OpenSSL patches a severe but not widespread problem

The OpenSSL project has patched a problem in the cryptographic library but one that likely does not affect many popular applications.OpenSSL enables SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption. Most websites use it, which is indicated in Web browsers with a padlock symbol.It's an open-source library that is widely used in applications for secure data transfers. After serious vulnerabilities were found in OpenSSL over the last couple of years, the application has been under much scrutiny by security researchers.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The latest vulnerability affects versions 1.0.1 and 1.0.2. The updated versions are 1.0.2f and 1.0.1r.To read this article in full or to leave a comment, please click here

GIT and Jinja – Like Peanut butter and Pickles!

Thanks to @mierdin for point this out. It looks like the wordpress format is causing some strange word-wrap issues. For a better view please click here to see the full post without presentation issues. 

 

Using GITHub to build our Network Configs

As I wrote in this post, one of my goals for this year is to be able to compltely automate the build of my lab environment programatically.

In the last couple of jinja posts, I wrote about the basics of Jinja2 templates and how they can be applied to building network configurations.

In this post, I’m going to take the next step and move those files from my local hard drive out to…

 

duh duh dahhhhhhhhhh

The cloud.

The cloud

 

Before we get started…

We’re going to go over some basics on the tools we’re using to make sure everyone’s on the same page. cool?

What’s GIT?

Git is a widely-used source code management system for software development. It is a distributed revision control system with an emphasis on speed, data integrity, and support for distributed, non-linear workflows. wikipedia

Huh?

GIT is a piece of software that allows you to track changes to files over Continue reading

LG patches data theft bug affecting millions of Android phones

LG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data.The application, called Smart Notice, is a kind of multifunctional widget, managing contacts, notifications, and weather and traffic alerts.Researchers from BugSec and Cynet, two computer security companies, found that they could attack a person's phone by sending them a contact with malicious JavaScript contained in the name field, according to a video.To read this article in full or to leave a comment, please click here

Technology Short Take #60

Welcome to Technology Short Take #60. As usual, I’ve gathered what I hope to be a useful but varied collection of articles and links on key data center technologies. I hope something I’ve included here will be helpful—enjoy!

Networking

Juniper Networks announces Date and Webcast Information for Upcoming Investor Events in February 2016

Rami Rahim, chief executive officer, Juniper Networks, will present at the Goldman Sachs Technology and Internet Conference 2016, Wednesday, Feb. 10, 2016 at 9:40 am PT in San Francisco. In addition, Juniper Networks will be hosting an investor and analyst update on Tuesday, February 23, 2016 from Mobile World Congress in Barcelona, Spain, beginning at... Read more →

Feds’ primary network security weapon needs more bang

In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. +More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Feds’ primary network security weapon needs more bang

In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. +More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Feds primary network security weapon needs more bang

In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth.That weapon – the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Feds primary network security weapon needs more bang

In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth.That weapon – the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over.+More on Network World: 26 of the craziest and scariest things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

Asentinel reduces costs and improves the efficiency of mobile device service contracts  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  If I brought up the term "mobility management" you'd probably think I was talking about BYOD and managing how workers can securely access applications and data via their smart phones. That's the aspect of mobility that IT usually has to deal with. But there's also an administrative aspect to mobility management that can be a real pain – and a big expense – for companies if it's not done well.I'm referring to the contract management aspect of company-provided mobile devices. Companies that pay for their employees' device contracts through expense reports are missing an opportunity to reduce administrative hassles and save quite a bit of money.To read this article in full or to leave a comment, please click here

Data destruction 101: There’s more to it than wiping your drive [Infographic]

In 2009, a team of journalists who were investigating the electronic waste, purchased a computer in a Ghana market that was found to contain "sensitive documents belonging to U.S. government contractor Northrop Grumman," wrote Robert McMillan in a story at the time. "Northrop Grumman is not sure how the drive ended up in a Ghana market, but apparently the company had hired an outside vendor to dispose of the PC."That's a nightmare scenario, to be sure.And in the years since, businesses have continued to store vast quantities of data on servers, hard drives, and media storage devices — sensitive data that should be protected or destroyed. But the options for data destruction can be overwhelming.To read this article in full or to leave a comment, please click here(Insider Story)

Speaker Lineup for AnsibleFest London

Featuring speakers from Industrial Light and Magic, Atlassian, Cisco and more! 

