FTC orders nine PCI auditors to share assessment details

The FTC is on a data breach enforcement roll. Last summer, the courts allowed it to fine companies with weak cybersecurity practices. Now, the FTC is taking a closer look at payments processing, checking to see how auditors measure compliance with industry rules.Specifically, the FTC has requested information from PricewaterhouseCoopers, Mandiant, Foresite MSP, Freed Maxick CPAs, GuidePoint Security, NDB, SecurityMetrics, Sword and Shield Enterprise Security, and Verizon Enterprise Solutions, which is also known as CyberTrust.The nine companies, a mixture of large and small compliance vendors, have 45 days to respond to detailed questions about how they measure compliance with the Payment Card Industry Data Security Standards.To read this article in full or to leave a comment, please click here

War Stories: Backup NICs, DNS and AD

A return to our sporadic series of networking war stories. This time it’s fun with dedicated backup networks, DNS auto-registration, and Active Directory. Thank God it’s a lot easier these days with virtualisation. But back then…

Backups suck, but you need to do them somehow

Back in the olden days we had a dedicated tape drive connected to each server. Daily/weekly backups were written to the local tape drive using a SCSI connection. Someone would walk around the servers each day and change the tapes. It was simple, and it worked, but it doesn’t scale.

Two things happened – server numbers started exploding, and Gigabit Ethernet became practical. That meant that it became practical to have centralised ‘backup’ servers connected to tape drives, and to stream backup data across the network. Much better scale – we only needed to install an agent on each server, and the centralised backup servers needed to have enough tapes + tape drives. This also gave us much better central control & visibility of our backups.

Of course, we were worried about the impact of streaming large backup files across the network. We didn’t want that to affect production traffic, so we installed dedicated backup Continue reading

Locky ransomware activity ticks up

Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself.Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.Trustwave's SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky."We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware," wrote Rodel Mendrez, a Trustwave security researcher.To read this article in full or to leave a comment, please click here

Google has joined Facebook’s Open Compute Project and submitted a 48-volt rack design

Google has joined Facebook's Open Compute Project and proposed a new design for server racks that could help cloud data centers cut their energy bills.The OCP was started by Facebook six years ago as a way for end-user companies to get together and design their own data center equipment, free of the unneeded features that drive up costs for traditional vendor products.Other big cloud providers such as Microsoft jumped on board, but Google, which is known for operating some of the world's most advanced data centers, stayed away. On Wednesday, at the OCP Summit in Silicon Valley, it said it has now joined.To read this article in full or to leave a comment, please click here

Google has joined Facebook’s Open Compute Project and submitted a 48-volt rack design

Google has joined Facebook's Open Compute Project and proposed a new design for server racks that could help cloud data centers cut their energy bills.The OCP was started by Facebook six years ago as a way for end-user companies to get together and design their own data center equipment, free of the unneeded features that drive up costs for traditional vendor products.Other big cloud providers such as Microsoft jumped on board, but Google, which is known for operating some of the world's most advanced data centers, stayed away. On Wednesday, at the OCP Summit in Silicon Valley, it said it has now joined.To read this article in full or to leave a comment, please click here

Experts say ‘chip off’ procedure to access terrorist’s iPhone is risky

The iPhone 5c at the center of the legal battle between Apple and the FBI might be accessible through a delicate hardware technique, but experts warn it would be difficult.In recent days, the American Civil Liberties Union's technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone's password.Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone's password. The forensic technique for getting at the data, known as "chip off," involves removing a NAND flash memory chip from a device and copying its data, yielding a decryption key that can be restored if it is erased after incorrect guesses.To read this article in full or to leave a comment, please click here

Getting started with Network Packet Generators

bit blaster
A friend of mine has just ordered a shiny new packet generator for his network lab. I’ve spent some time working as a QA engineer in a network lab and wanted to share some advice.
You can purchase stateful and stateless packet generators from major vendors like Spirent, IXIA or Agilent. If you just need to test throughput, latency or loss, a stateless packet generator will do the trick. The test hardware will use an ASIC to produce line-rate 10G traffic or higher. The Cisco Enterprise Testing Book calls this a ‘bit-blaster’ which I love. In the wrong hands it can also be a ‘network-melter’. 
You need a stateful packet generator if you want to test your routing protocols in conjunction with traffic load. A stateful packet generator such as Ixia’s IxNetwork, will use dedicated CPUs to form and maintain adjacencies, inject routing protocol packets, etc. You can use the stateful feature to inject prefixes which are then used as test targets by high-rate stateless traffic.
Licensing is a major source of pain when operating a stateful packet generators. There are often licenses required per protocol and even per-combination of protocols. For example, I had to buy a license for Continue reading

How Ansible Makes Automating Windows Easier

ansible-windows-blog.png

In case you missed it, Ansible 2.0’s Windows support includes a number of improvements and new features that make automating Windows with Ansible easier. Because of Red Hat’s commitment to solid cross-platform management, you’ll also see an acceleration of these kinds of improvements in future Ansible releases. I’ll highlight a few of the items I’m most excited about from 2.0, and give a quick peek at what’s scheduled for future releases.

Windows Update Support

Update management is a common pain point for Windows administrators. The new win_updates module makes it easy to orchestrate updates during your maintenance windows- no more logging into individual machines to kick off updates or hoping a scheduled update pass actually ran!

IIS Modules

2.0 shipped with a suite of modules for managing IIS. From configuring websites, AppPools, virtual directories, and more- now Ansible can deploy and manage your IIS apps with ease.

Performance Enhancements to File Copy

Since WinRM doesn’t have a built-in file transfer mechanism, Ansible has to jump through some “interesting” hoops to deploy its module code and copy files from the control host to a managed Windows box. Historically, this process was very slow, and could only transfer small Continue reading

US national lab advances wireless charging for electric cars

How cool would it be if you could just pull into your garage and park over a special pad and a recharge your electric car for your morning commute?It’s a convenience item that would go a long way to making electric cars more attractive to the average US consumer that’s for sure.+More on Network World: World’s coolest concept cars+This week the US Energy Department’s Vehicle Technologies Office, Oak Ridge National Laboratory (ORNL) and Hyundai America Technical Center Inc. said that technology they have been working on since 2012 could soon make wireless charging for electric cars more widespread.To read this article in full or to leave a comment, please click here