Obama taps former NSA CEO to head up cybersecurity

In the waning months of the Obama administration, the White House is racing to lay the groundwork for an enduring plan to shore up the nation's critical digital infrastructure.Yesterday, President Obama described the digital age as a sort of double-edged sword, at once delivering "incredible opportunity, incredible wealth," while also presenting a new set of complex and evolving security challenges that arise from an environment where "more and more of our lives are being downloaded, being stored, and as a consequence are a lot more vulnerable."[ Related: Government ranks last in fixing software security holes ]To read this article in full or to leave a comment, please click here

Twitter password recovery bug exposes 10,000 users’ personal information

Twitter has notified 10,000 users that their email addresses and phone numbers may have been exposed due to a bug in the website's password recovery feature.The incident happened over the course of 24 hours on an unspecified day last week, but the company alerted affected users on Wednesday."Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted," Twitter said in a blog post.To read this article in full or to leave a comment, please click here

Cato Networks puts network security in the cloud

Shlomo Kramer – co-founder of Check Point Software, Imperva and Incapsula – is at it again with Cato Networks, a cloud-based network security provider aimed at helping midsize companies that are strapped for funds and expertise to tune-up their defenses.Cato kicks off its service sometime before midyear with offers of next-generation firewalling, URL filtering, application control and VPN access to customers who link their networks to the service. The service can protect traditional WAN connections as well as mobile devices. Shlomo KramerTo read this article in full or to leave a comment, please click here

Skullcandy unplugs MPLS, moves to WAN-as-a-Service

The move to a cloud-based ERP system forced Skullcandy to rethink its global network, which ultimately led to the decision to migrate to an offering from Aryaka.  Network World Editor in Chief John Dix recently discussed the migration with Systems Manager Yohan Beghein. Skullcandy Systems Manager Yohan Beghein What WAN problem were you having that encouraged you to go looking for an alternative?To read this article in full or to leave a comment, please click here

Research ‘net: Dirt jumper -smart

Distributed Denial of Service (DDoS) attacks are often used to hold companies—particularly wealthy companies, like financial institutions—to ransom. Given the number of botnets in the world which can be purchased by the hour, and the relative ease with which new systems can be infected (especially given the rise of the Internet of Things), it’s important to find new and innovative ways to protect against such attacks. Dirt Jumper is a common DDoS platform based on the original Dirt, widely used to initiate such attacks. Probably the most effective protection against DDoS attacks, particularly if you can’t pin down the botnet and block it on a per-IP-address basis (try that one some time) is to construct a tar pit that will consume the attacker’s resources at a rate faster than your server’s are consumed.

The paper linked here describes one such tar pit, and even goes into detail around a defect in the Dirt Jumper platform, and how the defenders exploited the defect. This is not only instructive in terms of understanding and countering DDoS attacks, it’s also instructive from another angle. If you think software is going to eat the world, remember that even hacking software has defects that Continue reading

IRS warns: 400% flood in phishing and malware this tax year alone

There has been a 400% surge in phishing and malware incidents in this tax season alone, the Internal Revenue Service warned this week.According to the IRS phony emails aimed at fooling taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies.+More on Network World: The Big Hang-up: IRS customer call center service stinks+“The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information. Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country,” the IRS stated.To read this article in full or to leave a comment, please click here

Golang is GO GO GO!

@ipyandy Tweet

You will have to be a programmer if you’re going to be a network engineer in the future, they say. I don’t agree, but it surely helps you do your job. But what language should you learn? Perl? (no) Python? (maybe) Ruby? (perhaps) Every time I say something about learning Python, a little voice on Twitter says Or Go!. Go? Go. And so, sucker that I am, I gave it a go (pun intended). TLDR: I think you should, too.

