Risky Business #385 — Richard Bejtlich talks USA/China espionage agreement

******LANGUAGE WARNING: The f-bomb features, unbleeped, once in this week's show. Just a note for those of you with the kids in the car.

On this week's show we're chatting with FireEye's chief security strategist Richard Bejtlich about this new agreement between China and the USA. The two countries have apparently agreed that they won't hack each other with the aim of stealing IP anymore. Questions to Richard include: Are they kidding? And: How did they announce this with a straight face?

read more

Breach at Experian may have exposed data on 15 million consumers linked to T-Mobile

A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers' license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.There's no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.To read this article in full or to leave a comment, please click here

Breach at Experian may have exposed data on 15 million consumers linked to T-Mobile

A data breach at credit bureau Experian may have exposed data from T-Mobile USA on about 15 million U.S. consumers.The data includes names, birth dates, addresses and Social Security numbers or other forms of identification like drivers' license numbers, the companies said Thursday. The people affected may not be current T-Mobile subscribers but applied for T-Mobile postpaid services or device financing from Sept. 1, 2013 to Sept. 16, 2015.There's no evidence so far that the data has been used inappropriately, Experian said in a press release. And the company said its consumer credit database was not affected. But the breach is the latest embarrassing security event concerning Experian, a widely used credit-information provider whose services are sometimes offered free after breaches at other companies make consumers nervous about their credit records.To read this article in full or to leave a comment, please click here

Ansible + AWS: Re-Inventing Cloud Automation

reinvent_logo

Amazon Web Services and Ansible together make a great pair. AWS is a popular cloud target for Ansible users, and the reasons are clear: Ansible offers built-in support for over 20 different AWS capabilities with 50 different easy-to-use and understand Ansible modules. And as always, from on-premise to cloud, you can automate 100% of your infrastructure without ever installing an agent.

The takeaway? If your IT organizations is serious about AWS, then it needs to be serious about Ansible automation.

Come visit Ansible in booth 439 at re:Invent 2015 to learn how customers are using the Ansible automation platform to re-invent how they’re managing their cloud applications. Whether you’re just dipping your toe into the cloud, or are already running a fully-automated devops-enabled environment, Ansible is the key to unlocking the full benefit of moving to the cloud.

Connect with our team at the show:

Todd-Barr-sm

Todd Barr
SVP of Sales & Marketing

twitter linkedin

Justin-Nemmers-sm

Justin Nemmers
Director of Federal & State Government

twitter linkedin

John-Ryan-sm

John Ryan
Senior Director of Channels & Business Development

twitter linkedin

Dave-Johnson-sm

Dave Johnson
Technical Director

twitter linkedin

Danny-Ganzon-sm

Danny Ganzon
Account Executive

twitter linkedin

Jonathan-Davila-sm

Jonathan Davila
Solutions Architect

twitter linkedin

If you’re new to Ansible, this is your opportunity to hit us with whatever questions you have about how Continue reading

IDG Contributor Network: Fiber map sheds light on infrastructure trends and weaknesses

If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here

IDG Contributor Network: Fiber map sheds light on infrastructure trends and weaknesses

If you've ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.This kind of map has never existed before.Internet infrastructure Not much is known about "today's physical Internet infrastructure," the researchers say.So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).To read this article in full or to leave a comment, please click here

Looking back 30 years as a sysadmin

Looking back after spending more than 30 years as a Unix systems administrator, I have to say that's it's been quite a ride.It certainly wasn't 30+ years of doing the same thing. Instead, the technology and the job have gone through incredible changes along the way. There were dramatic improvements in the hardware that I managed and always plenty of new tools to learn and use.[See also: 18 cardinal rules of systems administration ]Over the years, I went from reveling in how much work I could get done on the command line to grappling with some big issues -- troubleshooting some very complicated problems and figuring out how to best protect my employers' information assets. Along the way, I worked with some amazing individuals, got laid off (once), and learned a lot about what works and doesn't work both from a technical and a career perspective.To read this article in full or to leave a comment, please click here

