Justice Department indicts Iran hackers in massive financial cyberattack

The U.S. Department of Justice has indicted seven Iranian hackers in connection with cyberattacks on U.S. banks, the New York Stock Exchange, AT&T and a water facility in New York.The seven live outside the U.S. and it’s questionable whether they will ever be apprehended and tried, according to reports by Reuters, the New York Times and the Washington Post.To read this article in full or to leave a comment, please click here

Baremetal cloud using Packet

Typical Opensource demo applications comes packaged as a Vagrant application which starts a bunch of VMs and does automatic provisioning. I have a Windows machine with Virtualbox and VMWare player installed. Since Virtualbox does not support nested virtualization with 64 bit VMs(More details can be found in my previous blogs on Virtualbox and VMWare player), … Continue reading Baremetal cloud using Packet

IDG Contributor Network: User-controlled, private clouds could help with security, think scientists

One of the problems with smartphone apps is that one has no control over where often sensitive permissions and personal content is stored. While we’re allowed a certain amount of input when it comes to downloading the app and installing it: agree to the permissions or else, we have no control over where or how all the data is stored. We know that it’s probably in the cloud somewhere, but it could be anywhere, even on the phone itself. And each app developer has its own idea about how to handle the stuff. That is a problem for security—not the app developers’ but ours. And it doesn’t stop at phones. Anyone know where the password for an IoT oven is located, and how securely? The answer is no and maybe not very.To read this article in full or to leave a comment, please click here

Emergency Java update fixes two-year-old flaw after researchers bypass old patch

Oracle has released an emergency Java security update to fix a critical vulnerability that could allow attackers to compromise computers when they visit specially crafted websites.The company has assigned CVE-2016-0636 as the identifier for the vulnerability, which suggests that it is a new flaw discovered this year, but that's not really the case.Polish security firm Security Explorations confirmed via email that the new Java update actually fixes a broken patch for a vulnerability that was originally reported to Oracle by the company in 2013.Earlier this month Security Explorations announced that a patch released by Oracle in October 2013 for a critical vulnerability tracked as CVE-2013-5838 was ineffective and could be trivially bypassed by changing only four characters in the original exploit. This meant that the vulnerability was still exploitable in the latest versions of Java.To read this article in full or to leave a comment, please click here

Rethinking BGP path validation (part 2)

This is the second post in the two part series on BGP path validation over on the LinkedIn Engineering blog.

We left off last time after having described the eight operational requirements that must be met for any system that reduces our reliance on transitive trust in relation to the AS Path. As a reminder, AS, or Autonomous Systems, is a set of routers which all follow a standard set of policies. A typical AS is run by a single organization, such as a company or an ISP. Now, let’s see how this kind of system might work in practice.

LinkedInTwitterGoogle+FacebookPinterest

The post Rethinking BGP path validation (part 2) appeared first on 'net work.

IDG Contributor Network: HexaTier secures all those databases in the cloud

Israeli-founded HexaTier, the nattily-named vendor that offers security and compliance solutions for cloud-hosted databases and Database as a Service (DBaaS) platforms, is launching the latest version of its products and focusing squarely at what it perceives are the key enterprises blockers for DBaaS adoption. The Israel connection is interesting, the number of IT security companies to originate from Israel is truly staggering. It is a reflection of the huge amount of investment that the Israeli military makes into cyber security - many of those hyper-smart graduates of the Israel Defence Force's 8200 cyber-security unit go on to form commercial companies.To read this article in full or to leave a comment, please click here

Cybersecurity as a Business Issue

It’s become a cliché in the industry to say that cybersecurity has become a board room-level issue but what evidence do we have to support this claim?  Well, here are a few tidbits from some recent ESG research that certainly lend credibility to the business-driven cybersecurity thesis (note: I am an ESG employee): When asked to identify business initiatives that are driving IT spending, 43% of respondents said, “increasing cybersecurity.”  This was the top business initiative selected followed by “reducing costs” (38%), “improving data analytics for real-time business intelligence” (32%), and “ensuring regulatory compliance” (27%). On a similar vein, survey respondents were asked to identify the most important IT “meta-trend” to their organization.  Forty-two percent of respondents selected, “increasing cybersecurity.”  The next most popular response, “using data analytics for real-time business intelligence,” came in at 17%. 69% of organizations are increasing their spending on cybersecurity in 2016.  These budget increases are being approved by business managers who are now willing to spend more money to improve cybersecurity at their organizations.  As if the ESG data wasn’t enough, we also know that cyber-insurance policies grew by about 35% last year.  So aside from increasing Continue reading

