Worth Reading: Access Control with Segmentation

When you couple software-defined segmentation with an intelligent planning and implementation methodology, you get active segmentation. This approach to segmentation allows network operators to effectively cordon off critical network assets and limit access appropriately with minimal disruption to normal business functions. via the Cloud Security Alliance

The post Worth Reading: Access Control with Segmentation appeared first on 'net work.

Worth Reading: Outsourcing

And my second point is even more important: know the allegiance of your outsourcer. The key issue with outsourcing IT is this — who does your IT staff work FOR? via Cringley


This is a point that many people don’t get — if all businesses are data businesses (and they are, despite the constant refrain I’ve heard throughout my career that “we don’t make technology, here, so…”), then all the data, and all the analysis you do on that data, is just like the famous Coke recipe.

Know data, know your business. No data, no business.

It’s really that simple. When will we learn — and take this idea seriously? And when will we realize this rule applies to the network as well as the data in many cases?

The post Worth Reading: Outsourcing appeared first on 'net work.

Quick and dirty annotations for Go stack traces

CloudFlare’s DNS server, RRDNS, is entirely written in Go and typically runs tens of thousands goroutines. Since goroutines are cheap and Go I/O is blocking we run one goroutine per file descriptor we listen on and queue new packets for processing.

CC BY-SA 2.0 image by wiredforlego

When there are thousands of goroutines running, debug output quickly becomes difficult to interpret. For example, last week I was tracking down a problem with a file descriptor and wanted to know what its listening goroutine was doing. With 40k stack traces, good luck figuring out which one is having trouble.

Go stack traces include parameter values, but most Go types are (or are implemented as) pointers, so what you will see passed to the goroutine function is just a meaningless memory address.

We have a couple options to make sense of the addresses: get a heap dump at the same time as the stack trace and cross-reference the pointers, or have a debug endpoint that prints a goroutine/pointer -> IP map. Neither are seamless.

Underscore to the rescue

However, we know that integers are shown in traces, so what we did is first convert IPv4 addresses to their uint32 Continue reading

The Upload: Your tech news briefing for Monday, Aug. 3

Attacked then abandoned in Philadelphia, Hitchbot’s attempt to thumb a lift across the U.S. ends in disasterA robot that counted on the kindness of strangers to help it travel around the world has met a cruel fate in Philadelphia, barely three weeks into an attempt to hitch-hike across the U.S. Hitchbot, developed by robotics researchers at McMaster University in Hamilton, Ontario, had already hitch-hiked successfully across Canada and Germany, but U.S. residents turned out to be less welcoming, AP reports.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, Aug. 3

Attacked then abandoned in Philadelphia, Hitchbot’s attempt to thumb a lift across the U.S. ends in disasterA robot that counted on the kindness of strangers to help it travel around the world has met a cruel fate in Philadelphia, barely three weeks into an attempt to hitch-hike across the U.S. Hitchbot, developed by robotics researchers at McMaster University in Hamilton, Ontario, had already hitch-hiked successfully across Canada and Germany, but U.S. residents turned out to be less welcoming, AP reports.To read this article in full or to leave a comment, please click here

A secure employee departure checklist

Employee exitImage by ThinkstockA certain amount of employee turnover is a natural part of any organization’s life cycle. With each departure, whether the employee was entry-level or an executive, every organization should have a comprehensive process in place to facilitate the employee’s exit, while protecting the company’s information and securing the network and computer system accounts. Laura Iwan, Senior Vice President of Programs at the Center for Internet Security, has compiled these tips to help avoid any issues when an employee leaves the company.To read this article in full or to leave a comment, please click here

T-Mobile caught in crossfire of injected ad war with Flash Networks

LAS VEGAS - An ongoing conflict between website owners and ad injectors who place unwanted ads on those websites has just flared up into full-blown war, with advertisers and carriers caught in the crossfire.Take, for example, T-Mobile, which is proudly named as a customer by Flash Networks, a company that brags about creating "new monetization opportunities" for mobile operators when it "inserts the most relevant engagement display into the selected webpages."This seems to have been a surprise to T-Mobile. Cynthia Lee, the company's senior digital media manager, adamantly denied that T-Mobile was using Flash Networks to inject ads into webpages it was serving up to mobile customers.To read this article in full or to leave a comment, please click here

Automating Intelligence: Discovering Recent PlugX Campaigns Programmatically

One of the hardest things to do when you are receiving malware that have “anonymized” (e.g. name-is-hash) names or general samples that lack any indication of the infection vector is to determine the origin of the file and its intended target. Even harder is when you do not receive telemetry data from products that contains information about infected machines. To that end, I have been working on automating ways to help ASERT better understand the context around samples so we can answer question about what may have been targeted, why it was targeted and when it was targeted. This post will use the PlugX malware as an example (PlugX is well known and has had its various iterations analyzed many times), due in part to its ongoing activity and will focus on  leveraging metadata from VirusTotal due to it being publicly accessible.

