported by data center switch vendors, has been extended to provide network visibility into the Linux data plane. This article explores how sFlow's lightweight packet sampling mechanism has been implemented on Linux network adapters.

Linux Socket Filtering aka Berkeley Packet Filter (BPF) describes the recently added prandom_u32() function that allows packets to be randomly sampled in the Linux kernel for efficient monitoring of production traffic.
Background: Enhancing Network Intrusion Detection With Integrated Sampling and Filtering, Jose M. Gonzalez and Vern Paxson, International Computer Science Institute Berkeley, discusses the motivation for adding random sampling BPF and the email thread [PATCH] filter: added BPF random opcode describes the Linux implementation and includes an interesting discussion of the motivation for the patch.
The following code shows how the open source Host sFlow agent implements random 1-in-256 packet sampling as a BPF program:
ld rand
mod #256
jneq #1, drop
ret #-1
drop: ret #0
A JIT for packet filters discusses the Linux Just In Time (JIT) compiler for BFP programs, delivering native machine code performance for compiled filters.

Minimizing cost of visibility describes why low overhead monitoring is an Continue reading

IDG Contributor Network: Puppet aims for the sky, appoints new CTO

Puppet CEO Luke Kanies has seen a lots of change since he founded Puppet.The company, whose goal is to make the deployment of IT infrastructure quicker and easier than before, came about around the time widespread adoption of virtualization occurred. This adoption called for a new way of working: instead of physically racking and stacking machines and installing software on them at the same time, the ability to programmatically set up servers called for a new way to set up the software that runs on them. This is the area that Puppet and its arch-rival Chef are focused on.To read this article in full or to leave a comment, please click here

Cybersecurity Plan for POTUS 45

Okay, the presidential primaries are winding down, and while I expect lots of name calling, insults and general sophomoric behavior this summer and fall, it’s time for both parties to step up with a strong plan for cybersecurity.Cybersecurity?  You’d really never know that it’s a national issue based upon the proceedings so far.  Governor Bush put out a two-page overview while Dr. Ben Carson’s team drafted a high-level proposal.  Neither one of these documents really dug into existing policies, domestic challenges, or International issues.  With the exception of John McAfee, no one has gotten into any detail on this topic.Now I know that cybersecurity can be the geekiest of geeky topics so the Presidential candidates need to address it at the right level.  The best plan will appeal to voters’ personal interests, offer financial incentives and opportunities, and demonstrate U.S. leadership in International affairs.  Additionally, the plan should align cybersecurity issues with technology innovation and a changing economy.To read this article in full or to leave a comment, please click here

Cybersecurity Plan for POTUS 45

Okay, the presidential primaries are winding down, and while I expect lots of name calling, insults and general sophomoric behavior this summer and fall, it’s time for both parties to step up with a strong plan for cybersecurity.Cybersecurity?  You’d really never know that it’s a national issue based upon the proceedings so far.  Governor Bush put out a two-page overview while Dr. Ben Carson’s team drafted a high-level proposal.  Neither one of these documents really dug into existing policies, domestic challenges, or International issues.  With the exception of John McAfee, no one has gotten into any detail on this topic.Now I know that cybersecurity can be the geekiest of geeky topics so the Presidential candidates need to address it at the right level.  The best plan will appeal to voters’ personal interests, offer financial incentives and opportunities, and demonstrate U.S. leadership in International affairs.  Additionally, the plan should align cybersecurity issues with technology innovation and a changing economy.To read this article in full or to leave a comment, please click here

50% off Anker Portable Charger PowerCore – Deal Alert

The powerful 20000mAh PowerCore 20100 from Anker weighs just 12.5 oz, but fully charges most phones and tablets to 100% several times over without needing to be recharged. It charges the iPhone 6s seven times, the Galaxy S6 five times or the iPad mini 4 twice. Industry leading output of 4.8 amps provides enough power to simultaneously charge any combination of devices at full speed. Surge protection, short circuit protection and more advanced safety features keep your devices safe. For additional peace of mind, the Anker PowerCore 20100 comes with an 18 month warranty and easily accessible customer service. It currently averages 5 out of 5 stars on Amazon from over 3,200 people (85% rate it 5 stars -- read reviews). With a regular list price of $79.99, Amazon has it discounted by $40, making it available right now for just $39.99. To read this article in full or to leave a comment, please click here

How Intel knocked itself out of the smartphone chip market

Intel's decision to pass on making chips for Apple's iPhone back in 2007 now looks like a huge mistake. Former CEO Paul Otellini admitted as much in a 2013 interview with The Atlantic. Intel has now bailed out of the smartphone chip market while Apple is flying high with its iPhones, based on its own A-series chips. Intel has cancelled its upcoming Atom chip lines for smartphones, including Broxton and the Sofia 3GX, Sofia LTE and Sofia LTE2 commercial platforms. That decision ends close to a decade of futility with Intel trying to outmaneuver rivals like Qualcomm, Apple, and Samsung, which make mobile chips based technology licensed from ARM.To read this article in full or to leave a comment, please click here