U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances. In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections. The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances. In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections. The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here

Security ‘net: Digital Copyright Edition

security-netThe world of digital copyright is somewhat tangential to “real” security, but it’s a culture issue that impacts every network engineer in myriad ways. For instance, suppose you buy a small home router, and then decide you really want to run your own software on it. For instance, let’s say you really want to build your own router because you know what you can build will outperform what’s commercially available (which, by the way, it will). But rather than using an off box wireless adapter, like the folks at ARS, you really want to have the wireless on board.

Believe it or not, this would be considered, by some folks, as a pretty large act of copyright infringement. For instance, the hardware manufacturer may object to you replacing their software. Or the FCC or some other regulatory agency might even object because they think you’re trying to hog wireless spectrum, or because you don’t like what the wireless providers are doing. The EFF has a good piece up arguing that just such tinkering as replacing the operating system on a commercially purchased device is at the heart of digital freedom.

One of the most crucial issues in the fight for Continue reading

Symantec partner caught running tech support scam

Tech support scammers are known for their cheek -- making unfounded claims that PCs are infected to scare consumers into parting with their money -- but a Symantec partner took nerve to a new level, a security company claimed last week.According to San Jose, Calif.-based Malwarebytes, Silurian Tech Support ran a scam in which its employees, who billed themselves as support technicians, used obscure but harmless entries in Windows' Event Viewer and Task Manager to claim that a PC had been overwhelmed by malware, then leveraged those bogus threats to sell overpriced copies of Symantec's Norton security software and an annual contract for follow-up phone support.To read this article in full or to leave a comment, please click here

DARPA funds a program so computers can read thoughts

In the future, computers may be able to read your thoughts through a connection with the brain. DARPA wants to create a device that could help make that happen.The device, which will be the size of two stacked nickels, will translate information from a brain into digital signals for use on a computer. The device is being developed as part of a four-year, US$60 million research program funded by DARPA -- the Defense Advanced Research Projects Agency, which operates under the aegis of the U.S. Department of Defense.MORE ON NETWORK WORLD: 13 awesome and scary things in near Earth space The program, called Neural Engineering System Design (NESD), is one of DARPA's many research programs that aims to bring brain-like intelligence to computers. The research program will cover neuroscience, low-power chips, photonics and medical devices.To read this article in full or to leave a comment, please click here

Marvin Minsky, AI pioneer and Turing award winner, dies at 88

Marvin Minsky, a professor emeritus at MIT who pioneered the exploration of the mind and its replication in a computer, died on Sunday from a cerebral hemorrhage at the age of 88, according to MIT Media Lab.In his prologue to his seminal book, Society of Mind, Minsky wrote that the book tries to explain how the mind works, and "that you can build a mind from many little parts, each mindless by itself."+ ALSO: Notable 2015 deaths in technology, science & inventions +To read this article in full or to leave a comment, please click here

Review: Microsoft’s Windows Defender antivirus is less awful than it used to be

We've all loved to hate Microsoft's free Windows Defender software—it's been so mediocre that it's been considered the baseline metric in third-party tests. But recent independent tests show it's actually outperforming a number of third-party suites, some of which charge you money to use them.Results released by AV-test.org for the month of December put Microsoft right in the middle of the pack of its list of antivirus software for home users. Microsoft is still near the bottom of the heap in the business market, however, using the version of Microsoft System Center that’s been integrated into Windows 10’s business editions.To read this article in full or to leave a comment, please click here

8 tips for recruiting cybersecurity talent

Good IT talent is hard to find. You know what's even more difficult? Finding good cybersecurity talent. Demand for skilled cybersecurity professionals is growing at an astonishing rate -- four times faster than the IT jobs market and 12 times faster than the overall labor market, according to research from Burning Glass Technologies.Unfortunately, supply isn't keeping up with demand, according to online cybersecurity training and MOOC platform Cybrary's Cyber Security Job Trends Survey for 2016. Of the 435 senior-level technology professionals who completed the survey between October and December 2015, 68 percent affirmed that there is a global shortage of skilled cybersecurity professionals. Only 13 percent of companies said there was an abundance of cybersecurity talent in their local areas.To read this article in full or to leave a comment, please click here

Disabling SLAAC in Data Center Subnets

Continuing the IPv6 address selection discussion we have a few days ago, Luka Manojlovič sent me a seemingly workable proposal:

I think we were discussing a borderline problem. In a server environment there won’t be any SLAAC, and we could turn off DHCPv6 client on servers with fixed IP addresses.

