Winner claimed in $1 million iOS 9 hacking contest

A team of security researchers may have found a way to remotely penetrate the defenses of Apple's latest mobile OS, making them eligible for a $1 million reward. The money was offered in a contest run by a Washington, D.C.-based company called Zerodium, which is in the controversial business of buying and selling information about software vulnerabilities. It congratulated the winning team on Twitter Monday, though it didn't identify the researchers, which made its claim about finding a new security hole in iOS 9 impossible to verify.To read this article in full or to leave a comment, please click here

Speaking Notes: The Data Center Network Evolution

I will be presenting at the Cisco Connect Canada tour in Edmonton and Calgary on November 3rd and 5th, respectively. My presentation is about that three letter acronym that everyone loves to hate: SDN :-)

I will talk about SDN in general terms and describe what it really means; what we're really doing in the network when we say that it's “software defined”. No unicorns or fairy tales here, just engineering.

Next I'll talk about three areas where Cisco is introducing programmability into its data center solutions:

  • Application Centric Infrastructure
  • Virtual Topology System
  • Open NX-OS

Below are the notes I made for myself while researching these topics and preparing for the presentation. At the bottom of this post is a Q&A section with some frequently asked questions.

Calling All Switchers

Are you a switcher? That is, are you someone who has transitioned from one IT discipline to an entirely new IT discipline? Perhaps you were a storage gal for a long time, and now you’ve successfully transitioned into a networking career. Maybe you used to be a Windows admin, and now Linux is your thing. Or perhaps you were a networking guy, and now you’re coding like a madman. If this sounds like you, please read on!

If this describes you—or describes something you’re in the middle of doing—I’d love to talk to you. Please hit me on Twitter (I’m @scott_lowe), or drop me an e-mail (use [email protected], substituting the correct values). I promise it won’t take much of your time, and we can do this via whatever medium makes the most sense: e-mail, telephone, Skype, instant messaging, IRC…you let me know. I’m particularly interested in talking to folks to have made a really dramatic transition, not just moving from being a server administrator to being a virtualization administrator (let’s face it, those two roles are fairly similar).

Thanks, and I look forward to hearing from you soon!

Google patches critical media processing flaws in Android

New security patches for Google's Nexus devices address seven vulnerabilities, two of which are critical and could allow for remote code execution when handling media files.The updates, released on Monday, are part of Google's recently introduced monthly patch cycle and are available for Nexus devices running both Android 5.1 (Lollipop) and 6.0 (Marshmallow). The source code for the fixes will also be added to the Android Open Source Project (AOSP) over the next 48 hours.The most serious flaws patched in this release are tracked as CVE-2015-6608 and CVE-2015-6609, and are located in the mediaserver and libutils components of Android, respectively. Both vulnerabilities can be exploited remotely through specially crafted media files.To read this article in full or to leave a comment, please click here

Chaos Computer Club: Apple rejected TV-streaming app because of hacking iOS talks

Despite Apple having championed privacy and encryption, and having its most profitable year yet, the company is apparently not above censoring free speech on its Apple TV platform. The Chaos Computer Club claimed that Apple rejected the CCC's TV app that would allow viewers to stream the hacking conference because researchers have previously presented talks centered on hacking iOS.To read this article in full or to leave a comment, please click here

Chaos Computer Club: Apple rejected TV streaming app because of hacking iOS talks

Despite Apple having championed privacy and encryption, and having its most profitable year yet, the company is apparently not above censoring free speech on its Apple TV platform. The Chaos Computer Club claimed that Apple rejected the CCC’s TV app that would allow viewers to stream the hacking conference because researchers have previously presented talks centered on hacking iOS.To read this article in full or to leave a comment, please click here

Worth Reading: Avago buys Broadcom

If the modern datacenter has taught us anything, it is that scale matters and as it turns out it matters for the manufacturers of the devices that go into various systems in the datacenter as much as it does for those who deploy and use those systems. It is with this in mind that we ponder the implications of the $37 billion acquisition of networking and wannabe server processor maker Broadcom by the recently very acquisitive Avago Technology, a maker of chips for optical networking, server networking, and storage controllers, among other things. via the platform

The post Worth Reading: Avago buys Broadcom appeared first on 'net work.

