IDG Contributor Network: Personal data is exposed by older, shortened URLs

Services that convert long, cumbersome URLs, such as those found in mapping directions, to short URLs are publicly exposing the original URL.Original addresses can be obtained through brute-force scanning, researchers say. And that vulnerability allows foes to track an individual’s possibly sensitive movements, as well as see perceived-of-as-private documents.Additionally, the brute force-exposed cloud documents could allow “adversaries” to “inject arbitrary malicious content into unlocked accounts, which is then automatically copied into all of the account owner’s devices,” say Vitaly Shmatikov, of Cornell Tech, and Martin Georgiev, an independent researcher, in their paper (PDF). They made the discovery.To read this article in full or to leave a comment, please click here

Securing BGP: A Case Study (7)

In the last post on this series on securing BGP, I considered a couple of extra questions around business problems that relate to BGP. This time, I want to consider the problem of convergence speed in light of any sort of BGP security system. The next post (to provide something of a road map) should pull all the requirements side together into a single post, so we can begin working through some of the solutions available. Ultimately, as this is a case study, we’re after a set of tradeoffs for each solution, rather than a final decision about which solution to use.

The question we need to consider here is: should the information used to provide validation for BGP be somewhat centralized, or fully distributed? The CAP theorem tells us that there are a range of choices here, with the two extreme cases being—

  • A single copy of the database we’re using to provide validation information which is always consistent
  • Multiple disconnected copies of the database we’re using to provide validation which is only intermittently consistent

Between these two extremes there are a range of choices (reducing all possibilities to these two extremes is, in fact, a misuse of the Continue reading

Google’s biggest, craziest ‘moonshot’ yet

Google is nothing if not ambitious. It’s famed “moonshot” projects have taken on notoriously large projects, from extending human lifespans to drones that can stay aloft for years at a time. But this one takes the cake.According to the subscription tech news site The Information, Alphabet, Google’s holding company, is trying to get CEO Larry Page to sign off on “Project Sidewalk.” The Information describes the effort as an attempt “to create an area in the U.S. that serves as a test bed for new technologies from superfast internet to autonomous cars. … An area that could accommodate hundreds of thousands of people has been contemplated.”To read this article in full or to leave a comment, please click here

IT employees at EmblemHealth fight to save jobs

IT employees at EmblemHealth are organizing to stop the New York-based employer from outsourcing their jobs to offshore provider Cognizant.Employees say the insurer is on the verge of signing a contract with Cognizant, an IT services firm and one of the largest users of H-1B workers. They say the contract may be signed as early as this week.They fear what a contract with at IT services offshore firm may mean: Humiliation as part of the "knowledge transfer" process, loss of their jobs or a "rebadging" to Cognizant, which they see as little more than temporary employment. Many of the workers, about 200 they estimate, are older, with 15-plus-year tenures. This means a hard job search for them.To read this article in full or to leave a comment, please click here

Power9 Will Bring Competition To Datacenter Compute

The Power9 processor that IBM is working on in conjunction with hyperscale and HPC customers could be the most important chip that Big Blue has brought to market since the Power4 processor back in 2001. That was another world, back then, with the dot-com boom having gone bust and enterprises looking for a less expensive but beefy NUMA server on which to run big databases and transaction processing systems.

The world that the Power9 processor will enter in 2017 is radically changed. A two-socket system has more compute, memory, and I/O capacity and bandwidth than those behemoths from a decade

Power9 Will Bring Competition To Datacenter Compute was written by Timothy Prickett Morgan at The Next Platform.

Introducing the new Citrix

Kirill Tatarinov took over as CEO of Citrix in January, a key piece of a company reorganization demanded by activist investor Elliott Management, which had acquired a 7.5% stake in Citrix.  Tatarinov, a 13 year veteran of Microsoft, where he was most recently Executive Vice President of the Microsoft Business Solutions Division, is putting the finishing touches on the company’s new plan, which will be introduced at the company’s large user conference in May, but he shared a preliminary glimpse with Network World Editor in Chief John Dix. Citrix CEO Kirill Tatarinov  To read this article in full or to leave a comment, please click here

Network visibility can reverse the security asymmetry challenge

Securing a business network has never been easy, but the task is becoming increasingly more difficult.Years ago, there was a single ingress/egress point to get into the network. The delineation between what was public and what was private was obvious.Today, that’s all changed. The rise of mobile devices, Wi-Fi access points, cloud applications and software-defined everything has increased the number of entry points into a company from one to tens, hundreds or even thousands for large organizations. For example, it’s common for a worker to connect to some kind of “free” Wi-Fi network when travelling without having any idea who might own that network, browse the web and infect their mobile device.To read this article in full or to leave a comment, please click here

