Forget Super Bowl 50: Let’s crown the cabling Installer of the Year!

There will be bonding. There will be splicing. And there will be firestopping.Yes, it’s time to roll up your sleeves, de-fog your goggles, climb your ladder and get ready for the 9th annual BICSI Cabling Skills Challenge next week in Orlando, where the Installer of the Year will be crowned and awarded a $5K prize (not to mention a towering trophy). This will definitely beat the NFL’s Pro Bowl as a competition fix during the seemingly endless lead-up to Super Bowl 50 on Feb. 7.The Installer of the Year needs to be versatile, good with his or her hands, and smart to boot. To read this article in full or to leave a comment, please click here

User behavior analytics is key to identifying nefarious use of insider credentials

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Almost all data breaches involve use of legitimate logon credentials. Guarding against these “insider threats” requires the ability to detect when cybercriminals are using stolen credentials. Sadly, traditional network security tools are not effective in identifing or mitigating these threats.  However, a new breed of user behavior analytics solutions has been designed for this specific purpose and is proving effective.The expression “insider threat” usually conjures up images of rogue employees or criminally minded contractors or business partners that are authorized to access company data. But the term is also used in a much broader sense to mean any threat or attack that abuses the logon credentials or privileges of legitimate employees or other insiders.To read this article in full or to leave a comment, please click here

Juniper Networks Reports Preliminary Fourth Quarter and Fiscal Year 2015 Financial Results

SUNNYVALE, CA–(Marketwired – January 27, 2016) –  Juniper Networks (:), the industry leader in network innovation, today reported preliminary financial results for the three months and twelve months ended Dec. 31, 2015 and provided its outlook for the three months ending March 31, 2016. Net revenues for the fourth quarter of 2015 were $1,319.6 million, an... Read more →

VMware, Cisco SDNs Bring Home the Bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other. In all the noise, it’s rare to hear from one that plans to implement both. But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs Bring Home the Bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other. In all the noise, it’s rare to hear from one that plans to implement both. But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs bring home the bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other.In all the noise, it’s rare to hear from one that plans to implement both.But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs bring home the bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other.In all the noise, it’s rare to hear from one that plans to implement both.But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

New Android ransomware uses clickjacking to gain admin privileges

File-encrypting ransomware applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator privileges.Clickjacking is a method that involves manipulating the user interface in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements.Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an alert intended to scare users into paying fictitious fines. Most of them impersonated law enforcement agencies and claimed that the devices were locked because illegal content was found on them.To read this article in full or to leave a comment, please click here

Net ring-buffers are essential to an OS

Even by OpenBSD standards, this rejection of 'netmap' is silly and clueless.

BSD is a Linux-like operating system that powers a lot of the Internet, from Netflix servers to your iPhone. One variant of BSD focuses on security, called "OpenBSD". A lot of security-related projects get their start on OpenBSD. In theory, it's for those who care a lot about security. In practice, virtually nobody uses it, because it makes too many sacrifices in the name of security.

"Netmap" is a user-space network ring-buffer. What that means is the hardware delivers network packets directly to an application, bypassing the operating system's network stack. Netmap currently works on FreeBSD and Linux. There are projects similar to this known as "PF_RING" and "Intel DPDK".


The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a "general purpose operating system".

In addition, it ultimately means that the application is going to have to implement it's own TCP/IP stack. That means it's going to repeat all the same mistakes of the past, such as "ping of death" when a Continue reading

Cisco Merging IOS-XE Code Trains

Reliable sources tell me that Cisco is undergoing a huge internal transformation now that Chuck Robbins is in charge. I haven’t been able to see any evidence of this transformation and have been wondering when customers would see the results. Cisco Enterprise was presenting at Network Field Day 11 and this particular presentation from Cisco Enterprise […]

The post Cisco Merging IOS-XE Code Trains appeared first on EtherealMind.

Less porn-surfing corporate bosses, more execs taking phishing bait to infect networks

ThreatTrack Security wanted to know how the challenges facing malware analysts dealing with cyber threats have evolved in past two years. So the company had Opinion Matters conduct an independent blind survey of 207 security professionals dealing with malware analysis in the U.S. While the findings are not all sunshine and chocolate, only 11% said they investigated a data breach that was not disclosed to customers, compared to 57% who said the same back in 2013. Another piece of good news - fewer security analysts need to purge malware as a result of a company's senior leadership member visiting a porn site. In 2013, 40% of malware infections came from porn-surfing corporate bosses, compared to 26% in 2015.To read this article in full or to leave a comment, please click here

How not to be a better programmer

Over at r/programming is this post on "How to be a better programmer". It's mostly garbage.


Don't repeat yourself (reuse code)


Trying to reuse code is near the top of reasons why big projects fail. The problem is that while the needs of multiple users of a module may sound similar, they are often different in profound ways that cannot be reconciled. Trying to make the same bit of code serve divergent needs is often more complex and buggy than multiple modules written from the ground up for each specific need.

Yes, we adhere to code cleanliness principles (modularity, cohesion) that makes reuse easier. Yes, we should reuse code when the needs match close enough. But that doesn't mean we should bend over backwards trying to shove a square peg through a round hole, and the principle that all pegs/holes are the same.


Give variables/methods clear names


Programmers hate to read other code because the variable names are unclear. Hence the advice to use "clear names" that aren't confusing.

But of course, programmers already think they are being clear. No programmer thinks to themselves "I'm going to be deliberately obtuse here so that other programmers won't understand". Therefore, Continue reading

UpGuard offers a rating score of risk preparedness

UpGuard analyzes data about the state of corporate networks to devise a single numerical score that gives a quick sense of security risk, a number that could be used by insurance companies to set premiums for cyber insurance.The UpGuard platform includes a scanner that evaluates exposure of publicly facing Web interfaces and determines the risk of breaches. This is augmented by analysis of data about the internal network from sources including existing security platforms and software services via APIs or from Windows Remote Management.That is rolled up into a number – the Cybersecurity Threat Assessment Report (CSTAR) – that capsulizes how vulnerable a network is to attacks, the company says. In addition to the number, the platform enables drilling down into what weaknesses it has found so customers can take remedial action.To read this article in full or to leave a comment, please click here

1 3,159 3,160 3,161 3,162 3,163 3,836