Attackers exploit Apple DRM weakness to infect non-jailbroken iOS devices

Attackers are exploiting a weakness in Apple's digital rights management technology to install malicious apps on supposedly protected, non-jailbroken iOS devices.In late February, security researchers from Palo Alto Networks found three malicious applications on the official App Store. An analysis revealed the malicious apps were part of a scheme to steal Apple IDs and passwords from Chinese users under the guise of an alternative app store.The more interesting aspect of the apps: In addition to being published on the official app store, they were also silently installed through software running on users' Windows PCs.An iOS device that hasn't been jailbroken, and hasn't had its security restrictions removed, should only be able to run apps downloaded from the App Store or installed through the iTunes software from users' PCs.To read this article in full or to leave a comment, please click here

Recoding for the Future

It’s been three years since the Docker project launched, and it’s been a bit of a whirlwind. In just the past year, we’ve nearly tripled the number of employees and contributors, launched a broad set of both open source and … Continued

Steam Stealer malware provides a thriving business for cyber thugs

A new Kaspersky Lab report (pdf) by security researchers Santiago Pontiroli and Bart P looks at the big business of Steam Stealers that “have turned the threat landscape for the entertainment ecosystem into a devil’s playground.”Wannabe cyber crooks might turn to malware which steals Steam credentials because it’s incredibly cheap. The report said $3 will buy usage rights for a Steam platform credential stealer and $7 adds source code and a user manual. Researchers said comparative malicious campaigns usually start at the $500 range. There are Steam Stealers which cost more, but “it would be hard to find any stealer being sold for more than $30.”To read this article in full or to leave a comment, please click here

Worth Reading: DROWN attack

More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web properties are among the vulnerable HTTPS-protected sites. -via ARS

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: DROWN attack appeared first on 'net work.

Giveaway: Navigating Network Complexity

netcomplexI have one remaining copy of my latest book from the initial ten Addison-Wesley sent me on publication… What I’ve decided to do is sign it and give it away to one of my readers. What’s the catch? There are actually two.

First, you have to go to the contact form and leave me feedback with three design concepts (or other interesting things) you’d like to see me write about on this blog. I won’t do “how to configure” type articles, as I think there’s enough of that around on the ‘web. It’s useful stuff, but it’s not my “thing.”

Second, I can’t ship this thing out of the US.

I’ll ship the book, after I’ve signed it, to the person with the three best questions.

LinkedInTwitterGoogle+FacebookPinterest

The post Giveaway: Navigating Network Complexity appeared first on 'net work.

Machine Learning Resources

This page is just a place to collect different resources I’ve found as I explore Machine Learning and it’s application specially to networking analytics, infrastructure, control/management plane feedback loops and generally just geeking out on technology and math. It’s pretty amazing stuff if you haven’t gotten into it.

 

This is an incomplete list and I’ll continue adding to it as I get time. Feel free to share links if you’ve got any you found useful! 

 

 Primer

 Youtube video – low on math  youtu.be/b99UVkWzYTQ     < thanks to Jon Hudson  for this!

 

Presentation

Dave Meyer’s Presentation from the DevOps4Networking forum  March 2016 

 

Training

Coursera Machine Learning Specialization using R programming language from John Hopkins Univeristy

Coursera Machine Learning Specialization using Python programming language from University of Washington

Khan Academy has been a great source to fill in some of the gaps around Calculus, Regression, Statistics, etc… 


Digital rights group: Save security, reject FBI’s iPhone unlocking request

Digital rights group Fight for the Future is hoping to give voice to ordinary people concerned with the FBI's attempt to force Apple to help it unlock the iPhone used by a mass shooter.Fight for the Future's new Save Security campaign, launched Wednesday, will collect comments from people worried about the Internet security implications of the FBI's court request. Organizers will display the comments and read them aloud outside a California courthouse before a hearing in the case next Tuesday."We're actually trying to give a voice to people all over the world who are extremely concerned about this," said Evan Greer, campaign director for the group. Fight for the Future is trying to "bring those voices into the conversation so that it's not just a fight between a giant company and the government," Greer added.To read this article in full or to leave a comment, please click here

Jeff Dean on Large-Scale Deep Learning at Google


If you can’t understand what’s in information then it’s going to be very difficult to organize it.

 

This quote is from Jeff Dean, currently a Wizard, er, Fellow in Google’s Systems Infrastructure Group. It’s taken from his recent talk: Large-Scale Deep Learning for Intelligent Computer Systems.

