ISPs have built huge data systems to track you with, report says

Web users face an even greater threat to their privacy as large ISPs align themselves more closely with data brokers to track their customers, an advocacy group said.Several large ISPs have either formed partnerships with, or acquired, data tracking and analytics firms in recent years, giving them a "vast storehouse of consumer data," according to a report Wednesday from the Center for Digital Democracy."ISPs have been on a shopping spree to help build their data-targeting system across devices and platforms," the report says. "Superfast computers analyze our information ... to decide in milliseconds whether to target us for marketing and more."To read this article in full or to leave a comment, please click here

FBI to hack into locked iPhone with help from Israeli company

Apple's saga with the FBI isn't over just yet, but it appears that the two entities are no longer on a collision course, legally speaking of course. Earlier this week, the DOJ filed a motion with the court overseeing the matter to postpone an upcoming hearing which was scheduled to take place on Tuesday. The reason? The DOJ relayed that the FBI may have found a way to access the locked iPhone of one of the San Bernardino terrorists with out Apple's assistance..As has been recounted before, the iPhone in question was equipped with a passcode and may have been set up to erase itself after 10 failed passcode entries. As a result, the FBI wanted Apple to create an entirely new and modified version of iOS that would have bypassed this security mechanism. In turn, the FBI would have been able to implement a brute force attack to access the device.To read this article in full or to leave a comment, please click here

Take a 4K VR tour around Google’s Oregon data center

Data centers are typically high-security locations and operators don't like you snooping around, but Google is giving users a look at one of its latest and most advanced data centers using virtual reality.The tour of Google's data center in The Dalles, Oregon, was published to coincide with the company's Google Compute Summit which starts Wednesday in San Francisco.Google is trying to entice more customers to its cloud services, to compete better with Amazon Web Services and Microsoft, and showing off its advanced facilities might help with that goal.The tour is best viewed in a virtual reality headset, like Google Cardboard, but you can also see it on a plan old smartphone or desktop. On a phone you can look around by moving the handset. On a desktop, you use the mouse.To read this article in full or to leave a comment, please click here

Social engineering 101: 18 ways to hack a human [Infographic]

What will the cause of your next security breach? Will it be your firewall? Will it be your VPN? Will it be your website? Nope. Chances are, your next security breach will be caused by hackers exploiting someone within your organization. In just the last two months, a single, simple phishing scam targeted seven organizations, gaining access to W2 information. And business email compromise attacks, in particular, are growing fast and hard to defend against.To read this article in full or to leave a comment, please click here(Insider Story)

Here’s how the FBI plans to crack terrorist’s iPhone

An outside contractor with established ties to the FBI has most likely shown investigators how to circumvent the iPhone's security measures by copying the contents of the device's flash storage, a forensics expert said today.Called "NAND mirroring," the technique relies on using numerous copies of the iPhone storage to input possible passcodes until the correct one is found."The other ideas, I've kind of ruled out," said Jonathan Zdziarski in an interview. Zdziarski is a noted iPhone forensics and security expert. "None of them seemed to fit."+ MORE Let's hope the FBI can really crack the iPhone +To read this article in full or to leave a comment, please click here

Uber dares hackers to find flaws, offers up to $10K bounty

On-demand car service Uber is offering from $3,000 to $10,000 to hackers who can find flaws in its computer and communications systems.HackerOne, a company that connects white-hat hackers to companies who want to use them to test the security of systems, is running Uber's "bounty program."The amount of the reward is based on the severity of the flaw discovered by a hackers, i.e., security researchers.HackerOne has established three categories of rewards; $10,000 for a "critical flaw," $5,000 for a "significant flaw" and $3,000 for "medium issues."INSIDER: Traditional anti-virus is dead: Long live the new and improved AV "Chaining of bugs is not frowned upon in any way, we love to see clever exploit chains!" Uber stated in its online challenge. "If you get access to an Uber server, please report it us and we will reward you with an appropriate bounty taking into full consideration the severity of what could be done. Chaining a CSRF vulnerability with a self-XSS? Nice! Using AWS access key to dump user info? Not cool."To read this article in full or to leave a comment, please click here

Microsoft adds macros lockdown feature in Office 2016 in response to increasing attacks

Enterprise system administrators can now block attackers from using a favorite malware infection method: Microsoft Office documents with malicious macros. Microsoft this week added a new option in Office 2016 that allows administrators to block macros -- embedded automation scripts -- from running in Word, Excel and PowerPoint documents that originate from the Internet. Microsoft Office programs support macros written in Visual Basic for Applications (VBA), and they can be used for malicious activities like installing malware. Macro viruses were popular more than a decade ago but became almost extinct after Microsoft disabled macros by default in its Office programs.To read this article in full or to leave a comment, please click here

TLS Certificate Optimization: The Technical Details behind “No Browser Left Behind”

Overview

Back in early December we announced our "no browser left behind" initiative to the world. Since then, we have served well over 500 billion SHA-1 certificates to visitors that otherwise would not have been able to communicate securely with our customers’ sites using HTTPS. All the while, we’ve continued to present newer SHA-2 certificates to modern browsers using the latest in elliptic curve cryptography, demonstrating that one does not have to sacrifice security to accommodate all the world’s Internet users. (If you weren’t able to acquire a SHA-1 certificate before CAs ceased issuing them on 2015/12/31, you can still sign up for a paid plan and we will immediately generate one to serve to your legacy visitors.)