Sounds great, but as always, the reality tends to be a bit harsher.

Read more ...

Internet Connected Water Heater

So I have to admit that I’m the crusty old curmudgeon who is way behind on things like home automation. After a recent issue with my water heater I opted to replace it with one that utilizes heat pump technology. I know a lot of people are installing tankless models and I strongly considered that path. My challenges were as follows–

  • Relatively High Demand (replacing an 80 Gallon Conventional Electric)
  • Conventional 80 Gallon Electric Models are difficult to purchase (at least in consumer models)
  • Tankless Owners seem to prefer gas over electric models
  • Venting a tankless gas heater would require relocation of plumbing

Given these constraints, I stumbled into the hybrid water heater models. These are big tank models that utilize heat pump technology as a preferred method of moving heat into the water. As demand increases, traditional resistance coils can be invoked to generate heat.

The goal is to be more efficient than tankless models and have the option for rapid recovery. My biggest concern was the added complexity and additional components that could fail. Nonetheless, the energy ratings were very good and there are some rebate programs and tax incentives to offset the cost. I ultimately chose a GE Geospring 80 Continue reading

Why The Industry Needs An Open Source Framework For Switching Silicon

Howdy. Occasionally the topic of open sourcing a driver, library, or SDK to a commodity product comes up as more developers start working on/deploying said product. Typically, the vendor makes a concession and opens up the documentation to increase adoption and supportability. Sometimes this works. Sometimes, it just pisses off the developers to such an […]

The post Why The Industry Needs An Open Source Framework For Switching Silicon appeared first on Packet Pushers.

Why The Industry Needs An Open Source Framework For Switching Silicon

Howdy. Occasionally the topic of open sourcing a driver, library, or SDK to a commodity product comes up as more developers start working on/deploying said product. Typically, the vendor makes a concession and opens up the documentation to increase adoption and supportability. Sometimes this works. Sometimes, it just pisses off the developers to such an […]

The post Why The Industry Needs An Open Source Framework For Switching Silicon appeared first on Packet Pushers.

IDG Contributor Network: Broad use of cloud services leaves enterprise data vulnerable to theft, report says

Data theft is a very real and growing threat for companies that increasingly use cloud services, says a security firm.Workers who widely share documents stored in the cloud with clients, independent contractors, or even others within the company are creating a Swiss-cheese of security holes, a study by Blue Coat Systems has found.In some cases, cloud documents were publicly discoverable through Google searches, the researchers say of their analysis.'Broadly shared' The study found that 26% of documents stored in cloud apps are shared so widely that they pose a security risk. Compounding the issue is that many organizations aren't even aware of it.To read this article in full or to leave a comment, please click here

Advanced Technical “Hacks” for your site’s SEO

Improving your site’s SEO is probably top of mind for you, but doing so takes a lot of hard work and the rules of the game are constantly changing. On Tuesday, January 26th at 10am PT/1pm ET, CloudFlare is hosting a live discussion with some of the leading experts in technical SEO. They will share advanced technical hacks to help you reap the benefits of higher search rankings. In the live discussion, Martin Woods, Reza Moaiandin, and Patrick Stox will cover:

  • Tangible tips about on-page code excellency
  • Semantic markup
  • Web server optimization with GZIP and HTTP/2
  • Web content optimization
  • Site security with malware and DDoS prevention

In addition to the webinar, Reza and Martin from SALT.agency have offered a free 30 minute technical SEO consult on your website. Consults are limited to the first 50 people who signup here and also attend the live webinar event on January 26th at 10am PT. Be sure to register for the webinar, too.

1 3,100 3,101 3,102 3,103 3,104 3,773