Worth Reading: What your ISP probably knows about you

This private information includes both personal information, as well as information about a customer’s use of the service that is provided as a result of receiving service — sometimes called Customer Proprietary Network Information, or CPNI. One possible conclusion a reader might draw from this white paper is that ISPs have limited capability to learn information about customers’ use of their service and hence should not be subject to additional privacy regulations. -via CircleID

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: What your ISP probably knows about you appeared first on 'net work.

Ransomware attacks on U.S. companies blamed on state-sponsored Chinese hackers

So what do Chinese government-supported hackers turn to after China backed off on supporting economic espionage? Applying their APT skills to infecting companies with ransomware…at least that is the prevailing theory put forth by several security firms.If China really did pull its previous level of support for economic espionage after its agreement with the US late last year, then those same hackers may be supplementing their income by joining the booming business of ransomware.Security firms involved in investigating ransomware attacks that have not previously been made public told Reuters that Chinese hackers are the most likely suspects behind the attacks. It should be noted that none of the security companies could be positive that plain-old cybercrooks weren’t behind the attacks after upping their game, improving skills and purchasing tools previously used only by governments. At least a half dozen ransomware attacks in the last three months have a level of sophistication that is usually only used in state-sponsored attacks.To read this article in full or to leave a comment, please click here

SWSX highlights bright and dark tech futures

Visions of the future clashed during South By Southwest (SXSW) Interactive in Austin, as some experts saw an uncertain future, some saw an unbounded future and some were frustrated by the present.As for uncertainty, the worlds of big data, AI, and government are just beginning to collide, and public policy decisions made now will cast shadows far into the future, panelists agreed at a session titled, "Data Ethics in the Age of the Quantified Society.""We are at an inflection point," said Nicole Wong, former White House policy advisor. "We are paving the roads for what the future will look like. Will it be a dystopian world like The Hunger Games, or a different world, with health care for millions, precision medicine and equitable distribution of benefits? But how do we build the underlying roads?"To read this article in full or to leave a comment, please click here

How to get started in IT security consulting

IT security consulting is an excellent way to grow as a security professional. In contrast to an corporate role, consultants are exposed to a variety of business situations and industries. Those who succeed in the consulting world find themselves equipped with greater skills and cutting-edge knowledge of new technologies.Before you enter consulting, take note of the field’s current opportunities and challenges. “Migrating security services to the cloud, incident response, forensics and security risk assessments are areas in high demand,” comments Brian Honan, founder of BH Consulting. The Ireland-based IT security consulting firm has grown to 10 consultants and serves clients in Ireland, Europe, the United Kingdom and the US.To read this article in full or to leave a comment, please click here(Insider Story)

How to respond to ransomware threats

Don't jumpImage by ThinkStockRansomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof. The Institute for Critical Infrastructure Technology recently released a report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here

Symantec partners with hosting providers to offer free TLS certificates to website owners

Symantec wants to see the encrypted Web grow and will offer free basic SSL/TLS certificates to domain owners through Web hosting companies that join its new Encryption Everywhere program.The company has already signed partnerships with more than ten hosting providers, including InterNetX, CertCenter, Hostpoint and Zoned in Europe, and is close to finalizing deals with ten others. The customers of those companies will receive a basic website encryption package that includes a standard TLS certificate valid for one year.Depending on their needs, customers will also be able to opt for paid premium packages that include extended validation (EV) certificates or wildcard certificates that are valid for multiple websites hosted on different subdomains.To read this article in full or to leave a comment, please click here

Networking’s not so bad

Ivan’s post this week was a good reminder that other parts of IT aren’t perfect either. It’s not all roses on the other side of the fence. Networking has done many good things, and often showed the way.

Consider a conversation between a sysadmin & a network engineer:

Look at how I can virtualise these systems! Now I can isolate users and consolidate hardware resources. They have no idea they’re on the same hardware. It’s incredible!

Oh. Bit like these VLANs, VRFs, and VDCs we’ve been doing for 15+ years now?

Look at how I can use Puppet to define this server’s complete configuration using a single text file! This is amazing! I can use version control for my infrastructure!

Oh. You mean like this single text file that defines the configuration of my network device here? Yes, yes that does seem useful.

Why do you networking people have so many different ways of configuring systems? Why don’t you just have one common API?

Oh. You mean like the way that there’s a Universal install script Linux systems?

SNMP sucks. The data format is terrible, implementations are inconsistent. Why don’t you switch to gRPC?

Wait, weren’t you telling me last Continue reading

Top websites affected by Angler exploit kit malvertising, security vendors say

Tens of thousands of Web browsers may have been exposed to ransomware and other malware over the last few days after malicious advertisements appeared on high-profile websites, security vendors said Monday.The malicious advertisements are connected to servers hosting the Angler exploit kit, a software package that probes a computer for software vulnerabilities in order to deliver malware, Trend Micro said.Security vendor Trustwave wrote on Monday that it also detected a large Angler-related malvertising campaign.To read this article in full or to leave a comment, please click here

Google has doubled its bounty for a Chromebook hack to US$100,000

Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to US$100,000, sweetening the pot in hopes of drawing more attention from security researchers.The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google's security blog on Monday."Since we introduced the $50,000 reward, we haven’t had a successful submission," Google wrote. "That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."To read this article in full or to leave a comment, please click here

Pica8 overcomes white box obstacles

The evolution to software defined networking (SDN) is well underway. ZK Research (I am an employee of ZK Research) shows that almost 80% of organizations are interested in the topic, although fewer than 10% have actually deployed the technology. This means there are a huge number of organizations trying to understand the best way to deploy SDN. One such way is to leverage the cost benefits of a white box switch with some sort of standards-based technology such as OpenFlow. Low cost hardware, industry standards and a few best practices should make for a relatively straightforward deployment. Not so fast. Not all white boxes are created equal. While all white box switches do offer compelling economics, they are known to have some performance issues. White box switches deployed as a top of rack (ToR) need handle tens of thousands of flows.To read this article in full or to leave a comment, please click here

1 3,033 3,034 3,035 3,036 3,037 3,779