Researchers find previously unknown exploits among Hacking Team’s leaked files

Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.There are also reports of exploits for a vulnerability in Windows and one in SELinux, a Linux kernel security module that enforces access control policies. The flaws were supposedly used by the company’s customers to silently deploy its software on computers belonging to surveillance targets.Hacking Team was incorporated as HT in Milan and develops a computer surveillance program called Remote Control System (RCS), or Galileo. The system is sold to law enforcement and other government agencies from around the world, along with access to computer intrusion tools that are needed to deploy it.To read this article in full or to leave a comment, please click here

Why certifications make me grouchy

While I support certifications, they also make me grouchy. Sometimes they make me really, really, grouchy, in fact — probably more grouchy than I have a right to be. You’ve probably heard the complaints a number of times.

For instance, there’s the problem of paper tigers, people who gain the certification but don’t have any real experience with the technology, or don’t really understand the technology. Paper tigers are bad, of course, but they’re generally easy to detect through a rigorous interview. In fact, paper tigers exist without the certification; it’s entirely possible for a solid resume to lead to a candidate that doesn’t have the skills advertised. Degree’s don’t really prove much, either, and it takes four years to get one of those (in theory), so I don’t know how much whining about this problem — as real as it is — is going to help.

Tony Li had a counter to this — he used to sit with a candidate’s resume in hand asking questions, and lining through skills he didn’t think the candidate actually had. At the end of the interview, he would hand the resume back to the candidate and say, essentially, “there, I fixed it Continue reading

The Upload: Your tech news briefing for Tuesday, July 7

Privacy group files FTC complaint to push Google to extend right to be forgotten to USFirst they ignore you, then they laugh at you.... After a year of ridiculing a European court’s “right to be forgotten” ruling, it seems that some Americans at least are beginning to think it’s a good idea. The ruling required search engines to exclude certain pages containing personal information from their search results on request from the people concerned. Now Consumer Watchdog has asked the U.S. Federal Trade Commission to institute a similar right.To read this article in full or to leave a comment, please click here

How to find cellular access when traveling (without international roaming)

My wife, two kids, and I just took a three-day trip to Vancouver, British Columbia, from our home in Seattle. Joining us were three laptops, two iPod touches, three Kindles, and two iPhones. We remembered to bring clothes and sunscreen, too.Traveling to Canada is just like going to another country—they have different currency and units of measurement, they spell “center” as “centre,” and they have different telecommunications companies. The variety of potato chips almost makes up for it.MORE: 10 mobile startups to watch Before we left, I did my usual research into how we’d keep online. We knew the Airbnb rental to which we were going had Wi-Fi, and I assumed that the profusion of free Internet service I was used to in the States would be as abundant. We were staying near Stanley Park, and there are hundreds of shops, grocery stores, and restaurants within a few blocks.To read this article in full or to leave a comment, please click here

OpenSSL tells users to prepare for a high severity flaw

Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.OpenSSL implements multiple cryptographic protocols and algorithms including TLS (Transport Layer Security), which underpins encryption on the Web as part of protocols like HTTPS (HTTP Secure), IMAPS (Internet Message Access Protocol Secure) and SMTPS (Simple Mail Transfer Protocol Secure).The project didn’t say which part of the library is affected, but high severity flaws in OpenSSL are usually a big deal, especially if they impact TLS.To read this article in full or to leave a comment, please click here

Is Linux TCP/IP Stack Really That Slow?

Most people casually involved with virtual appliances and network function virtualization (NFV) believe that replacing Linux TCP/IP stack with user-mode packet forwarding (example: Intel’s DPDK) boosts performance from meager 1 Gbps to tens of gigabits (and thus makes hardware forwarding obsolete).

Having data points is always better than having opinions; today let’s look at Receiving 1 Mpps with Linux TCP/IP Stack blog post.

2015-07-18: The blog post was updated based on feedback by Kristian Larsson.

Read more ...

It is time to drop the CCIE written

Back in 1993 the CCIE Cisco Certification, the first Cisco certification, was created and tested. Yes, the CCIE certification came years before the CCNA certification (1998) and thus Cisco needed a way to weed out candidates who were not ready for the CCIE lab exam.  What they came up with was a Written pre-qualification exam to show that […]

The post It is time to drop the CCIE written appeared first on Fryguy's Blog.

