NetworkingNexus.net

5 hard truths about employee engagement

A 2013 study from Gallup found that as much as 70 percent of U.S. workers aren't actively engaged in their jobs. Engagement hasn't gotten much better since then, with Gallup's 2015 report showing nearly identical numbers and stagnant growth from 2014, as well as mostly flat growth since 2000. And for new hires, there's an "engagement honeymoon" period, according to another recent report from Gallup -- it found that employees perform the best and are the most engaged within the first six months of starting a new job, and after that there is a fast drop off.To read this article in full or to leave a comment, please click here

World Password Day: Change your shared passwords at Netflix, Prime, HBO Now

Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all of your passwords—a strong and unique password for every site where you login—and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.Intel/McAfee is again trying to persuade people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.World Password Day is as good a day as any to talk about password sharing.To read this article in full or to leave a comment, please click here

World Password Day: Change your shared passwords at Netflix, Prime, HBO Now

Thursday, May 5, is World Password Day 2016. For the fourth year, you’ll surely see plenty of articles reminding you why you should change all your passwords, a strong and unique password for every site where you login, and to start using a password manager if you don’t do so yet. I still highly encourage you to get 2FA for Mother’s Day.Intel/McAfee is again trying to convince people to tweet a password confession. While I’m not encouraging you to do so, I would like to pick two as examples.World Password Day is as good a day as any to talk about password sharing.To read this article in full or to leave a comment, please click here

Cool New Networking Products At Interop 2016

Vendors debut cloud-managed network management, Wave 2 access points, and more at this year's Interop.

Critical flaws in ImageMagick library expose websites to hacking

A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there's no official patch yet and exploits are already available.The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.Furthermore, there is evidence that people aside from security researchers and ImageMagick developers know about the flaws, which is why their existence was publicly disclosed Tuesday. The flaws can be exploited by uploading specially crafted images to Web applications that rely on ImageMagick to process them.To read this article in full or to leave a comment, please click here

Critical flaws in ImageMagick library expose websites to hacking

Yet Another Padding Oracle in OpenSSL CBC Ciphersuites

Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13.

It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the “old days”, it has no name except CVE-2016-2107. (I call it LuckyNegative20¹)

It’s a wonderful example of a padding oracle in constant time code, so we’ll dive deep into it. But first, two quick background paragraphs. If you already know all about Lucky13 and how it's mitigated in OpenSSL jump to "Off by 20" for the hot and new.

If, before reading, you want to check that your server is safe, you can do it with this one-click online test.

TLS, CBC, and Mac-then-Encrypt

Very long story short, the CBC cipher suites in TLS have a design flaw: they first compute the HMAC of the plaintext, then encrypt plaintext || HMAC || padding || padding length using CBC mode. The receiving end is then left with the uncomfortable task of decrypting the message and checking HMAC and padding without revealing the padding length in any way. If they do, we call Continue reading

iPaaS: What this cloud technology is and why it’s important

GameStop operates more than 4,000 stores in the U.S. and another 2,000 abroad. Between paying monthly rent, managing leases and searching for new properties, there’s a lot to keep track of for the company’s commercial real estate team.A few years ago GameStop began using a real estate management software as a service (SaaS), but Vice President of Enterprise Architecture Mark Patton says there was a problem. The software needed data from many of GameStop’s other business apps: ERP systems, financial platforms, etc.“We needed a way to glue these things together,” he says. “You need to be able to get data into and out of apps quickly.”Traditionally, the answer to this problem has been to use integration software on premises. In recent years a market has emerged in the cloud called integration Platform as a Service, or iPaaS, which offers a hosted integration platform that can be a central cloud for connecting many apps and cloud services together. Gartner estimates it could be a $1 billion industry in a few years.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How much will you trust your robot?

Robots will be managed and run by humans, at least to begin with, according an automation expert.And if you're the one controlling them, it begs questions such as how are you going to get along with these contraptions? It also prompts concerns such as how one stops the machine from misunderstanding, says Thomas B. Sheridan, a professor at the Massachusetts Institute of Technology who studies humans and automation.Researchers need to become more active in addressing these kinds of questions rather than skimming over potential challenges, says Sheridan. He’s been reading up on the scientific consensuses on the subject and says his peers aren't doing enough research.To read this article in full or to leave a comment, please click here

On Star Wars Day, Japan’s ANA gives new flight to franchise’s iconic theme song

Star Wars Day – May 4th – brings out the creative sides of those who love the cinematic series and marketers who recognize a viral opportunity when they see one.Today, Japan’s ANA (All Nippon Airways) joins the fun with an innovative rendition of the classic opening theme song. A site called Luxury Launches (new to me) offers this description: As seen in the video below it is a very thoughtful and beautiful compilation of sights and sounds which includes take offs, printing of the boarding pass, luggage on the conveyor belt, engine coming to life, air hostesses on the moving walkway and more of the typical activities you and me face and see on a flight. There is also a guest appearance by the newest member of the franchisee the BB-8 robot. The video is shot across 10 locations which include Tokyo’s Narita airport, maintenance centers, hangars and training facilities of ANA.To read this article in full or to leave a comment, please click here

Sci-Fi Wars: May The 4th Be With You

In honor of Star Wars Day, we asked speakers at Interop Las Vegas about their favorite sci-fi flicks.