The How

Automation is king when processing malware and getting the configuration out of samples without analyst intervention is always ideal and we prefer to treat our various sandbox platforms as black boxes and extract what we can from them before doing our own normalization and post-processing tasks to collate all the information into our internal malware analysis system and Continue reading

China clamps down on exports of drones and supercomputers

China plans to limit exports of advanced drones and supercomputers for national security reasons.The new export controls on certain drone and high-performance computing technologies will come into effect Aug. 15, Chinese government regulators said Friday. Affected vendors will have to apply for a government permit to ship their technology outside China.The regulations target more advanced drones that can be flown for at least an hour, “beyond the natural sight of the operator” and function more as an unmanned aerial vehicles.Shenzhen-based DJI, a major Chinese builder of drones, seems confident the new export controls won’t disrupt its business.To read this article in full or to leave a comment, please click here

Sorriest technology companies of 2015

Sorry situationImage by ThinkstockDespite all the technology advances that have rolled out this year, it’s also been a sorry state of affairs among leading network and computing vendors, along with businesses that rely heavily on technology. Apple, Google, airlines and more have issued tech-related mea culpas in 2015…To read this article in full or to leave a comment, please click here

New products of the week 08.03.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Out-of-Band Dry Contact Management SwitchKey features: Remotely manage four dry DC contacts plus one AC outlet. Includes monitoring, alarm and logging functions to track temperatures, power outages and other conditions and events at remote equipment sites. More info.To read this article in full or to leave a comment, please click here

Nokia reaches deal to sell Here business to Audi, BMW Group and Daimler

Nokia has reached an agreement to sell its Here mapping and location services business to an automotive industry consortium consisting of Audi, BMW Group and Daimler, in a deal that gives the business an enterprise value of €2.8 billion (US$3.1 billion).The deal fits with the plans of the automakers to progressively introduce more Internet-based services and automation to assist drivers. Here is developing a location cloud that uses the data generated by vehicles, devices and infrastructure to deliver real-time, predictive and personalized location services, Nokia said in a statement Monday.The three automotive companies said they will each hold an equal stake in Here, but will take a hands-off approach to the business which will be run independently to serve the entire industry.To read this article in full or to leave a comment, please click here

Indian government orders ISPs to block 857 porn websites

The Indian government has ordered a large number of porn websites to be blocked, creating an uproar among users and civil rights groups in the country.The Department of Telecommunications has issued orders for the blocking of 857 websites serving pornography, said two persons familiar with the matter, who declined to be named.Section 69 (A) of India’s Information Technology Act allows the government to order blocking of public access to websites and other information through computer resources, though this section appears to be designed to be invoked when a threat is perceived to the sovereignty and integrity of India, security of the state, friendly relations with foreign states or public order.To read this article in full or to leave a comment, please click here

DNS server attacks begin using BIND software flaw

Attackers have started exploiting a flaw in the most widely used software for the DNS (Domain Name System), which translates domain names into IP addresses.Last week, a patch was issued for the denial-of-service flaw, which affects all versions of BIND 9, open-source software originally developed by the University of California at Berkeley in the 1980s.The flaw can be exploited with a single packet, crashing both authoritative and recursive DNS servers. Security analysts predicted that attackers would quickly figure out how to exploit the flaw, which has now happened.“We can confirm that the attacks have begun,” wrote Daniel Cid, CTO and founder of the security company Sucuri. “DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down, it also means your email, HTTP and all other services will be unavailable.”To read this article in full or to leave a comment, please click here

Fake Apple iOS crash reports prove tricky to remove

Some Apple mobile users have been encountering a pop-up message that is particularly difficult to close.The message appears after a user has been redirected to a different domain, usually caused by viewing a malicious advertisement, wrote Jerome Segura, a senior security researcher with Malwarebytes.The message warns that a third-party application on the phone has caused the device to crash and includes a phone number where users can allegedly get their device fixed.Warnings such as this one are employed by technical support schemes, which convince people to call their support lines by falsely warning that their computers or devices have security or performance problems.To read this article in full or to leave a comment, please click here

Microsoft will NOT email you Windows 10, it’s ransomware

A few days ago, over 14 million machines had been upgraded to Windows 10, but millions of other people who used the “Get Windows 10” app are impatiently waiting for Microsoft to notify them that it is their turn to download Windows 10. The app says Microsoft is rolling out the free upgrade in waves; “Watch for your notification so that you can start your upgrade. Your notification to upgrade could come as soon as a few days or weeks.” That notification has become an exploitation opportunity for bad guys who are sending out fake Windows 10 upgrade emails along with supposedly zipped Windows 10 download attachments that ultimately install ransomware on victims’ PCs.To read this article in full or to leave a comment, please click here

Interview with CCDE/CCAr Program Manager Elaine Lopes

I am currently studying for the CCDE exam. Elaine Lopes is the program manager for the CCDE and CCAr certification. I’ve had the pleasure of interacting with her online and meeting her at Cisco Live as well. The CCDE is a great certification and I wanted you to get some insight into the program and ask about the future of the CCDE. A big thanks to Elaine and Cisco for agreeing to do the interview.

Daniel: Hi Elaine, and welcome. It was nice seeing you at Cisco Live! Can you please give a brief introduction of yourself to the readers?

Elaine: Hi, it was nice to see you, too! My name is Elaine Lopes and I’m the CCDE and CCAr Certification Program Manager. I’ve been with Cisco’s Learning@Cisco team since 1999, – I’m passionate about how people’s lives can change for the better through education and certification.

Daniel: Elaine, why did Cisco create an expert level design program? What kind of people should be looking at the CCDE?

Elaine: Cisco has very well established expert-level certifications for network engineers in various fields which assess configuration, implementation, troubleshooting and operations skills; however, these certifications were never aimed to assess design skills. Continue reading

1 3,312 3,313 3,314 3,315 3,316 3,779