N.Y. prosecutor wants Apple to turn back security clock to 2013

A New York prosecutor tomorrow plans to urge Congress to write legislation that would require Apple to roll back iPhone security to the model of 2013's iOS 7, according to prepared testimony published today.Cyrus Vance Jr., the District Attorney for New York County, will testify before the House Judiciary Committee tomorrow as one of three witnesses at a hearing to discuss encryption. The others include Bruce Sewell, Apple's general counsel, and Susan Landau, a professor of cybersecurity policy at the Worcester Polytechnic Institute in Worcester, Mass.+ WHAT DO OTHERS THINK? Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone +To read this article in full or to leave a comment, please click here

NASA wants to get supersonic with new passenger jet

NASA wants to put a supersonic passenger jet back in the sky that promises to a soft thump or supersonic heartbeat as the agency called it -- rather than the disruptive boom currently associated with such high-speed flight.The “low-boom” aircraft known as Quiet Supersonic Technology (QueSST) will be built by a team led by Lockheed Martin Aeronautics which will get $20 million to develop baseline aircraft requirements and a preliminary aircraft design.+More on Network World: NASA: What cool future passenger aircraft will look like+To read this article in full or to leave a comment, please click here

IP is running out of gas. It’s time for the New IP

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.

The technology industry operates on micro and mega cycles of innovation. Micro cycles happen every hour, day, week and year. Mega cycles are far more rare, occurring every 20 years or so, like the leap from mainframes to client-server computing.

We are now entering the next mega innovation cycle. As with the previous seismic shifts, the benefits will be massive for those who adapt and potentially catastrophic for those who do not.  We all know the compute layer is moving to the cloud – we’ve been watching this shift for years. Big Data, mobility, and the Internet of Things (IoT) are well on their way. Security, which seems to grab all the headlines lately, is still clearly a work in progress.

To read this article in full or to leave a comment, please click here

IP is running out of gas. It’s time for the New IP

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors. The technology industry operates on micro and mega cycles of innovation. Micro cycles happen every hour, day, week and year. Mega cycles are far more rare, occurring every 20 years or so, like the leap from mainframes to client-server computing. We are now entering the next mega innovation cycle. As with the previous seismic shifts, the benefits will be massive for those who adapt and potentially catastrophic for those who do not.  We all know the compute layer is moving to the cloud – we’ve been watching this shift for years. Big Data, mobility, and the Internet of Things (IoT) are well on their way. Security, which seems to grab all the headlines lately, is still clearly a work in progress.To read this article in full or to leave a comment, please click here

Why you should care about complexity

If you look across a wide array of networking problems, you will see what is an apparently wide array of dissimilar and unrelated problems engineers deal with on a daily basis. For instance—

  • Should I split this flooding domain into multiple parts? If so, where should I divide it?
  • Which routing protocol should I use on this network topology, and to solve this set of problems?
  • How should I configure the Quality of Service parameters on this network?
  • Should I use MPLS on my data center fabric, or straight IP?

Over my years as a network engineer, I’ve always treated these as separate sorts of problems, each with their own tradeoffs, concepts, and models. In fact, I’ve been a kindof “collector of models” over the years, trying to find different models to address each situation. In the Art of Network Architecture, there’s an entire chapter on the models Denise and I have run in to over the years, where they seem to be useful, and where they seem to be limited. complexity-model

But keeping all of these models in my head didn’t help me generalize the problems I faced in building and troubleshooting networks. For instance, in the flooding domain instance Continue reading

IBM to buy Resilient Systems, bringing security guru Bruce Schneier on board

IBM will acquire Resilient Systems, it announced Monday, and along with the company, it will gain a big name in the security world: Bruce Schneier.Resilient makes an incident-response platform that automates and orchestrates the processes for dealing with cyber incidents such as breaches and lost devices, and enabling companies to respond more quickly. The acquisition will give IBM Security the industry's first integrated end-to-end platform combining analytics, forensics, vulnerability management and incident response, the company said.IBM intends to bring Resilient's full staff of roughly 100 on board once the acquisition is completed, including cryptographer and security guru Bruce Schneier, Resilient's CTO.To read this article in full or to leave a comment, please click here

Security product solves the network Heisenberg Uncertainty Principle

If you’re a physics fan like me, you’ll know the famous Heisenberg Uncertainty Principle that states you cannot know a particle's exact location and velocity at the same time. If you shine a light on the particle to see where it is, you change the speed or direction causing a big problem for particle physicists.  Network security has a similar conundrum. Every organization wants the best possible security but often any kind of increase in network visibility to improve security requires a reduction in performance because of the overhead associated with that task. A ZK Research (I am an employee of ZK Research) study last year revealed a couple of interesting but not surprising facts. The first is that almost half the respondents claim they must continually make trade offs between network performance and security. The second one is that a little over a third of the respondents actually turn security features off, that is make the environment less secure, in order to maintain performance. So security professionals are always in a state of juggling performance and security.To read this article in full or to leave a comment, please click here

