Judge strips redactions from NSL, showing info FBI gets without a warrant

A federal judge lifted an 11-year gag order the FBI had imposed on Nicholas Merrill and removed redactions of a National Security Letter (NSL) so Americans can see the overly broad "types of electronic communications transaction records" that the FBI has sought and continues to seek through NSLs.The FBI served the NSL back in 2004 when Nicholas Merrill owned and operated Calyx Internet Access, a small ISP with about 200 customers. After the judge found in favor of Merrill and not the government, Merrill said, "For more than a decade, the FBI has fought tooth and nail in order to prevent me from speaking freely about the NSL I received. Judge Marrero’s decision vindicates the public’s right to know how the FBI uses warrantless surveillance to peer into our digital lives. I hope today’s victory will finally allow Americans to engage in an informed debate about proper the scope [sic] of the government’s warrantless surveillance powers."To read this article in full or to leave a comment, please click here

Security ‘net: Google, Watson, and other thoughts

Encryption, security, and privacy are at the top of our list, it seems. The question is — who really cares about your privacy? Is Google a champion of freedom, or a threat to national sovereignty?

Google is unique in its leadership, plans, and global marketpower to accelerate the majority of all global Web traffic “going dark,” i.e. encrypted by default. Google’s “going dark” leadership seriously threatens to neuter sovereign nations’ law-enforcement and intelligence capabilities to investigate and prevent terrorism and crime going forward.

Or has Google just figured out that encryption is the best way to funnel all the world’s information through their servers so it can be properly indexed and used to its maximum commercial value?

But the truth about where the giants of tech stand on user privacy is another matter entirely. No organizations on earth have exploited users more than Google (GOOGL) and Facebook (FB) have in their zealous quest to boost ad revenues by providing users’ personal data – demographics, searches, email and location, among others – to an ever-growing list of digital advertisers.

Russ’ take: The truth is probably out there someplace, but I doubt it’s as clean cut as either of these articles Continue reading

The Marriage of the Ecosystem

A recent discussion with Greg Ferro (@EtherealMind) of Packet Pushers and Nigel Poulton (@NigelPoulton) of In Tech We Trust got me thinking about product ecosystems. Nigel was talking about his new favorite topic of Docker and containers. He mentioned to us that it had him excited because it felt like the good old days of VMware when they were doing great things with the technology. That’s when I realized that ecosystems aren’t all they are cracked up to be.

Courting Technology

Technology is a huge driver for innovation. New ideas are formed into code that runs to accomplish a task. That code is then disseminated to teams and built upon to create toolsets to accomplish even more tasks. That’s how programs happen. Almost every successful shift in technology starts with the courtship of focused code designed to accomplish a simple task or solve a quick problem.

The courtship evolves over time to include other aspects of technology. Development work extends the codebase to accept things like plugins to provide additional functionality. Not core functions though. The separation comes when people want to add additional pieces without compromising the original program. Bolting additional non-core pieces on Continue reading

VMware NSX Secures Armor’s Customers with Micro-Segmentation

VMware NSX equips Armor with the ability to orchestrate each customer in a cloud-like environment while giving them a threat-tight security wrapper via micro-segmentation from day one. Continue reading

OSPF vs EIGRP for DMVPN

In this post I’m going to look at the characteristics of OSPF and EIGRP when used in a Dynamic Multipoint VPN (DMVPN). I will do my best not to play favorites and instead stick to the facts (yes, I do have a preference :-). To that end I will back everything up with data from my lab. The focus areas of the comparison will be:

• Scalability of the hub router’s control plane
• Overall control plane stability
• Traffic engineering

This post won’t go into any background on how DMVPN works. If you’re not yet familiar with DMVPN, I recommend watching these introductory videos by Brian McGahan. This post also does not do a deep dive on OSPF or EIGRP. I’m making the assumption that you’re already familiar with the different LSA types in OSPF and general functions of EIGRP.

After reading this post you should be able to describe the pros and cons of OSPF and EIGRP in the three areas listed above and incorporate this knowlege into a DMVPN design.

Continue reading

No letup seen in Chinese cyber spying

A deal announced two months ago between China and the U.S. was pitched as bringing an end to economic espionage.But if any business leader thinks that means their organizations are no longer a target, they haven’t been paying attention.That is the unanimous conclusion of a number of experts who have been tracking cyber attacks from China in the two months since Chinese President Xi Jinping and U.S. President Barack Obama announced that, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property (IP), including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”To read this article in full or to leave a comment, please click here

Forecast 2016: 5 fast-track trends to tackle now (and one to ignore)

Of all the burning questions that keep tech execs awake at night, perhaps none is more urgent than, "Are we keeping up?" The breakneck pace of change in IT and in business at large means that CIOs and other senior technologists can't afford to lose focus as they head into 2016.Where should you center your efforts as you build your to-do list for the year ahead? Computerworld's Forecast 2016 survey of IT professionals points to five key areas -- cloud computing, security, the Internet of Things, analytics, and the emergence of IT as a change agent -- as well as one area where you don't need to devote resources (or not yet, anyway).To read this article in full or to leave a comment, please click here(Insider Story)

IDG Contributor Network: How to prepare your organization for the risk of data loss

Data breaches are serious and very real threats in today's digital world, and no industry sectors are immune. In the medical sector alone, the cost of client data breach liability, expense, and settlements surpassed the same costs from medical malpractice. Securing data and minimizing the probability and impact of data breaches is at its core a risk-based endeavor.While many businesses have recognized the need for risk assessment and management, there is still a tendency to treat risk assessment and managements as "checkbox" exercises. For a risk management program to provide true benefit, several things are required: An enterprise-level risk management practice. This is NOT your IT risk management team – it is a standalone and empowered practice that operates at the CXO level. This team is focused on business alignment. An IT-level risk management practice. This team is focused on the application and testing of applicable risk management frameworks and the controls associated with those frameworks. Certified and qualified risk management professionals. There are several industry certifications available. CRISC (Certified in Risk & Information Systems Control) and CRMP (Certified Risk Management Professional) are examples. They both require hefty amounts of continuing education, which is critical, given the moving target Continue reading

SDxCentral’s Top 10 SDN and NFV Articles — November 2015

Verizon, Juniper, Cisco, and Ericsson all make the top 3.

