IDG Contributor Network: Building malware defenses: Control email, web browsers, and ports

Our last article looked at applying Critical Security Controls 4, 5, and 6 to your organization, covering vulnerability assessment, administrative privileges, and audit logs. Now it’s time to move on to CSCs 7, 8, and 9.Email programs and web browsers are still the most common points of entry for attackers, too many companies have woefully inadequate malware defenses, and a failure to control ports and limit services is like leaving a window open for cybercriminals.Critical Control 7: Email and Web Browser Protections Human behavior is still the path of least resistance for cybercriminals, and they often employ social engineering techniques to gain access to systems. Despite the rising profile of phishing, 23% of recipients open phishing messages and 11% click on attachments, according to Verizon’s 2015 Data Breach Investigations Report (DBIR).To read this article in full or to leave a comment, please click here

Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites

Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.The list of certificates that are scheduled to be removed from Microsoft's Trusted Root Certificate Program belong to CAs run by private or state-owned organizations from the U.S., France, the Czech Republic, Japan, Denmark, Chile, Turkey, Luxembourg, Ireland, Slovenia and Brazil.With their removal from Microsoft's program, the CAs will also be removed from the certificate trust list in Windows that's used by browsers such as Google Chrome, Internet Explorer and Microsoft Edge, as well as by email clients and other applications that support secure communications over SSL/TLS.To read this article in full or to leave a comment, please click here

Business Titles: CEO, Founder, Managing Director, Proprietor

Twitter is a great place to air thoughts, gather thoughts, create allies and destroy bridges. Twitter is also limited to 140 characters. Not great for talking about complex things. For large subject areas, Tweets are normally pre-appended with [x/y], which designates what message out of the chain this particular one is. Tweeting about emotional and sensitive things is probably something I need to stop doing, especially without the means to portray the exact meaning behind the Tweets and feeling that goes with it.

To those that have recently started those businesses, you have my respect for jumping in with both feet, not to be confused with gripes about titles!

Being Misunderstood and Business Titles

With startups being the ‘in thing’ and the millennials starting ‘micro businesses’, the misuse of titles grinds on me for very valid reasons. Everyone wants to be that person that sells their startup for millions, or gets recognition on TED for being awesome. I have news. Most companies fail within the first year or two. Most never make it past five years. Those that do in most cases have gambled everything to win. As newer technologies sees new roles and skill sets being developed, it’s only Continue reading

PlexxiPulse—Dell Founders 50

This week, Plexxi was named to Dell’s Founders 50, a select cohort of startups that are disrupting their respective industries and poised for future success. Dell recognized Plexxi, and the other startups on the list, for the company’s high growth and impressive use of innovative technology solutions. Plexxi’s technology is founded on the belief that the future of IT is dramatically changing as the industry moves towards the third era of IT. As the industry transitions into the next era of IT, data and application growth are forcing cloud data center network architectures to change radically. We’re proud to be a part of this list and are committed to producing dynamic solutions for next generation networks. Congratulations to all of the companies named to the 2016 cohort!

Below please find a few of our top picks for our favorite news articles of the week.

TechTarget: Eight emerging data center trends to follow in 2016
By Robert Gates
Most data centers will be able to reduce physical space by at least 30% in the next five years, one of several emerging data center trends through 2020. Increased density, virtualization, moves to colocation facilities and cloud computing are all impacting operations Continue reading

Should you buy cyber insurance?  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Cyber insurance is rapidly becoming an important part of many organizations' risk mitigation strategy. While most businesses have some sort of property or general liability insurance, those policies exclude coverage for cyber liability, so cyber insurance has become its own category, and it's the fastest growing area of insurance for businesses. At least 50 major providers now offer this type of insurance, attracted by the fact that demand for cyber insurance has been rising by double digit percentages for the last few years.To read this article in full or to leave a comment, please click here

