Worth Reading: You can’t replace biometrics

Some security researchers refer to authentication systems based on fingerprints – such as unlocking an iPhone by using the home button’s fingerprint reader – as a type of active biometrics, as opposed to passive biometrics, which might look at the location or MAC address of a PC that is attempting to log into a banking application. And when active-biometrics data gets stolen, there’s little that victims can do to prevent the data from being abused. via bankinfo security

The post Worth Reading: You can’t replace biometrics appeared first on 'net work.

EMV sets the stage for a better payment future

Yesterday was the deadline. Finally, the United States is switching from the old-fashioned swiping method for credit card transactions to the more secure chip-based system scheme dubbed EMV (for Europay, MasterCard, and Visa, which together originated the technology).The chip is harder to counterfeit, and unlike magnetic stripes, it can't be easily read and duplicated, which is what credit-card counterfeiters have long done. In other countries, the chip is coupled with a PIN, so if someone steals the card, they can't use it unless they also know your PIN -- a form of second-factor authentication U.S. debit cards have long used, but not U.S. credit cards. However, U.S. banks are not requiring the use of PINs with chip cards; the old-fashioned, security-irrelevant signature will still be used here.To read this article in full or to leave a comment, please click here

10 gloriously excessive PC cooling setups

The start of something gloriousImage by SWNS TVThere’s a common refrain in some corners of the PC enthusiast community: “May our frame rates be high and our temperatures low.” More than a mere utterance, it’s a simple, straightforward embrace of the very best that the PC has to offer. There’s a lot of power in those words—and some people truly take them to heart.To read this article in full or to leave a comment, please click here

Designing Active-Active and Disaster Recovery Data Centers

A year ago I was a firm believer in the unlimited powers of Software-Defined Data Centers and their ability to simplify workload migrations. After all, if you can use an API to create any data center object, what’s stopping you from moving the workload running in a data center to another location.

As always, there’s a huge difference between theory and reality.

Risky Business #385 — Richard Bejtlich talks USA/China espionage agreement

******LANGUAGE WARNING: The f-bomb features, unbleeped, once in this week's show. Just a note for those of you with the kids in the car.

On this week's show we're chatting with FireEye's chief security strategist Richard Bejtlich about this new agreement between China and the USA. The two countries have apparently agreed that they won't hack each other with the aim of stealing IP anymore. Questions to Richard include: Are they kidding? And: How did they announce this with a straight face?

read more

Breach at Experian may have exposed data on 15 million consumers linked to T-Mobile

A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers' license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.There's no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.To read this article in full or to leave a comment, please click here

Breach at Experian may have exposed data on 15 million consumers linked to T-Mobile

A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers' license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.There's no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.To read this article in full or to leave a comment, please click here

Italtel Applies Cisco’s APIC-EM and Joins Intel’s Network Builders

The Italian carrier shows off some SDN/NFV prowess.

Ansible + AWS: Re-Inventing Cloud Automation

Amazon Web Services and Ansible together make a great pair. AWS is a popular cloud target for Ansible users, and the reasons are clear: Ansible offers built-in support for over 20 different AWS capabilities with 50 different easy-to-use and understand Ansible modules. And as always, from on-premise to cloud, you can automate 100% of your infrastructure without ever installing an agent.

The takeaway? If your IT organizations is serious about AWS, then it needs to be serious about Ansible automation.

Come visit Ansible in booth 439 at re:Invent 2015 to learn how customers are using the Ansible automation platform to re-invent how they’re managing their cloud applications. Whether you’re just dipping your toe into the cloud, or are already running a fully-automated devops-enabled environment, Ansible is the key to unlocking the full benefit of moving to the cloud.

Connect with our team at the show:

If you’re new to Ansible, this is your opportunity to hit us with whatever questions you have about how Continue reading

Lagrange’s ADC Hooks Into the Application Layer

The cloud's app layer is the place to scale an ADC, Lagrange says.

IDG Contributor Network: Fiber map sheds light on infrastructure trends and weaknesses

If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here

IDG Contributor Network: Fiber map sheds light on infrastructure trends and weaknesses

If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here

What’s Next for the ONF?

Is OpenFlow enough? Or should the ONF become a software development organization?

