Security – Just Another Risk

I made a conscious decision to move away from full-time information security work. I retain an interest, and try to keep up with developments, but I don’t want to be “the security guy.” There are several reasons for it, but a large part is due to the hype, the bullshit, and general inability for the security industry to act like grown-ups.

The most frustrating part was the inability to properly classify risk. Robert Graham put this eloquently here:

Infosec isn’t a real profession. Among the things missing is proper “risk analysis”. Instead of quantifying risk, we treat it as an absolute. Risk is binary, either there is risk or there isn’t. We respond to risk emotionally rather than rationally, claiming all risk needs to be removed. This is why nobody listens to us. Business leaders quantify and prioritize risk, but we don’t, so our useless advice is ignored.

Security folk often forget that they are just another risk. Yes, it’s a risk shipping the product with that bug. But not shipping at all might be a larger risk to the business. Even complete data breach may or may not be catastrophic to the business – RSA is still Continue reading

US Census Bureau says breach didn’t expose household data

The U.S. Census Bureau said a data breach early last week did not expose survey data it collects on households and businesses.The leak came from a database belonging to the Federal Audit Clearinghouse, which collects audit reports from government agencies and other organizations spending federal grants, wrote John H. Thompson, the Census Bureau’s director, on Friday.The exposed information included the names of people who submitted information, addresses, phone numbers, user names and other data, he wrote.A group calling itself Anonymous Operations posted a link on Twitter leading to four files. The cyberattack was allegedly in protest of the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership, two pending trade agreements that have been widely criticized.To read this article in full or to leave a comment, please click here

Security holes in the 3 most popular smart home hubs and Honeywell Tuxedo Touch

At the 2015 Intelligent Defense European Technical Research Conference in June, Tripwire security researcher Craig Young presented Smart Home Invasion and revealed zero-day flaws in the “brains” of Internet of Things platform hubs such as SmartThings hubs, Wink hubs and MiOS Vera. The Wink and Vera products “contained critical remotely exploitable flaws.” Young warned that “if not addressed, smart home flaws can give rise to a new type of ‘smart criminal' able to case victims without being seen. Once a target is chosen, it is possible to unlock doors and disable security monitoring.”To read this article in full or to leave a comment, please click here

Citizens of Tech 011 – Prosthetic Phone Diving

In today’s show, we acknowledge our software overlords, let the cars do the driving, investigate Lego prosthetics, deep dive on diving, and more.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Citizens of Tech 011 – Prosthetic Phone Diving appeared first on Packet Pushers Podcast and was written by Ethan Banks.

EARLY ACCESS Q&A: New Cisco CEO Chuck Robbins heads into “hyper-connected” mode

When Cisco Systems employees head into work Monday they’ll encounter something they haven’t seen in two decades: A new boss. Chuck Robbins – formerly senior vice president of worldwide operations – takes over as CEO from John Chambers, one of the most visible and quotable figures in business.In this early-access interview with John Gallant, chief content officer of IDG US Media, Robbins sets out his priorities for Cisco and his new management team, and talks about the opportunities and challenges facing the network giant. Robbins dissects the competitive landscape and explains why so-called ‘white box’ data center gear and software-defined networks are not the threats to Cisco that some pundits contend. He also describes his vision for the “hyper-connected architecture” that will speed customer digitization efforts and help IT capture the value in the Internet of Things. Finally, Robbins talks about life at Cisco under a leader not named John.To read this article in full or to leave a comment, please click here

MikroTik CCR1072-1G-8S+ Review (Part 2) – BGP Performance

 

[adrotate banner=”4″]

 

Here is Part 1 of the CCR1072-1G-8S+ review in case you missed it!

CCR1072-1G-8S+ Ultimate BGP Performance test

After many days of testing, Part 2 is finally here! Welcome to the stubarea51.net BGP gauntlet. We subjected the CCR1072 to different types of network torture stress testing. Continuing on from our initial review, we chose BGP as the first way to test the limits and capacity of the CCR1072-1G-8S+.

Here is an overview of our lab environment to test the new CCR

  • CCR1072-1G-8S+
  • CCR1009-8G-1S-1S+
  • CRS-125-24G-1S+
  • x86 VMs on ESXi 6.0 for upstream BGP peering
  • (2) ESXi 6.0 Hosts with 20 Gb (4×10) connectivity
  • Multimode 10 gig SFP+ using 50/125 OM3 fiber

All RouterOS devices were loaded with the latest stable code (6.30.1 at the time of testing)

Network Design of the StubArea51 LAB setup for BGP testing

For this series of testing, we took our two ESXi 6.0 hosts and built a number of VMs using RouterOS and Ubuntu to supply the 1.21 Gigawatts 3.6 Million routes we would need to beat up on the CCR1072 for a few days. If you’re not familiar with the RIPE Routing Information Service Continue reading

/bin/sh – checking for bash vs dash incompatibilities

I have been investigating a problem where an application would install on RHEL/CentOS, but not on Ubuntu. I tracked it down to a problem with shell scripts that assumed that /bin/sh was bash. Ubuntu uses dash by default, so some ‘bashisms‘ don’t work. This will be old news to Ubuntu types that migrated to dash a while back, but I normally use CentOS/RHEL systems, and/or well-behaved cross-platform scripts. Luckily ‘checkbashisms‘ can help with figuring out what changes are needed.