Worth Reading: The Databerg Report

Veritas has released their US Databerg Report, which looks at the effects of today’s exploding data volumes and how they have been overlooked by most business leaders who were did not anticipate the exponential growth of data. In fact, an independent research study demonstrates how organizations around the world are on track to waste more than $3.3tn by 2020. Previously, Veritas released their study results on data management, which touches on this subject. -via Storage Review

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: The Databerg Report appeared first on 'net work.

IDC: SD-WAN market to hit $6B by 2020

The confluence of applications being hosted in the cloud and end users accessing them via mobile devices is accelerating advancements in wide area networking technologies.A new report issued today by research firm IDC predicts those factors will drive what was a relatively nascent software defined WAN (SD-WAN) industry, worth a mere $225 million last year, to grow at a more than 90% compound annual growth rate for the next five years to become a $6 billion industry by 2020.+MORE AT NETWORK WORLD: SD-WAN: What it is and why you’ll use it one day +To read this article in full or to leave a comment, please click here

Containers are not VMs

I spend a good portion of my time at Docker talking to community members with varying degrees of familiarity with Docker and I sense a common theme: people’s natural response when first working with Docker is to try and frame … Continued

How to make Android a real part of your business

Over the past five years, iPhones and iPads have become the corporate mobile standards, thanks to their wealth of business apps, Exchange compatibility, corporate manageability, and strong security. Android devices, on the other hand, have largely been relegated to "OK for email" status.But there's no longer a reason to keep Android at arm's length. It can now be as integral to your mobile portfolio as Apple's iOS devices are. Sure, Apple devices still lead in business-class apps, manageability, and security, but not by enough to exclude Android from full access at most companies.[ Check out InfoWorld's comparisons of office apps for the iPad and office apps for Android devices. | Read our guide to Exchange-based tools in Windows, OS X, iOS, and Android: mobile Outlook vs. desktop Outlook vs. native apps. | See the  top tips on getting more from iOS for email, contacts, and calendars. ] With that in mind, InfoWorld has put together this guide on how to deploy Android, both for company-issued devices and BYOD scenarios; most companies likely have a mix of both approaches.To read this article in full or to leave a comment, please click here(Insider Story)

Getting to Know Jason McKerr, Director of Ansible Core

Knowing the members of our Ansible community is important to us, and we want you to get to know the members of our team in (and outside of!) the Ansible office. Stay tuned to the blog to learn more about the people who are helping to bring Ansible to life.

This week we’d like to introduce Jason McKerr, who joined Red Hat in January as the director of the Ansible Core team. Jason has been in the space before as the VP of Engineering for Puppet. Before Puppet he worked at SocialCode (The Washington Post Company) and MyWebGrocer as both a software architect and manager. And back in the day he was the first Operations Manager at the Open Source Lab at OSU.

What’s your role at Ansible?

The title says “director, Ansible Core team” but the role is really about working with all of the various user groups and communities around Ansible. The first priority is getting new features, bug and security fixes, and releases out the door - and to that end we published our first public roadmap for the 2.1 release. Additionally, I am really focused on getting Ansible into Red Hat product development cycles.

Continue reading

Stealthy USB Trojan hides in portable applications, targets air-gapped systems

A Trojan program is being distributed through USB drives and seems to be designed for stealing information from so-called air-gapped computers that are not connected to the Internet.The new Trojan has been dubbed USB Thief by security researchers from antivirus firm ESET and has several characteristics that set it apart from the traditional malware programs that spread using USB storage devices and the Windows Autorun feature.First of all, USB Thief infects USB drives that contain portable installations of popular applications like Firefox, NotePad++ or TrueCrypt. It's copied to such installations as a plug-in or DLL (dynamic link library) and is then executed along with those applications.To read this article in full or to leave a comment, please click here

1 3,058 3,059 3,060 3,061 3,062 3,818