Security ‘net: A few keystrokes down the slippery slope

A situation you could really face:

Suppose a laptop were found at the apartment of one of the perpetrators of last year’s Paris attacks. It’s searched by the authorities pursuant to a warrant, and they find a file on the laptop that’s a set of instructions for carrying out the attacks. The discovery would surely help in the prosecution of the laptop’s owner, tying him to the crime. But a junior prosecutor has a further idea. The private document was likely shared among other conspirators, some of whom are still on the run or unknown entirely. Surely Google has the ability to run a search of all Gmail inboxes, outboxes, and message drafts folders, plus Google Drive cloud storage, to see if any of its 900 million users are currently in possession of that exact document. If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file — and all other Google users would remain undisturbed, except for the briefest of computerized “touches” on their accounts to see if the file reposed there. -just security

Would you run this search? It’s a difficult question, but ultimately Continue reading

The ultimate guide to small business networking

Building a cost-effective network infrastructure is critical for SMBs, who are likely competing against large enterprises with sizable IT budgets. Small businesses need to deploy their limited tech resources wisely in order to create a business that’s agile, flexible, fast and efficient.To read this article in full or to leave a comment, please click here(Insider Story)

The Big Hang-up: IRS customer call center service stinks

If you have ever tried to get tax help from the IRS over the phone and weren’t able to get any – you are not alone.That’s because the Internal Revenue Service provided the lowest level of telephone service during fiscal year 2015 compared to prior years, with only 38% of callers who wanted to speak with an IRS assistant able to reach one, according to a report this week from the Government Accountability Office. Perhaps worse yet is that the IRS and Department of Treasury have no real plans to improve the situation, the GAO stated.+More on Network World: IRS warns yet again on scam artist trickery+To read this article in full or to leave a comment, please click here

The Big Hang-up: IRS customer call center service stinks

If you have ever tried to get tax help from the IRS over the phone and weren’t able to get any – you are not alone.That’s because the Internal Revenue Service provided the lowest level of telephone service during fiscal year 2015 compared to prior years, with only 38% of callers who wanted to speak with an IRS assistant able to reach one, according to a report this week from the Government Accountability Office. Perhaps worse yet is that the IRS and Department of Treasury have no real plans to improve the situation, the GAO stated.+More on Network World: IRS warns yet again on scam artist trickery+To read this article in full or to leave a comment, please click here

EMC Dips a Toe Into the NFV Business

First step: a joint offering with Affirmed Networks.

Sponsored Post: Netflix, Macmillan, Aerospike, TrueSight Pulse, LaunchDarkly, Robinhood, StatusPage.io, Redis Labs, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

• Manager - Site Reliability Engineering: Lead and grow the the front door SRE team in charge of keeping Netflix up and running. You are an expert of operational best practices and can work with stakeholders to positively move the needle on availability. Find details on the position here: https://jobs.netflix.com/jobs/398


• Macmillan Learning, a premier e-learning institute, is looking for VP of DevOps to manage the DevOps teams based in New York and Austin. This is a very exciting team as the company is committed to fully transitioning to the Cloud, using a DevOps approach, with focus on CI/CD, and using technologies like Chef/Puppet/Docker, etc. Please apply here.


• DevOps Engineer at Robinhood. We are looking for an Operations Engineer to take responsibility for our development and production environments deployed across multiple AWS regions. Top candidates will have several years experience as a Systems Administrator, Ops Engineer, or SRE at a massive scale. Please apply here.


• Senior Service Reliability Engineer (SRE): Drive improvements to help reduce both time-to-detect and time-to-resolve while concurrently improving availability through service team engagement.  Ability to analyze and triage production issues on a web-scale system a plus. Find details on the position here: https://jobs. Continue reading

These are the 25 worst passwords of 2015

Look on the bright side! There’s one good thing that comes out of all those website breaches every year: Security researchers get to comb through all those lists of usernames and passwords to remind us just how bad most of our passwords are. Now that we’re well into 2016, password management company SplashData just released its annual round-up of the worst passwords of 2015.+ ALSO ON NETWORK WORLD 25 most commonly used and worst passwords of 2014 +To read this article in full or to leave a comment, please click here

Worth Reading: Learning QoS from RFCs

This is one of the neat things about IETF documents: while many of them are, in fact, bare descriptions of a packet format, a processing mechanism, or something similar, you can often find sets of RFCs and drafts that not only provide a solid overview of an entire area, but even give you a good set of reading material to dig deeper into the topic. -via packet pushers

The post Worth Reading: Learning QoS from RFCs appeared first on 'net work.