I don’t want to go into the history of Unix shells, but there are probably more shell variants than there are *nix variants. Some are very different, and completely incompatible. But others are only different in subtle ways, and most things works without modification. If your script explicitly calls the required shell with “#!/bin/zsh” or “#!/bin/csh”, all will be fine. The problem comes when your script starts with “#!/bin/sh”. That will call the system shell, which can vary across different systems. If you’re using that, your script should be portable, and only implement a subset of possible functionality. People get in the habit of using “/bin/sh”,  but using shell-specific features. That’s when things get ugly when you run Continue reading

CloudFlare headed to HostingCon 2015. Thanks for the memories and let’s create some more!

alt

The CloudFlare team is heading to HostingCon 2015 in San Diego next week. We are excited to meet colleagues from the industry, reconnect with partners, and make new friends.

This year’s conference marks a milestone of sorts. It’s our fifth time at HostingCon and we’ve come full circle - our first HostingCon took place in San Diego. Here are some fun facts on what we’ve accomplished since our first HostingCon in 2011:

  • 25 new data centers expanded our network to a total of 36 worldwide
  • 2M+ customers served
  • 800+ conference attendees transported in our signature limo service. If you haven’t already, sign up to arrive in style.
  • 2,500+ Nerf guns delivered. Check out the new models this year in celebration of Railgun 5.0 launch
  • 3,000+ CloudFlare t-shirts bringing smiles to our partners

Today, CloudFlare is trusted by over 5,000 partners who offer performance and security to millions of customers accelerating and protecting websites, APIs, and mobile apps. We work hard to deliver real savings for our partners. For example, over the past month we saved our partners more than 25 petabytes in aggregate bandwidth (roughly equivalent to 350 hours of HDTV video); stopped 65 billion+ malicious attacks that would Continue reading

Apple Pay rival CurrentC to start rolling out next month

CurrentC, an electronic payment system backed by many of the biggest retailers in the U.S., will begin a limited public roll-out in August, Bloomberg News reported on Friday.The smartphone-based technology is intended to rival payment services from Apple, Google and Samsung, and an August launch would be in line with the “mid-2015” schedule the company told IDG News Service in April.CurrentC will offer the same type of convenience as its rivals, enabling consumers to pay at participating retail outlets by phone. But rather than rely on the phone’s wireless NFC (near-field communications) chip, the first-generation CurrentC involves the customer scanning a barcode on a retail terminal to initiate payment.To read this article in full or to leave a comment, please click here

Honda’s trippy Dream Drive is an awesome use of virtual reality

As I climbed into the Honda Pilot SUV, I didn’t have high hopes.I was trying out Honda’s Dream Drive, a prototype technology that pairs an Oculus Rift headset with data about the car’s movements to produce a virtual reality simulation.The car was going to drive around the parking lot at Honda’s new R&D center here in Mountain View, California, and the headset would let me gaze into another world as we drove along.“I bet it will be a race track with cars whizzing by,” I thought as I put on the headset. Perhaps I’m jaded, but I’ve tried many VR demonstrations and while fun they often feel a bit lacking and uninspired.And sure enough, there was the race track. I could see spectators to the left, the pits to the right, and sponsorship banners (Honda’s, of course) on a gantry above the first straight.To read this article in full or to leave a comment, please click here

Facebook prevails in shareholder lawsuit over IPO

An appeals court has ruled that shareholders cannot sue Facebook or Mark Zuckerberg in a case that accused the company of withholding key financial information from the public until after its IPO.The shareholders alleged that Facebook had failed to share its projections for mobile ad sales prior to the offering, disclosing them only to analysts who then relayed the information to certain investors.The plaintiffs complained that Facebook’s stock was “hammered” after it went public and the market learned of the lower forecasts. Facebook’s shares opened at just over US$42 on the Nasdaq on May 18, 2012, and fell to the low $30-range in the ensuing days. The stock has since risen strongly, trading at around $96 on Friday.To read this article in full or to leave a comment, please click here

Show 247 – ThousandEyes Network Visibility – Sponsored

How do you manage networks you don't control? Our sponsor ThousandEyes joins us to talk about how to get visibility into every network your organization relies on, enabling you to resolve issues faster, improve application delivery, and run your business more smoothly.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 247 – ThousandEyes Network Visibility – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

PlexxiPulse—Disrupting The IT Channel

We’re honored that CRN has included Plexxi in this year’s 2015 Emerging Vendors List, an annual list that features up-and-coming technology vendors that have launched innovative new products that generate opportunities within the channel. Our team believes that the next generation of IT is upon us and we are honored to be recognized for our innovative solutions for the next generation of IT. To learn more about our predictions for what’s next in IT, take a look at this recent blog post by Bob Noel, Director of Solutions Marketing here at Plexxi.

We are continuing to partner with forward thinking channel partners to carve a new path in the market and to make our solutions widely accessible. Thank you to CRN for the distinction and congratulations to all of this year’s Emerging Vendors!

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

Forbes: Big Data Will Select Your Next Strategic Partner
By Christine Crandall
In an increasingly competitive but cost conscious world businesses are always looking for new ways to gain competitive advantages and revenue streams.  Businesses are likely to be more successful in achieving their goals if they Continue reading

Hillary Clinton sent classified information via personal email

A government investigation has concluded that Hillary Clinton sent classified information through a personal email account while she served as Secretary of State, The Wall Street Journal reported on Friday.The internal review of Clinton’s use of a personal account by the Inspector General for the intelligence community examined just 40 emails of the thousands sent through the account and found four of them contained information that should have been classified as “secret,” the newspaper said. None of the emails were marked as such.At the time they were sent, that was the second highest level of classification in the U.S. government.To read this article in full or to leave a comment, please click here

1 3,301 3,302 3,303 3,304 3,305 3,759