My Thoughts On The Death Of IP Telephony

A Candlestick Phone (image courtesy of Wikipedia)

Greg Ferro (@EtherealMind) posted a thought provoking article about collaboration in his Human Infrastructure magazine (which you should be reading). He talks about the death of IP Telephony and the rise of asynchronous communications methods like Slack. He’s got a very interesting point of view. I just happen to disagree with a few of his assertions.

IP Telephony Is Only Mostly Dead

Greg’s stance that IP Telephony is dead is a bit pointed to say the least. He is correct that the market isn’t growing. It is also true that a great number of new workers entering the workforce prefer to use their smartphones for communications, especially the asynchronous kind. However, desk phones are a huge part of corporate communications going forward.

IT shops have a stilted and bizarre world view. If you have a workforce that has to be mobile, whether it be for making service calls or going to customer sites for visits, you have a disproportionately large number of mobile users for sure. But what about organizations that don’t have large mobile populations? What about financial firms or law offices or hospitals? What about retail organizations? These Continue reading

New remote access Trojan Trochilus used in cyberespionage operations

A cyberespionage group has been discovered using a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products.The malware was discovered by researchers from Arbor Networks while investigating attacks in Myanmar that were launched from compromised government websites.The researchers linked the compromises to a sophisticated group of attackers known as Group 27, who are known to use different malware programs in their operations, some with overlapping capabilities.Arbor Networks has uncovered seven malware programs used by the group so far, including three remote access Trojans: PlugX, 9002, and the new Trochilus.To read this article in full or to leave a comment, please click here

Worth Reading: Intel & the Data Collector of Things

A decade ago, Intel’s primary data source for its PC and server microprocessors were the people who used Intel’s products. Today, those data sources are sensors connecting the Internet of Things, and Intel wants them everywhere.

The post Worth Reading: Intel & the Data Collector of Things appeared first on 'net work.

Versa Virtual Edge Report Webinar: Service Provider Expertise & NFV PoCs are Live Tomorrow

Learn from the top NFV PoCs, manage, and orchestrate NFV-based managed services with Versa's January 27th webinar!

Europol tracks DD4BC cyber-extortion gang to Bosnia

Police believe they have nabbed a key figure behind a series of online extortion attacks that have taken place around the world over the last 18 months. Operation Pleiades, a joint operation by police forces from around the world, led to the arrest of a "main target" and the detention of another suspect, Europol said Tuesday. The denial-of-service attacks on webservers and the like made by group going by the name DD4BC (Distributed DoS for Bitcoin), are followed by an email threatening that the attack will be stepped up unless a payment is made in bitcoin. Attackers using the name DD4BC have targeted businesses large and small -- and also email addresses leaked from the Ashley Madison website.To read this article in full or to leave a comment, please click here

Windows 8, older Internet Explorer versions face end-of-life deadline this week

This week's Patch Tuesday will be the final time the Windows 8 OS and Internet Explorer versions 8, 9, and 10 see any more fixes. Microsoft is again making the necessary decision to cut the cord and let the aging browsers go, and it has begun urging users to upgrade.As always, the products will continue to work, they just won't be patched if a flaw or exploit is found. With this end-of-life patch, IE users will be given an upgrade notification informing them that the browser will no longer be supported and encouraging them to use the latest version. It's a similar ritual Microsoft had to go through with Windows XP two years ago.And, as it turns out, there are still a fair number of users of the old IE versions – around 19.8%, according to NetMarketShare analytics. So why are the old browser versions hanging on? Two reasons, I suspect.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Addressing hybrid network challenges with SD-WAN

In previous articles I outlined one of the most clear-cut use cases for Software Defined WAN: replacing traditional Internet-based VPNs with a centrally-managed SD-WAN solution. This is easy for enterprises to relate to, and the benefits of deploying this type of project can be considerable.However, many enterprises deal with a much more complex hybrid WAN, and the challenges with this type of environment can be substantial. A hybrid WAN means that multiple technologies are integrated to deliver the end-to-end solution; this can include MPLS, VPLS, point-to-point circuits and Internet VPNs. Traffic flows between end users and applications can span multiple technologies and multiple boundaries of management responsibility. I've worked with many global enterprises that operate networks like this, and I hear several recurring complaints:To read this article in full or to leave a comment, please click here

Security ‘net: Social Media & Narratives

I have a rather motley collection of links this week roaming over security, social media, and algorithms. First up is three interesting reads on social media, some of which isn’t very technical, but it’s tangential to technology, so I still get to post them here. Since beginning work in earnest on a PhD in philosophy, I’ve been paying a lot more attention to stories in this realm, and thinking about how these things impact us as people and our culture at large.

First up, a prediction that Facebook is going to die because it’s a “garbage dump.” I’m not a huge user of Facebook, so I really don’t pay attention to what goes on there (which is probably why if you’ve tried to friend me there, I’ve not answered — I rarely look at requests, and almost never approve them).

It’s sort of like going to your junk drawer to find the nail clippers, and rifling through old receipts, coupons, paper clips. Instead of fetching your clippers, which you know are in the back, you occupy yourself momentarily with what’s in your drawer and why it’s there.

It’s important for communication channels to keep their signal to noise ratio Continue reading

Lies vendors tell about Service Level Agreements and how to negotiate for something better

Ansible 2.0 Has Arrived

After a year of work, we are extremely proud to announce that Ansible 2.0 has been released and is now generally available. This is by far one of the most ambitious Ansible releases to date, and it reflects an enormous amount of work by the community, which continues to amaze me. Approximately 300 users have contributed code to what has been known as “v2” for some time, and 500 users have contributed code to modules since the last major Ansible release.

