Some notes on Apple decryption San Bernadino phone

Today, a judge ordered Apple to help the FBI decrypt the San Bernadino shooter's iPhone 5C. Specifically:
  1. disable the auto-erase that happens after 10 bad guesses
  2. enable submitting passcodes at a high speed electronically rather than forcing a human to type them one-by-one
  3. likely accomplish this through a fimware update
The text of the court order almost exactly matches that of the "IOS Security Guide". In other words, while it may look fairly technical, actually the entirety of the technical stuff they are asking is described in one short document.

The problem the FBI is trying to solve is that when guessing passcodes is slow. The user has two options. One option is that every bad guess causes the wait between guesses to get longer and longer, slowing down guessing, forcing an hour between guesses. The other option is to have the phone erase itself after 10 bad guesses. Ether way, it makes guessing the passcode impractical. The FBI is demanding the Apple update the software of the phone to prevent either of these things from happening.

The phone is an iPhone 5C, first released in September 2013, so is quite old. This increases the chance that Continue reading

Craigslist fails to flag most scam rental ads, study finds

Craigslist, the popular online listings service, has waged a long fight against scammers, but a new academic study suggests it's been losing the battle.The study focussed on listings for housing rentals, and found that Craigslist failed to remove a majority of those that were fraudulent.The researchers analyzed two million ads over a five-month period in 2014 and determined that Craigslist had flagged and removed fewer than half the listings that likely weren't genuine.Looking for housing can be stressful, and people are vulnerable to schemes that advertise below-market pricing or ways to get ahead of the rental game.To read this article in full or to leave a comment, please click here

Network Simulation – Cisco VIRL Now Available in the Cloud

There has been a lot happening around VIRL the last few weeks. A new release of VIRL just got released and today the VIRL team announced that they are adding support for running VIRL in the cloud.

Cisco has chosen to work together with Packet, a bare metal cloud provider. This is how Packet describes themselves.

At Packet, we're out to build a better internet by supercharging the container revolution with smart, API-driven bare metal. Our platform brings the price and performance benefits of bare metal servers to the cloud, powering highly-available performance workloads through a unique, never-congested network.

The following picture summarizes why Cisco has chosen Packet.

Packet Bare Metal Cloud
Packet Bare Metal Cloud

Compared to Amazon AWS, Packet is a bare metal cloud provider which means that the resources you rent will be dedicated to you. Packet does not run any hypervisors, meaning that the workloads are not virtualized.

If you have an existing install of VIRL, you can use Terraform by Hashicorp to provision your new VIRL server at Packet. I had never heard of Terraform before, this is how Hashicorp describes Terraform.

Today we announce Terraform, a tool for safely and efficiently building, combining, and launching infrastructure. From  Continue reading

Use Linux? Stop what you’re doing and apply this patch

A buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users.Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side resolver that opens the door to remote code execution when a particular library function is used. Software using the function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.Glibc, which was also at the core of the "Ghost" vulnerability found last year, is a C library that defines system calls and other basic functions on Linux systems. Its maintainers had apparently been alerted of the new problem last July, but it's not clear if any remediation effort was launched at that time.To read this article in full or to leave a comment, please click here

IBM goes all in on blockchain, offers cloud-based service

IBM is betting big on blockchain secure-records technology taking off beyond its traditional use in bitcoin and other financial transactions. The company is now offering a cloud-based service to allow developers to set up blockchain networks and test and deploy related apps.IBM announced a flurry of blockchain-related initiatives Tuesday, including developer services hosted on its Bluemix cloud. Developers can access DevOps tools to create, deploy and monitor blockchain applications on the IBM cloud, the company said.To read this article in full or to leave a comment, please click here

How Shared Spectrum Can Improve In-Building Cellular

BlogImages-SharedSpectrum

 

Juan Santiago By: Juan Santiago, Director of Product Management

You’ve been there before: You popped into a store and wanted to look something up on your smartphone while waiting in line. However, the cell signal shows just one lousy bar. You consider logging on to Wi-Fi but there are multiple inconvenient steps that aren’t worth the hassle while you’re waiting in line. Nope, you’ll just wait to go back outside and go somewhere else next time.

Why can’t Wi-Fi be as simple as pulling the phone out of your pocket, like cellular? Or, better yet, why can’t cellular just be everywhere Wi-Fi is, including deep inside buildings? The answer lies in a little-known fact about cellular: Your phone company owns the right to use the cellular airwaves everywhere, even if, as in the example above, it’s not actually using them where you happen to be. 

