Lenovo patches serious flaw in pre-installed support tool

Lenovo has fixed a vulnerability in its Lenovo Solution Center support tool that could allow attackers to execute code with system privileges and take over computers.The Lenovo Solution Center (LSC) is an application that comes pre-installed on many Lenovo laptops and desktops. It allows users to check their system’s virus and firewall status, update their software, perform backups, check battery health, get registration and warranty information and run hardware tests.The tool has two components: a graphical user interface and a service called LSCTaskService that runs in the background at all times even if the user interface is not started.To read this article in full or to leave a comment, please click here

Lenovo patches serious flaw in pre-installed support tool

Lenovo has fixed a vulnerability in its Lenovo Solution Center support tool that could allow attackers to execute code with system privileges and take over computers.The Lenovo Solution Center (LSC) is an application that comes pre-installed on many Lenovo laptops and desktops. It allows users to check their system’s virus and firewall status, update their software, perform backups, check battery health, get registration and warranty information and run hardware tests.The tool has two components: a graphical user interface and a service called LSCTaskService that runs in the background at all times even if the user interface is not started.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For May 6th, 2016

Hey, it's HighScalability time:


Who wants in on the over? We are not alone if the probability a habitable zone planet develops a technological species is larger than 10-24.

 

If you like this sort of Stuff then please support me on Patreon.
  • 100,000+: bare metal servers run by Twitter; 10 billion: Snapchat videos delivered daily; $2.57 billion: AWS fourth quarter revenues; 40 light years: potentially habitable planets; 1700: seed banks around the world; 560x: throughput after SSD optimization; 12: data science algorithms; $2.8 billion: new value of Pivotal’s Cloud Foundry;  

  • Quotable Quotes:
    • @skap5: Pied Piper's product is its stock and anything that makes its price go up! #SiliconValley
    • Seth Godin: It pays to have big dreams but low overhead. 
    • Craig Venter~ Our knowledge of the genome hasn't changed a lot since 2003, but it's about to start changing rapidly. One of the key things for understanding the genome is to get very large numbers of genomes so we can understand out of the 6.2 billion or so letters of genetic code the less than 3% that we have different amongst the entire human population. We Continue reading

IDG Contributor Network: Protecting the rainforests with IoT and recycled phones

“Timber!” That’s what you hear from a lumberjack in movies before a tree comes crashing down.But that’s not what you’ll hear in rainforests while one tree after another is cut down. Why? The logging is often illegal, and the last thing the culprits want is to attract attention.Rainforests once covered 14 percent of the earth's land surface. Now they cover just 6 percent, and experts estimate that the last remaining rainforests could be consumed in less than 40 years. (The Amazon rainforest itself produces 20 percent of the world’s oxygen.)Worst still, wildlife and local cultures that depend on the rainforest ecosystem are being wiped as well. Local authorities and indigenous tribes are fighting back against the illegally clearing of the rainforest for commercial farming. This tussle between poor villagers and well-funded commercial logging interests is pretty one-sided, but IoT is helping to level the playing field a little.To read this article in full or to leave a comment, please click here

Virtual environments make it easy to deploy deception technology

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Cyber attackers use deception to try to get inside your network by doing everything from spoofing email addresses in spear phishing attacks to hiding malware on legitimate websites.  So, if deception is standard operating procedure for the bad guys, perhaps it's time to fight back with some deception of your own.  In fact, Gartner says it's a good complement to your existing security infrastructure.Deception technology designed to lure and trap malicious actors has been around since at least 1999 when Lance Spitzner, founder of the Honeynet Project, published a paper on how to build a honeypot. Early honeynets were pretty resource intensive and they had to be maintained to ensure the honeynet wasn't turned against the host organization. Since then, the advent of virtual machines has helped ease the deployment and use of deception technology.To read this article in full or to leave a comment, please click here

Virtual environments make it easy to deploy deception technology

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Cyber attackers use deception to try to get inside your network by doing everything from spoofing email addresses in spear phishing attacks to hiding malware on legitimate websites.  So, if deception is standard operating procedure for the bad guys, perhaps it's time to fight back with some deception of your own.  In fact, Gartner says it's a good complement to your existing security infrastructure.Deception technology designed to lure and trap malicious actors has been around since at least 1999 when Lance Spitzner, founder of the Honeynet Project, published a paper on how to build a honeypot. Early honeynets were pretty resource intensive and they had to be maintained to ensure the honeynet wasn't turned against the host organization. Since then, the advent of virtual machines has helped ease the deployment and use of deception technology.To read this article in full or to leave a comment, please click here

Worth Reading: Broadband Speed Tests

Everyone is familiar with broadband ‘speed test’ applications. When you have an ISP service quality problem, it is common to grab one of these tools to see if you are getting the service you feel you are entitled to get. Whenever you upgrade your broadband, the first thing you might do is to run a speed test. Then you can show off to your mates how superior your blazing fast service is compared to their pitiful product. -via Circle ID

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Broadband Speed Tests appeared first on 'net work.

