Intel says GPU malware is no reason to panic, yet

Malware that runs inside GPUs (graphics processing units) can be harder to detect, but is not completely invisible to security products.Researchers from Intel division McAfee Labs teamed up with members of Intel's Visual and Parallel Computing Group to analyze a proof-of-concept GPU malware program dubbed JellyFish that was released in March.Their conclusion, which was included in McAfee's latest quarterly threat report, is that running malicious code inside GPUs still has significant drawbacks and is not nearly as stealthy as its developers suggested.To read this article in full or to leave a comment, please click here

The Blame Pipeline

wc_pipeline sketch

Talk to any modern IT person about shifting the landscape of how teams work and I can guarantee you that you’ll hear a bit about DevOps as well as “siloed” organizational structures. Fingers get pointed in all directions as to the real culprit behind dysfunctional architecture. Perhaps changing the silo term to something more appropriate will help organizations sort out where the real issues lie.

You Dropped A Bomb On Me

Silos, or stovepipes, are an artifact of reporting structures of days gone by. Greg Ferro (@EtherealMind) has a great piece on the evils of ITIL. In it, he talks about how the silo structure creates blame passing issues and lack of responsibility for problem determination and solving.

I think Greg is spot on here. But I also think that the love of blame extends in the other direction too. It is one thing to have the storage team telling everyone that the arrays are working so it’s not their problem. It’s another issue entirely when the CxO-level folks come down from the High Holy Boardroom to hunt for heads when something goes wrong. They aren’t looking to root out the cause of the issue. They want someone Continue reading

DARPA looking to sling and recover drones from aircraft motherships

The Defense Advanced Research Projects Agency is moving forward with a program that will launch and recover volleys of small unmanned aircraft from one or more existing large airplanes such as B-52s, B-1s or C-130s.The Gremlins program has as a goal to launch groups of drones or gremlins from large aircraft such as bombers or transport aircraft, as well as from fighters and other small, fixed-wing platforms while those planes are out of range of adversary defenses. When the gremlins complete their mission, a C-130 transport aircraft would retrieve them in the air and carry them home, where ground crews would prepare them for their next use within 24 hours, DARPA said.To read this article in full or to leave a comment, please click here

Intel: Criminals getting better at data exfiltration

Enterprises tend to be highly focused on keeping attackers out of their systems, but most of the actual damage happens not when the bad guys first break in, but when they're able to successfully steal data -- and the techniques they're using to do this are getting steadily more sophisticated.One of the ways that attackers evade detection is to disguize the data before sending it out, according to a new report from Intel Security."They are compressing the data so that it's smaller in size, or making it look like something else," said Intel Security CTO Steve Grobman. "Or they cut it up into little pieces and send the pieces to different places, so that the attacker can then pick up all the chunks and reassemble them."To read this article in full or to leave a comment, please click here

The Web’s ten most dangerous neighborhoods

Wouldn't it be convenient if all the spam and malware sites were all grouped together under one top-level domain -- .evil, say -- so that they would be easy to avoid? According to a new study from Blue Coat, there are in fact ten such top-level domains, where 95 percent or more of sites pose a potential threat to visitors.The worst offenders were the .zip and the .review top-level domains, with 100 percent of all sites rated as "shady," according to the report.The report is based on an analysis of tens of millions of websites visited by Blue Coat's 75 million global users. In order to protect its customers, Blue Coat has a database where it ranks websites on whether they have legitimate content, or malware, spam, scams, phishing attacks or other suspicious behaviors.To read this article in full or to leave a comment, please click here

The Global Village Idiot

I recall from some years back, when we were debating in Australia some national Internet censorship proposal de jour, that if the Internet represented a new Global Village then Australia was trying very hard to position itself as the Global Village Idiot. And the current situation with Australia’s new Data Retention laws may well support a case for reviving that sentiment.

Bought a brand-new phone? It could still have malware

A new phone is supposed to be a clean slate. But alarmingly, that's not always the case.Security company G Data has identified more than 20 mobile phones that have malware installed despite being marketed as new, according to a research report. And it doesn't appear the infection is occurring during manufacturing."Somebody is unlocking the phone and putting the malware on there and relocking the phone," said Andy Hayter, security evangelist for G Data.Many of the suspect phones are sold in Asia and Europe through third parties or middleman and aren't coming directly from the manufacturers, Hayter said.Brands of affected phones include Xiaomi, Huawei, Lenovo, Alps, ConCorde, DJC, Sesonn and Xido.To read this article in full or to leave a comment, please click here

Former Secret Service agent admits $820K Silk Road theft

A former Secret Service agent admitted Monday to stealing US$820,000 worth of bitcoins from Silk Road vendors during the investigation of the online contraband market.Shaun W. Bridges, 32, of Laurel, Maryland, pleaded guilty in the U.S. District Court for the Northern District of California to money laundering and obstruction of justice. He is scheduled for sentencing on Dec. 7, according to prosecutors.Bridges was one of two federal investigators charged with crimes committed during the probe of the Silk Road, which was shut down in October 2013.To read this article in full or to leave a comment, please click here

The Importance of Quality in Infrastructure Software

Infrastructure doesn’t matter.

That’s what we keep hearing, right? The ongoing effort to commoditize infrastructure has generated a lot of buzzwords and clickbait taglines, and this is one of the biggest.

