Research ‘net 0x1339ECC: The cloud begins with coal

So is reading a book on your e-reader really cheaper than reading it in hardback? I know I do most of my reading electronically now, but that’s mostly because I fly a lot and I don’t want to carry a lot of books, and because I find it faster to take notes (and find them later) in electronic formats. But cheaper? I doubt it, really. Consider this:

The information economy is a blue-whale economy with its energy uses mostly out of sight. Based on a mid-range estimate, the world’s Information-Communications-Technologies (ICT) ecosystem uses about 1,500 TWh of electricity annually, equal to all the electric generation of Japan and Germany combined — as much electricity as was used for global illumination in 1985. The ICT ecosystem now approaches 10% of world electricity generation. Or in other energy terms – the zettabyte era already uses about 50% more energy than global aviation. Reduced to personal terms, although charging up a single tablet or smart phone requires a negligible amount of electricity, using either to watch an hour of video weekly consumes annually more electricity in the remote networks than two new refrigerators use in a year. And as the world continues to Continue reading

Dell is stepping in to protect the boot layer of PCs, tablets

Dell's business laptops and tablets will get an extra layer of protection from hackers with a new security tool being loaded into the company's portable computers.The new Dell security tool focuses on protecting the boot layer so PC hardware or software don't malfunction. It secures the low-level UEFI (Unified Extensible Firmware Interface), which sits in a protected layer above the OS. An attack on this firmware can compromise a system at boot time.Hacking the firmware can cause the OS and hardware components to malfunction. Hackers have shown increasingly sophisticated ways in which the UEFI -- which has replaced the conventional BIOS -- can be infected with malware. To read this article in full or to leave a comment, please click here

What did we learn about cybersecurity in 2015?

A data breach can be the biggest kind of crisis an IT leader will have to face. And when an incident occurs, it’s an emergency situation – typically an all-hands-on-deck moment.After the dust settles, however, it’s time to determine what lessons were learned from the experience. Your organization may have escaped 2015 without a data breach. But that’s no guarantee that hackers, cybercriminals and others won’t turn their attention to your business soon.2015 by the numbers According to the Identity Theft Resource Center (ITRC), organizations around the world suffered over 700 data breaches in 2015. The attacks covered every sector and records were lost in many sectors. For 2015, the ITRC reports the following findings:To read this article in full or to leave a comment, please click here

Upcoming Event: Network Automation Workshop

I spent most of last year developing SDN-related content, resulting in pretty successful 2-day workshop and 20+ hours of online content. However, I fully agree with Matt Oswalt that network automation matters even more than lofty centralized ideas, so it was time to focus on that area.

As always, the easiest way to push yourself is to commit to a deadline, so I agreed to do a network automation workshop during the Troopers 16 event. Here’s what it will cover:

Read more ...

Study of another IP camera reveals serious problems

An in-depth analysis of yet another Internet-connected security camera has revealed a host of software problems.Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola's Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.They found they could take control of the camera remotely and control its movement, redirect the video feed and figure out the password for the wireless network the device is connected to.One attack exploits a cross-site request forgery problem. It was possible to scan for camera connected to the Internet and then get a reverse root shell.To read this article in full or to leave a comment, please click here

Lawfare thinks it can redefine π, and backdoors

There is gulf between how people believe law to work (from watching TV shows like Law and Order) and how law actually works. You lawyer people know what I'm talking about. It's laughable.

The same is true of cyber: there's a gulf between how people think it works and how it actually works.

This Lawfare blogpost thinks it's come up with a clever method to get their way in the crypto-backdoor debate, by making carriers like AT&T responsible only for the what ("deliver interpretable signal in response to lawful wiretap order") without defining the how (crypto backdoors, etc.). This pressure would come in the form of removing current liability protections they now enjoy for not being responsible for what customers transmit across their network. Or as the post paraphrases the proposal:
Don’t expect us to protect you from liability for third-party conduct if you actively design your systems to frustrate government efforts to monitor that third-party conduct.
The post is proud of its own smarts, as if they've figured out how to outwit mathematicians and redefine pi (π). But their solution is nonsense, based on a hopelessly naive understanding of how the Internet works. It appears all Continue reading