EZ-Wave: A Z-Wave hacking tool capable of breaking bulbs, abusing Z-Wave devices

The synopsis for Breaking Bulbs Briskly by Bogus Broadcasts mentions the promise of smart energy and building automation, as well as the many unintended vulnerabilities that are introduced in the rush to bring IoT devices to market. The researchers believe “the ability to physically damage hardware by abusing network access is particularly interesting.” I agree.Frustrated by the “lack of functionality in current Z-Wave hacking tools,” ShmooCon presenters Joseph Hall and Ben Ramsey created and released a new, open source EZ-Wave tool. Not only did the duo discuss how to use the tool for pen-testing Z-Wave wireless automation networks, they also discussed “a rapid process for destroying florescent lights.” They added, “Once access is gained to an automated lighting system, regardless of the protocol used, we demonstrate how to destroy florescent lamps rated for 30K hours within a single night of abuse.”To read this article in full or to leave a comment, please click here

2016: The Tipping Point for DevOps

Ahhh, a new year.

While 2015 was certainly a big year for us as we joined the Red Hat family, in many ways we’re still right at home with our roots deeply planted in the ways of open source. That means we’re listening (as we always do) to our customers and community members about what what they see as their problems to solve and goals to achieve in the year ahead. 

Here’s a bit of what we see:

• DevOps! It’s everywhere! If ever there was a buzzword to officially deserve the “jumped the shark” label, this might just be it. General understanding of DevOps as a practice that can potentially accelerate IT project delivery has permeated most IT departments, from the smallest of businesses to the most daunting of large enterprises, sometimes from the grassroots level, and sometimes from the top down.  

• Thankfully, along with this recognition, people are increasingly recognizing that DevOps isn’t simply tools -- that building a healthy organizational culture is a significant part of their journey. Many organizations are beginning to recognize that it’s not a lightswitch, or a flat-out reorg. The idea that small wins can matter when bringing DevOps practices into your Continue reading

2016: The Tipping Point for DevOps

Ahhh, a new year.

While 2015 was certainly a big year for us as we joined the Red Hat family, in many ways we’re still right at home with our roots deeply planted in the ways of open source. That means we’re listening (as we always do) to our customers and community members about what what they see as their problems to solve and goals to achieve in the year ahead. 

Here’s a bit of what we see:

• DevOps! It’s everywhere! If ever there was a buzzword to officially deserve the “jumped the shark” label, this might just be it. General understanding of DevOps as a practice that can potentially accelerate IT project delivery has permeated most IT departments, from the smallest of businesses to the most daunting of large enterprises, sometimes from the grassroots level, and sometimes from the top down.  

• Thankfully, along with this recognition, people are increasingly recognizing that DevOps isn’t simply tools -- that building a healthy organizational culture is a significant part of their journey. Many organizations are beginning to recognize that it’s not a lightswitch, or a flat-out reorg. The idea that small wins can matter when bringing DevOps practices into your Continue reading

Highlight: ArtArch

The post Highlight: ArtArch appeared first on 'net work.

Linux kernel flaw endangers millions of PCs, servers and Android devices

For almost three years, a serious vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.The flaw, which stems from the kernel's keyring facility, allows applications running under a local user to execute code in the kernel. As a result, an attacker with access to only a limited account on a Linux system can escalate their privileges to root.The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.To read this article in full or to leave a comment, please click here

More Jinja – Working with YAM as an Input

import yaml
from jinja2 import Environment, FileSystemLoader, Template

ENV = Environment(loader=FileSystemLoader('./'))

Social engineering: 7 signs that something is just not right

Keep an eye out for thisImage by ThomasThe best remedies a company can put in place start with education and teaching what to look for and what not to do. Morey Haber, vice president of Technology, BeyondTrust, lists some of the gotchas that should make your employees back away from the incoming email.To read this article in full or to leave a comment, please click here

Linux zero-day affects most Androids, millions of Linux PCs

A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point."This affects all Android phones KitKat and higher," said Yevgeny Pats, co-founder and CEO at security vendor Perception Point.ALSO: A brief history of Linux malware Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit. Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world's supercomputers.To read this article in full or to leave a comment, please click here

Big Switch Networks Closes $48.5M in Series C Funding

Big Switch Networks is looking forward to a big 2016.

ACL Implementation Guide

Next Gen EOS for Cloud-Scale Networking

As we celebrate 2016, and reflect upon Arista’s decade of innovation, the disparity between legacy technology and modern technology is clear, and the gap is widening. Arista is unique in its role as a pioneer in cloud networking. Let us review.

Next Gen EOS for Cloud-Scale Networking