IT infrastructure has had a long history of hero culture, and it’s easy to make the assumption - given how low many of these technologies sit in the stack - that we are the important snowflakes and that we run the whole show. The reality is that we don’t, and every time an application engineering team has to hold a series of meetings on how to properly work on the existing infrastructure, that is time spent not creating new features.

The reality is that the underlying infrastructure never stopped being important. The call to simplify these layers was never borne out of a desire to sweep the carpet out from beneath ones own feet. It was a call for help; application teams barely have time to meet the feature requirements laid out by the business, and having to deal with downtime or overbearing change management procedures makes a bad situation worse. The business is not measuring software project success by the number of challenges they overcame on our way Continue reading

The Importance of Quality in Infrastructure Software

Infrastructure doesn’t matter.

That’s what we keep hearing, right? The ongoing effort to commoditize infrastructure has generated a lot of buzzwords and clickbait taglines, and this is one of the biggest.

IT infrastructure has had a long history of hero culture, and it’s easy to make the assumption - given how low many of these technologies sit in the stack - that we are the important snowflakes and that we run the whole show. The reality is that we don’t, and every time an application engineering team has to hold a series of meetings on how to properly work on the existing infrastructure, that is time spent not creating new features.

The reality is that the underlying infrastructure never stopped being important. The call to simplify these layers was never borne out of a desire to sweep the carpet out from beneath ones own feet. It was a call for help; application teams barely have time to meet the feature requirements laid out by the business, and having to deal with downtime or overbearing change management procedures makes a bad situation worse. The business is not measuring software project success by the number of challenges they overcame on our way Continue reading

The Importance of Quality in Infrastructure Software

Infrastructure doesn’t matter. That’s what we keep hearing, right? The ongoing effort to commoditize infrastructure has generated a lot of buzzwords and clickbait taglines, and this is one of the biggest. IT infrastructure has had a long history of hero culture, and it’s easy to make the assumption - given how low many of these technologies sit in the stack - that we are the important snowflakes and that we run the whole show.

The Importance of Quality in Infrastructure Software

Infrastructure doesn’t matter. That’s what we keep hearing, right? The ongoing effort to commoditize infrastructure has generated a lot of buzzwords and clickbait taglines, and this is one of the biggest. IT infrastructure has had a long history of hero culture, and it’s easy to make the assumption - given how low many of these technologies sit in the stack - that we are the important snowflakes and that we run the whole show.

Railgun v5 has landed: better, faster, lighter

Three years ago we launched Railgun, CloudFlare's origin network optimizer. Railgun allows us to cache the uncacheable to accelerate the connection between CloudFlare and our customers' origin servers. That brings the benefit of a CDN to even dynamic content with no need for 'fast purging' or other tricks. With Railgun even dynamic, ever-changing pages benefit from caching.

CC BY 2.0 image by Nathan E Photography

Over those three years Railgun has been deployed widely by our customers to accelerate the delivery of their web sites and lower their bandwidth costs.

Today we're announcing the availability of Railgun v5 with a number of significant improvements:

We've substantially reduced memory utilization and CPU requirements

Railgun performs delta compression on every request/response requiring CPU (to perform the compression) and memory (to keep a cache of pages to delta against). Version 5 has undergone extensive optimization based on the performance of Railgun on large web sites and at hosting providers. Version 5 requires much less memory and lower CPU.

A new, lighter weight, faster wire protocol

The original Railgun wire protocol that transfer requests and compressed responses between the customer server and CloudFlare's infrastructure has been completely replaced with a new, lighter-weight Continue reading

Networking Field day 10 – Nuage Networks

I just got done watching all the Nuage Networks videos from Networking Field Day 10 (NFD10) and I’m quite impressed with the presentation they gave.  If you haven’t watched them yet, I would recommend you do…

Nuage Networks Intro

Nuage Networks Evolution of Wide Area Networking

Nuage Networks Onboarding the Branch Demo

Nuage Networks Application Flexibility Demo

Nuage Networks Boundary-less Wide Are Networking

Here are some things I thought were worth highlighting…

A consistent Model
What I find interesting about Nuage is their approach.  Most startup networking companies these days limit their focus to one area of the network.  The data center is certainly a popular area but others are focusing on the WAN as well.  Nuage is tackling both. 

I heard a couple of times in the presentation statements like “users are stuck in the past” or “the network model has to be consistent”.  The problem with any overlay based network solution is that ,at some point, you need to connect it back to the ‘normal’ network.  Whether that entails bridging a physical appliance into the overlay, or actually peering the physical into the overlay, the story usually starts to get messy. Continue reading

Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick

Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.The average user has some 20 passwords today, and in general the easier they are to remember, the less secure they are. When passwords are used across multiple websites, they become even weaker.Manuel Blum, a professor of computer science at Carnegie Mellon University who won the Turing Award in 1995, has been working on what he calls "human computable" passwords that are not only relatively secure but also don't require us to memorize a different one for each site. Instead, we learn ahead of time an algorithm and a personal, private key, and we use them with the website's name to create and re-create our own unique passwords on the fly for any website at any time.To read this article in full or to leave a comment, please click here

1 3,253 3,254 3,255 3,256 3,257 3,756