The nightmare of rogue USB-C cables and adapters will end soon

The wave of rogue USB-C products that poses risks to PCs and mobile devices hasn't gone unnoticed, and the USB Implementers Forum has taken steps to eradicate the issue once and for all.A new specification announced by the USB 3.0 Promoters Group, which is part of USB-IF, aims to eliminate rogue cables, ports and chargers. The USB Type-C Authentication protocol will verify and ensure a USB-C connection won't fry a port or damage a device.A host device like a smartphone or PC will first verify the authenticity of the cable, charger or power source before any data is transferred. If everything checks out, a connection will be established.So if a smartphone or PC won't charge from a USB port in a public place, it's perhaps because there's a non-compliant component.To read this article in full or to leave a comment, please click here

Cybersecurity Salary Inflation – A Red Flag

If you follow my blog at all you know that I am quite passionate about the cybersecurity skills shortage and its ramifications.  Just to put this issue in perspective, ESG research indicates that 46% of organizations claim they have a “problematic shortage” of cybersecurity skills in 2016 as compared to 28% in 2015 (note: I am an ESG employee). Yup, the ESG research seems to indicate that things are getting worse on an annual basis, and ESG isn’t alone in this belief.  For example: According to Peninsula Press (a project of the Stanford University Journalism Program), more than 209,000 US-based cybersecurity jobs remained unfilled and postings are up 74% over the past 5 years. Analysis of the US Bureau of Labor Statistics indicates that the demand for cybersecurity professionals is expected to grow 53% by 2018. Adding to this trend, Computerworld research indicates that more than half of security managers expect their organizations to increase cybersecurity headcount this year adding more pressure to the pot. To read this article in full or to leave a comment, please click here

Future Cray Clusters to Storm Deep Learning

Supercomputer maker Cray might not roll out machines for deep learning anytime in 2016, but like other system vendors with deep roots in high performance computing, which leverages many of the same hardware elements (strong interconnect and GPU acceleration, among others), they are seeing how to loop their expertise into a future where machine learning rules.

As Cray CTO, Steve Scott, tells The Next Platform, “Deep learning and machine learning dovetails with our overall strategy and that overall merger between HPC and analytics that has already happened,” Scott says. HPC is not just one single application or set of

Future Cray Clusters to Storm Deep Learning was written by Nicole Hemsoth at The Next Platform.

Facebook tells B2C businesses: I feel your mobile pain

Facebook’s Messenger chat-bots and an update to the React Native cross-platform mobile development framework—both announced last week week—could relieve the pain felt by businesses trying to shift customer interaction from the web to mobile.It might seem there is an app for everything, but not every business has one. Building a token app that lives a lonely existence on the app store doesn’t help keep customers buying as they shift from the web to mobile. And meaningful mobile relationships and revenue-generating campaigns still elude most businesses because of the high cost of having Android and iOS development teams and the challenges of recruiting developers.To read this article in full or to leave a comment, please click here

Hacker: This is how I broke into Hacking Team

Almost a year after Italian surveillance software maker Hacking Team had its internal emails and files leaked online, the hacker responsible for the breach published a full account of how he infiltrated the company's network.The document published Saturday by the hacker known online as Phineas Fisher is intended as a guide for other hacktivists, but also shines a light on how hard it is for any company to defend itself against a determined and skillful attacker.The hacker linked to Spanish and English versions of his write-up from a parody Twitter account called @GammaGroupPR that he set up in 2014 to promote his breach of Gamma International, another surveillance software vendor. He used the same account to promote the Hacking Team attack in July 2015.To read this article in full or to leave a comment, please click here

Hacker: This is how I broke into Hacking Team

Almost a year after Italian surveillance software maker Hacking Team had its internal emails and files leaked online, the hacker responsible for the breach published a full account of how he infiltrated the company's network.The document published Saturday by the hacker known online as Phineas Fisher is intended as a guide for other hacktivists, but also shines a light on how hard it is for any company to defend itself against a determined and skillful attacker.The hacker linked to Spanish and English versions of his write-up from a parody Twitter account called @GammaGroupPR that he set up in 2014 to promote his breach of Gamma International, another surveillance software vendor. He used the same account to promote the Hacking Team attack in July 2015.To read this article in full or to leave a comment, please click here

1 3,061 3,062 3,063 3,064 3,065 3,869