Brinks safe — with a USB port — proves easy hacking for security researchers

“Every step of the way, we were like, ‘This can’t be possible.’ ”Yet this – opening a Brinks CompuSafe Galileo using its standard USB port, a keyboard and 100 lines of code – was most definitely possible for a pair of security researchers, Daniel Petro and Oscar Salazar, who work for the IT security consulting company Bishop Fox.From an IDG News Service story on our site: They bought a Galileo CompuSafe on eBay. The most egregious problem they found is a fully functional USB port on the side of the safe. That allowed them to plug in a keyboard and a mouse, which worked.To read this article in full or to leave a comment, please click here

MetalCaptcha: Free service uses metal band logos as CAPTCHAs

Hacker News had me laughing today as a company called HeavyGifts took a joke and turned it into a real and free product by using metal band logos as CAPTCHAs. Unless there is another computer virus based on weaponizing heavy metal, such as the malware reported to F-Secure’s Mikko Hypponen by an Iranian nuclear scientist after AC/DC’s Thunderstruck was allegedly blasting from workstations in the middle of the night, when else can I write about metal music?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Software vulnerabilities hit a record high in 2014, report says

How safe is the software you use? Do you have a system in place to identify vulnerabilities and patch them when they are discovered? How quickly do you react to vulnerability reports? There's evidence that software vulnerabilities are on the rise, and few companies are taking the necessary action to combat them.There was some worrying news in the recent Secunia Vulnerability Review 2015. The number of recorded vulnerabilities hit a record high of 15,435 last year, up 18% from 2013. The vulnerability count has increased 55% in the last five years. The report also found a rise in the number of zero-day vulnerabilities with 20 being uncovered in the 50 most popular programs. These are vulnerabilities that have already been exploited by hackers before being made public or being patched.To read this article in full or to leave a comment, please click here

Xen patches new virtual-machine escape vulnerability

A new vulnerability in emulation code used by the Xen virtualization software can allow attackers to bypass the critical security barrier between virtual machines and the host operating systems they run on.The vulnerability is located in the CD-ROM drive emulation feature of QEMU, an open source hardware emulator that’s used by Xen, KVM and other virtualization platforms. The flaw is tracked as CVE-2015-5154 in the Common Vulnerabilities and Exposures database.The Xen Project released patches for its supported releases Monday and noted that all Xen systems running x86 HVM guests without stubdomains and which have been configured with an emulated CD-ROM drive model are vulnerable.To read this article in full or to leave a comment, please click here

Getting to Know Tim Cramer, VP of Engineering at Ansible

TimC_780x300Knowing the members of our Ansible community is important to us, and we want you to get to know the members of our team in the Ansible office. Stay tuned to the blog to learn more about the people who are helping to bring Ansible to life.

This week we're happy to introduce you to Tim Cramer, VP of Engineering at Ansible. Tim brings over 20 years of enterprise software experience to Ansible. He was previously at HP where he was responsible for the overall delivery of Helion Eucalyptus Cloud, managing global teams of engineering, support and IT. He also worked as an executive at Dell, Eucalyptus, and Sun Microsystems, and as an engineer at Sun and Supercomputer Systems Inc.

What’s your role at Ansible?

  • Running the development and release of Ansible Tower and managing the Ansible open source team and community efforts

  • Scaling the engineering team and increasing the ability to release products more often and with higher quality

  • Overseeing partner engineering integrations that benefit Ansible customers and users; for example, working on enhancing Windows, VMware, OpenStack, and AWS functionality

  • Understanding and prioritizing the features for Tower releases

What’s your management philosophy?
My philosophy is not unlike the great Continue reading

The Score Is High. Who’s Holding On?

Checklist

If you haven’t had the chance to read Jeff Fry’s treatise on why the CCIE written should be dropped, do it now. He raises some very valid points about relevancy and continuing education and how the written exam is approaching irrelvancy as a prerequisite for lab candidates. I’d like to approach another aspect of this whole puzzle, namely the growing need to get that extra edge to pass the cut score.

Cuts Like A Knife

Every standardized IT test has a cut score, or the minimum necessary score required to pass. There is a surprising amount of work that goes into calculating a cut score for a standardized test. Too low and you end up with unqualified candidates being certified. Too high and you have a certification level that no one can attain.

The average cut score for a given exam level tends to rise as time goes on. This has a lot to do with the increasing depth of potential candidates as well as the growing average of scores from those candidates. Raising the score with each revision of the test guarantees you have the best possible group representing that certification. It’s like having your entire group be Continue reading

Website Migration Imminent – Please Stand By

The long overdue Website migration and overhaul is planned for this week. Possible disruptions ahead.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Website Migration Imminent – Please Stand By appeared first on Packet Pushers Podcast and was written by Greg Ferro.

