Risky Business #391 — Dell fails hard

On this week's show we're chatting with Darren Kemp of Duo Security. He's one of the authors of a post about the latest example of computer manufacturer shitware introducing catastrophic vulnerabilities into shipped systems. This time it's Dell's turn.

If you haven't heard what they actually did you'll hardly even believe it. That's this week's feature interview.

read more

Microsoft beefs up security products to block adware

Microsoft is adding a new opt-in defense for enterprises to block adware, which is often sneakily wrapped into free downloads.Adware is often classified as a potentially unwanted application, or PUA, an industry term for applications that aren't necessarily malware but could be a security or performance risk."These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications," according to a Microsoft blog post.To read this article in full or to leave a comment, please click here

Dridex spam campaigns target the US, UK and France

The Dridex botnet, which targets financial credentials, appears to be gaining steam again, striking computers in the U.S., U.K. and France.Trend Micro is the latest security vendor to say it is seeing Dridex activity after the U.S. Department of Justice said last month it had significantly disrupted it in a joint action with the U.K. Sometimes referred to as Cridex or Bugat, Dridex is advanced malware that collects financial login details and other personal information that can be used to drain bank accounts.Trend has seen multiple spam campaigns sending out malicious attachments, such as Excel or Word documents, that could install Dridex, wrote Ryan Flores, a threat research manager.To read this article in full or to leave a comment, please click here

Networking Field Day 10 – Big Switch

Last night I finally finished watching all of the Big Switch Networking field day 10 videos.  If you haven’t seen them yet, I’d recommend taking a look out at them out on YouTube…

Big Switch Networks – Overview

Big Switch Networks – Why SDN Fabrics?

Big Switch Networks – Big Cloud Fabrics

Big Switch Networks – Big Cloud Fabric GUI demo

Big Switch Networks – Big Cloud Fabric for VMWare

Big Switch Networks – Monitoring Fabric

All of the presentations were awesome and well worth your time especially if you’re new to their products. 

If you haven’t looked at Big Switch before, their name sort of says it all.  Their base concept is disaggregating a standard chassis switch into individual components.  The breakdown would look something like this…

image 
As you can see, each component of a standard data center chassis switch has a similar component in the Big Cloud Fabric.  Leaf switches are the new line cards, spine switches the fabric modules or backplane, and the Big Cloud controller is the supervisor. Big switch then uses a standard IP management network to connect all of their components together.  This isn’t a very big Continue reading

Lenovo patches serious vulnerabilities in PC system update tool

For the third time in less than six months security issues have forced Lenovo to update one of the tools preloaded on its PCs.Last week, the company released version 5.07.0019 of Lenovo System Update, a tool that helps users keep their computers' drivers and BIOS up to date and which was previously called ThinkVantage System Update. The new version fixes two local privilege escalation vulnerabilities discovered by researchers from security firm IOActive.One of the vulnerabilities is located in the tool's help system and allows users with limited Windows accounts to start an instance of Internet Explorer with administrator privileges by clicking on URLs in help pages. That's because Lenovo System Update itself runs under a temporary administrator account that the application creates when installed, so any process it spawns will run under the same account.To read this article in full or to leave a comment, please click here

SAFECode: How to ensure you’re buying safe software

It’s hard to figure out how secure software is but the Software Assurance Forum for Excellence in Code (SAFECode) has issued guidelines to make it easier, especially for businesses trying to decide which products to buy.The industry group published a white paper, “Principles for Software Assurance Assessment”, that recommends questions corporate software buyers should ask their suppliers beforehand so they wind up with products less likely to be riddled with security flaws.One of the big problems these buyers may face is that they don’t know the relevant questions to ask, says Eric Baize, SAFECode chairman and Senior Director, Product Security and Trusted Engineering for EMC.To read this article in full or to leave a comment, please click here

Criminalize websites that refuse to delete terrorist content, say MEPs

Companies that host or operate websites should be held criminally liable if they fail to remove content that incites terrorism, members of the European Parliament voted Wednesday. But they also want these companies to voluntarily cooperate with governments to promote "anti-radicalization messages."MEPs voted on a report written by former French Minister of Justice Rachida Dati for Parliament's Civil Liberies, Justice and Home Affairs Committee (LIBE), which included a chapter on preventing online terrorist radicalization.While it might look like a knee-jerk reaction to the terrorist attacks in and around Paris on Nov. 13, the report is actually -- as Dati herself explained -- a response to the attack on the office of satirical magazine Charlie Hebdo in January.To read this article in full or to leave a comment, please click here

Ethernet Checksums Are Not Good Enough for Storage (Updated)

A while ago I described why some storage vendors require end-to-end layer-2 connectivity for iSCSI replication.

TL&DR version: they were too lazy to implement iSCSI checksums and rely on Ethernet checksums because TCP/IP checksums are not good enough.