We're happy to share our speaker lineup for AnsibleFest London on Thursday, February 18th at InterContinental London - The O2. Our one-day user conference brings together hundreds of Ansible users, developers and industry partners to share best-practices, case studies and Ansible news.

With yet another record setting amount of submissions, our engineering team had their work cut out for them. We took each submission, anonymized them to remove any speaker/company/product information, and sent them off to our team of engineers for blind review. We then picked out a well-rounded agenda from the highest scoring talks. 

Stay tuned for additional speakers announcements leading up to the event.

Deploying a Mesos Based Visual Effects Studio with Ansible

Aaron Carey, Production Engineer, Industrial Light and Magic
Jim Vanns, Senior Production Engineer, Industrial Light and Magic 

Industrial Light and Magic is leveraging Ansible to deploy a Mesos cluster from scratch on multiple cloud platforms, build its application docker images and deploy them as services. This presentation will look at how ILM is using tags to manage services dynamically, and the steps taken to make it work across different cloud providers.

Continue reading

Speaker Lineup for AnsibleFest London

Featuring speakers from Industrial Light and Magic, Atlassian, Cisco and more! 

We're happy to share our speaker lineup for AnsibleFest London on Thursday, February 18th at InterContinental London - The O2. Our one-day user conference brings together hundreds of Ansible users, developers and industry partners to share best-practices, case studies and Ansible news.

With yet another record setting amount of submissions, our engineering team had their work cut out for them. We took each submission, anonymized them to remove any speaker/company/product information, and sent them off to our team of engineers for blind review. We then picked out a well-rounded agenda from the highest scoring talks. 

Stay tuned for additional speakers announcements leading up to the event.

Deploying a Mesos Based Visual Effects Studio with Ansible

Aaron Carey, Production Engineer, Industrial Light and Magic
Jim Vanns, Senior Production Engineer, Industrial Light and Magic 

Industrial Light and Magic is leveraging Ansible to deploy a Mesos cluster from scratch on multiple cloud platforms, build its application docker images and deploy them as services. This presentation will look at how ILM is using tags to manage services dynamically, and the steps taken to make it work across different cloud providers.

Continue reading

U.S. carriers stay tight-lipped on LTE-U deployments

America’s big four wireless service providers are enthusiastic about the prospect of delivering data over unlicensed frequencies via LTE-U, but they’re playing their cards very close to their chests when it comes to specific plans.LTE-U, which is a wireless protocol designed to let carriers use their LTE signals over the same unlicensed frequencies as Wi-Fi, is a controversial technology. Advocates, which include the wireless carriers, insist that coexistence features built into the standard will allow it to use the same airwaves as Wi-Fi without interference. Critics say that independent testing shows that LTE-U could drown out Wi-Fi signals when the two conflict.To read this article in full or to leave a comment, please click here

Increasingly popular update technique for iOS apps puts users at risk

An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through Apple's normal review process, potentially opening the door to abuse and security risks for users.The technique is a variation of hot patching, which is a way of dynamically updating a system or application without restarting it. In this case, an iOS application is updated without the developer having to submit a new version to the official iOS app store and then wait for Apple's review of the changes, which can be a lengthy process.An implementation of this hot patching method comes from an open-source project called JSPatch, which provides an engine that app developers can integrate into their apps and which bridges JavaScript code to Objective-C, the programming language used by iOS apps.To read this article in full or to leave a comment, please click here

1 3,106 3,107 3,108 3,109 3,110 3,785