Synack builds intel platform for its penetration testers

Synack, a security company that uses crowdsourcing for penetration testing, has built an intelligence platform that it says will narrow down weak points in a company's network. Based in Redwood City, California, Synack uses a network of freelance security analysts in 35 countries to probe the networks of companies who've signed up to its subscription service. The analysts, who are closely vetted by Synack, get paid based on the vulnerabilities and security problems they find, ranging from $100 up to thousands. The subscription offering means companies are continually analyzed. Jay Kaplan, Synack's co-founder and CEO, said they wanted to build platform that would help its analysts quickly focus their attention on potential trouble spots. Called Hydra, the platform spots vulnerabilities in networks and applications, looks for out-of-date software and other issues.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How much is your stolen personal data worth?

Examples of the different kinds of personal data available online, as well as its value on the black market, is available in a new report (PDF) from Intel Security's McAfee Labs. The report looks at pricing for credit cards, bank account login details, and other stolen personal information.$5 credit card numbers U.S. credit card account numbers complete with date of birth typically run $15, the report says. Basic card numbers without the extra data costs as little as $5."A digital equivalent of physical card would let a criminal buy things until the victim contacts the card issuer and challenge the charges," Raj Samani, CTO for Intel Security in Europe, the Middle East, and Africa, said in a McAfee blog post about the report.To read this article in full or to leave a comment, please click here

Image too good to be true? DARPA program targets image doctoring

It isn’t hard for just about anyone to change or alter an image these days -- and that can be a problem.It’s an issue researchers at the Defense Advanced Research Projects Agency want top put to rest with a new program called Media Forensics or MediFor, which looks to build an algorithmic-based platform that can detect image manipulation.+More on Network World: Gartner: Get onboard the algorithm train!“The forensic tools used today lack robustness and scalability and address only some aspects of media authentication; an end‐to‐end platform to perform a complete and automated forensic analysis does not exist. Although there are a few applications for image manipulation detection in the commercial sector, they are typically limited to a yes/no decision about the source being an “original” asset, obtained directly from an imaging device. As a result, media authentication is typically performed manually using a variety of ad hoc methods that are often more art than science, and forensics analysts rely heavily on their own background and experience,” DARPA stated.To read this article in full or to leave a comment, please click here

EU fines optical drive cartel $132M for colluding against Dell and HP

Buyers of Dell and Hewlett-Packard PCs may have paid over the odds for their optical drives as a result of a cartel arrangement between eight component manufacturers.The European Commission fined the eight cartel members a total of €116 million (US$132 million) for colluding between 2004 and 2008 to fix the prices of bids to supply optical drives to Dell and HP.Philips, Lite-On and their joint venture Philips & Lite-On Digital Solutions got away scot-free for their role in revealing the cartel. Had they not turned in their co-conspirators, they would have had to pay fines totalling €64 million between them.But the other five member, Hitachi-LG Digital Storage, Toshiba Samsung Storage Technology, Sony, Sony OptiArc and Quanta Storage, must together pay €116 million, with Hitachi-LG and Toshiba Samsung paying the largest shares.To read this article in full or to leave a comment, please click here

Adding an Interface to an OpenStack Instance After Creation

In this post I’ll share a few commands I found for adding a network interface to an OpenStack instance after launching the instance. You could, of course, simply launch the instance with multiple network interfaces from the very beginning, but these commands are handy in case you messed up or in case the requirements for the instance changed after it was launched. Please note there’s nothing revolutionary or ground-breaking in the commands listed here; I’m simply trying to help share information in the event others will find it useful.

I tested these commands using OpenStack “Juno” with VMware NSX providing the networking functionality for Neutron, but (as you can tell if you check the articles in the “References” section) this functionality has been around for a while. These commands should work with any supported Neutron plug-in.

First, create the Neutron network port:

neutron port-create <Neutron network name>

If you want to attach a security group to the port (probably a good idea), then modify the command to look like this:

neutron port-create --security-group <Security group name> 
<Neutron network name>

Note that you can add multiple --security-group parameters to the command in order to specify multiple security groups on the Continue reading

IoT security threats and how to handle them

Smart TVs in conference rooms. Brainy heating and air-conditioning systems. Internet-connected light bulbs. Intelligent devices controlling manufacturing processes. Smart watches and fitness devices everywhere. These are just a few of the things you’ll find in the enterprise Internet of Things (IoT) landscape, a landscape in which almost every physical object, it seems, has plenty of smarts and connects to networks -- and leaves enterprises vulnerable to hacks and data breaches. Also in this series... - Surveys Say: IoT dangers are here, they're real, and they're widespread - IoT Bookshelf: Essential reading for Internet of Things securityTo read this article in full or to leave a comment, please click here(Insider Story)

IoT dangers are here, they’re real, and they’re widespread

Two studies, one from HP, and one from DNS and security vendor OpenDNS, took a look at the dangers IoT devices pose, and both concluded the same thing: They’re real, they’re here, and they’re more widespread than you might imagine. Following are summaries of each study. Also in this series... - IoT security threats and how to handle them - IoT Bookshelf: Essential reading for Internet of Things securityTo read this article in full or to leave a comment, please click here(Insider Story)

Boards are getting more involved in cybersecurity, but is it enough?

