NetworkingNexus.net

Treasury Department took over 8 weeks to fully patch Juniper security vulnerability

The secret backdoor in Juniper firewalls which automatically decrypted VPN traffic has been compared to “stealing a master key to get into any government building.” The security hole, which existed for at least three years, was publicly announced in December. The whodunit for installing the backdoor is still unknown, but some people believe it was repackaged from a tool originally created by the NSA.To read this article in full or to leave a comment, please click here

Chrome turns 50 and stands at a crossroads

Google’s Chrome browser has just reached a major milestone, hitting its 50th release.For Google, it’s a moment for positive reflection. To emphasize Chrome’s might, the company points to the browser’s 771 billion page loads per month, 1 billion monthly active mobile users, 9.1 billion auto-filled forms, and 145 million malicious webpages averted. One might also point to Chrome’s ever-growing usage, accounting for 47 percent of all worldwide pageviews, including mobile, according to StatCounter.Indeed, Chrome has become an indispensable tool for many web users, and has served as a leader in the browser world. It introduced the idea of limiting menu clutter around actual webpages, and popularized the syncing of bookmarks, tabs, and browser history across devices. After all these years, it remains PCWorld’s most highly-recommended web browser.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sleep and other patterns pinpoint individuals in datasets, study finds

A human’s “real-world movements” are so unique that people can be distinguished by their patterns, a new study conducted by Columbia University and Google finds. And that’s even if the datasets are anonymized.Sleep cycles captured by fitness IoT products, commuting schedules stored by bots, the days of the week that one goes to work and other habits could all one day be used to discern one person from another, the study says.What’s more, the computer scientists say all you need is one dataset to obtain results, for example, a few bank card transactions.To read this article in full or to leave a comment, please click here

RFC Reading List

While we normally think of RFCs as standards, there is actually a lot of useful information published through the IETF process that relates to basic network engineering concepts. Since this information is specifically and intentionally vendor independent, it often goes back to the theoretical basis of a line of thinking, or explains things in a way that’s free of vendor implementation jargon. From time to time, I like to highlight these sorts of drafts, to bring them to the notice of the wider networking community.

A lot of basic research has gone into quality of service from the perspective of queuing, marking, and dropping mechanisms. The result of this research is a wide array of quality of service mechanisms, which tend to be explained either using deep math, or in terms of “look what feature we’ve implemented, and here’s how to configure it.” RFC7806, published this month, is a useful intermediary between the high math and vendor implementation styles of presentation. This RFC describes a model often used for understanding quality of service, the Generalized Processor Sharing model, and how it applies to a few packet queuing, marking, and drop strategies.

Benchmarking routing protocols might not be something you Continue reading

How an online real estate company optimized its Hadoop clusters

San Francisco-based online residential real estate company Trulia lives and dies by data. To compete successfully in today's housing market, tt must deliver the most up-to-date real estate information available to its customers. But until recently, doing so was a daily struggle.Acquired by online real estate database company Zillow in 2014 for $3.5 billion, Trulia is one of the largest online residential real estate marketplaces around, with more than 55 million unique site visitors each month.Hadoop at heart With so much data to store and process, the company adopted Hadoop in 2008 and it has since become the heart of Trulia's data infrastructure. The company has expanded usage of Hadoop to an entire data engineering department consisting of several teams using multiple clusters. This allows Trulia to deliver personalized recommendations to customers based on sophisticated data science models that analyze more than a terabyte of data daily. That data is drawn from new listings, public records and user behavior, all of which is then cross-referenced with search criteria to alert customers quickly when new properties become available.To read this article in full or to leave a comment, please click here

Apple to pay $24.9 million to settle Siri patent lawsuit

Apple has agreed to pay US$24.9 million to a patent holding company to resolve a 5-year-old lawsuit accusing Siri of infringing one of its patents.Apple will pay the money to Marathon Patent Group, the parent company of Texas firm Dynamic Advances, which held an exclusive license to a 2007 patent covering natural language user interfaces for enterprise databases. Marathon reported the settlement in a filing with the U.S. Securities and Exchange Commission Tuesday.To read this article in full or to leave a comment, please click here

Using the IoT for good: Beacon of Hope project to help fight human trafficking

With their Beacon of Hope IoT app, twin sisters and social entrepreneurs America and Penelope Lopez, are taking up the fight against one of the most revolting crimes on the planet—human trafficking. In 2013, the United Nations reported that 20.9 million people have been pushed into forced labor and sex trades around the world. Ranked in the top three of fastest-growing crime categories, the same study reported modern slavery has become a booming $32 billion illicit trade. Recognizing the importance of the issue, the Lopez sisters created the Beacon of Hope project. It is the latest in their string of hackathon successes that includes an anti-bullying app and a police bodycam with facial recognition. This project began at the ground zero of hackathons, the AT&T hackathon at the Consumer Electronics Show in Las Vegas, which draws hackers like the Kentucky Derby draws gamblers.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Fonteva to enable Salesforce app development. Doesn’t Salesforce already do that?

