0

Is Apple’s walled garden showing signs of erosion?

Apple has long benefitted from a perception that its devices and the software that powers them are more safe and secure than the competition, but last year's high-profile iCloud hack and a recent large-scale malware attack bring Apple security into question. Earlier this month, Apple suffered a potentially catastrophic security lapse when malicious code injected into a counterfeit version of Xcode, the company's app development toolset, made its way into hundreds (and perhaps thousands) of apps from Chinese developers. The malware affected hugely popular apps, including WeChat, which was eventually pulled from the App Store. Apple failed to detect and stop the malware from entering its "walled garden" and gaining access to an untold number of customers' iOS devices.To read this article in full or to leave a comment, please click here

0

Breaking free of legacy tech

Rotary Club members who donate $1,000 or more to the Rotary Foundation get a lot of special attention. They are named Paul Harris Fellows in honor of the organization's founder. They receive a certificate and an elegant lapel pin. It's an important award in the Rotary world, and one that has been around since 1957. But recently it had become the source of a lot of unhappiness.When Discover Financial Services set out to expand its offerings beginning in 2007, the company's legacy technology was an obvious impediment, according to executive vice president and CIO Glenn Schneider. "As with many others who've been around for years and have multiple generations of technology in their data centers, the question was, how do we leverage that?" he says. The company's move into the banking business, with IRAs, CDs and many other types of accounts, made its banking platform an obvious choice for an update. "Our mission is to be the leading direct bank and payments platform," Schneider says. "We are all online, so to create competitive differentiation, we felt the necessity to start at the foundation level itself and create a new platform."To read this article in full or Continue reading

0

2015’s most dangerous celebrity web searches

DJ Armin van BuurenImage by Jorge Mejía PeraltaElectronic Dance Music (EDM) DJ Armin van Buuren replaces comedian and talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online. For the ninth year in a row, Intel Security researched popular culture’s most famous people to reveal which of them generates the most dangerous search results.To read this article in full or to leave a comment, please click here

0

Network security weaknesses plague federal agencies

In the shadow of the recent Office of Personnel Management break-in it likely comes as little surprise to many that the federal government needs to pick up its security game in a big way.This challenge is perhaps reflected best in report this week by watchdogs at the Government Accountability Office that shows despite years of recommendations and billions of dollars spent, most federal agencies remain frighteningly weak when it comes to cybersecurity.To read this article in full or to leave a comment, please click here

0

Four New Official Repos in Docker Hub: Gazebo, Rocket.chat, Joomla and Redmine

We’re excited to announce four new Official Repos that we added to Docker Hub in August and September. These repos are the newest additions to a growing library of curated content maintained by Docker and our partners. Docker users have … Continued

0

Teridion Raises $15M Series B for Cloud Routers on Demand

The startup uses public clouds and virtual routers to speed Internet traffic.

0

Strategy: Taming Linux Scheduler Jitter Using CPU Isolation and Thread Affinity

When nanoseconds matter you have to pay attention to OS scheduling details. Mark Price, who works in the rarified high performance environment of high finance, shows how in his excellent article on Reducing system jitter.

For a tuning example he uses the famous Disrupter inter-thread messaging library. The goal is to keep the OS continuously feeding CPUs work from high priority threads. His baseline test shows the fastest message is sent in 76 nanoseconds, 1 in 100 messages took longer than 2 milliseconds, and the longest delay was 11 milliseconds.

The next section of the article shows in loving detail how to bring those latencies lower and more consistent, a job many people will need to do in practice. You'll want to read the article for a full explanation, including how to use perf_events and HdrHistogram. It's really great at showing the process, but in short:

• Turning off power save mode on the CPU reduced brought the max latency from 11 msec down to 8 msec.
• Guaranteeing threads will always have CPU resources using CPU isolation and thread affinity brought the maximum latency down to 14 microseconds.

Related Articles

• Performance Testing at LMAX (Part Three)
• Improving journalling latency
• A Toolkit Continue reading

0

Verisign introduces free, privacy-focused public DNS

When it comes to domain name systems (DNS), there are a lot of choices available. Yesterday, Verisign introduced a free, public Domain Name System (DNS) service that respects users' privacy.I think we're all aware now that much of the information we put into websites is often sold and used for good and bad purposes. We search for certain restaurants and all of sudden we're being pushed coupons for it. We update our LinkedIn profile and now we're being approached about jobs at competing companies. When we purchase an item online with a credit card, the number may be stolen. Even though there are risks, we still do those activities because they make our lives more convenient, and for that we're willing to deal with the consequences.To read this article in full or to leave a comment, please click here

0

Verifying SSL Certificate Chains

Found this link very useful doing this:

http://www.herongyang.com/Cryptography/OpenSSL-Certificate-Path-Validation-Tests.html