4 IT companies allowed to use commercial drones

The Federal Aviation Administration has granted approval for more than 5,000 so-called Section 333 exemptions to operate commercial drones over the past year, and among those getting the go ahead are familiar names in the enterprise IT and networking market. Apple, Microsoft, Motorola Solutions and Qualcomm are among those tech vendors we found in the approved petitions database, with stated operations/missions for commercial drones -- also known as unmanned aircraft systems (UAS) or unmanned aerial vehicles (UAV) -- that include photography/videography, aerial mapping/surveying, research and development, and security.To read this article in full or to leave a comment, please click here

Infographic: Commercial drones by the numbers

Here are the latest numbers on commercial drones, including FAA Section 333 exemptions and venture funding. Thanks to CB Insights for its data. MORE: Coolest drone projects from big enterprise IT players | Commercial drones gaining altitude with enterprise IT vendors | Meet Cisco's go-to guy on commercial dronesTo read this article in full or to leave a comment, please click here

Meet Cisco’s go-to guy on commercial drones

Cisco’s Biren Gandhi hasn’t played around with drones as much as he’d like to, but it looks as though he’s going to have lots of chances to do so given the company’s growing interest in these high-flying Internet of Things devices. Cisco increasingly has made its presence felt within the commercial drone/unmanned aerial vehicle (UAV)/unmanned aircraft system (UAS) community, with Gandhi and others speaking at and attending industry conferences such as InterDrone (see video below) and NASA events. The company is also working with startups, carriers and others making up the burgeoning commercial drone ecosystem, and of course has been pushing hard into the broader Internet of Everything, such as through its $1.4B purchase of Jasper Technologies. Gandhi, a distinguished engineer & strategist within Cisco’s Corporate Strategic Innovation Group who early in his career worked as an R&D engineer at the Indian Space Research Organization, has also blogged about Cisco’s beliefs about drones over the past year.To read this article in full or to leave a comment, please click here

Coolest drone projects at big enterprise IT companies

High flying ideas Drone-related projects by enterprise IT and networking vendors are all over the map, which isn’t surprising since unmanned aerial vehicles (UAV) are so useful for flying from here to there. Here’s a whirlwind tour of commercial drone-related projects discussed publicly by familiar enterprise IT and networking vendors.RELATED: Commercial drones gaining altitude with enterprise IT vendorsTo read this article in full or to leave a comment, please click here

4 IT companies allowed to use commercial drones

Commercial drones gaining altitude with top IT vendors

Google, Verizon and others are partnering with NASA on an Unmanned Aircraft System (UAS) traffic management scheme. Microsoft has been working with universities on drone-enabled mosquito traps in an effort to stall infectious diseases from spreading. Cisco has shown off drones whose cameras feed into the company’s collaboration technologies. And AT&T, IBM and Intel have all demonstrated advanced drone-based research.All of this activity by enterprise IT vendors in the commercial drone field is a far cry from what was being done -- or at least being publicly discussed -- back in late 2014, when our efforts to get such vendors to share their ambitions largely went unheeded. To read this article in full or to leave a comment, please click here

Commercial drones gaining altitude with top IT vendors

SDN is an Iteration that will Lead Innovations

I have stumbled upon a recent post from Greg Ferro on Ethrealmind, the post is titled SDN is not an innovation, it’s an iteration. I actually wanted to share this post because it kind of puts things into prespective. The word innovate refers to creating something that is new and disruptive. Innovations needs to come …

The post SDN is an Iteration that will Lead Innovations appeared first on Networkers-online.com.

Vulns are sparse, code is dense

The question posed by Bruce Schneier is whether vulnerabilities are "sparse" or "dense". If they are sparse, then finding and fixing them will improve things. If they are "dense", then all this work put into finding/disclosing/fixing them is really doing nothing to improve things.

I propose a third option: vulns are sparse, but code is dense.

In other words, we can secure specific things, like OpenSSL and Chrome, by researching the heck out of them, finding vulns, and patching them. The vulns in those projects are sparse.

But, the amount of code out there is enormous, considering all software in the world. And it changes fast -- adding new vulns faster than our feeble efforts at disclosing/fixing them.

So measured across all software, no, the secure community hasn't found any significant amount of bugs. But when looking at critical software, like OpenSSL and Chrome, I think we've made great strides forward.

More importantly, let's ignore the actual benefits/costs of fixing bugs for the moment. What all this effort has done is teach us about the nature of vulns. Critical software is written to day in a vastly more secure manner than it was in the 1980s, 1990s, or even the Continue reading

« Previous 1 … 3,003 3,004 3,005 3,006 3,007 … 3,852 Next »

TLS, CBC, and Mac-then-Encrypt

Related posts: