0

Humidity, not heat, is a hard drive’s biggest threat

Having been to Orlando in August, I know the meaning of the term "It's not the heat, it's the humidity." That was the first and only time I had my glasses fog up for just stepping outside.And it turns out humidity is a greater threat to hard drive reliability than high temperatures, according to a study from Rutgers University in partnership with GoDaddy and Microsoft. In their paper titled "Environmental Conditions and Disk Reliability in Free-cooled Datacenters" (PDF), the team said the most notable result was that all other conditions aside, the effects on controllers and adapters were felt most as humidity levels rose.To read this article in full or to leave a comment, please click here

0

Creating a Dynamic Lab Environment with vEOS and GNS3 – Part II

SETTING UP A DHCP AND FILE SERVER FOR USE WITH ZTP

0

Creating a Dynamic Lab Environment with vEOS and GNS3 – Part I

GETTING STARTED

Preliminary Installation Setup

Creating the Management Network

SETTING UP vEOS

Creating a Base Image

0

Sometimes techy details matter

How terrorists use encryption is going to become central to the Cryptowars 2.0 debate. Both sides are going to cite the case of Reda Hame described in this NYTimes article. On one hand, it shows that terrorists do indeed use encryption. On the other hand, the terrorists used TrueCrypt, which can't be stopped, no matter how many "backdoor" laws the police-state tries to pass.

The problem with the NYTimes article is that the technical details are garbled. (Update: at the bottom, I correct them). Normally, that's not a problem, because we experts can fill in the details using basic assumptions. But the technique ISIS used is bizarre, using TrueCrypt containers uploaded to a file-sharing site. This is a horrible way to pass messages -- assumptions we make trying to fill in the blanks are likely flawed.

Moreover, there is good reason to distrust the NYTimes article. Small details conflict with a similar article in the French newspaper Le Monde from January 6. Both articles are based on the same confession by Reda Hame from last August.

For example, in discussing a training accident with a grenade, the NYTimes article says "Mr. Hame did not throw it far Continue reading

0

Rules, smules, classified, smashified: Those things don’t seem to apply to Clinton

Rules, smules...they don't seem to apply to Hillary Clinton. The Washington Post has an excellent piece about the Clinton email scandal.For “personal comfort” reasons, she wanted to use her personal unencrypted BlackBerry for all her email, despite warnings that it could be vulnerable. She even took it overseas, although she supposedly said she “gets it” being a security risk. Don’t be silly and expect her to use a PC; oh no, she was seemingly a CrackBerry fanboy. She also didn’t bother to tell officials that her BlackBerry was tied to her infamous private email server. That server was supposedly also for her comfort – for her “convenience.”To read this article in full or to leave a comment, please click here

0

Former NSA deputy director says Edward Snowden lacks courage

In the first segment of an interview with Chris Inglis, former deputy director of NSA, the Irari Report talks with him about his perceptions of Edward Snowden’s motivations and intentions in committing his acts of espionage. In the video segment, Inglis discusses his impressions of Snowden, and theorizes as to why Snowden left for China, and to where he intended to defect.Edward Snowden's defection occurred during Inglis' tenure as Deputy Director of NSA, and as such, Inglis was extremely involved in overseeing the investigation incident and mitigation of the resulting damage. Inglis states that Snowden was indiscriminate in his release of information, and is full of rage. When asked to comment on why Snowden has not released any documents about Russian or Chinese domestic surveillance efforts, which are plentiful throughout NSA, and would have been readily available to Snowden while he was at NSA, Inglis stated that Snowden lacks any courage to speak up about any concerns while he might be held accountable.To read this article in full or to leave a comment, please click here

0

Survey: With all eyes on security, talent shortage sends salaries sky high

Jason Hoffman started his career as an internal auditor, but after 7 years he was ready to leave the job he was "really good at" and try something different. The transition to security more than 18 years ago "was probably the best decision I made in my career," says Hoffman, who is now CSO at marketing automation software vendor Marketo. "I don’t think anyone in 1998 could have predicted how important security would be today." "Company executives and their boards are more acutely aware that security is not just an IT problem but it’s a business problem," says Hoffman. "As a result, security is getting more emphasis across all companies regardless of sector."To read this article in full or to leave a comment, please click here(Insider Story)

0

Merging firms appealing targets for attackers

Companies going through a merger or acquisition, as well as their lawyers, financial advisers, and other associated firms are all tempting targets for cyberattackers, according to a new report from Digital Shadows.The attackers use public sources for the first round of information gathering, then spearphishing and malware campaigns against targeted individuals. They are often undetected because many companies still ignore cybersecurity when doing due diligence, the report said.ALSO ON CSO: How to respond to ransomware threats The attackers are "apex predators" said Rick Holland, the company's vice president of strategy.To read this article in full or to leave a comment, please click here

0

The CORD Architecture

Edge provider networks, supporting DSL, voice, and other services to consumers and small businesses, tend to be more heavily bound by vendor specific equipment and hardware centric standards. These networks are built around the more closed telephone standards, rather than the more open internetworking standards, and hence they tend to be more expensive to operate and manage. As one friend said about a company that supplies this equipment, “they just print money.” The large edge providers, such as AT&T and Verizon, however, are not endless pools of money. These providers are in a squeeze between the content providers, who are taking large shares of revenue, and consumers, who are always looking for a lower price option for communications and new and interesting services.

If this seems like an area that’s ripe for virtualization to you, you’re not alone. AT&T has been working on a project called CORD for a few years in this area; they published a series of papers on the topic that make for interesting reading:

• A set of slides covering the concept can be found here
• A recording of a talk on this topic can be found here
• A shorter white paper on the topic can Continue reading

0

PLUMgrid Touts Containers & CloudApex in 5.0 Release

CloudApex functionality is key.

0

Worth Reading: Yellow journalism on encryption

That’s not how encryption works. Instead, if “encryption” were the one thing the terrorists were using to hide, then you’d certainly find encrypted emails and encrypted messages — ones you couldn’t read without knowing the key. The lack of emails/messages instead hints that the terrorists were meeting in person, passing paper notes to each other, or using telepathy. All of these, even telepathy, are more likely explanation for the lack of evidence than “encryption”. It’s a typical example of yellow journalism. The public isn’t familiar with “encryption”, so it’s easy to sensationalize it, to make it seem like something sinister is going on. -via Errata Security

The post Worth Reading: Yellow journalism on encryption appeared first on 'net work.

0

US has asked Apple, Google to help unlock devices in more than 70 cases

U.S. government agencies have filed more than 70 orders requiring Apple or Google to help law enforcement agencies unlock mobile devices since 2008, despite the agency insisting its fight with Apple in a recent terrorism case was limited in scope.The Department of Justice dropped its California case against Apple after the FBI found a way to break into one of the San Bernardino shooters' iPhone without assistance.But the American Civil Liberties Union has identified 64 cases where representatives of the DOJ have filed All Writs Act orders seeking assistance from Apple or Google to unlock mobile devices. The ACLU's numbers are on top of 12 cases identified by Apple lawyer Marc Zwillinger in mid-February, the group said. To read this article in full or to leave a comment, please click here

0

Should Apple Build their Own Cloud?

This is one of the most interesting build or buy questions of all time: should Apple build their own cloud? Or should Apple concentrate on what they do best and buy cloud services from the likes of Amazon, Microsoft, and Google?

It’s a decision a lot of companies have to make, just a lot bigger, and because it’s Apple, more fraught with an underlying need to make a big deal out of it.

This build or buy question was raised and thoroughly discussed across two episodes of the Exponent podcast, Low Hanging Fruit and Pickaxe Retailers, with hosts Ben Thompson and James Allworth, who regularly talk about business strategy with an emphasis on tech. A great podcast, highly recommended. There’s occasional wit and much wisdom.

Dark Clouds Over Apple’s Infrastructure Efforts

0

Custom developed Dripion backdoor used in highly targeted attacks in Asia, US

A new custom developed backdoor program has been used in highly targeted attacks against organizations from Taiwan, Japan, South Korea and the U.S. over the past year.Malware researchers from Symantec first came across the program, which they've named Dripion, in August 2015. However, due to its custom nature and sparse use, it has managed to fly under the radar since as early as November 2013.When their analysis began, the Symantec researchers believed Dripion was a local threat used against organizations in Taiwan, where most of its victims were found. However, since then, they have found computers infected with the backdoor in other countries as well.To read this article in full or to leave a comment, please click here

0

Security Sessions: How to transition from tech professional to a business leader

Many security pros came up through the career ranks with a solid tech background. But security leadership demands more business acumen and expertise today. Lorna Koppel, Direction of Information Security for Tufts University, has been through this process in her career and shares her tips for making the transition smoothly and effectively.

0

Docker Birthday #3: Thank you Docker community!

Gracias, merci, danke, obrigado, рақмет сізге, tak, धन्यवाद, cảm ơn bạn, شكرا, mulțumesc, asante, ευχαριστώ, thank you Docker community! While we originally planned for 40 Docker Birthday #3 celebrations worldwide with 1,000 attendees, over 8,000 people registered to attend one … Continued

0

Why I am excited to join the Cloud Native Computing Foundation Technical Oversight Board

Docker’s mission is to build tools of mass innovation. To achieve this goal, we collaborate with the best developers in the world, working with the open source projects and organizations tackling the various aspects of containerization: the Docker open source … Continued

0

Video And The Death Of Dialog

I was reading a trivia article the other day about the excellent movie Sex, Lies, & Videotape when a comment by the director, Stephen Soderbergh, caught my eye. The quote, from this article talks about how people use video as a way to distance ourselves from events. Soderbergh used it as a metaphor in a movie made in 1989. In today’s society, I think video is having this kind of impact on our careers and our discourse in a much bigger way.

Writing It Down In Pictures

People have become huge consumers of video. YouTube gets massive amounts of traffic. Devices have video recording capabilities built in. It’s not uncommon to see a GoPro camera attached to anything and everything and see people posting videos online of things that happen.

My son is a huge fan of videos about watching other people play video games. He’ll watch hours of video of someone playing a game and narrating the experience. When I tell him that he’s capable of playing the game himself he just tells me, “It’s not as fun that way Dad.” I, too, have noticed that a lot of things that would normally have been written down are Continue reading

0

How to set up a portable, non-cloud-based password manager

Nothing helps strong passwords become a central tenet of your electronic life than conscientious use of a password manager. However, the compromise of at least one cloud-based password manager last year and recent actions by a government agency may have given you second thoughts about using the cloud for something that instinctively feels like it should be managed locally.Those incidents aside, password managers remain the best way to avoid reusing weak passwords which is as commonplace as the number of password leaks that happen every year, even on large, reputable websites. And, if you don’t mind putting in a modicum of effort, you can still establish a non-cloud-based password manager that can be utilized across multiple devices.To read this article in full or to leave a comment, please click here

0

Expert: Comprehensive software security for cars will take years

Software security for automobiles is improving but it will take another three or four years until manufacturers can put overarching security architecture in place, says Stefan Savage, winner of the 2015 ACM-Infosys Foundation Award in the Computing Sciences.“We’re at a point where the industry has to recognize that this is a real issue for them,” says Savage, a professor in the Computer Science and Engineering department at the UC San Diego Jacobs School of Engineering.+ MORE CAR SECURITY: Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep +To read this article in full or to leave a comment, please click here