Network Engineers Becoming System Administrators

Enterprise nets: HP, Cisco, Brocade and Huawei take charge

A report released today by Cambridge, Mass.-based researcher IHS named Huawei, Cisco, Brocade and HP as the four leading companies in the enterprise networking sector.The leaders, according to IHS research director Matthias Machowinski, were chosen in part because of their roles as large-scale providers of a range of networking products and services for the enterprise.+ALSO ON NETWORK WORLD: Welcome to the Internet of stupid (hackable) things + Looking into the crystal ball of Amazon’s cloud futureTo read this article in full or to leave a comment, please click here

Detecting NAT64 Prefix

If you’re a host running on an IPv6-only network, you might want to detect the IPv6 prefix used for NAT64 (for example, to transform IPv4 literals a clueless idiot embedded into a URL into IPv6 addresses).

Apple has a wonderful developer-focused page describing NAT64 and DNS64, including the way they synthesize IPv6 addresses from IPv4 literals. You (RFC 6919) MUST read it.

HPE’s Synergy is a new type of ‘composable’ infrastructure

Hewlett Packard Enterprise has developed a new type of "composable' hardware that it claims will cut data center costs and slash the time it takes to spin up new applications.Called HPE Synergy, it combines storage, compute and network equipment in one chassis, along with management software that can quickly configure the hardware automatically to provide just the resources needed to run an application, HPE said."HPE Synergy's unique built-in software intelligence, auto discovery capabilities and fluid resource pools enable customers to instantly boot up infrastructure ready to run physical, virtual and containerized applications," the company said.To read this article in full or to leave a comment, please click here

Flaws in Huawei WiMax routers won’t be fixed, researcher says

Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.Pierre Kim published a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.Kim notified Huawei of the problem on Oct. 28. He wrote that Huawei said the routers are no longer serviced by the company and would not be patched.The routers include the EchoLife BM626 WiMax CPE and associated models running the same firmware including the BM626e, BM635, BM632, BM631a, BM632w and the BM652.To read this article in full or to leave a comment, please click here

Understanding VLAN terminology – Access Trunk Native Tagged Untagged

Data breach of toy maker VTech leaked photos of children, parents

The data breach of Hong Kong toy manufacturer VTech appears to have also included photos of children and parents, adding to what could be one of the most surprising leaks of the year.VTech, which makes cordless phones and what it terms electronic learning devices for kids, apologized on Twitter on Monday. The company said it has suspended the affected service, called Learning Lodge, and is notifying customers.Vice's Motherboard tech news site, which first reported the breach, said on Monday the breach also contained thousands of photos of parents and kids and chat logs.To read this article in full or to leave a comment, please click here

OSPF vs EIGRP for DMVPN

In this post I'm going to look at the characteristics of OSPF and EIGRP when used in a Dynamic Multipoint VPN (DMVPN). I will do my best not to play favorites and instead stick to the facts (yes, I do have a preference :-). To that end I will back everything up with data from my lab. The focus areas of the comparison will be:

• Scalability of the hub router's control plane
• Overall control plane stability
• Traffic engineering

This post won't go into any background on how DMVPN works. If you're not yet familiar with DMVPN, I recommend watching these introductory videos by Brian McGahan. This post also does not do a deep dive on OSPF or EIGRP. I'm making the assumption that you're already familiar with the different LSA types in OSPF and general functions of EIGRP.

After reading this post you should be able to describe the pros and cons of OSPF and EIGRP in the three areas listed above and incorporate this knowlege into a DMVPN design.

CCIE Written Changes

Just when you thought you were prepared for your CCIE written exam, think again! Cisco has announced that as of July 25th 2016 they will be adding the section called “Evolving Technologies” to all written exams. If you are scheduled to take your written, in any track, before July25th than not to worry, these changes will not affect you in anyway according to Cisco.

This new section is going to account for 10% of your overall score on the exam with the original topics in your blueprint coming out to 90%. The most interesting point that we need to focus on is that the subdomains of this new section are subject to change as “new and emerging technologies are developed and adopted by the industry”.

Now I know what you’re thinking, “how am I supposed to study for this?”. It’s not all that bad! Cisco has at least given us some resources that we can use to begin preparing for these new topics on our written exam. Here at iPexpert, we’ll be adding these topics to new Written VOD products accordingly, and releasing updates over the next few months.

The last big update to the CCIE blueprints that I Continue reading

Change of Venue: LinkedIn

I’m changing roles from Principal Engineer at Ericsson to the Architecture Team at LinkedIn. New adventure! But don’t worry, ‘net Work is staying open for thoughts about life as a network engineer.

The post Change of Venue: LinkedIn appeared first on 'net work.

First Internet ecommerce was at least 1990