Apple’s SAP deal means more iOS enterprise apps

In an effort to expand its presence in the enterprise market, Apple this week announced another major partnership with a business-software giant.  In a wide-ranging deal with SAP that's set to begin later this year, Apple will work alongside one the stalwarts of enterprise to develop more native iOS apps, as well as an SDK for SAP's HANA cloud platform. The SDK is designed to let SAP's more than 2.5 million developers build native iOS apps that can tap into SAP systems and access data in real time. The agreement also includes a plan to establish a new "SAP Academy for iOS," a place where SAP customers and partners can meet in person to design apps for iPhones and iPads and received related training. Apple and SAP engineers will work together to build apps, and the concept is similar to Apple's IBM MobileFirst for iOS initiative.To read this article in full or to leave a comment, please click here

Cloud coding pitfalls: Tips for avoiding big, bad bugs

According to this ACM article, the seven coding constructs that have been the most frequent source of bugs are function calls, assignments, conditions, pointers, uses of NULL, variable declarations, function declarations, and return statements. There are dozens of other conference presentations, books, and taxonomies that provide statistically valid guidance — or at least opinions — on coding practices to avoid.But so far, I haven’t found anything like that for coding in the cloud.And make no mistake about it, the distributed, multi-language environment inherent in the cloud presents some real coding challenges. But before we nerd out entirely, let’s do a bit of bug triage. There are three interesting categories of bugs:To read this article in full or to leave a comment, please click here

sFlow to IPFIX/NetFlow

RESTflow explains how the sFlow architecture shifts the flow cache from devices to external software and describes how the sFlow-RT REST API can be used to program and query flow caches. Exporting events using syslog describes how flow records can be exported using the syslog protocol to Security Information and Event Management (SIEM) tools such as Logstash and and Splunk. This article demonstrates how sFlow-RT can be used to define and export the flows using the IP Flow Information eXport (IPFIX) protocol (the IETF standard based on NetFlow version 9).

For example, the following command defines a cache that will maintain flow records for TCP flows on the network, capturing IP source and destination addresses, source and destination port numbers and the bytes transferred and sending flow records to address 10.0.0.162:
curl -H "Content-Type:application/json" -X PUT --data  '{"keys":"ipsource,ipdestination,tcpsourceport,tcpdestinationport", 
"value":"bytes", "ipfixCollectors":["10.0.0.162"]}' 
http://localhost:8008/flow/tcp/json
Running Wireshark's tshark command line utility on 10.0.0.162 verifies that flows are being received: 
# tshark -i eth0 -V udp port 4739
Running as user "root" and group "root". This could be dangerous.
Capturing on lo
Frame 1 (134 bytes on wire, 134 bytes captured)
    Arrival Time:  Continue reading

IDG Contributor Network: Emergency call location for mobile UC: slow progress on E911 improvements

Making enterprise voice-over-Wi-Fi systems comply with emergency call regulations requires shoehorning new techniques into a very old architecture. It also exposes some unfinished technology and fragmented implementation models. We can do it, but no one is happy with the contortions.There’s a large population of enterprise unified communications (UC) systems from Microsoft, Cisco, Avaya, Shoretel and others using Wi-Fi endpoints, whether dedicated Wi-Fi phones or client apps on smartphones. When it comes to emergency call functionality, we should expect these to work at least as well as landlines, PBX extensions and cell phones.One of the most important emergency call (E911) functions is locating the caller. To make emergency call location work, we first need to find the location, then send the call, with caller location attached, to the correct emergency answering center in a form it can understand. Both of those steps present problems.To read this article in full or to leave a comment, please click here

Interop: Ransomware should haunt you all the time

When the ransomware demands come in it’s really too late to come up with a good response plan, so do that as soon as you can, an Interop audience was told.“You need to decide beforehand whether you will pay and under what circumstances,” John Pironti, president of IP Architects, says. “It’s a cost benefit decision in the end.”+More on Network World: FBI: Ransomware threat at all-time high; how to protect company jewels | See all the stories from Interop +To read this article in full or to leave a comment, please click here

Interop: Ransomware should haunt you all the time

When the ransomware demands come in it’s really too late to come up with a good response plan, so do that as soon as you can, an Interop audience was told.“You need to decide beforehand whether you will pay and under what circumstances,” John Pironti, president of IP Architects, says. “It’s a cost benefit decision in the end.”+More on Network World: FBI: Ransomware threat at all-time high; how to protect company jewels | See all the stories from Interop +To read this article in full or to leave a comment, please click here

72% off Cambridge SoundWorks OontZ Angle 3 Wireless Bluetooth Speaker – Deal Alert

The Cambridge SoundWorks OontZ Angle 3 Next Generation Ultra Portable Wireless Bluetooth Speaker currently averages 4.5 out of 5 stars from over 5,000 people on Amazon (read reviews).  It's regular list price is $99.99, but with the current 72% discount you can get it for just $27.99. The OontZ Angle 3 connects effortlessly to your device via bluetooth. It is designed to be loud and clear, with rich bass delivered through their proprietary passive subwoofer design. IPX5 water resistance makes the unit splashproof, rainproof, dustproof, and sandproof. A good consideration for the beach, poolside, in the outdoor shower, car, boat or golf cart. At only 9 ounces and just 5 inches long, it's very light and easy to fit in a backpack. Its high capacity rechargeable 2200 mAh battery lasts for up to 7 hours of playtime.  Check out the dramatically discounted OontZ Angle 3 from Cambridge Soundworks now on Amazon.To read this article in full or to leave a comment, please click here

Windows 10 reaches 300 million devices mark

Microsoft announced that Windows 10 surpassed the 300 million devices mark, and that momentum continues despite what some have perceived as a slowdown in installations.Writing on the Microsoft corporate blog, Yusuf Mehdi, corporate vice president of the Windows and Devices Group, said Windows has become “one of the largest online services in less than a year,” an interesting choice of words for an operating system.“We’re seeing people at home, at schools, at small businesses, at large companies and other organizations adopt Windows 10 faster than ever, and use Windows 10 more than ever before,” he wrote.To read this article in full or to leave a comment, please click here

1 2,978 2,979 2,980 2,981 2,982 3,836