Old SAP vulnerability scares Homeland Security

The Department of Homeland Security has issued an alert about a 6-year-old SAP vulnerability that’s still being exploited enough that DHS deems it worthy of special note.But the responsibility for being vulnerable lies with SAP users. “This is a responsibility that falls on SAP customers' information security teams, service providers and external audit firms,” according to an FAQ about the vulnerability that was put out by Onapsis, an SAP-security vendor.And the company is right. The fixes should have been applied by now, since SAP has issued them. SAP issued the following statement about the patches:To read this article in full or to leave a comment, please click here

IDG Contributor Network: Using radio frequency noise detection to identify and track electronic equipment

One day the inventorying of electronic equipment in the workplace could be accomplished through radio frequency (RF) noise detection rather than labelling and tagging. The concept is based on the fact that all electronics always emit distinct radio noise when they’re running.Those unique RF prints could be used instead of serial numbers or expensive, attached RFID identifying tags and could quickly ID the gear. Even gadgets of exactly the same model type appear unique when analyzed, say researchers (PDF).To read this article in full or to leave a comment, please click here

IDG Contributor Network: Using radio frequency noise detection to identify and track electronic equipment

One day the inventorying of electronic equipment in the workplace could be accomplished through radio frequency (RF) noise detection rather than labelling and tagging. The concept is based on the fact that all electronics always emit distinct radio noise when they’re running.Those unique RF prints could be used instead of serial numbers or expensive, attached RFID identifying tags and could quickly ID the gear. Even gadgets of exactly the same model type appear unique when analyzed, say researchers (PDF).To read this article in full or to leave a comment, please click here

11 ergonomic gadgets your body will love

Ergonomics – they do a body goodImage by ThinkstockDo you work long hours on your computer? If so, we know the feeling and have identified a list of gadgets that you can use at your workstation, and which offer the necessary support and comfort as you work. While some may require making some adjustments or take some getting used to, your body will grow to love any of these devices -- in the form of reduced aches and pain.To read this article in full or to leave a comment, please click here

Adobe adds data-science muscle to its cloud services

Finding insights in an ocean of data has become one of today's most pressing business challenges, and software vendors are rushing to help. The latest is Adobe, which has added a host of algorithms in its cloud services to help brands uncover patterns and put them to work.Adobe's Creative, Document and Marketing Cloud services already use data science to help brands hone their message to customers, and the algorithms announced Wednesday add more capabilities.To read this article in full or to leave a comment, please click here

Microsoft’s May 2016 patches fix a boatload of vulnerabilities, including a zero-day

Hello, zero-days. And yes, you should be busy patching them, but Adobe isn’t releasing one of the zero-day fixes for Flash Player until tomorrow (May 12)—even though it is currently being used in real-world attacks.Microsoft released 16 security bulletins, eight of which are rated critical for remote code execution (RCE) and includes a fix for zero-day.Put another way by Bobby Kuzma, CISSP, systems engineer at Core Security: “Another fun and delightful Patch Tuesday, with a number of vulnerabilities with exploits in the wild!”To read this article in full or to leave a comment, please click here

Microsoft’s May 2016 patches fix a boatload of vulnerabilities, including a zero-day

Hello, zero-days. And yes, you should be busy patching them, but Adobe isn’t releasing one of the zero-day fixes for Flash Player until tomorrow (May 12)—even though it is currently being used in real-world attacks.Microsoft released 16 security bulletins, eight of which are rated critical for remote code execution (RCE) and includes a fix for zero-day.Put another way by Bobby Kuzma, CISSP, systems engineer at Core Security: “Another fun and delightful Patch Tuesday, with a number of vulnerabilities with exploits in the wild!”To read this article in full or to leave a comment, please click here

The Death of TRILL

wasteland_large

Networking has come a long way in the last few years. We’ve realized that hardware and ASICs aren’t the constant that we could rely on to make decisions in the next three to five years. We’ve thrown in with software and the quick development cycles that allow us to iterate and roll out new features weekly or even daily. But the hardware versus software battle has played out a little differently than we all expected. And the primary casualty of that battle was TRILL.

Symbiotic Relationship

Transparent Interconnection of Lots of Links (TRILL) was proposed as a solution to the complexity of spanning tree. Radia Perlman realized that her bridging loop solution wouldn’t scale in modern networks. So she worked with the IEEE to solve the problem with TRILL. We also received Shortest Path Bridging (SPB) along the way as an alternative solution to the layer 2 issues with spanning tree. The motive was sound, but the industry has rejected the premise entirely.

