The Tortoise and the Austin Hare

Dell_Logo

Dell announced today the release of their newest network operating system, OS10 (note the lack of an X). This is an OS that is slated to build on the success that Dell has had selling 3rd party solutions from vendors like Cumulus Networks and Big Switch. OS10’s base core will be built on an unmodified Debian distro that will have a “premium” feature set that includes layer 2 and layer 3 functionality. The aim to have a fully open-source base OS in the networking space is lofty indeed, but the bigger question to me is “what happens to Cumulus”?

Storm Clouds

As of right this moment, before the release of Dell OS10, the only way to buy Linux on a Dell switch is to purchase it with Cumulus. In the coming months, Dell will begin to phase in OS10 as an option in parallel with Cumulus. This is especially attractive to large environments that are running custom-built networking today. If your enterprise is running Quagga or sFlow or some other software that has been tweaked to meet your unique needs you don’t really need a ton of features wrapped in an OS with a CLI you will barely use.

So Continue reading

Serious flaw patched in Intel Driver Update Utility

A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.The tool, known as the Intel Driver Update Utility, can be downloaded from Intel's support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.The vulnerability stems from the tool using unencrypted HTTP connections to check for driver updates. Such connections can be intercepted and modified by attackers located on the same local network as affected computers or in control of a router along their Internet connection paths.To read this article in full or to leave a comment, please click here

Memory that learns could help tomorrow’s intelligent computers

As researchers try to build more complex computers that get closer to emulating the way the human brain works, one of the areas of focus is memory.Existing chips, hard disks and tape drives are great at storing large amounts of data, but a new breed of memory chip called a memristor could go a step further: helping the artificial intelligence systems of tomorrow actually understand the data and make more use of it.Memristors could help computers connect the dots to identify diseases or help self-driving cars recognize objects based on probabilities and associations. Memristors are best used in machine-learning models to make predictions based on patterns and trends culled from large stacks of information, said Alex Nugent, CEO of Knowm.To read this article in full or to leave a comment, please click here

5 things that top CSO candidates need on a resume

If all the recent IT hiring surveys are to be believed, chief security officers can expect a pretty sweet year in 2016. Job demand is up. Salaries are way up. And neither trend is expected to slow anytime soon.Yes, good CSOs can pretty much write their own ticket in 2016. That is, if they can write a good resume.Despite the growing demand for IT security leaders, IT recruiters confirm that organizations are still very fussy about whom they will bring on board or promote into this key role. A strong background in technology and IT security is a given. But so are business savvy, solid communication skills, top leadership qualities, and demonstrated value.To read this article in full or to leave a comment, please click here(Insider Story)

Dridex banking malware adds a new trick

Dridex, the banking malware that won't go away, has been improved upon once again.IBM's X-Force researchers have found that the latest version of Dridex uses a DNS (Domain Name System) trick to direct victims to fake banking websites.The technique, known as DNS cache poisoning, involves changing DNS settings to direct someone asking for a legitimate banking website to a fake site.DNS cache poisoning is a powerful attack. Even if a person types in the correct domain name for a bank, the fake website is still shown in the browser."By keeping the victim away from the bank’s site, the fraudster can deceive them into divulging critical authentication codes without the bank knowing that the customer’s session has been compromised," wrote Limor Kessem, a cybersecurity expert with IBM's Trusteer division, in a blog post on Tuesday.To read this article in full or to leave a comment, please click here

Enter the ring: Engineering Deathmatch!!

  What happens when you combine the old celebrity deathmatch meets Cisco networking? Well, you get Engineering Deathmatch! Two engineers enter the console and only one gets out! (You’ve seen Tron right!!?) Well….. it’s almost that dramatic. Have you ever wanted to go head to head against a fellow engineer, put your wits to the […]

We’re Hosting a Go Hackathon!

CloudFlare is excited to partner with Women Who Go to host Gopher Gala—the first distributed Go(lang) hackathon—in our San Francisco office!

Go CloudFlare!

Gopher Gala is a chance to showcase your skills and compete against the best Go developers from around the world.

While the hackathon is distributed globally, CloudFlare is welcoming teams to use our new office space in SOMA this Saturday and Sunday from 9am-5pm. There will be food, drinks, and plenty of space to spread out and work with your teammates. Some of CloudFlare’s top Go developers will be participating as well.

If you’d like to sign up for the event, you can do so here: http://www.meetup.com/Women-Who-Go/events/227017435/

So, come join Women Who Go and CloudFlare and build something in a weekend:

When January 23rd: 9am-5pm
January 24th: 9am-5pm

Where CloudFlare Headquarters
101 Townsend Street
San Francisco, CA 94107

(Registration is required)

Oracle issues record number of patches

Oracle admins will be busy: The company issued 248 patches on Tuesday, its largest-ever release, according to one security vendor.Five of the vulnerabilities have the highest severity rating according to the Common Vulnerability Scoring System (CVSS), wrote ERPScan, a security company that specializes in SAP and Oracle systems.Most of those vulnerabilities related to Java SE, Oracles's platform for running Java applications on servers and desktops.In a long advisory, Oracle recommended that admins patch immediately.To read this article in full or to leave a comment, please click here

British voice encryption protocol has massive weakness, researcher says

A protocol designed and promoted by the British government for encrypting voice calls has a by-design weakness built into it that could allow for mass surveillance, according to a University College London researcher.Steven Murdoch, who works in the university's Information Security Research Group, analyzed a protocol developed by CESG, which is part of the spy agency GCHQ.The MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) protocol calls for a master decryption key to be held by a service provider, he wrote in an analysis published Tuesday.To read this article in full or to leave a comment, please click here

Advocacy group calls on health-care industry to adopt medical device security principles

Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the Hippocratic Oath.The group, which advocates for better security in life-impacting computers like those used in modern cars, medical devices or critical infrastructure, has published an open letter to the health-care industry, calling for a commitment to five principles when creating, using and maintaining medical devices.Those principles are security by design, collaboration with security researchers, ensuring that evidence of potential failures is captured and preserved for later analysis, safeguarding critical elements under the assumption that they'll operate in adverse conditions and providing easy-to-install security updates.To read this article in full or to leave a comment, please click here

The 4 kinds of cybersecurity customers

Depending upon whom you believe, there are roughly 800 to 1200 companies selling cybersecurity products and services to end customers. Yes, the cybersecurity market is forecast to be around $70 billion this year, but that’s still a lot of vendors.Now, there are point product specialists, managed services firms, and enterprise security vendors all competing for the same dollars. So how can any company stand out from the crowd? In my opinion, each security vendor must determine where its products and service fit among four distinct buyer types: Security-centric buyers. This traditional security buyer evaluates and purchases security products and services based upon discrete needs and budgets. As such, security-centric buyers tend to look for best-of-breed products from vendors with strong cybersecurity experience. Startups with strong cybersecurity chops are welcome to this club but purchasers also maintain a “rip-and-replace” mentality rather than any type of long-term allegiance. Vendors like Bit9 + Carbon Black, Cylance, Check Point, FireEye, Fortinet, Palo Alto Networks, Symantec, and Trend Micro come to mind here. Note that security-centric buyers will have some role to play in EVERY cybersecurity product and services deal. IT infrastructure-centric buyer. In most cases, IT infrastructure vendors extend their reach into security Continue reading

1 3,168 3,169 3,170 3,171 3,172 3,834