Why Did We Start V2?

There are many pitfalls to refactoring software, so why did we decide to tackle such a major project? At the time we started the work on v2, Ansible was approximately three years old and had recently crossed the 1,000 contributor mark. This huge rate in growth also resulted in a degree of technical debt in the code, which was beginning to show as we continued to add features.

Ultimately, we decided it was worth it to take a step back and rework some aspects of the codebase which had been prone to having features bolted on without a clear-cut architectural vision. We also rewrote from scratch much of the code which was responsible Continue reading

Ansible 2.0 Has Arrived

After a year of work, we are extremely proud to announce that Ansible 2.0 ("Over the Hills and Far Away") has been released and is now generally available. This is by far one of the most ambitious Ansible releases to date, and it reflects an enormous amount of work by the community, which continues to amaze me. Approximately 300 users have contributed code to what has been known as “v2” for some time, and 500 users have contributed code to modules since the last major Ansible release.

Why Did We Start V2?

There are many pitfalls to refactoring software, so why did we decide to tackle such a major project? At the time we started the work on v2, Ansible was approximately three years old and had recently crossed the 1,000 contributor mark. This huge rate in growth also resulted in a degree of technical debt in the code, which was beginning to show as we continued to add features.

Ultimately, we decided it was worth it to take a step back and rework some aspects of the codebase which had been prone to having features bolted on without a clear-cut architectural vision. We also rewrote from scratch much Continue reading

Have you broken your security resolutions yet?

Keeping your resolutionsImage by UsodesitaWe are almost halfway through the first month of 2016 and I am sure many people have already let their personal resolutions fall apart. But what about your professional resolutions? How have they held up? Is it easier to shore up your network’s security than exercise every day? These security professionals offer up their resolutions for the new year.To read this article in full or to leave a comment, please click here

Feds say only Chryslers were vulnerable to hacks via radio, not Audi or Volkswagen

U.S. auto safety regulators have determined that only infotainment centers from Fiat-Chrysler Automobiles (FCA) had a security flaw that could allow hackers to take control of Jeeps and several other model cars and trucks.Last summer, Fiat-Chrysler recalled 1.4 million Jeep, Chrysler, Dodge and Ram vehicles that had the security flaw.After a five-month investigation into cyberhacking vulnerabilities, the National Highway Traffic Safety Administration (NHTSA) said only FCA vehicles, and no others, were vulnerable to the hack.Affected were certain vehicles equipped with 8.4-in. Uconnect touchscreens: 2013-2015 Dodge Viper specialty vehicles 2013-2015 Ram 1500, 2500 and 3500 pickups 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs 2014-2015 Jeep Grand Cherokee and Cherokee SUVs 2014-2015 Dodge Durango SUVs 2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans 2015 Dodge Challenger sports coupes Audi Volkswagen and Bentley were also part of the NHTSA's investigation because they use the same infotainment center as Chrysler vehicles, which are made by Harman and used a similar Uconnect operating system.To read this article in full or to leave a comment, please click here

Microsemi builds better security into network time appliance

Keeping accurate time has never been more important. Inaccurate time can cause servers and applications to go awry, causing service disruptions.For example: As fighter Manny Pacquiao was ready to square off against Floyd Mayweather in May 2015, the fight was delayed due to a technical problem with pay-per-view orders. More than 4.4 million U.S. customers shelled out $100 to watch the fight but had trouble accessing it. The fight was delayed 45 minutes. It turns out the trouble was a problem with time. A time server was so far out of sync that people were disqualified from watching the fight because of a discrepancy with the time stamps.To read this article in full or to leave a comment, please click here

Rovnix malware shifts focus to Japan, says IBM

After a stint focusing on the Netherlands, a group using the Rovnix Trojan has updated it and repackaged it to steal from the bank accounts of victims in Japan, according to IBM X-Force.The malware in this exploit, which has persisted in various forms for about five years, has been augmented to avoid being detected, dodge bank security and convincingly mimic bank websites, says Etay Maor, a senior cybersecurity strategist for IBM.It’s pretty clear from the malware samples IBM X-Force has examined that the Rovnix group in question studied Japanese banks closely and came up with a user interface that closely mimics those of specific banking sites. It’s not just a generic key-logger that steals information and hopes for the best, Maor says.To read this article in full or to leave a comment, please click here

Are Unnumbered Interfaces Harmful?

A few weeks ago I got into an interesting discussion about the potential harm caused by unnumbered IPv4/IPv6 interfaces.

Ignoring for the moment the vendor-specific or media-specific implementation details, these two arguments usually pop up in the first 100 milliseconds (assuming engineers involved in the discussion have some hands-on operational experience):

The Cloud Cures M&A IT Integration Headaches

8 Reasons IT Certifications Still Matter In 2016

Mozilla Persona login system to shut down end November

Mozilla's login system Persona will be shut down on Nov. 30 as its usage is low and has not grown over the last two years.The foundation's decision to take persona.org and related domains offline follows a move in March 2014 to transition the running of the project from full-time developers to a community of long-time volunteers and former paid contributors.Mozilla said at the time that it had no plans to decommission the little-known service, which allowed users to sign in to websites that support Persona using their verified email ids.  The key attraction of the service, according to Mozilla, was that users didn't have to trust a website with their password, preventing its theft if one of the websites got hacked.To read this article in full or to leave a comment, please click here

Powerball lessons for infosec