Looking back 30 years as a sysadmin

Looking back after spending more than 30 years as a Unix systems administrator, I have to say that's it's been quite a ride.It certainly wasn't 30+ years of doing the same thing. Instead, the technology and the job have gone through incredible changes along the way. There were dramatic improvements in the hardware that I managed and always plenty of new tools to learn and use.[See also: 18 cardinal rules of systems administration ]Over the years, I went from reveling in how much work I could get done on the command line to grappling with some big issues -- troubleshooting some very complicated problems and figuring out how to best protect my employers' information assets. Along the way, I worked with some amazing individuals, got laid off (once), and learned a lot about what works and doesn't work both from a technical and a career perspective.To read this article in full or to leave a comment, please click here

Looking back 30 years as a sysadmin

Looking back after spending more than 30 years as a Unix systems administrator, I have to say that's it's been quite a ride.It certainly wasn't 30+ years of doing the same thing. Instead, the technology and the job have gone through incredible changes along the way. There were dramatic improvements in the hardware that I managed and always plenty of new tools to learn and use.[See also: 18 cardinal rules of systems administration ]Over the years, I went from reveling in how much work I could get done on the command line to grappling with some big issues -- troubleshooting some very complicated problems and figuring out how to best protect my employers' information assets. Along the way, I worked with some amazing individuals, got laid off (once), and learned a lot about what works and doesn't work both from a technical and a career perspective.To read this article in full or to leave a comment, please click here

Microsoft’s antivirus software sees massive improvement in tests

For the longest time, Microsoft's antivirus programs have brought up the rear in tests, usually ranking near or in dead last. But recent tests from two respected antivirus testers show Microsoft has greatly improved its antivirus product and in a very short time.Germany's AV-Test Institute is something like Consumer Reports for antivirus software. It is the gold standard for AV software testing, and a good review from them can make your product a success. And for quite some time, Microsoft Security Essentials has been a laggard. But for the August tests, the scores improved.To read this article in full or to leave a comment, please click here

How to identify and thwart insider threats

It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.According to the SANS Institute and SpectorSoft, 74 percent of the 772 IT security professionals they recently surveyed are “concerned about malicious employees.” The survey pool spans 10 industries including financial, government, and technology and IT services. The survey data also shows that 32 percent of respondents “have no technology or process in place to prevent an insider attack”.To read this article in full or to leave a comment, please click here

Former Autonomy CEO Lynch sues HP for $150 million

Making good on the promise he made earlier this year, former Autonomy CEO Mike Lynch on Thursday filed a $150 million lawsuit against HP over what he called a public smear campaign against him and other Autonomy executives.“Over the past three years, HP has made many statements that were highly damaging to me and misleading to the stock market," Lynch said. "HP knew, or should have known, these statements were false."HP's ill-fated 2011 acquisition of the British software maker for $11.7 billion -- which later resulted in an $8.8 billion impairment charge -- was "doomed from the very beginning," Lynch said. "HP’s own documents, which the court will see, make clear that HP was simply incompetent in its operation of Autonomy."To read this article in full or to leave a comment, please click here

NASA targets Venus, asteroids with potential missions

NASA this week picked five possible contenders for a relatively low-cost robotic mission to space.The five candidates from a batch of 27 –include Venus, near-Earth object and asteroid operations – will ultimately be whittled down to one or two that will cost approximately $500 million, not including launch vehicle or post-launch operations, NASA stated.+More on Network World: 13 awesome and scary things in near Earth space+Each investigation team will receive $3 million to conduct concept design studies and analyses for NASA’s Discovery Program. After a detailed review and evaluation of each experiment, NASA will make the final selections by September 2016 for continued development leading up to launch possibly by 2020, NASA stated.To read this article in full or to leave a comment, please click here

Report: Target failed to execute security basics

Verizon consultants probed Target’s network for weaknesses in the immediate aftermath of the company’s 2013 breach and came back with results that point to one overriding – if not dramatic - lesson: be sure to implement basic security best practices.In a recent KrebsOnSecurity post, Brian Krebs details Verizon’s findings as set down in a Target corporate report.The findings demonstrate that it really is important to put in place all the mundane security best practices widely talked about, and that without them even the best new security platforms can’t defend against breaches.To read this article in full or to leave a comment, please click here