BitLocker encryption can be defeated with trivial Windows authentication bypass

Companies relying on Microsoft BitLocker to encrypt the drives of their employees' computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.When domain-based authentication is used on Windows, the user's password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.To read this article in full or to leave a comment, please click here

The secret to a successful identity provider deployment: federate your identity data with a hub

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Companies are securing more users who are accessing more applications from more places through more devices than ever before, and all this diversity is stretching the current landscape of identity and access management (IAM) into places it was never designed to reach. At the same time, security has never been more paramount—or difficult to ensure, given today’s outdated and overly complex legacy identity systems. I call this the “n-squared problem,” where we’re trying to make too many hard-coded connections to too many sources, each with its own protocols and requirements.

To read this article in full or to leave a comment, please click here

How to solve today’s top three virtual environment challenges

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Virtualization is a mature technology but if you don’t have a virtualization wizard on staff managing the environment can be a challenge. Benefits such as flexibility, scalability and cost savings can quickly give way to security risks, resource waste and infrastructure performance degradation, so it is as important to understand common virtual environment problems and how to solve them.

The issues tend to fall into three main areas: virtual machine (VM) sprawl, capacity planning and change management. Here’s a deeper look at the problems and what you can do to address them:

To read this article in full or to leave a comment, please click here

Stupidity rules: Almost 24 aircraft hit with lasers in one night

Maybe it was a full moon or maybe all the dolts just came out at once, but the Federal Aviation Administration reported that lasers hit nearly two dozen aircraft across the US last night. Sadly the average number of laser strikes on aircraft is about 16 per day. FBI The FAA said three laser strikes were reported in the New York City/Newark, N.J early in the evening, followed by three incidents in Texas, where jets were struck while preparing to land at Dallas Love Field. By late evening, pilots reported laser incidents in cities from Dallas to Los Angeles and San Juan.To read this article in full or to leave a comment, please click here

Cops pull over Google driverless car — but not for speeding

Google's self-driving car had a run-in with the law this week.A Mountain View, Calif. motorcycle police officer pulled over a Google autonomous car for driving too slowly, and a photo of the roadside stop posted to Facebook by Zandr Milewski has gone viral. [ Get the latest tech news with Computerworld's daily newsletters. ] Google responded to the hubbub yesterday on its Self-Driving Car Project page on Google+.To read this article in full or to leave a comment, please click here

SC15 live real-time weathermap

Connect to http://inmon.sc15.org/sflow-rt/app/sc15-weather/html/ between now and November 19th to see a real-time heat map of the The International Conference for High Performance Computing, Networking, Storage and Analysis (SC15) network.

From the SCinet web page, "SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet will link the convention center to research and commercial networks around the world. In doing so, SCinet serves as the platform for exhibitors to demonstrate the advanced computing resources of their home institutions and elsewhere by supporting a wide variety of bandwidth-driven applications including supercomputing and cloud computing."

The real-time weathermap leverages industry standard sFlow instrumentation built into network switch and router hardware to provide scaleable monitoring of the over 6 Terrabit/s aggregate link capacity comprising the SCinet network. Link colors are updated every second to reflect operational status and utilization of each link.

Clicking on a link in the map pops up a 1 second resolution strip chart showing the protocol mix carried by the link.

The SCinet real-time weathermap was constructed using open source components running on the sFlow-RT real-time analytics engine. Download sFlow-RT and see what Continue reading

CISO bets on cloud security services to protect data

In what could be considered an unusual move at a time when most companies choose to keep their cybersecurity tools on-premises, John Graham, CISO for Jabil Circuit, says the manufacturing services company is adopting more cloud security services. Graham says that moving to the cloud lets the company focus on its core business of making high-precision molds, mechanical tools and medical devices. More specifically, it allows his tech staff to focus on threat analytics. Graham expects Jabil’s cloud migration strategy to become the rule rather than the exception. John Graham, CISO for Jabil Circuit.To read this article in full or to leave a comment, please click here

PlexxiPulse—NHHTC Product of the Year

Last night, Plexxi received the Product of the Year Award from the New Hampshire High Tech Council. More than 200 people, including New Hampshire Governor Maggie Hassan, were on hand as we received the award for our Switch 2 solution. We’re proud to be recognized by an organization that values the advancement of innovation throughout the state of New Hampshire. Plexxi is committed to growing the local tech economy by producing dynamic solutions and hiring the best talent the state has to offer. Congratulations to all of the finalists and companies that are dedicated to shaping an ecosystem for technology companies to grow and succeed in New Hampshire.

