Cloud, virtualization take toll on data centers

The data center is transforming -- modernizing to meet business demand as technologies such as software-defined architecture, cloud and virtualization take hold. This modernization is also being driven by CIOs and IT executives taking a hard look at their computing needs and asking whether they want to own and/or operate data centers any longer, industry experts say.Managing the transitionTo read this article in full or to leave a comment, please click here(Insider Story)

U.S. still No. 1 for unsecured security cameras: Creepy site linked to over 5,700 in U.S.

In November 2014, access to the video streams of 73,011 unsecured security cameras were available on a site that provided a Peeping Tom paradise for voyeurs and creepers. At that time, there were 11,046 unsecured security cameras in the U.S. Now there is roughly half that amount, but the U.S. is still number one by having more insecure security cameras than any other nation in the world.On December 17, there were 4,104 unsecured security cameras located in the United States that were listed as part of the Insecam project, which claims to have “the world’s biggest directory of online surveillance security cameras.” With six cameras per page, that was equal to 684 pages which I viewed while counting the brand of network video cameras available online, because each of those U.S. cameras did not have a unique password to protect it. That took between five and six hours, including the time to grab some screenshots as well; during that time, the number of unsecured cameras in the U.S. fluctuated wildly and dropped to barely 4,000 before going back up to cover 684 pages again. The most common unsecured cameras in the U.S. Continue reading

Juniper NetScreen firewall should be patched now

The Internet Storm Center has upgraded its warning about the corruption of Juniper ScreenOS firewalls to yellow, which means it’s imperative to patch them today, literally, given that details on how to exploit the flaws has been published and that it’s a holiday week when applying firewall patches can be easily overlooked. According to the ISC warning, the upgraded yellow warning was made because Juniper’s NetScreen firewalls are popular and that the “'backdoor’ password is now known, and exploitation is trivial at this point,” and for most businesses, this “being a short week for many of us, addressing this issue today is critical.”To read this article in full or to leave a comment, please click here

Gartner Data Center, Infrastructure and Operations Management Conference

I had the opportunity to attend this year’s Gartner Data Center Infrastructure and Operations Management Conference in Las Vegas December 7th – 10th.  The sessions were very informative, providing insight into both high-level trends and tactical topics, including bimodal IT, cloud (both public and private) and converged/ hyperconverged infrastructure. I leveraged Twitter at the conference as a means of taking, and sharing, copious notes (@RobertNoel3). Here’s a look at the conference’s main themes:

Bimodal IT:

Bimodal IT is a topic that Gartner has been discussing at length in recent years. The concept of bimodal IT is that organizations need to behave in two modes simultaneously (mode1 and mode 2). According to Ray Paquet, Managing VP at Gartner, mode 1 is predictable where orders are taken from customers of IT and delivered upon.  This is the process of “keeping the lights on” and supporting legacy tools and processes. Mode 2 is exploratory where new tools and processes are considered hand-in-hand with customers of IT.  Mode 2 is all about moving fast and taking risks as a means to support the agility required for the next generation of IT. As a metaphor, Paquet described mode 1 Continue reading

Google joins Mozilla, Microsoft in pushing for early SHA-1 crypto cutoff

Google is considering banning certificates signed with the SHA-1 cryptographic function in Google Chrome starting Jul. 1. This follows similar announcements from Mozilla and Microsoft over the past two months.The browser vendors had previously decided to stop trusting SHA-1-signed certificates presented by HTTPS websites on Jan. 1, 2017, a year after certificate authorities are supposed to stop issuing new ones.However, due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months.To read this article in full or to leave a comment, please click here

5 information security trends that will dominate 2016

Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while security organizations struggle to keep up.As 2015 draws to a close, we can expect the size, severity and complexity of cyber threats to continue increasing in 2016, says Steve Durbin, managing director the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members."For me, 2016 is probably the year of cyber risk," Durbin says. "I say that because increasingly I think we are seeing a raised level awareness about the fact that operating in cyber brings about its own peculiarities."To read this article in full or to leave a comment, please click here

Juniper updates list of backdoored enterprise firewall OS versions

Juniper revised the list of ScreenOS versions that contain a backdoor allowing attackers to bypass authentication and gain administrative access to NetScreen enterprise firewall devices.The networking equipment manufacturer announced last week that it found, during an internal audit, two instances where rogue code was added to its ScreenOS operating system without authorization. The code could be used by attackers to gain privileged access to NetScreen firewall devices and to decrypt VPN connections.The company said at the time that ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 were vulnerable, but an analysis by researchers from security firm Rapid7 revealed that not all listed versions are vulnerable to both issues.To read this article in full or to leave a comment, please click here

Juniper updates list of backdoored enterprise firewall OS versions

Juniper revised the list of ScreenOS versions that contain a backdoor allowing attackers to bypass authentication and gain administrative access to NetScreen enterprise firewall devices.The networking equipment manufacturer announced last week that it found, during an internal audit, two instances where rogue code was added to its ScreenOS operating system without authorization. The code could be used by attackers to gain privileged access to NetScreen firewall devices and to decrypt VPN connections.The company said at the time that ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 were vulnerable, but an analysis by researchers from security firm Rapid7 revealed that not all listed versions are vulnerable to both issues.To read this article in full or to leave a comment, please click here

Docs Spotlight: Keeping the FM in RTFM

blog-header-docspotlight

Crafting and maintaining high quality documentation is something we all know is very important. Reputable documentation is much more than the result of fantastic product or project management - especially when we're talking about community-driven documentation. Open source communities in particular like to reference "RTFM" (Read the Fine Manual, for the cleaner acronym explanation), but that's only helpful when the "Fine Manual" contains quality documentation. For projects like Ansible, it is our active users that make all the difference, and with their contributions and efforts we are able to help provide the great documentation that supports Ansible.  But, that also comes with some caveats.

Many people contribute to open source projects so that they may "scratch their own itch." Whether this works well or creates clunky and cluttered code is not up for debate in this blog post, but how well it works in relation to open source documentation is debatable. Often contributions boil down to very bare bones coverage of a feature or implementation, other times the only contribution made is a typo fix. And while even the small fixes are helpful, these are not the contributions that make the docs great (better, yes, but not yet reaching Continue reading

Docs Spotlight: Keeping the FM in RTFM

blog-header-docspotlight

Crafting and maintaining high quality documentation is something we all know is very important. Reputable documentation is much more than the result of fantastic product or project management - especially when we're talking about community-driven documentation. Open source communities in particular like to reference "RTFM" (Read the Fine Manual, for the cleaner acronym explanation), but that's only helpful when the "Fine Manual" contains quality documentation. For projects like Ansible, it is our active users that make all the difference, and with their contributions and efforts we are able to help provide the great documentation that supports Ansible.  But, that also comes with some caveats.

Many people contribute to open source projects so that they may "scratch their own itch." Whether this works well or creates clunky and cluttered code is not up for debate in this blog post, but how well it works in relation to open source documentation is debatable. Often contributions boil down to very bare bones coverage of a feature or implementation, other times the only contribution made is a typo fix. And while even the small fixes are helpful, these are not the contributions that make the docs great (better, yes, but not yet reaching Continue reading
1 3,221 3,222 3,223 3,224 3,225 3,857