Some useful commands:
Display a certificate:
openssl x509 -in test-cert-top.pem -noout -text

Display a certificate's issuer:
openssl x509 -in test-cert-top.pem -noout -issuer

Display a certificate's subject:
openssl x509 -in test-cert-top.pem -noout -subject

Verify a certificate:
openssl verify test-cert-top.pem

Verify a certificate chain with 3 certificates:
openssl verify -CAfile test-cert-bottom.pem -untrusted test-cert-middle.pem test-cert-top.pem
-CAfile keyword indicates which certificate is used as the root certificate, with the -untrusted option being set to validate the intermediate certificate in the chain

Verify a certificate chain with 2 certificates:
openssl verify -CAfile test-cert-bottom.pem test-cert-middle.pem

0

Dyreza malware steals IT supply chain credentials

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post."We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."To read this article in full or to leave a comment, please click here

0

Your Ansible Playbook for OpenStack Summit Tokyo

The next OpenStack Summit is quickly approaching -- and the schedule is, as always, packed with great sessions, collaboration days, social events, get-togethers, and more.

If you’re joining the event in Tokyo, which runs from October 27-30, and you’re a fan of Ansible, you just might be thinking to yourself… “If only there was a playbook for this!”

Behold! My amazing psychic capabilities alerted me to this exact scenario. Okay, not really, but: in, ahem, "playbook-inspired" format, you’ll find a list of tasks for each type of role -- conference sessions, OpenStack projects using Ansible to know about, the Ansible Collaboration Day onsite at Summit, and how to stay up to date with Ansible-related happenings on-site and beforehand.

Not familiar with Ansible yet, or how it works with OpenStack? Here's the great news: There will be plenty of opportunities for you to learn all about it at OpenStack Summit. And just like Ansible makes it easy for you to deploy and operate your OpenStack cloud -- this blog post makes it easy for you to find the Ansible-related content to get you started on your path to Ansible+OpenStack cloud bliss.

All you have to do is decide which Continue reading

0

Cisco acquires security consultancy

Cisco this week said it intends to purchase Portcullis, a privately held cybersecurity consultancy based in the United Kingdom.Terms of the deal were not disclosed.+MORE ON NETWORK WORLD: Cisco security chief: 4 things CISOs need to survive+ Cisco James Mobley, Cisco vice president of security solutionsTo read this article in full or to leave a comment, please click here

0

Worth Reading: Antivirus and Zero Day

Deploying multiple AV products might expand the total number of known malware signatures in your AV armor, but this approach doesn’t combat the biggest flaw: new, zero-day malware that no AV product has ever encountered (and therefore can’t possibly recognize). Even with frequent updates to the signature database, AV software just can’t keep up. via the cloud security alliance

The post Worth Reading: Antivirus and Zero Day appeared first on 'net work.

0

Beunos Aires

The post Beunos Aires appeared first on 'net work.

0

Datanauts 010 – Automation For Fun And Profit

The Datanauts look at how automation improves efficiency and breaks down silos. They discuss tools including Puppet, Chef, and PowerShell, and suggest how to get started with automation in your organization.

The post Datanauts 010 – Automation For Fun And Profit appeared first on Packet Pushers.

0

IDG Contributor Network: Consumers ‘feeling vulnerable’ about smart home security, report says

While half of consumers polled in a recent survey think that they are "adequately" protected from online threats on their computers, tablets, and smartphones, only 37% think the same protection is in place for their connected-home devices, such as IoT, gaming consoles, smart TVs, and thermostats.DNS service provider Nominium commissioned the report from market researcher YouGov in July. Polling consisted of 1,106 consumers in the United States.Less secure "Consumers find their digital world expanding at an astounding pace with more and more Internet-connected 'things,'" Nominium says of the report.To read this article in full or to leave a comment, please click here

0

New Release of Cisco ACI Eases Layer 4-7 Integration

The new release of Cisco Application Centric Infrastructure (ACI) includes innovations to ease Layer 4-7 network services integration.

0

Prepare for Job Interview with ipSpace.net Subscription

Did you know that many networking engineers use ipSpace.net webinars (and subscription) to prepare for the job interviews?

Here’s one of their success stories (name changed for obvious reasons):

Read more ...

0

SDN Progress is at GhandiCon 3 – September 2015 –

Are we at GhandiCon Three ?

The post SDN Progress is at GhandiCon 3 – September 2015 – appeared first on EtherealMind.

0

Measuring the Root KSK Keyroll

A little over five years ago the root zone of the DNS was signed with DNSSEC for the first time. At the time the Root Zone operators promised to execute a change of key in five years time. It's now that time and we are contemplating a roll of the root key of the DNS. The problem is that we believe that there are number of resolvers who are not going to follow the implicit signalling of a new key value. So for some users, for some domain names things will go dark when this key is rolled. Is there any way to predict in advance how big a problem this will be?