‘No viruses! Honest!’

These "free USB sticks" were left for the taking in our break room here at Network World headquarters.And, even though I’m reasonably certain I know who left them, there’s no way I’m falling for the old “No viruses! Honest!” trick. To read this article in full or to leave a comment, please click here

FCC votes for strict new broadband privacy rules

The U.S. Federal Communications Commission has taken a major step toward new regulations requiring ISPs to get customer permission before using or sharing their Web-surfing history and other personal information.The FCC voted 3-2 Thursday to approve a notice of proposed rule-making, or NPRM, the first step toward passing new regulations, over the objections of the commission's two Republicans.The proposed rules, which will now be released for public comment, require ISPs to get opt-in permission from customers if they want to use their personal information for most reasons besides marketing their own products.To read this article in full or to leave a comment, please click here

Worth Reading: A yot of YANG

The YANG Model Coordination Group has been spending time on the inventory of those YANG models in the industry, the tooling aspects, the help with the compilation, the training & education (NETCONF, YANG, pyang), the coordination across SDOs/opensource, the model coordination with the IETF. On the tooling front, the YANG model extraction and compilation is now integrated in the IETF draft submission tool, thanks to Henrik Levkowetz. So no more excuses for producing YANG models that don’t compile. -via the IETF blog

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: A yot of YANG appeared first on 'net work.

IDG Contributor Network: What is the future of mobile communications app security

We are well on our way to a world where communications traffic between mobile apps will be completely secure. Whether voice or text, monitored traffic will be encrypted and uncrackable, even with the cooperation of the app or device developers.A recent example, Facebook’s WhatsApp is reportedy causing law enforcement concern, as it appears to be impervious to decryption efforts. Government legislation forcing vendors to incorporate some type of backdoor password seems to be the only alternative to living with this new reality, but legislation may be unenforceable in the international context of app development and distribution.To read this article in full or to leave a comment, please click here

Hackers can abuse the iOS mobile device management protocol to deliver malware

Starting with iOS 9, Apple has tried to make it harder for attackers to trick users into installing unauthorized apps on their devices by abusing stolen enterprise certificates. However, it left one door open that attackers can still exploit: the protocol used by mobile device management products.In a presentation at the Black Hat Asia security conference on Friday, researchers from Check Point Software Technologies will demonstrate that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices with little user interaction.Apple's tight control over the iOS App Store has made it hard, but not impossible, for attackers to infect iOS devices with malware.To read this article in full or to leave a comment, please click here

New wireless tech from MIT promises password-free Wi-Fi

New wireless technology developed by researchers at MIT's Computer Science and Artificial Intelligence Lab promises to kill the Wi-Fi password at last.Dubbed Chronos, the new system enables a single Wi-Fi access point to locate users to within tens of centimeters without relying on any external sensors. What that means is that it could figure out where people are in a home or office and adjust heating and cooling accordingly. It could also enable a small cafe to better restrict its free Wi-Fi to paying customers. Existing Wi-Fi devices don’t have wide enough bandwidth to measure the "time of flight" of a signal from transmitter to receiver, or router to device, so typically a person's position can be determined only by triangulating multiple angles relative to the person from multiple access points.To read this article in full or to leave a comment, please click here

Skyport Systems and The Zero Trust DC

Skyport Systems offers a trusted computing platform to securely host virtual machines. Big deal? Well, maybe more than it seems at first glance.

Skyport Systems

I was sitting in some Juniper training last week being told about their Zero Trust security capabilities (referred to in VMWare NSX terminology as micro-segmentation), and as I listened I started thinking about zero trust in the wider context of who can be relied upon when it comes to software, and even the hardware on which it runs.

Software Issues

Let’s face it, the events of the the last few years have brought to light for Americans that far from a need to fear what other nation states might be willing to do to get access to our data, the real threat may lie within. Juniper was in the news at the end of last year after the announcement that ScreenOS contained unauthorized code suspected of being planted there by the NSA. And then in January 2016, Juniper announced that ScreenOS would be dropping the NSA-developed Dual_EC_DRBG random number generator which perhaps coincidentally has a known weakness in it, a vulnerability that was made even worse by an implementation change in ScreenOS to use a larger Continue reading

5 things you should know about two-factor authentication

One of the best pieces of security advice any computer expert can give you is to enable two-factor authentication for websites that support it. With password breaches so common nowadays, it could be the one thing that keeps hackers from stealing your identity online. Here are five points to help you understand this technology.Two-factor authentication or two-step verification?A lot of people think they're the same thing, but that's not really accurate.There are three types of authentication factors: something you know, such as a password or PIN; something you have, such as a mobile phone or a special USB key; and something you are, such as your fingerprint or other biometric identifier.To read this article in full or to leave a comment, please click here

Bash, better biometric security, Cortana and a flood of chatbots coming to Windows 10

There’s a lot of things coming out of Microsoft’s BUILD conference, but here are three.Bash coming to Windows 10There are now 270 million monthly active devices running Windows 10 and some of those people behind those machines surely use Linux as well. After Microsoft rolls out the Windows 10 “Anniversary” update this summer, those folks can have the “real” Bash shell in Windows.First you would need to turn on Developer Mode in Windows settings and download the Bash shell from the Windows Store, but then you open the Start menu and type “bash” to open cmd.exe running Ubuntu’s /bin/bash, explained Dustin Kirkland, part of Canonical’s Ubuntu product and strategy team. Then you have “full access to all of Ubuntu user space.”To read this article in full or to leave a comment, please click here

5 dev tools for better code security

5 dev tools for securing your codeImage by geralt via pixabayInformation security is of paramount importance these days, and there is no better place to start securing systems and data than in the software development process itself.To read this article in full or to leave a comment, please click here

Feds tackle open source code quality

Even as the White House is calling on federal agencies to make more use of open source projects, there's also a federal effort under way to reduce the number of vulnerabilities in those products via better code review tools and bug bounties.By the end of September, the Cyber Security Division at the Department of Homeland Security plans to award funding for a project designed to improve the performance of static code analysis tools."We're in the process of approving proposals now from academia and small businesses," said Kevin Greene, the division's software assurance program manager.[ ALSO ON CSO: Romancing development: How to avoid feeling vulnerable with open source ]To read this article in full or to leave a comment, please click here

Introducing CFSSL 1.2

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update. In the last 20 months, we have added a ton of great features, and CFSSL has attracted an active community of users and contributors. Users range from large SaaS providers (Heroku) to game companies (Riot Games) and the newest Certificate Authority (Let’s Encrypt). For them and for CloudFlare, CFSSL has become a core tool for automating certificates and TLS configurations. With added support for configuration scanning, automated provisioning via the transport package, revocation, certificate transparency and PKCS#11, CFSSL is now even more powerful.

We’re also happy to announce CFSSL’s new home: cfssl.org. From there you can try out CFSSL’s user interface, download binaries, and test some of its features.

Motivation

current efforts - google Licensing: Public Domain

This 2013 National Security Agency (NSA) slide describing how data from Google’s internal network was collected by intelligence agencies was eye-opening—and shocking—to many technology companies. The idea that an attacker could read messages passed between services wasn’t technically groundbreaking, but it Continue reading

1 3,038 3,039 3,040 3,041 3,042 3,808