Cisco-Jasper deal should make enterprise IoT safer

Cisco Systems' planned US$1.4 billion acquisition of Jasper Technologies could make it easier for enterprises to build businesses around services instead of products. While the Internet of Things includes sensors and devices that enterprises can use to better run their operations and cut costs, it can also give them whole new business models. Much of Jasper's business is connecting the products companies make to mobile networks. It sits between enterprises and mobile operators, doing the complicated work of tying IoT applications to network connections. Cisco builds a lot of the gear on the network side of that equation, plus higher-level smarts like analytics on the other end that can make IoT more effective and profitable. Bringing their capabilities together will simplify deployments that currently involve lots of different companies and pieces of software, the companies say.To read this article in full or to leave a comment, please click here

Comodo to fix major flaw in knock-off Chrome browser

Comodo will release an update Wednesday to fix a serious vulnerability in its web browser, which it markets as a way for users to enhance their security.Google engineer Tavis Ormandy found that the company's Chromodo browser disables the "same origin policy," one of the most basic tenets of web security, according to a writeup.To read this article in full or to leave a comment, please click here

Cisco Puts Storage into ‘Beast’ Mode

Cisco this week says it fortified its SAN switching lineup for the next 10 years. The company launched the MDS 9718 – or “the beast” as it was referred to internally -- a high port density, programmable director that’s ready for 32G.The switch supports 10G, 16G, 40G today, and with future support for 32G Cisco claims it should be around for the next decade. FibreChannel tops out at 16G today.It scales to 768 line rate 16G FibreChannel or 10G FibreChannel-over-Ethernet (FCoE) ports, or 384 40G FCoE. Brocade's DCX 8510, by contrast, supports up to 512 16G FC.To read this article in full or to leave a comment, please click here

As 5G approaches, 3G and 4G are still getting faster

Most of the excitement at Mobile World Congress this month will be about 5G, which won't officially exist until 2020. But vendors will also be showing off new ways to speed up the networks people are using now.That means more than 4G, because while LTE gets a lot of press, older services are more common than you might think. Just over half of the world's mobile subscriptions (51 percent) are for 2G service only, according to Tolaga Research analyst Phil Marshall. Almost one-third are limited to 3G, while only 15 percent are 4G. Even in 2020, only 48 percent of subscriptions will be for 4G.Some users are stuck on a slower network because they haven't upgraded to a faster phone, and some of those 2G-only subscriptions are for connected machines that don't need any more speed. But there are a lot of mobile users who could use a performance bump even before 5G comes along.To read this article in full or to leave a comment, please click here

BleepingComputer under free speech attack as SpyHunter makers sue over bad review

BleepingComputer is a valuable asset to the Internet, in my opinion, as it is often one of the first sites to warn of newly reported ransomware; volunteer security professionals also regularly provide answers to any number of other computer questions. Yet BleepingComputer is seriously under fire for daring to engage in free speech as Enigma Software is suing the site over a negative review of Enigma’s flagship anti-malware program SpyHunter.To read this article in full or to leave a comment, please click here

Google Fiber to be free for select affordable housing residents

Google Fiber on Wednesday announced free gigabit Internet service to residents of selected public housing projects connected to its fiber optic service in U.S. cities.The program was launched at West Bluff, an affordable housing community in Kansas City, Mo., where 100 homes have been connected to Google Fiber. Across the Kansas City area, Google is now working with affordable housing providers to connect as many as nine properties that could reach more than 1,300 local families.Google described the program as an extension of its work with ConnectHome, an initiative of the U.S. Department of Housing and Urban Development (HUD) and the Obama administration.To read this article in full or to leave a comment, please click here

Flaws in smart toy back-end servers puts kids and their families at risk

Over the past two years security researchers have shown that many Internet-connected "smart" devices have not been designed with security in mind. This also seems to be the case for their back-end systems.The latest example are flaws found in the Web services operated by smart-toy makers which could expose children's personal information and location.Researchers from security firm Rapid7 found serious vulnerabilities in the Web application programming interfaces (APIs) used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.In the case of Smart Toy devices, the researchers found that the manufacturer's Web service did not properly validate request senders. Through the exposed APIs, they could enumerate all customers and find their toy ID, name, type and associated child profile; they could access all children's profiles, including their names, birth dates, gender and spoken languages; they could find out when a parent or child is interacting with their toy and could associate someone's toy with a different account, effectively hijacking it.To read this article in full or to leave a comment, please click here

1 3,165 3,166 3,167 3,168 3,169 3,853