Tricky new malware replaces your entire browser with a dangerous Chrome lookalike

Security researchers have discovered a fiendish form of browser malware that stands in for your copy of Google Chrome and hopes you won’t notice the difference.As reported by PCRisk, the “eFast Browser” works by installing and running itself in place of Chrome. It’s based on Google’s Chromium open-source software, so it maintains the look and feel of Chrome at first glance, but its behavior is much worse.First, makes itself the default and takes over several system file associations, including HTML, JPG, PDF, and GIF, according to MalwareBytes. It also hijacks URL associations such as HTTP, HTTPS, and MAILTO, and replaces any Chrome desktop website shortcuts with its own versions. Essentially, eFast Browser makes sure to open itself at any opportunity.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Robots that make mistakes may be more useful, study says

Robots will have to be flawed if they are to create successful working relationships with humans, new research has found."Judgmental mistakes, wrong assumptions, expressing tiredness or boredom, or getting overexcited," will help humans "understand, relate to and interact" with robots more easily, Mriganka Biswas of the University of Lincoln in Britain says in an article on the university's website.Biswas has been conducting a study for a PhD on how humans interact with robots. Supporting caregivers Robots are increasingly being used to support caregivers, the article says.To read this article in full or to leave a comment, please click here

Target’s newest security problem: Pranksters taking over PA to blast X-rated audio

Back in September, Brian Krebs reported on a confidential Verizon security assessment of Target’s network done shortly after the company was breached in 2013; Verizon consultants found Target was using weak or default passwords, had failed to deploy critical security patches, were running outdated services and other basic security problems. Target is having trouble again, but this time it’s with pranksters “exploiting holes” in Target’s PA system. It could have been done as an early Halloween prank, except this wasn’t the first time X-rated audio has blasted from a Target store’s PA system.To read this article in full or to leave a comment, please click here

Privacy watchdogs give EU, US three months to negotiate new Safe Harbor deal

European data protection authorities have given the European Commission and national governments three months to come up with an alternative to the Safe Harbor agreement swept away two weeks ago by a ruling of the Court of Justice of the European Union.But any new agreement must protect the personal data of European citizens from massive and indiscriminate surveillance, which is incompatible with EU law, the data protection authorities making up the Article 29 Working Party said late Friday.Since the CJEU ruled on Oct. 6 that the Safe Harbor agreement between the Commission and U.S. authorities did not offer necessary legal guarantees, businesses that relied on it for the transfer of their customers' or employees' private personal information from the EU to the U.S. have been doing so in something of a legal vacuum.To read this article in full or to leave a comment, please click here

Segment: Rebuilding Our Infrastructure with Docker, ECS, and Terraform

This is a guest repost from Calvin French-Owen, CTO/Co-Founder of Segment

In Segment’s early days, our infrastructure was pretty hacked together. We provisioned instances through the AWS UI, had a graveyard of unused AMIs, and configuration was implemented three different ways.

As the business started taking off, we grew the size of the eng team and the complexity of our architecture. But working with production was still limited to a handful of folks who knew the arcane gotchas. We’d been improving the process incrementally, but we needed to give our infrastructure a deeper overhaul to keep moving quickly.

So a few months ago, we sat down and asked ourselves: “What would an infrastructure setup look like if we designed it today?”

Over the course of 10 weeks, we completely re-worked our infrastructure. We retired nearly every single instance and old config, moved our services to run in Docker containers, and switched over to use fresh AWS accounts.

We spent a lot of time thinking about how we could make a production setup that’s auditable, simple, and easy to use–while still allowing for the flexibility to scale and grow.

Here’s our solution.

Separate AWS Accounts

China reportedly tries to hack U.S. businesses the day after agreeing not to

Chinese hackers have gone after seven U.S. tech and pharmaceutical companies since the presidents of both countries agreed not to knowingly carry out corporate espionage, according to security firm CrowdStrike.The company says in a blog post that it has identified a known hacking group in China as intruding into the seven U.S. companies starting the day after Presidents Xi and Obama announced the pact.“It is important to note that this is not an exhaustive list of all the intrusions from Chinese-government affiliated actors we have detected during this time period; it is limited only to commercial entities that fit squarely within the hacking prohibitions covered under the Cyber agreement,” says CrowStrike CTO Dmitri Alperovitch.To read this article in full or to leave a comment, please click here

What Happens to RSA?