You may think that the store, realizing that you may never come back, would be willing to spend a little cash for better cell service, but it can’t. The store doesn’t own the right to use the airwaves inside its walls, thus it must work with each phone company individually to convince them to install a Continue reading

Should Technology Mirror Business?

The essence of SDN is to create a software model of the current data network business. This quantitative model is based on volumes of data: what ‘bandwidth’ resources do I have (i.e. supply), and how can I give different quantities of this ‘bandwidth’ to different users and uses (i.e. demand)? -via circleid

I’ve been in information technology since the early 1990’s, and it’s always been like this: business tells IT what to do, and IT does it. In other words, we make technology mirror business. Which is a fine formula for success, so long as you think business is the engine of innovation. The problem is innovation doesn’t come from one department or place. In fact, innovation most often comes from the intersection of two or more things. Think about it.

When did cars first start being innovative? When they combined the technology that existed in the latest horse drawn carriages with the latest in industrial technology, including internal combustion engines and assembly line production. All three of these came from someplace else—many people don’t know the idea of interchangeable parts came out of the firearms world, rather than the automotive industry. When did innovation come into the Continue reading

Naked judge’s photos used on website to promote nudist resort without his knowledge

Like it or not, you are lawfully free game to be surveilled and photographed when you leave the privacy of your house.If you commit a crime, then you should expect the police to release a surveillance video – although why the police found it important enough to release a video of Victoria Secret underwear thieves is unknown; the fact that the male and female team allegedly stole 80, then 120 sexy pairs of undies valued at $2,500 might have something to do with it.Then there’s photos, which can be taken with or without your consent, that could end up online.To read this article in full or to leave a comment, please click here

Worth Watching: The Economics of the Internet

Old economics explains the new economy well. When we buy something, we spend time and money searching for it, comparing it with other products, negotiating a price, and ensuring that we get what we paid for. This is what economists call ‘transaction costs.’ The internet dramatically reduces these costs, making it cheaper for people, businesses and governments to do business. -via the World Bank

The post Worth Watching: The Economics of the Internet appeared first on 'net work.

Sponsored Post: Swrve, Netflix, Macmillan Learning, Aerospike, TrueSight Pulse, LaunchDarkly, Robinhood, Redis Labs, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • Swrve -- In November we closed a $30m funding round, and we’re now expanding our engineering team based in Dublin (Ireland). Our mobile marketing platform is powered by 8bn+ events a day, processed in real time. We’re hiring intermediate and senior backend software developers to join the existing team of thirty engineers. Sound like fun? Come join us.

  • Macmillan Learning, a premier e-learning institute, is looking for VP of DevOps to manage the DevOps teams based in New York and Austin. This is a very exciting team as the company is committed to fully transitioning to the Cloud, using a DevOps approach, with focus on CI/CD, and using technologies like Chef/Puppet/Docker, etc. Please apply here.

  • DevOps Engineer at Robinhood. We are looking for an Operations Engineer to take responsibility for our development and production environments deployed across multiple AWS regions. Top candidates will have several years experience as a Systems Administrator, Ops Engineer, or SRE at a massive scale. Please apply here.

  • Senior Service Reliability Engineer (SRE): Drive improvements to help reduce both time-to-detect and time-to-resolve while concurrently improving availability through service team engagement.  Ability to analyze and triage production issues on a web-scale system a plus. Continue reading

Mobile Network Slicing with Smart Mobile Cloud

This blog is co-authored with Bill Kaufman, Group Manager SDN Planning, Coriant As outlined in a recent blog on mobile operator challenges, there are a number of business and technical challenges mobile operators face in today’s environment.  As consumers and businesses demand more from their mobile operators, the existing proprietary, hardware-centric mobile networks make it... Read more →

Xen’s latest hypervisor updates are missing some security patches

The Xen Project released new versions of its virtual machine hypervisor, but forgot to fully include two security patches that had been previously made available.The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies.Xen 4.6.1, released Monday, is flagged as a maintenance release, the kind that are put out roughly every four months and are supposed to include all bug and security patches released in the meantime."Due to two oversights the fixes for both XSA-155 and XSA-162 have only been partially applied to this release," the Xen Project noted in a blog post. The same is true for Xen 4.4.4, the maintenance release for the 4.4 branch that was released on Jan. 28, the Project said.To read this article in full or to leave a comment, please click here

Identifying the security pitfalls in SDN

Software-defined networks can be a boon to savvy organizations, offering opportunities to cut administrative costs while increasing network agility. But SDN technology can also create security risks, and how you manage those risks can mean the difference between a successful implementation and a disastrous one.To read this article in full or to leave a comment, please click here(Insider Story)

1 2,992 2,993 2,994 2,995 2,996 3,696