The Next Generation Agile Data Center and the Birth of A Dynamic Network

At Plexxi we’re building a simply better network for the next era of IT to deliver agile data centers, enable scale-out applications and support distributed Cloud deployments.  In my prior blog, I discussed why the decades-old practice of pre-architecting, designing and implementing static network infrastructures wouldn’t support the dynamic needs of organizations moving forward. In this installment of my blog, I will review a case study from a large enterprise deploying an agile data center to meet their needs for the next generation.

I continue to spend a lot of time on the road, and I enjoy meeting with customers to make sure I stay on top of next generation data center networking requirements.  I recently visited a large enterprise that was experiencing scalability, management and performance problems with their existing data center network.  As the number of virtualized applications and corresponding virtual machines (VMs) grew in their data center, agility was actually decreasing rather than improving.  The data center was harder to manage due to application mobility and a lack of unified visibility across their virtual and physical environments.  In addition, their oversubscribed switches were experiencing capacity and buffering problems, caused in large part Continue reading

The Upload: Your tech news briefing for Tuesday, July 28

Samsung tipped to upstage Apple with August phone launchSamsung has sent out invitations to an event in New York next month that looks like it’s planned to be the coming out party for a new, larger version of its flagship Galaxy S6 edge smartphone. The S6 line has been a hot item but the company hasn’t been able to keep up with demand, and shortages of the smartphone may be a factor holding down Samsung’s quarterly earnings, to be reported on Thursday.Most Android phones can be hacked just by sending them a multimedia messageTo read this article in full or to leave a comment, please click here

Car and pedestrian collision? There’ll soon be an app for that

A safety system that ties cars and smartphones together to stop those heart-stopping near misses between cars and pedestrians could be standardized by the end of this year.The technology involves smartphones broadcasting data over a short-range radio channel to nearby cars, so the cars can determine if a collision is likely. Unlike today’s radar-based systems, this has the ability to warn around blind corners and can alert both the driver and pedestrian.It’s being developed by engineers at Honda and was demonstrated last week at the company’s new research and development center in Mountain View, in the heart of Silicon Valley.In the demonstration that took place in a parking lot, a car was slowly cruising a row looking for a space. Ahead, and unseen to the driver, a pedestrian was walking between a car and SUV while listening to music, and about to step into the path of the oncoming vehicle.To read this article in full or to leave a comment, please click here

Car and pedestrian collision? There’ll soon be an app for that

A safety system that ties cars and smartphones together to stop those heart-stopping near misses between cars and pedestrians could be standardized by the end of this year. The technology involves smartphones broadcasting data over a short-range radio channel to nearby cars, so the cars can determine if a collision is likely. Unlike today’s radar-based systems, this has the ability to warn around blind corners and can alert both the driver and pedestrian. It’s being developed by engineers at Honda and was demonstrated last week at the company’s new research and development center in Mountain View, in the heart of Silicon Valley. In the demonstration that took place in a parking lot, a car was slowly cruising a row looking for a space. Ahead, and unseen to the driver, a pedestrian was walking between a car and SUV while listening to music, and about to step into the path of the oncoming vehicle.To read this article in full or to leave a comment, please click here

Someday your phone may stop an oncoming car

Self-driving cars will try to avoid robot pedestrians in a simulated city as part of an effort to make real-world streets safer.M-City, a test facility that the University of Michigan opened this month in Ann Arbor, packs a range of street configurations and road conditions into a 32-acre (13-hectare) facility for testing emerging automotive technologies. The site includes stoplights, traffic circles, gravel and brick roadways and movable building facades. It will play host to some of the testing for vehicle-to-pedestrian (V2P) detection systems that Verizon Communications hopes to turn into a commercial reality.V2P uses DSRC (Dedicated Short Range Communications), the same radios as vehicle-to-vehicle technology that could prevent crashes between cars that approach each other unexpectedly around a blind corner. In the pedestrian safety system, the smartphones people carry would talk to specialized radios in cars or even just to drivers’ phones. Those wireless exchanges are part of a broader effort to prevent vehicle accidents that killed 30,000 people per year in the U.S., according to the National Highway Traffic Safety Administration (NHTSA). The agency estimates 14 percent of those accidents involve pedestrians.To read this article in full or to leave a comment, please click here

NSA will lose access to ‘historical’ phone surveillence data Nov. 29

The U.S. National Security Agency will lose access to the bulk telephone records data it has collected at the end of November, the Office of the Director of National Intelligence announced Monday.Congress voted in June to rein in the NSAs mass collection of U.S. phone metadata, which includes information such as the timing and location of calls. The Foreign Intelligence Surveillance Court then gave the NSA 180 days to wind the program down.To read this article in full or to leave a comment, please click here

1 3,153 3,154 3,155 3,156 3,157 3,613