While last week’s Dell/EMC merger was certainly a blockbuster, nothing specific was mentioned about future plans for RSA Security.  Michael Dell did say that there were a “number of discussions about security” during the negotiations but apparently, no concrete plans.  Infosec reporters have lobbed phone calls into Round Rock Texas as well as Bedford and Hopkinton, MA looking for more details but Dell and EMC officials haven’t responded.Based upon a week of vague retorts, it’s safe to assume that there is no master plan for RSA at this time.  While we in the cybersecurity world have a nostalgic bond with RSA, it really is small potatoes as part of this mega-deal in the IT space.  Nevertheless, RSA is marquis $1b+ brand named company in the red hot cybersecurity space so there is certainly value to be had.To read this article in full or to leave a comment, please click here

Can You Answer Correctly? BGP Dual-omed With Different As-Path

R23 is configured with maximum-paths 2 and, as you can see, is in the dual-homed topology. All of the attributes are 100% identical with the exception of what you see listed in the picture below. R23 has 2 paths listed in its BGP table for all prefixes being advertised from R15 yet, only installs 1 into its RIB, why does this happen? In addition, what command can I use to fix my problem.

I know the answer but, do you? Leave your answer in the comments!

Screen Shot 2015-10-19 at 9.58.36 AM

Multitasking, Microtasking, and Macrotasking

One of the most frustrating things in my daily life is reaching lunch and not having a single thing I can point to as “done” for the day. I’m certain this is something every engineer faces from time to time — or even all the time (like me), because even Dilbert has something to say about it.

CRWkc6-UwAA1AAr

This is all the more frustrating for me because I actually don’t have clones (contrary to rumor #1), and I actually do sleep (contrary to rumor #2). I even spend time with my wife and kids from time to time, as well as volunteer at a local church and seminary (teaching philosophy/ethics/logic/theology/worldview/apologetics to a high school class, and being a web master/all around IT resource, guest lecturer, etc., in the other). My life’s motto seems to be waste not a moment, from reading to writing to research to, well just about everything that doesn’t involve other people (I try to never be in a hurry when dealing with people, though this it’s honestly hard to do).

So, without clones, and with sleep, how can we all learn to be more productive? I’m no master of time (honestly), but my first rule is: Continue reading

5 New Networking Requirements Driven By Internet of Things and Big Data

The Internet of Things is leading to an explosion in the data available to make faster and better-informed business decisions. The key to exploiting this data for business benefit is accessing it on demand and rapidly analyzing it to deliver value. This requires massive volumes of data be moved across the infrastructure, from distributed locations of rest, to locations of analysis. Many networks, however, are fragile, outdated and unprepared for that level of stress. This means it’s time for the network to undergo its own transformation to meet these data transport needs.

As data is created in greater amounts – and inevitably transferred between resources – the network must become increasingly powerful, flexible and agile in order to keep up with application demands.

Where can networks improve? What do they need that they don’t have now? We’ve outlined five different characteristics below.

Agility. Data and application agility is meaningless if the network cannot keep pace. And keeping pace means removing complexity, simplifying operations and embracing automation to provide a dynamic and responsive infrastructure

Scalability. In a dynamic data and application environment where data volumes are exploding, it’s about more than just scaling up. The challenge with scalability now is really Continue reading

Flash Player emergency patch fixes one flaw already being exploited, and two others

Adobe released a patch for a critical vulnerability in Flash Player faster than it originally anticipated in response to high-profile cyberespionage attacks against governmental targets.The latest Flash Player updates released Friday address a flaw that's already exploited by a Russian espionage group known as Pawn Storm, as well as two other critical vulnerabilities reported privately to Adobe.The CVE-2015-7645 vulnerability is actively exploited by the Pawn Storm group in attacks targeting several foreign affairs ministries from around the globe, security researchers from Trend Micro reported Tuesday.To read this article in full or to leave a comment, please click here

New products of the week 10.19.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Attunity CloudBeamKey features: Attunity’s cloud data transfer solution now transfers data between enterprise data centers and Hadoop running on the AWS Cloud, enabling companies to leverage Big Data analytics with Amazon Elastic Map Reduce (EMR). More info.To read this article in full or to leave a comment, please click here

New products of the week 10.19.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Attunity CloudBeamKey features: Attunity’s cloud data transfer solution now transfers data between enterprise data centers and Hadoop running on the AWS Cloud, enabling companies to leverage Big Data analytics with Amazon Elastic Map Reduce (EMR). More info.To read this article in full or to leave a comment, please click here

Drowning in security data? Here’s how to make threat intel work for you

How does a company operationalize its risk and security programs? More specifically, with all of the talk about big data, how does a company operationalize its threat intelligence process? Many companies think they know what the keys are to their kingdom and where the entry points are located. Unfortunately, they soon find out that the most serious breaches often take place somewhere else. + ALSO ON NETWORK WORLD: 5 tips for better enterprise security +To read this article in full or to leave a comment, please click here(Insider Story)

1 3,283 3,284 3,285 3,286 3,287 3,844