NHHTC

 Pictured Left to Right: Peter Antoinette, co-founder, president and CEO of Nanocomp Technologies, and prior Product of the Year Award winner; Paul Mailhot, VP of Business Operations at Dyn and chairman of the Council’s board of directors; Michael Welts, VP of Marketing at Plexxi; Toral Cowieson, Senior Director of Internet Leadership at the Internet Society and the Council’s vice chair; and Matt Cookson, president of Cookson Strategies and the Council’s Executive Director.

Our CEO Rich Napolitano penned a byline this week in ITProPortal that chronicles the past three “eras” of IT, and Continue reading

Stuff The Internet Says On Scalability For November 13th, 2015

Hey, it's HighScalability time:


Gorgeous picture of where microbes live in species. Humans have the most. (M. WARDEH ET AL)

  • 14.3 billion: Alibaba single day sales; 1.55 billion: Facebook monthly active users; 6 billion: Snapchat video views per day; unlimited: now defined as 300 GB by Comcast; 80km: circumference of China's proposed supercolider; 500: alien worlds visualized; 50: future sensors per acre on farms; 1 million: Instagram requests per second.

  • Quotable Quotes:
    • Adam Savage~ Lesson learned: do not test fire rockets indoors.
    • dave_sullivan: I'm going to say something unpopular, but horizontally-scaled deep learning is overkill for most applications. Can anyone here present a use case where they have personally needed horizontal scaling because a Titan X couldn't fit what they were trying to do? 
    • @bcantrill: Question I've been posing at #KubeCon: are we near Peak Confusion in the container space? Consensus: no -- confusion still accelerating!
    • @PeterGleick: When I was born, CO2 levels were  ~300 ppm. This week may be the last time anyone alive will see less than 400 ppm. 
    • @patio11: "So I'm clear on this: our business is to employ Continue reading

Intralinks is built from the ground up for secure enterprise file sharing and collaboration

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Close to 20 years ago I was working with a company in the process of a blockbuster merger with a competitor. The company set up numerous closed-door "clean rooms" at headquarters where teams from both companies could work through the details of the proposed deal. Scores of people from the target company came to town and lived in hotels for weeks on end.Those of us not on the merger team watched daily as boxes of documents were carted into the clean rooms. We assumed the boxes contained each company's most sensitive business information. The people in those rooms were charged with deciding if the merger was the right thing to do. They hoped the answers would be found in those precious documents. Apparently they were because the merger went through.To read this article in full or to leave a comment, please click here

Continuous integration tools can be the Achilles heel for a company’s IT security

Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.These so-called continuous integration (CI) tools allow developers to automatically create software builds when code changes are contributed by developers to a central repository. The creation of these builds, which are used for quality control, is coordinated by a CI master server based on predefined rules and done on CI slave machines.If hackers manage to access a CI master server, they can steal proprietary source code, but also gain the ability to execute commands on all the machines that operate as CI slaves, security researcher and penetration tester Nikhil Mittal said Friday in a presentation at the Black Hat Europe security conference in Amsterdam. "This access could be used for lateral movement to get access to more machines."To read this article in full or to leave a comment, please click here

IDG Contributor Network: Scientists developing high-performing battery for electric cars and drones

Lithium-oxygen batteries will be 10 times as energy-dense as the lithium-ion technology we're using today. It will be significantly lighter than anything we've seen to date.Why the obsession with weight reduction in batteries?Weight is an issue in vehicle battery chemistry because the heavier a vehicle is, the more power you need to propel it. Which means you need more batteries. That results in more weight, and it becomes an ever-decreasing circle.Diminishing returns As things stand now, you can't just keep adding more powerful batteries, because they add weight and size, and actually result in that diminishing return.To read this article in full or to leave a comment, please click here

10 offbeat, odd, and downright weird places you’ll find Linux

The OS that took over the worldImage by David Marsh/FlickrLet's just get this out of the way: this isn't the year of Linux on the desktop. That year will probably never arrive. But Linux has gotten just about everywhere else, and the Linux community can take a bow for making that happen. Android, based on the Linux kernel, is so prevalent on mobile devices that it makes the longstanding desktop quest seem irrelevant. But beyond Android there are a number of places where you can find Linux that are truly odd and intriguing, and by "places" we mean both strange devices and weird geographical locations. This slideshow will show you that it's always the year of Linux pretty much everywhere.To read this article in full or to leave a comment, please click here

1 3,247 3,248 3,249 3,250 3,251 3,841