Looking back 30 years as a sysadmin

Looking back after spending more than 30 years as a Unix systems administrator, I have to say that's it's been quite a ride.It certainly wasn't 30+ years of doing the same thing. Instead, the technology and the job have gone through incredible changes along the way. There were dramatic improvements in the hardware that I managed and always plenty of new tools to learn and use.[See also: 18 cardinal rules of systems administration ]Over the years, I went from reveling in how much work I could get done on the command line to grappling with some big issues -- troubleshooting some very complicated problems and figuring out how to best protect my employers' information assets. Along the way, I worked with some amazing individuals, got laid off (once), and learned a lot about what works and doesn't work both from a technical and a career perspective.To read this article in full or to leave a comment, please click here

Microsoft’s antivirus software sees massive improvement in tests

For the longest time, Microsoft's antivirus programs have brought up the rear in tests, usually ranking near or in dead last. But recent tests from two respected antivirus testers show Microsoft has greatly improved its antivirus product and in a very short time.Germany's AV-Test Institute is something like Consumer Reports for antivirus software. It is the gold standard for AV software testing, and a good review from them can make your product a success. And for quite some time, Microsoft Security Essentials has been a laggard. But for the August tests, the scores improved.To read this article in full or to leave a comment, please click here

How to identify and thwart insider threats

It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.According to the SANS Institute and SpectorSoft, 74 percent of the 772 IT security professionals they recently surveyed are “concerned about malicious employees.” The survey pool spans 10 industries including financial, government, and technology and IT services. The survey data also shows that 32 percent of respondents “have no technology or process in place to prevent an insider attack”.To read this article in full or to leave a comment, please click here

Former Autonomy CEO Lynch sues HP for $150 million

Making good on the promise he made earlier this year, former Autonomy CEO Mike Lynch on Thursday filed a $150 million lawsuit against HP over what he called a public smear campaign against him and other Autonomy executives.“Over the past three years, HP has made many statements that were highly damaging to me and misleading to the stock market," Lynch said. "HP knew, or should have known, these statements were false."HP's ill-fated 2011 acquisition of the British software maker for $11.7 billion -- which later resulted in an $8.8 billion impairment charge -- was "doomed from the very beginning," Lynch said. "HP’s own documents, which the court will see, make clear that HP was simply incompetent in its operation of Autonomy."To read this article in full or to leave a comment, please click here

NASA targets Venus, asteroids with potential missions

NASA this week picked five possible contenders for a relatively low-cost robotic mission to space.The five candidates from a batch of 27 –include Venus, near-Earth object and asteroid operations – will ultimately be whittled down to one or two that will cost approximately $500 million, not including launch vehicle or post-launch operations, NASA stated.+More on Network World: 13 awesome and scary things in near Earth space+Each investigation team will receive $3 million to conduct concept design studies and analyses for NASA’s Discovery Program. After a detailed review and evaluation of each experiment, NASA will make the final selections by September 2016 for continued development leading up to launch possibly by 2020, NASA stated.To read this article in full or to leave a comment, please click here

Report: Target failed to execute security basics

Verizon consultants probed Target’s network for weaknesses in the immediate aftermath of the company’s 2013 breach and came back with results that point to one overriding – if not dramatic - lesson: be sure to implement basic security best practices.In a recent KrebsOnSecurity post, Brian Krebs details Verizon’s findings as set down in a Target corporate report.The findings demonstrate that it really is important to put in place all the mundane security best practices widely talked about, and that without them even the best new security platforms can’t defend against breaches.To read this article in full or to leave a comment, please click here

Cisco fixes privilege escalation flaws in AnyConnect Secure Mobility Client

The Cisco AnyConnect Secure Mobility Client has been updated to fix vulnerabilities that could allow attackers to gain system or root privileges on Windows, Linux and Mac OS X computers. The AnyConnect Secure Mobility Client allows employees to work remotely by securely connecting back to their company's network. It provides virtual private networking over SSL and additional features like identity services, network access control and Web security. The vulnerability in the Linux and Mac OS X version of the client was discovered and reported by researchers from Dutch security firm Securify. It can be exploited to execute arbitrary files with the highest system privileges, also known as root.To read this article in full or to leave a comment, please click here

1 3,294 3,295 3,296 3,297 3,298 3,835