Apple CEO defends privacy, encryption amidst terrorist concerns

Apple CEO Tim Cook staunchly defended personal privacy and the use of encryption on iPhones amidst renewed concerns about terrorists hiding covert electronic messages when they plan deadly attacks.In an interview with Charlie Rose on CBS This Morning that aired Friday, Cook said the supposed tradeoff between privacy and security is "only a simplistic view—we can have both."Cook repeated Apple's stance that it complies specifically with court-ordered warrants to produce information as required by law enforcement, but said of encrypted data on iPhones, "We don't have it to give." That's because Apple's iPhones running versions after iOS 4 keep decryption keys on a user's iPhone and not on a server or some other place, as Apple has pointed out many times before.To read this article in full or to leave a comment, please click here

Unser neues 72. Rechenzentrum: Hamburg

Moin Hamburg! Ensconced alongside the Elbe River, Hamburg, a major port city in northern Germany, is the second largest city in the country, and the eight largest in the European Union. Our data center in Hamburg is our 4th in Germany following deployments in Frankfurt, Düsseldorf and Berlin, our 19th in Europe, and 72nd globally. This means not only better performance in Germany, but additional redundancy for our 3 other data centers throughout the country. As of this moment, CloudFlare has a point of presence (PoP) in 8 out of Europe's 10 most populous* cities, and we're headed for a perfect 10-for-10 (look out Budapest...).

For the local audience: Liebe Freunde in Hamburg, Euer Internetanschluss ist schneller geworden und ihr könnt jetzt sicherer surfen. Viel Spaß.

Frohe Festtage!

Be sure to have some Glühwein if you visit the Christkindlmärkte this holiday season

Yesterday we announced new points of presence (PoPs) in Montreal and Vancouver. Today: Hamburg. However, the holidays are hardly over, and we have lots more cheer to spread. We've sent planes sleighs full of servers, switches, routers and PDUs to many corners of the globe. And to cap it off, we'll gift some CloudFlare gear Continue reading

Stuff The Internet Says On Scalability For December 18th, 2015

Hey, it's HighScalability time:


In honor of a certain event what could be better than a double-bladed lightsaber slicing through clouds? (ESA/Hubble & NASA)

 

If you like Stuff The Internet Says On Scalability then please consider supporting me on Patreon.
  • 66,000 yottayears: lifetime of an electron; 3 Gbps: potential throughput for backhaul microwave networks; 1.2 trillion: yearly Google searches; $100 trillion: global investible capital; 2.5cm: range of chip powered by radio waves; 

  • Quotable Quotes:
    • @KarenMN: He's making a database / He's sorting it twice / SELECT * from contacts WHERE behavior = 'nice' / SQL Clause is coming to town
    • abrkn: Every program attempts to expand until it has an app store. Those programs which cannot so expand are replaced by ones which can.
    • Amin Vahdat: Some recent external measurements indicate that our [Google] backbone carries the equivalent of 10 percent of all the traffic on the global Internet. The rate at which that volume is growing is faster than for the Internet as a whole.
    • Prismatic:  we also learned content distribution is a tough business and we’ve failed to grow at a rate that justifies continuing to support our Prismatic News Continue reading

Worth Reading: What we should fear in the world of patents

…only rarely are those accused of some patent violation really a bad actor. Rather, the patent system results in bad actors because the system is confusing with little transparency. When patents are unclear, in other words when the boundaries of a patent are vague, then people cannot adequately check whether their innovations infringe. If they have no reliable means of checking then innovators will find it hard, likely impossible, to design around a patent, or even to seek an appropriate patent license. via heartland

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: What we should fear in the world of patents appeared first on 'net work.

BGP RIB Failure

An infrequent, yet interesting issue that comes up occasionally is when BGP encounters RIB failures. Usually, it takes the form of a prefix which you’d expect a router to learn via eBGP in its RIB being learnt via a routing protocol with a worse administrative distance.

