FTC reminder: ‘Spread the word about government imposters’

Yes, you and I are waaaaay too savvy to fall for the old “I’m calling from the government and you had better pay up” trick.Unfortunately, others are not, especially among the elderly.So the Federal Trade Commission is once again asking for help getting the word out: We’re hearing from our colleagues that those pesky government imposters are at it again, using the FTC’s name to try to con people into paying them for something. Whether it’s to clean up your credit report, give you a prize, resolve a complaint against you, or pay off a debt you owe, they’re all lies. The message may be a call or an email, but it isn’t from the Federal Trade Commission, or any other federal agency.To read this article in full or to leave a comment, please click here

Worth Reading: Making IPv6 Work

Wouldn’t it be nice if turning on IPv6 really was ‘press one button and the rest is magic’ easy? For some things, it is. If you’re talking about client-side, enabling an IPv4-only home service on DSL or fibre really can be this simple, because all the heavy lifting is being done inside your ISP: you’re not enabling IPv6 in the network, you’re turning on the last mile. It was knocking at your door and you just had to let it in. -via circleid

The post Worth Reading: Making IPv6 Work appeared first on 'net work.

Nasdaq to use blockchain to record shareholder votes

Add shareholder voting to the list of applications for blockchain technologies.Later this year, Nasdaq plans to record stockholders' electronic votes on its own blockchain system for companies listed on one of its exchanges. By digitizing the entire process, it expects to speed and simplify the proxy voting process.Blockchains -- the best known of which is the public ledger of bitcoin transactions -- are distributed records of events, each block in the record containing a computational "hash" of itself and of the previous block, so that all are connected like links in a chain.A hash, or digest, is a short digital representation of a larger chunk of data. Hash functions are designed so that calculating (or verifying) the hash of a chunk of data takes little computing power, while creating data with a particular hash is computationally expensive.To read this article in full or to leave a comment, please click here

Looking forward to ContainerWorld2016 next week!


Container technology has been there for years but is now picking steam thanks to Docker. Container packaging, image registry hosting for containers has directly affected both use and adoption of this technology. "Cloud Native" applications are being designed and written with the direct intent of running them on containers. Today I see containers in the same "boat" as virtualization years ago. Virtualization started slowly in the late 90's and has sprawled massively moving into every datacenter out there. It brought about a massive change in the way hardware resources were consumed making it highly cost effective. Virtualization was technology only used by linux pro's till it was made easy by companies to consume. The story with containers seem to be the same.

A linux container is a virtualization environment (VE) created using kernel support. It provides process isolation and resource isolation/allocation through cgroups (control groups). Docker is a tool that wraps programs to run as isolated processes in its own filesystems. There are various posts out there explaining the differences between docker and a linux container. One big advantage that containers give is the flexibility to move between various hosts quickly and easily.We've now moved Continue reading

Henry Ford and Incident Response

In the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so, he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to reduce consumer prices. Ford solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. While incident response is a bit different from automobile manufacturing, I believe that CISOs should assess their IR processes and take Ford’s four principles to heart. Here’s how I translate each one for IR purposes: Interchangeable parts. In Ford’s world, interchangeable parts meant that components like steering wheels and bumpers could be used to assemble all types of cars and thus keep the line moving. In IR, interchangeable parts mean that all detection tools should be based on published APIs so that each one can interoperate with all others. It also means embracing standards like STIX and TAXII for threat intelligence exchange so data can be easily consumed or shared. Finally, interchangeable IR parts calls for the creation and adoption of cybersecurity middleware that acts as a higher-level abstraction layer for Continue reading

Pwn2Own contest puts $75,000 bounty on VMware Workstation bypass

The Pwn2Own hacking contest will return in March, pitting researchers against the most popular browsers and operating systems. The novelty: Contestants can win a $75,00 prize for escaping a VMware virtual machine.Contestants will be able to exploit Microsoft Edge or Google Chrome on fully patched versions of 64-bit Windows 10 and Apple Safari on OS X El Capitan. System or root-level privilege escalation pays extra, as does escaping from the virtual machine.Every year, Pwn2Own, at the CanSecWest security conference, has slightly modified rules, and 2016 is no different. Adobe Reader, Mozilla Firefox and Internet Explorer are no longer on the contest's target list. Adobe Flash remains, but only the version that comes bundled with Microsoft Edge.To read this article in full or to leave a comment, please click here

