NetworkingNexus.net

Microsoft rated 6 of 13 security updates as critical, Badlock bug fix rated important

For April 2016 Patch Tuesday, Microsoft released 13 security bulletins, with six being rated as critical for remote code execution flaws and the patch for Badlock being among those rated only as important.CriticalMS16-037 is the cumulative fix for Internet Explorer. While most of the vulnerabilities being patched have not been publicly disclosed, the DLL loading RCE bug has been.MS16-038 is the monthly cumulative security update for Microsoft’s Edge browser to stop attackers from achieving RCE when a user visits a specially crafted webpage via Edge. The patch modifies how Edge handles objects in memory, as well as ensures cross-domain policies are properly enforced.To read this article in full or to leave a comment, please click here

Microsoft rated 6 of 13 security updates as critical, Badlock bug fix rated important

For April 2016 Patch Tuesday, Microsoft released 13 security bulletins with six being rated as critical for remote code execution flaws and the patch for Badlock being among those rated only as important.CriticalMS16-037 is the cumulative fix for Internet Explorer. While most of the vulnerabilities being patched have not been publicly disclosed, the DLL loading RCE bug has been.MS16-038 is the monthly cumulative security update for Microsoft’s Edge browser to stop attackers from achieving RCE when a user visits a specially crafted webpage via Edge. The patch modifies how Edge handles objects in memory as well as ensures cross-domain policies are properly enforced.To read this article in full or to leave a comment, please click here

Patching BADLOCK with Ansible

If you've been following recent security news, you may have heard of the Badlock vulnerability in the protocols used by the Microsoft Windows Active Directory infrastructure. This vulnerability could lead to a man-in-the-middle attacker intercepting traffic between a client and the Active Directory server, and then impersonating the client, gaining unauthorized access to resources.

More information can be found at http://badlock.org/ and the Red Hat Knowledgebase.

Thanks to Ansible, however, patching your systems doesn't have to be complicated.

Here’s a sample playbook for Red Hat/Fedora/CentOS and Debian/Ubuntu systems

- hosts: all
  gather_facts: true
  become_method: sudo
  become_user: root
  vars:
    service_name:
      'Debian': 'smbd'
      'RedHat': 'smb'

  tasks:
    - name: check samba version
      shell: dpkg -l | grep -q samba
      when: ansible_os_family == 'Debian'
      register: samba_installed
      ignore_errors: True

    - name: update samba from apt if installed
      apt:
        name: samba
        state: latest
        update_cache: yes
      when: ansible_os_family == 'Debian' and samba_installed.rc == 0
      notify: restart_samba

    - name: check samba version
      shell: rpm -q samba
      when: ansible_os_family == 'RedHat'
      register: samba_installed
      ignore_errors: True

    - name: update samba from yum if installed
      yum:
        name: samba
        state: latest
        update_cache: yes
      when: ansible_os_family == 'RedHat' and samba_installed.rc == 0
      notify: restart_samba

  handlers:
    - name: restart_samba
      service:
        name: "{{  Continue reading

Political statements largely behind DDoS attacks

Countries around the world from Estonian and Ukraine to China, Russia, and the US have been the target of DDoS attacks, many of which are politically motivated. Criminals aren't necessarily looking to steal data or other assets as much as they are intending to make a very powerful statement.According to Nexusguard’s Q4 2015 threat report, attacks on Turkey skyrocketed ten-fold to more than 30,000 events per day, surpassing the thousands of attacks on other popular targets like China and the U.S. The attacks, targeting Turkish IP addresses, contributed to a big increase in DNS attacks, outweighing other popular NTP and CHARGEN methods by 183 percent.To read this article in full or to leave a comment, please click here

Political statements largely behind DDoS attacks

Intel on the cheap: Chip maker ships $15 IoT developer board

At US$15, the Quark Microcontroller Developer Kit D2000 is perhaps the least expensive computer Intel has ever shipped.The single-board computer has all the components mashed onto a tiny circuit board. It can be used to develop gadgets, wearables, home automation products, industrial equipment and other Internet of Things products.Developers could also use the computer to hook up sensors for temperature, light, sound, weather and distance to devices.The developer board is now available from Mouser Electronics. It will also be available from Avnet, according to Intel.To read this article in full or to leave a comment, please click here

How Verizon finds IoT innovation outside its four walls

Verizon Ventures says that while consumer Internet of Things startups were all the rage in 2014 and continue to be popular among investors, enterprise IoT newcomers have become even hotter properties among venture capitalists over the past two years, with enterprise IoT investment expected to double or triple that of consumer IoT in 2016.Verizon’s investment arm has been among those outfits targeting enterprise IoT, with investments in startups such as Filament and Veniam, which focus on industrial networks and connected vehicles, respectively.To read this article in full or to leave a comment, please click here

10 Internet of Things companies to watch

It’s good to be an Internet of Things startup these days. Cisco forked over $1.4B for IoT platform provider Jasper in February. Nokia Growth Partners has raised a $350 million IoT-focused investment fund. And IoT startups are pulling in tens of millions in venture funding.Verizon, in its new “State of the Market: Internet of Things 2016” report, states that its venture arm estimates that while consumer-oriented IoT firms pulled in 15% more funding than enterprise-focused ones in 2014, it is enterprise IoT startups that are now raking in the big bucks. Verizon Ventures says enterprise IoT startups attracted 75% more funding than consumer IoT upstarts last year and that enterprise IoT startups are expected to grab 2 to 3 times as much funding as their consumer counterparts this year.To read this article in full or to leave a comment, please click here

How Verizon finds IoT innovation outside its four walls

What should IETF “standard track” actually mean?

This post is going to be a little off the beaten path, but it might yet be useful for folks interested in the process of standardization through the IETF.

Last week, at the IETF in Buenos Aires, a proposal was put forward to move the IPv4 specifications to historic status. Geoff Huston, in his ISP column, points out the problem with this sort of thing—

As one commenter in the Working Group session pointed out, declaring IPv4 “Historic” would likely backfire and serve no better purpose other than exposing the IETF to ridicule. And certainly there is some merit in wondering why a standards body would take a protocol specification used by over 3 billion people, and by some estimated 10 billion devices each and every day and declare it to be “Historic”. In any other context such adoption figures for a technology would conventionally be called “outstandingly successful”!

The idea to push IPv4 to historic is, apparently, an attempt to move the market, in a sense. If it’s historic, then the market won’t use it, or will at least move away from it.

Right.

reaction-02 Another, similar, line of thinking came up at the mic during a discussion around whether Continue reading

Micron Enlists Allies For Datacenter Flash Assault

If component suppliers want to win deals at hyperscalers and cloud builders, they have to be proactive. They can’t just sit around and wait for the OEMs and ODMs to pick their stuff like a popularity contest. They have to engineer great products with performance and then do what it takes on price, power, and packaging to win deals.

This is why memory maker Micron Technology is ramping up its efforts to get its DRAM and flash products into the systems that these companies buy, and why it is also creating a set of “architected solutions” focused on storage that …

Micron Enlists Allies For Datacenter Flash Assault was written by Timothy Prickett Morgan at The Next Platform.

IDG Contributor Network: Scaling out cloud apps still a challenge despite multi-core CPU advancements

Despite recent advancements and improved parallelism in multi-core CPU performance, there is still a big challenge to be solved relating to the scale-out of cloud applications.Put simply, Linux application performance scales poorly as CPU core count increases. This is commonly experienced as typical Linux applications can be expected to see a 1.5X performance improvement for a 2-core CPU, but the scale quickly plateaus after that, with 4 core performance only improving around 2.5X. The performance further degrades as core counts rise. Given that, along with Intel’s announcement that its Xeon chips have up to 22 cores, scaling performance efficiently across cores is extremely important.To read this article in full or to leave a comment, please click here