Rail-launched rocket set to blast NASA satellite network swarm into space

It’s a space mission of firsts. First -- a flock of eight, 4lb tissue box-sized satellites will be launched into space in a proof-of-concept mission that will show how multiple, yet affordable nanosatellites can handle astrophysics duties or perform planetary science investigations, such as placing a network of satellites around an asteroid, Earth’s moon, or another planet.+More on Network World: Gartner: Risk, relentless data center demand, open source and other tech trends IT needs to know+To read this article in full or to leave a comment, please click here

How to earn the trust of millennials concerned with security

Part of a great marketing strategy includes building trust with consumers, especially with influential groups like millennials. You might also call them Generation Y or digital natives, but whatever you call them, it applies anyone born between 1980 and the early 2000s. This group is usually top of the list for companies’ brand awareness efforts, but the biggest threat to your marketing strategy lies more in your approach to cybersecurity than how much money you spend on advertising.Intercede, a company specializing in identity management and secure authentication technology, surveyed roughly 1,000 U.S .and 1,000 U.K. participants aged 16 to 35 about levels of digital trust. And the study found that millennials have suspicious attitudes and a general mistrust towards businesses. In a time where celebrities’ iCloud accounts are hacked and every few months there is another data breach, it makes sense for young people to have a general sense of uncertainty towards where their data goes and how it’s used.To read this article in full or to leave a comment, please click here

Forrester’s top 10 predictions for business in 2016 — and what they mean for tech

2016 will be a year of action for companies. It will be the year that the companies that thrive will be those advancing down the customer obsession path — while those that downplay their customers’ needs will start to wither away.The good news? You and your technology teams have a critical role in helping — and in some cases, leading — your organization in adapting and thriving in the age of the customer.Here are the top trends Forrester sees shaping your business in 2016, and what you can do to advance them.1. Personalization is the new bar. What it means: The level and quality of contextual, personalized experiences will be a key determinant of who wins mindshare and share of wallet.To read this article in full or to leave a comment, please click here

OpenStack Summit – Tokyo – 2015 – Wednesday 28th – Show Notes

It’s Tuesday, it’s 9am and most people have hangovers from the numerous evening events going on in and around Takanawa. 

The opening keynote seemed to revolve around Neutron and the great work Kyle (@mestery) has been doing as the project technical lead (PTL) of Neutron. Seriously, Neutron has the highest activity rate of all projects. Some argue that Neutron is too complicated and previous to attending the summit, rumours were rife around increasing support for simplifying Neutron to replacing it with Open Daylight. Needless to say, there are parties out there that want to see Neutron dead and claim it’s just too complicated to use.

So, to some keynote ‘framing’ figures: In 2014, 68% if OpenStack users (at least of those reporting) were making use of Neutron. Just one year later and it’s jumped to 89%! Maybe this can be attributed to OpenvSwitch and OVN, but either way, usage is increasing. This could also be attributed to new users not wanting to veer away from the popular projects.

With regards to the ever standing argument of “OpenStack isn’t ready for wide adoption”, which is self perpetuating, the guest speakers who were part of the keynotes, seemed to Continue reading

Paper: Coordination Avoidance in Distributed Databases By Peter Bailis

Peter Bailis has released the work of a lifetime, his dissertion is now available online: Coordination Avoidance in Distributed Databases.

The topic Peter is addressing is summed up nicely by his thesis statement: 

Many semantic requirements of database-backed applications can be efficiently enforced without coordination, thus improving scalability, latency, and availability.

I'd like to say I've read the entire dissertation and can offer cogent insightful analysis, but that would be a lie. Though I have watched several of Peter's videos (see Related Articles). He's doing important and interesting work, that as much University research has done, may change the future of what everyone is doing.

From the introduction:

The rise of Internet-scale geo-replicated services has led to upheaval in the design of modern data management systems. Given the availability, latency, and throughput penalties associated with classic mechanisms such as serializable transactions, a broad class of systems (e.g., “NoSQL”) has sought weaker alternatives that reduce the use of expensive coordination during system operation, often at the cost of application integrity. When can we safely forego the cost of this expensive coordination, and when must we pay the price?

In this thesis, we investigate the potential for coordination avoidance—the Continue reading

1 3,255 3,256 3,257 3,258 3,259 3,834