Large layer 2 networks have all kinds of issues. ARP traffic, broadcast amplification, and many other numerous issues plague layer 2 when it tries to scale to multiple hundreds or a few thousand nodes. The general rule Continue reading

Performance and Scaling in Enterprise Systems

This is a guest post from Vlad Mihalcea the author of the High-Performance Java Persistence book, on the notion of performance and scalability in enterprise systems.

An enterprise application needs to store and retrieve as much data and as fast as possible. In application performance management, the two most important metrics are response time and throughput.

The lower the response time, the more responsive an application becomes. Response time is, therefore, the measure of performance. Scaling is about maintaining low response times while increasing system load, so throughput is the measure of scalability.

Response time and throughput

US sounds alarm after SAP bug found affecting multinationals

The U.S. government is warning major corporations to check the configuration of their SAP software systems after a computer security company discovered at least 36 global enterprises were still vulnerable to a significant bug patched more than five years ago.The bug allows hackers to remotely gain full administrative access to SAP systems and affects at least 18 of the company's software systems, according to security vendor Onapsis.Using it, attackers can gain "complete control of the business information and processes on these systems, as well as potential access to other systems," the U.S. Department of Homeland Security said in a bulletin. It's only the third time this year the department has issued such a notice.To read this article in full or to leave a comment, please click here

US sounds alarm after SAP bug found affecting multinationals

The U.S. government is warning major corporations to check the configuration of their SAP software systems after a computer security company discovered at least 36 global enterprises were still vulnerable to a significant bug patched more than five years ago.The bug allows hackers to remotely gain full administrative access to SAP systems and affects at least 18 of the company's software systems, according to security vendor Onapsis.Using it, attackers can gain "complete control of the business information and processes on these systems, as well as potential access to other systems," the U.S. Department of Homeland Security said in a bulletin. It's only the third time this year the department has issued such a notice.To read this article in full or to leave a comment, please click here

Catch up on Interop 2016 with these videos

Last week, the Network World and IDG.TV video crew was out in Las Vegas gathering interviews at the Interop 2016 event. We tallied up 10 interviews at the show, ranging in topics from networking to security to Wi-Fi. If you missed the show and want to get a sense of some of the companies and issues discussed, take a look below: Cisco: How the Digital Network Architecture can help the network Cisco had a big presence at Interop (it was the first booth you saw when you entered the expo hall). We got a chance to speak with Jeff Reed, a Cisco SVP and one of the Internet keynoters. In the video, he explains a little bit more about what its Digital Network Architecture (DNA) can do for the future of the enterprise network.To read this article in full or to leave a comment, please click here

Do you know what your APIs are doing?

Almost every company is using at least some cloud services today, and they’re not just using packaged SaaS apps, PaaS services and IaaS virtual machines. Websites and custom apps are built using application programming interfaces (API) for everything from mapping and messaging, to analytics, fraud detection and speech recognition.Software-as-a-service (SaaS) offerings often offer APIs that let you work with them through third-party apps and services, or even build your own. For example, more than 50 percent of Salesforce’s traffic — and revenue — comes through its APIs, rather than directly from its own Web-based service. For eBay, it’s 60 percent, and for Expedia it’s 90 percent. If you use Twilio for sending text messages for customer support or MasterCard fraud detection services, you’re relying on those APIs for your own key business processes. How do you measure and monitor them to find out if you’re getting an acceptable level of service?To read this article in full or to leave a comment, please click here

Latest Windows 10 preview gets loose early

Microsoft had planned to release a Windows 10 update to the company's beta testers today, but the build got loose prematurely, ending up on some users' PCs late Tuesday.After Microsoft realized that build 14342 had escaped its confines, it continued to push it to customers."Some #WindowsInsiders have reported getting PC build 14342. We were staging this for tomorrow and looks like it published too far," tweeted Gabriel Aul, engineering general manager for Microsoft's operating systems group late Tuesday.A few minutes later, Aul added, "I think we'll just keep pushing out, but it may not be fully staged yet."To read this article in full or to leave a comment, please click here

1 2,967 2,968 2,969 2,970 2,971 3,836