IRS security is failing taxpayers, senator says

The U.S. Internal Revenue Service, the Congress, and private electronic tax-filing vendors aren't doing enough to protect the personal information of taxpayers, senators said Tuesday.The IRS needs to step up its cyberecurity efforts, said members of the Senate Finance Committee, citing two recent data breaches at the agency, along with 94 open cybersecurity recommendations from the Government Accountability Office."Hackers and crooks, including many working for foreign crime syndicates, are jumping at every opportunity they have to steal hard-earned money and sensitive personal data from U.S. taxpayers," Senator Ron Wyden, an Oregon Democrat, said during a hearing. "In my view, taxpayers have been failed by the agencies, the companies, and the policymakers here in Congress they rely on to protect them."To read this article in full or to leave a comment, please click here

IRS security is failing taxpayers, senator says

Startup analyzes behavior to stop malware threats

Startup Seceon has joined a growing number of firms focused on quickly analyzing behaviors on corporate networks to identify and prioritize threats that ought to be dealt with, cutting down on the manual work required to spot and stop attacks.In addition to identifying intrusions, the company’s Open Threat Management (OTM) platform can also automatically block suspect behaviors using scripts to other devices on the network.The company competes against a number of others including Damballa, LightCyber and Vectra as well as vendors with broader portfolios such as Carbon Black, Black Ensilo, Fireeye, Guidance, Promisec, Resolution1 Security, and Tanium.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sisense wants to make every user a data scientist

Analytics seems to be like the pot of gold at the end of the rainbow—hugely valuable but generally difficult (or impossible) to reach. It was always too hard, too slow, too expensive and too technical to be used on a widespread basis.Then things started to change. The rise of APIs meant that getting data into and out of core solutions became easier. The advent of cloud computing meant that standing up infrastructure on a short-term basis was easier, and a bunch of new approaches helped to make things far easier. One of the biggest proponents of this new way of driving analytics out to the business users is SAP, who is pushing hard for its HANA in-memory analytics service.To read this article in full or to leave a comment, please click here

Startup analyzes behavior to stop malware threats

Open Networking is Part of Everyone’s Future

If there’s one thing I learned at the Open Networking Summit (ONS) last month in Santa Clara, it’s that Open...

The HTC 10 campaigns for the title best smartphone of 2016

HTC announced the HTC 10 premium smartphone today—its entry into the extreme competition for best smartphone on the planet. The device belongs to a category that makes no compromises in exterior presentation and interior performance. Trade-offs are a luxury enjoyed by makers of commodity smartphone models that pragmatic consumers buy.HTC earned its reputation by designing exquisite phones that others in the industry, including Apple, had to follow and sometimes copy. Most notably the iPhone 6 and 6s product lines look like HTC designs. Powered by a Qualcomm 820 SoC, the HTC 10 will be one of the fastest phones available. However, raw speed is its least-important feature because almost every smartphone is fast, to such an extent that the performance increase of the newest phones compared to last year’s is barely perceptible.To read this article in full or to leave a comment, please click here

Who's Hiring?

Senior Service Reliability Engineer (SRE): Drive improvements to help reduce both time-to-detect and time-to-resolve while concurrently improving availability through service team engagement. Ability to analyze and triage production issues on a web-scale system a plus. Find details on the position here: https://jobs.netflix.com/jobs/434

Manager - Performance Engineering: Lead the world-class performance team in charge of both optimizing the Netflix cloud stack and developing the performance observability capabilities which 3rd party vendors fail to provide. Expert on both systems and web-scale application stack performance optimization. Find details on the position here https://jobs.netflix.com/jobs/860482

Software Engineer (DevOps). You are one of those rare engineers who loves to tinker with distributed systems at high scale. You know how to build these from scratch, and how to take a system that has reached a scalability limit and break through that barrier to new heights. You are a hands on doer, a code doctor, who loves to get something done the right way. You love designing clean APIs, data models, code structures and system architectures, but retain the humility to learn from others who see things differently. Apply to AppDynamics

Software Engineer (C++). You will be responsible for building Continue reading

« Previous 1 … 3,046 3,047 3,048 3,049 3,050 … 3,839 Next »