An escalation in the frequency, severity and impact of cybersecurity attacks damaging corporate operations, finances and reputations is forcing boards of directors to take more active roles in their company's defensive posture. However, the level of participation in their companies' risk mitigation strategy remains lacking, according to new research from PwC.Forty-five percent of 10,000 CEOs, CFOs, CIOs and other executives PwC polled said that their boards participated in corporate cybersecurity strategy, up from 42 percent when PwC conducted a similar survey for 2014, according to David Burg, PwC's global cybersecurity practice leader. But given the glut of cybersecurity attacks Burg says the numbers are lower than they should be. "It is surprising that this number isn't north of 75 percent,” says Burg, who published the data in a new report. “In a world of connected business ecosystems, you’re only as strong as your weakest link.”To read this article in full or to leave a comment, please click here

Docker’s acquisition aims to improve application container management

Docker containers have spread like wildfire across the technology industry, and now one of the biggest companies behind the movement has taken a big step toward making it easier to manage application containers across various infrastructure environments.+MORE AT NETWORK WORLD: Amazon’s case for running containers in its cloud | 12 Hot application container startup companies to watch +To read this article in full or to leave a comment, please click here

Mozilla mulls early cutoff for SHA-1 digital certificates

In light of recent advances in attacks against the SHA-1 cryptographic function, Mozilla is considering banning digital certificates signed with the algorithm sooner than expected.The CA/Browser Forum, a group of certificate authorities and browser makers that sets guidelines for the issuance and use of digital certificates, had previously decided that new SHA-1-signed certificates should not be issued after Jan. 1, 2016.Browser makers have also decided that existing SHA-1 certificates will no longer be trusted in their software starting Jan. 1, 2017, even if they're technically set to expire after that date.On Tuesday, Mozilla announced that it's re-evaluating the cutoff date and is considering the feasibility of pushing it forward by six months, on July 1, 2016. The decision is guided by recent research that improves the practicality of attacks against SHA-1.To read this article in full or to leave a comment, please click here

Prayer Time at Tokyo Summit

This is something I’ve had the pleasure of organizing at VMworld over the last couple of years, and I’d like to start doing it at the OpenStack Summits as well. So, next week in Tokyo, I’d like to offer Christians attending the Summit the opportunity to gather together for a brief time of prayer before the day’s activities get started.

If you’re interested in attending, here are the details.

What: A brief time of prayer

Where: The pool outside the Grand Prince Hotel New Takanawa (the pool outside the red building on this map of the Summit campus)

When: Tuesday, October 27 through Thursday, October 29, at 8:00 am each day (this should give you time to grab some breakfast before the keynotes and sessions start at 9:00 am)

Who: All courteous attendees are welcome, but please note that this will be a distinctly Christian-focused and Christ-centric activity. This is not to exclude anyone, but rather to focus on like-minded individuals. (I encourage believers of other faiths/religions to organize equivalent activities.)

Why: To spend a few minutes in prayer over the day, the Summit, and the other attendees gathered there

You don’t need to RSVP to let me know Continue reading

Stop CISA now!

Many of the world's top tech companies want to put a stop to the fundamentally flawed Cybersecurity Information Sharing Act (CISA) bill which is on the Senate floor.Put another way on "Decide the future of the Internet," the corporate scorecard lists companies against CISA as "Team Internet," while "Team NSA" is "collaborating with the government to control the Internet." Decide the Future CISA will automate sharing with the following government agencies:To read this article in full or to leave a comment, please click here

5 Lessons from 5 Years of Building Instagram

Instagram has always been generous in sharing their accumulated wisdom. Just take a look at the Related Articles section of this post to see how generous.

The tradition continues. Mike Krieger, Instagram co-founder, wrote a really good article on lessons learned from milestones achieved during Five Years of Building Instagram. Here's a summary of the lessons, but the article goes into much more of the connective tissue and is well worth reading.

  1. Do the simple thing first. This is the secret of supporting exponential growth. There's no need to future proof everything you do. That leads to paralysis. For each new challenge find the fastest, simplest fix for each. 
  2. Do fewer things better. Focus on a single platform. This allows you to iterate faster because not everything has to be done twice. When you have to expand create a team explicitly for each platform.
  3. Upfront work but can pay huge dividends. Create an automated scriptable infrastructure implementing a repeatable server provisioning process. This makes it easier to bring on new hires and handle disasters. Hire engineers with the right stuff who aren't afraid to work through a disaster. 
  4. Don’t reinvent the wheel. Instagram moved to Facebook's infrastructure because Continue reading
1 3,192 3,193 3,194 3,195 3,196 3,756