Brocade @ MWC Barcelona 2016

Brocade Mobile CTO, Kevin Shatzkamer, recently provided a radio show preview of what to expect at Mobile World Congress this year in Barcelona.  One of the big themes is expected to be 5G along with the services and new business models it will enable for the mobile industry. We are all familiar with the existing... Read more →

Padding oracles and the decline of CBC-mode cipher suites

Padding oracles and the decline of CBC-mode cipher suites

At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. Improving the cryptography used by the majority requires a coordinated effort between the organizations building web browsers and API clients and those working on web services like CloudFlare. Cryptography is a two-way street. Even if we support the most secure cryptographic algorithms for our customers, web visitors won’t get the benefit unless their web client supports the same algorithms.

In this blog post we explore the history of one widely used cryptographic mode that continues to cause problems: cipher block chaining (CBC). We’ll explain why CBC has proven difficult to use safely, and how recent trends in the adoption of secure ciphers by web clients have helped reduce the web’s reliance on this technology. From CloudFlare’s own data, we’ve seen the percentage of web clients that support safer cipher modes (such as AEAD) rise from under 50% to over 70% in six months, a good sign for the Internet.

What’s in a block cipher?

Ciphers Continue reading

3 Reasons Why Your Security Strategy is not Mobile-Cloud Era Ready (Webcast)

Geoff Huang, VMware

Geoff Huang, VMware

As technology evolves, companies adapt and grow. We are no longer confined to conducting business within brick and mortar offices. We can hold a meeting on our tablet in a coffee shop or organize our schedules in our smartphones at the grocery store. Even storage has travelled from overflowing file cabinets into a vast, expansive cloud that can be reached from portable devices wherever, whenever. As businesses go mobile, security is more vital than ever, and it’s important that we enhance it while remaining productive. But how can we be certain that our valuable, business-critical resources are protected?

Geoff Huang, VMware’s Director of Product Marketing, Networking and Security, will host this half-hour webcast on February 18th at 11:00 am PST on why yesterday’s security measurements have become inadequate with the rise of network virtualization, and how NSX can offer a remedy in the modern, mobile workspace.

The truth is, the mobile cloud’s increased efficiency also comes with increased security threats. Before, security was created by building a moat around a network to guard company resources against outsiders trying to break-in. Once that network transitions into a mobile workspace, however, its borders can no longer be tangibly defined, so Continue reading

Risky business? Online dating fraud dips during Valentine’s Day

Good news, singletons. According to research from device intelligence and fraud prevention company iovation, fraud on online dating sites is lower leading up to Valentine's Day.In February 2015, 1.23 percent of all online dating transactions were fraudulent, compared to 1.39 percent during all of 2015, according to iovation.This doesn't mean that fraudsters are less active around Valentine's day, but rather that there are more legitimate fish in the online dating sea. "The reason that online fraud rates dip at Valentine's Day is simply because there is a disproportionately high volume of legitimate dating site traffic during that time," said iovation’s VP of Operations Molly O’Hearn. "So it's not that the fraudsters are taking a breather, it's that the legitimate users of data services ramp up, causing the ratio of fraud in the mix to temporarily decline."To read this article in full or to leave a comment, please click here(Insider Story)

ENCRYPT Act co-sponsor learned tech ropes at Microsoft

One of four congressional sponsors of the ENCRYPT Act of 2016, which would preempt state and local laws banning encryption on smartphones, cut her teeth in mobile communications for Microsoft.U.S. Rep. Suzan DelBene (D-Wash.) worked as vice president of mobile communications at Microsoft from 2004 to 2007. That was her second stint at Microsoft; her first was from 1989 to 1998 after receiving an MBA when she worked on Windows 95, email and embedded systems. In between, she helped start Drugstore.com.To read this article in full or to leave a comment, please click here

7 Android tools that can help your personal security

This isn't your typical Android security story.Most articles about Android security tools focus on malware-scanning suites like Lookout, Norton and AVG. But with the layers of protection already built into the platform, those sorts of apps are arguably unnecessary and often counterproductive -- or even needlessly expensive.INSIDER: 5 ways to prepare for Internet of Things security threats For most Android users, the seven tools below should cover all the important bases of device and data security. Some are third-party apps, while others are native parts of the Android operating system. They all, however, will protect your personal info in meaningful ways -- and without compromising your phone's performance. Plus, all but two of them are free.To read this article in full or to leave a comment, please click here

1 3,081 3,082 3,083 3,084 3,085 3,780