To understand this problem, we first need to realise that “RIB failure” in a “show ip bgp” output implies that a route offered to the RIB by BGP has not been accepted. This is not a cause for concern if you have a static, or connected route to to that network on the router, but if you’re expecting it to be via eBGP then you can infer that something is misconfigured with your routing.

This can also be simplified to “BGP does not care about administrative distance when selecting a path”.

For reference, the path selection algorithm goes:

Network layer reachability information.

Weight (Cisco proprietary). Bigger is better.

Local preference

Locally originated route

AS path length

Origin code. IGP>EGP>Incomplete

Median Exit Discriminator. Lower is better.

Neighbour type. eBGP better than iBGP.

IGP metric to Next Hop. Lowest Router ID wins.


OSFP Forwarding Address Part I: Type 5 LSA Suppression

OSPF (Open Shortest Path First) is mostly seen as a pretty nasty routing protocol, with a load of subtleties and corner cases. I’ve decided to talk about a subject which usually gives a lot of troubles to most network professionals – the Forwarding Address (FA).

So, we’re going to clear things on why does OSPF set or doesn’t set the FA, what is it used for, how is the best path selection is influenced by the setting of the FA and we’ll also see some examples that may throw some light on this subject. But first, let’s clarify what the forward address is. As per the RFC, the forward address is defined as:

Forwarding address
        Data traffic for the advertised destination will be forwarded to
        this address.  If the Forwarding address is set to 0.0.0.0, data
        traffic will be forwarded instead to the LSA's originator (i.e.,
        the responsible AS boundary router).

Probably the most important thing when you start the deep dive into this subject is having the right topology to work with, which allows you to see the less usual cases regarding how redistribution into OSPF works.

Considering the network topology below, I have Continue reading

Juniper firewalls compromised by bad code: What you need to know

Juniper Networks is warning customers to patch their NetScreen enterprise firewalls against bad code that enables attackers to take over the machines and decrypt VPN traffic among corporate sites and with mobile employees.The danger is that attackers could exploit the code “to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper says in a security announcement.It would enable smart attackers to exploit the vulnerability and wipe out log files, making compromises untraceable, the company says.To read this article in full or to leave a comment, please click here

To break terrorist encryption, pay off Apple and Google, expert urges

To break encrypted smartphone messages used by terrorists, tech companies such as Apple and Google need to be paid by law enforcement, an expert urged Thursday."If there were a financial incentive for Google and Apple to assist law enforcement, then they would be more willing to change their encryption technology to facilitate law enforcement in possession of a warrant," said Professor Darren Hayes, director of cybersecurity at Pace University, in an interview.Tech companies and wireless carriers currently get reimbursed "quite nicely," he said, for their time and help when faced with a court warrant under the 1994 Communications Assistance for Law Enforcement Act (CALEA), a wiretap law that allows the FBI and others access to some communications, but not encrypted data.To read this article in full or to leave a comment, please click here

Where do bitcoins go when you die? (sci-fi)

A cyberpunk writer asks this, so I thought I'd answer it:




Note that it's asked in a legal framework, about "wills" and "heirs", but law isn't the concern. Instead, the question is:
What happens to the bitcoins if you don't pass on the wallet and password?
Presumably, your heirs will inherit your computer, and if they scan it, they'll find your bitcoin wallet. But the wallet is encrypted, and the password is usually not written down anywhere, but memorized by the owner. Without the password, they can do nothing with the wallet.

Now, they could "crack" the password. Half the population will choose easy-to-remember passwords, which means that anybody can crack them. Many, though, will choose complex passwords that essentially mean nobody can crack them.

As a science-fiction writer, you might make up a new technology for cracking passwords. For example, "quantum computers" are becoming scary real scary fast. But here's the thing: any technology that makes it easy to crack this password also makes it easy to crack all of bitcoin Continue reading
1 3,203 3,204 3,205 3,206 3,207 3,836