The Go Programming Language

The name Go feels like it should be a terrible word to search for on the Internet because it’s so short, but searches actually work remarkably well if you use Google Search. Compare the results of a search for “go if then else” from Bing and Google below; I’ll let you guess which is which:

Go Search Comparison

Maybe Google has learned from my search history. So, what’s important to know? Go is:

  • Open source. The source code is readily available and can sometimes be helpful to figure out what’s going on.
  • Free, obviously
  • Pretty fast
  • Multi-platform (Linux, OS X, Windows for starters)
  • A compiled language
  • Strongly typed
  • Capable of Continue reading

Google lends Apple support over FBI encryption demands

Google CEO Sundar Pichai has lent support to Apple in the debate over encrypted iPhones—sort of.In a series of Twitter posts, Pichai praised Apple CEO Tim Cook for writing an “important” letter that speaks out against the FBI’s decryption demands. “Forcing companies to enable hacking could compromise users’ privacy,” Pichai wrote.While Pichai noted that Google provides data access to law enforcement when legally required, that’s different from making tech companies enable hacking of customers’ devices and data. “Could be a troubling precedent,” Pichai added.To read this article in full or to leave a comment, please click here

Experts contend Apple has the technical chops to comply with court order

On a technical level, Apple can comply with the U.S. Federal Bureau of Investigation's (FBI) request for help in accessing an iPhone used by Syed Rizwan Farook, one of the people accused of killing 14 in California two months ago, security experts said Wednesday."I believe it is technically feasible for Apple to comply with all of the FBI's requests in this case," said Dan Guido, the co-founder and CEO of Trail of Bits, a New York City-based security firm, in a Wednesday post on his firm's blog. "On the iPhone 5C, the passcode delay and device erasure are implemented in software and Apple can add support for peripheral devices that facilitate PIN code entry."To read this article in full or to leave a comment, please click here

Verizon, Viptela partner to offer hosted SD-WAN

Looking to capitalize on the emerging software-defined WAN market opportunity, Verizon has entered into an agreement to offer startup Viptela’s SD-WAN technology as a hosted product.+MORE AT NETWORK WORLD: SD-WAN: What it is and why you’ll use it one day +SD-WAN is the idea of bringing software defined networking capabilities to branch office sites. Controlling the WAN through software allows for easier management of the network if changes are needed and SD-WANs typically support multiple types of connections, from broadband to MPLS to LTE.To read this article in full or to leave a comment, please click here

Man rescued by Disney cruise ship charged with hacking Boston Children’s Hospital

Disney might bring to mind a warm and fuzzy happy ending, but such was not the case for a 31-year-old man who sent out a distress call from his boat, was rescued by a Disney cruise ship near Cuba, and then arrested in Miami for his alleged involvement with an Anonymous cyberattack against Boston Children’s Hospital.After Martin Gottesfeld and his wife pulled a ghost and vanished, relatives and his employer reported them missing. The FBI had been investigating him since October 2014, when the agency searched his house for evidence linking him to a cyberattack on the hospital. According to the DOJ press release, a few days ago, FBI “counterparts in the Bahamas” contacted Boston’s FBI to report that Gottesfeld was not a registered guest on the Disney cruise ship which rescued him at sea.To read this article in full or to leave a comment, please click here

Popular home security system SimpliSafe can be easily disabled by burglars

It's not unusual to hear of vulnerabilities in smart-home security systems these days, as security researchers turn their attention to the Internet of Things. It's worrying, though, when a modern security system turns out to be vulnerable to a so-called replay attack, the kind of thing that worked against garage door openers back in the 1990s.The latest example is SimpliSafe, a wireless alarm system that's marketed as cheaper and easier to install than traditional wired home security systems. Its manufacturer claims that the system is used in over 200,000 homes in the U.S.According to Andrew Zonenberg, a researcher with security consultancy firm IOActive, attackers can easily disable SimpliSafe alarms from up to 30 meters away, using a device that costs around $250 to create a replay attack.To read this article in full or to leave a comment, please click here

1 3,134 3,135 3,136 3,137 3,138 3,843