Shortly after we announced these new benefits for our paid Universal SSL customers, we started hearing from other technology leaders who were implementing (or already had implemented) similar functionality. At first glance, the logic to identify incoming connections that only support SHA-1 seems straightforward, but as we spoke with our friends at Facebook, Twitter, and Mozilla, I realized that everyone was taking a slightly different approach. Complicating the matter even further was the fact that at CloudFlare we not only Continue reading

What does Etsy’s architecture look like today?

This is a guest post by Christophe Limpalair based on an interview (video) he did with Jon Cowie, Staff Operations Engineer and Breaksmith @ Etsy.

Etsy has been a fascinating platform to watch, and study, as they transitioned from a new platform to a stable and well-established e-commerce engine. That shift required a lot of cultural change, but the end result is striking.

In case you haven't seen it already, there's a post from 2012 that outlines their growth and shift. But what has happened since then? Are they still innovating? How are engineering decisions made, and how does this shape their engineering culture? These are questions we explored with Jon Cowie, a Staff Operations Engineer at Etsy, and the author of Customizing Chef, in a new podcast episode.

What does Etsy's architecture look like nowadays?

Stop renting: 30% off Arris SURFboard Cable Modem – Deal Alert

If your ISP or cable provider supplied you with a cable modem, you're probably renting it from them and paying fees of up to $10 per month. In most cases there's nothing preventing you from just buying your own. With this 30% off deal, you may run the numbers and decide that today's the day you exercise this freedom.The SURFboard SB6141 cable modem from Arris currently receives 4.5 out of 5 stars (9,000 reviews on Amazon). List price is $99.99, but with 31% off you can buy it now for just $69.99. At this price, it may pay for itself in just months. SURFboard supports IPv6, the latest internet standard. DOCSIS 3.0 technology provides eight downstream channels and four upstream channels. Data rates clock in at 343 Mbps download and 131 Mbps upload, depending on your cable internet provider. So there's plenty of speed for streaming HD video, gaming, video-conferencing, shopping, etc.To read this article in full or to leave a comment, please click here

Stop renting: 31% off Arris SURFboard Cable Modem – Deal Alert

If your ISP or cable provider supplied you with a cable modem, you're probably renting it from them and paying fees of up to $10 per month. In most cases there's nothing preventing you from just buying your own. With this 31% off deal, you may run the numbers and decide that today's the day you exercise this freedom. The SURFboard SB6141 cable modem from Arris currently receives 4.5 out of 5 stars (9,000 reviews on Amazon). List price is $99.99, but with 31% off you can buy it now for just $69.18. At this price, it may pay for itself in just months. SURFboard supports IPv6, the latest internet standard. DOCSIS 3.0 technology provides eight downstream channels and four upstream channels. Data rates clock in at 343 Mbps download and 131 Mbps upload, depending on your cable internet provider. So there's plenty of speed for streaming HD video, gaming, video-conferencing, shopping, etc.To read this article in full or to leave a comment, please click here

Worth Reading: Building a Network

Building a strong network of people is very important in creating a successful career in IT. In these posts we will start first look at why building a network is important and in the other posts we will look at how to actually build the network and how to make sure that you are also contributing to the network and not only exploiting it. -via Lost in Transit

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Building a Network appeared first on 'net work.

Testing Ansible Roles with Docker

Ansible-Docker-Blog

Background

When you first start using Ansible, you go from writing bash scripts that you upload and run on machines to running desired end state playbooks. You go from a write-once read-never set of scripts to an easily readable and updatable yaml. Life is good.

Fast forward to when you become an Ansible power user. You’re now:

  • Writing playbooks that run on multiple distros

  • Breaking down your complex Ansible project into multiple bite-sized roles

  • Using variables like a boss: host vars, group vars, include variable files

  • Tagging every possible task and role so you can jump to any execution point and control the execution flow

  • Sharing your playbooks with colleagues and they’ve started contributing back

As you gain familiarity with Ansible, you inevitably end up doing more and more stuff-- which in turn makes the playbooks and roles that you’re creating and maintaining longer and a bit more complex. The side effect is that you may feel that development begins to move a bit slower as you manually take the time to verify variable permutations. When you find yourself in this situation, it’s time to start testing. Here’s how to get started by using Docker and Ansible to automatically test Continue reading

1 3,030 3,031 3,032 3,033 3,034 3,787