It turns out even Ethernet checksums fail every now and then.

2015-12-06: I misunderstood the main technical argument in Evan’s post. The real problem is that switches recalculate CRC, so the Ethernet CRC is no longer end-to-end protection mechanism.

Read more ...

After a lapse, Intel looks to catch up with Moore’s Law again

For Intel, the temporary inability to keep pace with Moore's Law -- the foundation of its business -- was a bit of an embarrassment, but the company is trying hard to catch up.Moore's Law is an observation that has led to faster, cheaper and smaller computers, and a concept that Intel has followed for decades. It states that the density of transistors doubles every two years, while cost per transistor declines.Until recently, the company released chips every two years like clockwork. But making smaller chips is becoming challenging and more expensive, said Bill Holt, executive vice president and general manager for Intel's Technology and Manufacturing Group, during the company's annual investor day last week.To read this article in full or to leave a comment, please click here

Get started with Windows PowerShell DSC

In today's cloud-centric world, we’re seeing an explosion in the number of servers under IT management. Virtual machines made servers cheap, and containers will push prices down further. As a result, businesses can afford to deploy a server for every new need, but they can no longer afford to manage servers individually. Your servers no longer garner individual attention but are simply soldiers in a huge resource pool, dutifully fulfilling the resource requests of the data center.To read this article in full or to leave a comment, please click here(Insider Story)

Police arrest blackmail suspect in TalkTalk data breach case

Police believe they may have found the person who tried to blackmail the CEO of TalkTalk, the U.K. telecommunications company that was the target of a data breach.Following the attack on Oct. 21, in which customers' personal information was accessed, TalkTalk CEO Dido Harding said she had received a ransom demand via email.Police have now arrested an 18-year-old on suspicion of blackmail, the fifth arrest made in connection with an attack on the company's website in which customers' personal information was accessed.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers London's Metropolitan Police Service said officers from its Cyber Crime Unit and from the Southern Wales Regional Organised Crime Unit made the latest arrest in Llanelli, Wales, after searching an address there. The person has been released on bail without charge while police continue their investigation.To read this article in full or to leave a comment, please click here

Holiday light show set in Skyrim using Light-O-Rama

Just because you love your privacy doesn’t mean you can’t make kids of all ages smile with a holiday light show. It’s not like they will be peering into your house. I’m excited to be having my first light show this year, having recently purchased a Light-O-Rama controller and software. As word leaked out about my light show, I warned people it’s not going to be all that this year. What kind of silly soul gets the hardware, tries to learn the software, how to program songs, learns about circuits, makes their own props, sets up and kicks off a show in a mere 30 days? Yes, my adventure was more like how not to do a light show.The fault is mine as I set a goal of getting it up and running by Thanksgiving night, thinking kids don’t have school the next day. Although I told only one person, when I went to vote on Election Day he was spreading the word. Then a lady approached me about bringing a bus load of kids to the show as a Thanksgiving treat. Great; I’m a total noob who doesn’t know what I’m doing yet and it’s only the first Continue reading

Slack has transformed the way teams communicate & they now plan to go IPO!

Having kept my pensive empty for quite some time now its time for a kick start. And what better way to start than to talk about Slack - A communication tool that has revolutionized intra-team, inter-team interactions and day to day messaging.
After the dot com burst and the difficult times of 2009 technology industry is now at a point where innovation is ever more flourishing with new companies announcing their birth and the more mature ones going through multiple rounds of funding, acquisitions and IPOs. Slack is one such company that has gone from a small startup to a multi-billion dollar venture and now in the process of going IPO (TechCrunch). The customer first approach with product re-engineering from customer feedback has yet again proved to be one of the most important ingredients to being successful along with laser sharp focus areas. Slack's growth trajectory is clearly exponential, one that I'm sure any founder would love to have in their annual revenue reports.

Being an engineer in a startup, I am lucky enough to be using this communication tool daily. Having used other paid tools like Cisco Jabber to the free ones like Google Hangouts, Skype and Continue reading

This gizmo knows your Amex card number before you’ve received it

A device built by legendary hacker Samy Kamkar calls into question the security of payment cards as the U.S. continues to grapples with card fraud. Kamkar's device, nicknamed MagSpoof, is about the size of a U.S. quarter, and it's safe to say it would be a fraudster's dream. MagSpoof can predict what a new American Express card number will be based on a canceled card's number. The new expiration date can also be predicted based on when the replacement card was requested. It can also trick point-of-sale readers into accepting payment from cards that are supposed to have a microchip with advanced cryptographic capabilities designed to deter fraud, a system known as chip-and-PIN, but do not.To read this article in full or to leave a comment, please click here

1 3,230 3,231 3,232 3,233 3,234 3,837