Since AlphaGo vs Lee Se-dol, the modern version of John Henry’s fatal race against a steam hammer, has captivated the world, as has the generalized fear of an AI apocalypse, it seems like an excellent time to gloss Jeff’s talk. And if you think AlphaGo is good now, just wait until it reaches beta.

Jeff is referring, of course, to Google’s infamous motto: organize the world’s information and make it universally accessible and useful.

Historically we might associate ‘organizing’ with gathering, cleaning, storing, indexing, reporting, and searching data. All the stuff early Google mastered. With that mission accomplished Google has moved on to the next challenge.

Now organizing means understanding.

Some highlights from the talk for me:

  • Real neural networks are composed of hundreds of millions of parameters. The skill that Google has is in how to build and rapidly train these huge models on large interesting datasets, Continue reading

Cyberespionage groups are stealing digital certificates to sign malware

An increasing number of cyberespionage groups are using stolen code-signing certificates to make their hacking tools and malware look like legitimate applications.The latest example is a China-based hacker group that has launched targeted attacks against government and commercial organizations from around the world over the past two years.The group's activities were uncovered by researchers from Symantec in late 2015 when they detected a digitally signed hacking tool that was used in an attack against one of the company's customers.The tool, a Windows brute-force server message block (SMB) scanner, was signed with a digital certificate that belonged to a South Korean mobile software developer. This immediately raised red flags as a mobile software company would have no reason to sign such an application.To read this article in full or to leave a comment, please click here

Worth Reading: DRM and HTML5

The World Wide Web Consortium (W3C), which makes the core standards that the Internet runs on, is in the midst of a long, contentious effort to add “DRM” (Digital Rights Management1) to HTML5, the next version of the Web. Laws like the Digital Millennium Copyright Act (which has analogs all over the world) give companies the power to make legal threats against people engaged in important, legitimate activities. Because the DMCA regulates breaking DRM, even for legal reasons, companies use it to threaten and silence security researchers who embarrass them by pointing out their mistakes, and to shut down competitors who improve their products by adding legitimate features, add-ons, parts, or service options. The Web relies on the distributed efforts of independent security researchers, and its historic strength has been the ability of companies and individuals to innovate without permission, even when they were disrupting an existing business. -via the EFF

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: DRM and HTML5 appeared first on 'net work.

Thoughts On Encryption

encryption

The debate on encryption has heated up significantly in the last couple of months. Most of the recent discussion has revolved around a particular device in a specific case but encryption is older than that. Modern encryption systems represent the culmination of centuries of development of making sure things aren’t seen.

Encryption As A Weapon

Did you know that twenty years ago the U.S. Government classified encryption as a munition? Data encryption was classified as a military asset and placed on the U.S. Munitions List as an auxiliary asset. The control of encryption as a military asset meant that exporting strong encryption to foreign countries was against the law. For a number of years the only thing that could be exported without fear of legal impact was regular old Data Encryption Standard (DES) methods. Even 3DES, which is theoretically much stronger but practically not much better than it’s older counterpart, was restricted for export to foreign countries.

While the rules around encryption export have been relaxed since the early 2000s, there are still some restrictions in place. Those rules are for countries that are on U.S. Government watch lists for terror states or governments deemed “rogue” states. Continue reading

AT&T wants the world to see its software for spinning up services

AT&T has revealed details of a software platform that makes it easier for customers to order new services, and the company may release the code as open source for other service providers to use.The massive U.S. carrier has been on a full-tilt push to put its network under software control for the past several years, aiming to slash the time and effort required to deliver new services and change settings like the speed of a customer's connections. It's starting to offer subscribers a way to set up or modify services instantly through a Web portal. The effort is also helping AT&T save money, partly by using generic "white box" hardware.To read this article in full or to leave a comment, please click here

AI is not as remarkable as it sounds

Artificial intelligence (AI) may conjure up far-fetched ideas of robot assistants, or perhaps an all-seeing presence like HAL 9000, the sentient machine in the movie 2001. But the likelier truth is that AI will come in the form of software running in your data center.And it will be coming very soon: Research firm Gartner predicts that "smart machines" will have a widespread impact on business within the next four years.In general terms it's likely that AI will be able to help IT departments do their job - and help businesses be more productive – by ensuring that "processes get applied, stuff is accurate, errors are eliminated, and compliance is met," according to Dr Stuart Anderson, a research fellow at the Future of Humanity Institute at the University of Oxford.To read this article in full or to leave a comment, please click here

1 3,086 3,087 3,088 3,089 3,090 3,835