Salesforce is a juggernaut.In the 10 or so years since it was founded, the company has pretty much single-handedly changed the face of the software industry. Concepts such as SaaS, the cloud and enterprise application marketplaces were, if not invented, at least popularized by Salesforce.In the past decade, Salesforce has gone from being a very interesting and agile CRM vendor to being a provider of pretty much an entire enterprise software stack—from applications at the top end through to development platforms for the creation of applications. Indeed, the fact that health IT vendor Veeva was able to undertake an IPO based on a product built entirely on Salesforce's platform is testimony to what Salesforce has achieved.To read this article in full or to leave a comment, please click here

New point-of-sale malware Multigrain steals card data over DNS

Security researchers have found a new memory-scraping malware program that steals payment card data from point-of-sale (PoS) terminals and sends it back to attackers using the Domain Name System (DNS).Dubbed Multigrain, the threat is part of a family of malware programs known as NewPosThings, with which it shares some code. However, this variant was designed to target specific environments.That's because unlike other PoS malware programs that look for card data in the memory of many processes, Multigrain targets a single process called multi.exe that's associated with a popular back-end card authorization and PoS server. If this process is not running on the compromised machine, the infection routine exists and the malware deletes itself.To read this article in full or to leave a comment, please click here

New point-of-sale malware Multigrain steals card data over DNS

Building USDA’s Platform of the Future with Docker

The United States Department of Agriculture (USDA) develops the federal government’s policies on farming, agriculture, forestry and food and has a budget of over $139 billion. Its goal is to enable farmers and ranchers to thrive, to drive greater awareness … Continued

How Twitter Handles 3,000 Images Per Second

Today Twitter is creating and persisting 3,000 (200 GB) images per second. Even better, in 2015 Twitter was able to save $6 million due to improved media storage policies.

It was not always so. Twitter in 2012 was primarily text based. A Hogwarts without all the cool moving pictures hanging on the wall. It’s now 2016 and Twitter has moved into to a media rich future. Twitter has made the transition through the development of a new Media Platform capable of supporting photos with previews, multi-photos, gifs, vines, and inline video.

Henna Kermani, a Software Development Engineer at Twitter, tells the story of the Media Platform in an interesting talk she gave at Mobile @Scale London: 3,000 images per second. The talk focuses primarily on the image pipeline, but she says most of the details also apply to the other forms of media as well.

Some of the most interesting lessons from the talk:

Doing the simplest thing that can possibly work can really screw you. The simple method of uploading a tweet with an image as an all or nothing operation was a form of lock-in. It didn’t scale well, especially on poor networks, which made it Continue reading

Startup Offers Combined Container Networking, Storage

Founded by Cisco UCS veterans, Diamanti built an appliance for automated container deployments with preconfigured networking and storage.

Worth Reading: Court rules cell phone location isn’t private information

This week, the Sixth Circuit Court of Appeals held, in United States v. Carpenter, that we lack any privacy interest in the location information generated by our cell phones. The opinion shows a complete disregard for the sensitive and revealing nature of cell site location information (CSLI) and a misguided response to the differences between the analog technologies addressed in old cases and the data-rich technologies of today.

The post Worth Reading: Court rules cell phone location isn’t private information appeared first on 'net work.

Illumio’s cyber assessment program helps find new attack surfaces ASAP

Earlier this week, I wrote a post discussing how visibility can be used to reverse the security asymmetry challenge. On Tuesday, hot security startup Illumio proved my point by announcing a cyber assessment program that uses granular visibility to identify new attack surfaces.Illumio’s Attack Surface Assessment Program (ASAP) was led by Nathaniel Gleicher, former Director of Cybersecurity Policy for the National Security Council at the White House and now the Head of Cybersecurity Strategy for Illumio. The White House obviously has the strictest of security policies, giving Gleicher the necessary level of paranoia to put together a program like this. Now, any company can benefit from his experience.To read this article in full or to leave a comment, please click here

Illumio’s cyber assessment program helps find new attack surfaces ASAP

Video Whiteboard Series for Docker Universal Control Plane

It’s been less than two months since Docker Universal Control Plane (UCP) became generally available as part of the Docker Datacenter (DDC) subscription. With DDC, organizations are able to set up a Containers as a Service (CaaS) application environment on-premises/VPC … Continued

Difference between in-store, online prices probably not what you think

Sure, online shopping is generally more convenient than going to the store for your purchases, but prices are pretty much the same three quarters of the time, according to a new MIT study.MIT Sloan Professor Alberto Cavallo cleverly went the crowdsourcing route to gather some of his data by having 370 recruits use a scanning app to check barcodes for prices on a random set of 10 to 50 products in physical stores in 10 countries. That information, along with online price data at multi-channel retailers (so no Amazon or eBay), was fed into the MIT Billion Prices Project database for analysis. To read this article in full or to leave a comment, please click here

Automating Change With Help From Fibonacci

FibonacciShell

A few recent conversations that I’ve seen and had with professionals about automation have been very enlightening. It all started with a post on StackExchange about an unsuspecting user that tried to automate a cleanup process with Ansible and accidentally erased the entire server farm at a service provider. The post was later determined to be a viral marketing hoax but was quite believable to the community because of the power of automation to make bad ideas spread very quickly.

Better The Devil You Know

Everyone in networking has been in a place where they’ve typed in something they shouldn’t have. Whether you removed the management network you were using to access the switch or created an access list that denied packets that locked you out of something. Or perhaps you typed an errant debug command that forced you to drive an hour to reboot a switch that was no longer responding. All of these things seem to happen to people as part of the learning process.

But how many times have we typed something in to create a change and found that it broke more than we expected? Like changing a native VLAN on a trunk and bringing down Continue reading

« Previous 1 … 3,020 3,021 3,022 3,023 3,024 … 3,835 Next »