Baidu web browsers leaked sensitive information, researchers say

Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study. Baidu responded by releasing software fixes, but researchers say not all the issues have been resolved. The study was published Tuesday by Citizen Lab, a research group that's part of the University of Toronto.  It focused on the Windows and Android versions of Baidu's browser, which are free products. It also found that sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit).To read this article in full or to leave a comment, please click here

SSID Overhead, Now There’s an App for that!

One of the more popular reasons that people visit my website is to understand why too many SSIDs is an issue on a WLAN. I've written about performance degradation issues due to network overhead and subsequently released an SSID Overhead Calculator. The drawback to the tool is that it's in Microsoft Excel format. This makes it's use limited to people who have Excel and is only really available on workstations (not mobile devices) which makes it hard to use on-the-fly while in the field or in front of a customer.

Thanks to collaboration with Ryan Adzima, we are announcing the availability of the Revolution Wi-Fi SSID Overhead Calculator as an Apple iOS application today! You can download it here:
https://itunes.apple.com/us/app/apple-store/id1041231876?pt=615227&ct=Revolution%20Wi-Fi&mt=8

The iOS application provides the full functionality of the original tool right on your phone and tablet. You can adjust beacon data rate, beacon frame size, beacon interval, number of SSIDs, and number of APs on the channel. The circular bar displays the amount of overhead that the combinations will cause on your WLAN as well as a severity indication and recommendations to improve performance.

Here are a few screenshots:

SSID Overhead 3.png
SSID Overhead 2.png
SSID Overhead 1.png

Big shoutout to Ryan for working Continue reading

IT manager gets 30 months in jail for code-bombing firm’s intellectual property

He could have gotten 10 years behind bars but this week a former IT manager at software maker Smart Online only got 30 months for sending malicious code that destroyed the company’s computers and data.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+The Department of Justice said that according to the plea agreement, from 2007 to 2012, Nikhil Shah, 33 was an information technology manager at Smart Online Inc., of Durham, North Carolina, that develops mobile applications.To read this article in full or to leave a comment, please click here

Japan’s infrastructure probed by cybergroup, security firm says

A group of cyberattackers that emerged in 2010 and then went quiet has resurfaced and is targeting Japan's critical infrastructure, a security vendor said this week.The attacks have targeted utilities and energy companies in Japan, as well as other companies in finance, transportation and construction, said Greg Fitzgerald, chief marketing officer at Cylance, which specializes in end-point protection.The group appears to be based in Asia, and its methods and procedures suggest it may be linked to a nation state, Fitzgerald said.Symantec detected signs of the group, which Cylance calls Operation Dust Storm, in 2010, Fitzgerald said. The group went quiet in March 2013, shortly after Mandiant -- the forenics investigative unit of FireEye -- published a lengthy report on APT 1, which the company believes to be an elite cyber unit of the Chinese army.To read this article in full or to leave a comment, please click here

QOS Your Life

So as we’re all busy network professionals, I’m sure you’ve ran into the problem of a work-life balance. I personally know lots of engineers that have burned out at one time, or their family life has suffered, and their kids barely know them. Now granted these are extreme case scenarios, but it could happen to […]

The post QOS Your Life appeared first on Packet Pushers.

QOS Your Life

So as we’re all busy network professionals, I’m sure you’ve ran into the problem of a work-life balance. I personally know lots of engineers that have burned out at one time, or their family life has suffered, and their kids barely know them. Now granted these are extreme case scenarios, but it could happen to […]

The post QOS Your Life appeared first on Packet Pushers.

Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone

Everyone has an opinionApple and the Department of Justice are locked in a court fight over whether the company should disable the anti-brute force mechanism on the iPhone used by the San Bernardino terrorists. Public opinion is split on which side is right, and everyone from tech experts to presidential candidates is weighing in on whether the order actually threatens privacy or whether it’s just a way to find out what’s on that particular phone. Here’s a sampling of comments about the issue from the likes of Bill Gates, Mark Zuckerberg and Donald Trump.To read this article in full or to leave a comment, please click here

Here’s what tech leaders have said about the Apple-FBI dispute so far

In the week since Apple said it would do battle with the FBI over the agency's request for access to a smartphone belonging to one of the San Bernardino terrorists, tech industry leaders have been weighing in with their views.Most have come down in support of Apple, though others, including Bill Gates and Simon Segars, CEO of UK chip company ARM, have leaned more towards the FBI's position.Here's a roundup of what tech leaders have said so far, starting with some of the most recent views expressed.To read this article in full or to leave a comment, please click here

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.To read this article in full or to leave a comment, please click here

Asus settles charges over insecure routers and cloud services

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.To read this article in full or to leave a comment, please click here

Fave Raves 2016 call for submissions

Fave Raves is Network World’s annual roundup of the best products, as chosen by IT pros. Do you have a favorite enterprise IT product you can't live without? Tell us about it and we'll share your raves with our readers.Please send your submissions to Ann Bednarz at Network World ([email protected]) by Friday, March 11. Please note: Submissions must be received directly from IT professionals, not through a third party.Items to address:1. Please provide your name, title and employer.2. What's your favorite product? (vendor name and product name)3. Why do you like it?4. How has it helped you and/or your company?5. How many years have you worked in IT?6. What upcoming IT projects are you most excited about and why?7. Please include a picture of yourself.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Network outages, low-speed, biggest tech problem, survey finds

Almost a third (31%) of workplace tech-users said that network outages and poor Internet speeds were the “biggest recurring technology problem” at their company, a new survey has found.Remembering passwords was also a big issue. Close to a quarter (22%) of the respondents thought remembering all of their passwords was the biggest tech difficulty they faced.INSIDER: 5 tricks to improve poor TCP performance IT service management company Samanage surveyed about 3,000 U.S. adults. Around half of them said they used technology at work. Those respondents were given the study’s questions.To read this article in full or to leave a comment, please click here

Apple is reportedly fighting 12 more iPhone data extraction orders

Apple’s refusal to help the FBI get into the San Bernardino shooter’s iPhone 5c is the most public, but the company is resisting similar court orders in 12 more cases.The Wall Street Journal reported that the Justice Department is trying to compel Apple to help crack iPhones in a dozen cases that are all based on the centuries-old All Writs Act, the same law being used in the San Bernardino case. The details of the cases aren’t clear because they haven’t been made public, but the WSJ’s sources say they have nothing to do with terrorism.To read this article in full or to leave a comment, please click here

Security ‘net: Security by obscurity

This week I have two major themes to discuss on the topic of security, and one interesting bit of research. Let’s start with some further thoughts on security by obscurity.

First: Obscurity isn’t security

I’ve heard this at least a thousand times in my life as a network engineer, generally stated just about the time someone says, “well, we could hide this server…” Reality, of course, is far different; I still put curtains on my house even though they don’t increase the amount of time it takes a thief to break in. Whether or not we want to believe it, obscurity does play a positive role in security.

But there are two places where obscurity is a bad thing in the world of security. The first is the original reference of this common saying: algorithms and implementations. Hiding how you encrypt things doesn’t improve security; in fact, it decreases the overall security of the system. The second place? Communication between companies and security professionals about the types, frequency, and methods of attack. Imagine, for a moment, that you were commanding a unit on a battlefield. You hear the sounds of combat in the distance. Realizing a unit in your army is Continue reading