Apple spells out what it would take to comply with government’s iPhone order

Apple last week argued that assisting the FBI in the agency's attempt to access an iPhone used by one of the San Bernardino killers would be an undue burden that would require a staff of between six and ten people who would have to dedicate two to four weeks of their time to the task.In a motion filed Friday with a California court, Apple ticked off several constitutional arguments against helping the FBI break into the iPhone used by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., on Dec. 2, 2015, before they died in a shootout with police.To read this article in full or to leave a comment, please click here

Apple’s top counsel to tell Congress, ‘Encryption is a necessary thing’

Apple’s refusal to help the FBI brute-force the iPhone 5c passcode of the San Bernardino shooter will most likely play out in the courts—the first hearing is scheduled for March 22 in Riverside, California. But Congress has a role to play too.On Tuesday, Apple Senior Vice President and General Counsel Bruce Sewell will testify before the House Judiciary Committee, stressing that while Apple does respect and assist law enforcement, what the FBI wants this time simply goes too far.One of Apple’s strategies is to argue that Congress should pass legislation to cover cases like this, instead of using the more broad All Writs Act, which was first passed in 1789 and last updated in 1946. Apple thinks a more modern statute like the Communications for Assistance for Law Enforcement Act (CALEA) would be more appropriate, although the Department of Justice disagrees that it’s applicable here.To read this article in full or to leave a comment, please click here

Cyber security tools tend to pile up. Here’s how to rationalize them

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.

It’s a cliché, but “change is the only constant.”  Every company periodically reviews and makes changes to their applications, processes and solutions they use to conduct business. And nowhere is this rationalization more important than in the ever-shifting and increasingly perilous arena of cyber security.

Companies often begin the security rationalization process after accumulating a portfolio of tools over the years (i.e. penetration testers, web-application, and code scanners) or through mergers and acquisitions or shifting business strategies.

To read this article in full or to leave a comment, please click here

Cyber security tools tend to pile up. Here’s how to rationalize them

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.It’s a cliché, but “change is the only constant.”  Every company periodically reviews and makes changes to their applications, processes and solutions they use to conduct business. And nowhere is this rationalization more important than in the ever-shifting and increasingly perilous arena of cyber security.Companies often begin the security rationalization process after accumulating a portfolio of tools over the years (i.e. penetration testers, web-application, and code scanners) or through mergers and acquisitions or shifting business strategies.To read this article in full or to leave a comment, please click here

Juniper Introduces Software-Defined Secure Networks, Integrating Threat Detection & Adaptive Policy Control for Network Wide Enforcement

juniper-channel1-02-29-2016 Traditional perimeter-based approaches to security are not enough to protect against increasingly sophisticated attacks that engineer their way into internal networks. Juniper introduces software-defined secure networks, a new model that integrates adaptive policy detection and enforcement into the entire network.

A Journey Through How Zapier Automates Billions of Workflow Automation Tasks

This is a guest repost by Bryan Helmig, ‎Co-founder & CTO at Zapier, who makes it easy to automate tasks between web apps.

 

Zapier is a web service that automates data flow between over 500 web apps, including MailChimp, Salesforce, GitHub, Trello and many more.

Imagine building a workflow (or a "Zap" as we call it) that triggers when a user fills out your Typeform form, then automatically creates an event on your Google Calendar, sends a Slack notification and finishes up by adding a row to a Google Sheets spreadsheet. That's Zapier. Building Zaps like this is very easy, even for non-technical users, and is infinitely customizable.

As CTO and co-founder, I built much of the original core system, and today lead the engineering team. I'd like to take you on a journey through our stack, how we built it and how we're still improving it today!

The Teams Behind the Curtains

It takes a lot to make Zapier tick, so we have four distinct teams in engineering:

  • The frontend team, which works on the very powerful workflow editor.
  • The full stack team, which is cross-functional but focuses on the workflow engine.
  • The Continue reading

CTB-Locker ransomware hits over 100 websites

A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.The program, which is written in PHP, is called CTB-Locker, a name also used by one of the most widespread ransomware programs for Windows computers. It's not clear though if there's a relationship between this new Web-based ransomware and the Windows version.Once installed on a Web server, the program replaces the site's index.php and creates a directory called Crypt that contains additional PHP files. It starts to encrypt all the files in the server's Web directory when it receives a specifically crafted request from an attacker.To read this article in full or to leave a comment, please click here

1 2,973 2,974 2,975 2,976 2,977 3,696