FBI chief warns that terrorists hide behind encrypted communications

U.S. Federal Bureau of Investigation Director James Comey has asked for a “robust debate” on encryption of communications, saying that the technology could come in the way of his doing his job to keep people safe.The recruitment and tasking of Americans by the group known as the Islamic State, or ISIL, is increasingly taking place “through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”“There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption,” he added. The op-ed in the Lawfare blog comes ahead of testimonies by Comey before the Senate intelligence and judiciary committees on Wednesday.To read this article in full or to leave a comment, please click here

Worth Reading: Networking with Fish

It seems like just yesterday I was at CiscoLive in San Francisco asking people I had met on twitter about their experiences blogging as well as hosting a web page. Today? Last week marked the 1 year anniversary of “Networking With Fish”.

If anyone ever asks me why I write, or why I work so hard to draw other people into the larger networking world, I’ll point them to this post. One of the biggest goals of my life is to help people learn and grow. I’ll never become a millionaire in the process, but I’ll have a million friends, and that’s infinitely more important in the long run.

The post Worth Reading: Networking with Fish appeared first on 'net work.

The Internet is a cooperative system: CNAME to Dyn DNS outage of 6 July 2015

Today, shortly after 21:00 UTC, on our internal operations chat there was a scary message from one of our senior support staff: "getting DNS resolution errors on support.cloudflare.com", at the same time as automated monitoring indicated a problem. Shortly thereafter, we saw alarms and feedback from a variety of customers (but not everyone) reporting "1001 errors", which indicated a DNS resolution error on the CloudFlare backend. Needless to say, this got an immediate and overwhelming response from our operations and engineering teams, as we hadn't changed anything and had no other indications of anomaly.

In the course of debugging, we were able to identify common characteristics of affected sites—CNAME-based users of CloudFlare, rather than complete domain hosted entirely on CloudFlare, which, ironically, included our own support site, support.cloudflare.com. When users point (via CNAME) to a domain instead of providing us with an IP address, our network resolves that name —- and is obviously unable to connect if the DNS provider has issues. (Our status page https://www.cloudflarestatus.com/ is off-network and was unaffected). Then, we were investigating why only certain domains were having issues—was the issue with the upstream DNS? Testing whether their domains were resolvable Continue reading

Instagram bumps up photo resolution to 1080 pixels

Instagram is increasing the size of pictures users of its mobile app are allowed to post, finally opening the door of the photo sharing service to much more detailed images.The iOS and Android apps are gradually being updated to store and display photos that are 1080 pixels by 1080 pixels in size, an Instagram spokeswoman said Monday, adding that most users should already have this update. She declined to comment on when Instagram began rolling out the update and when it expects to finish.The spokeswoman also declined to comment if the resolution improvement will also be available in the version of the service accessed via desktop browsers.To read this article in full or to leave a comment, please click here

Microsoft’s new Tossup app tries to simplify getting friends together

Tossup, a new Microsoft app for Android and iOS, aims to make it easier for users to poll their friends and get together.Tossup lets people create quick polls and share them with their friends. The polls can be simple, consisting of a single yes or no question, or they can be more detailed, for example providing a list of local businesses to choose from for a meeting. After creating a poll, users are prompted to send it out to their friends as a link either via text message or email. After that, the people invited can answer the poll questions inside the app and add comments.To read this article in full or to leave a comment, please click here

Humans again to blame for latest accidents involving Google autonomous cars

Google’s self-driving cars were involved in two accidents on the roads of Mountain View, California, during June, but humans driving the other vehicles were at fault in both cases.No injuries were reported in either incident, Google said in its monthly report that lists accidents involving its fleet of autonomous cars. Both collisions involved Google’s Lexus sport utility vehicles that are equipped with autonomous driving technology. Last month, Google also began testing on the streets of Mountain View another one of the self-driving prototype cars it has built.In one accident, a car travelling around 5 miles per hour hit the rear bumper of a Google Lexus that had stopped at a red light. Both cars ended up with small scrapes on their bumpers.To read this article in full or to leave a comment, please click here

Prototype wave energy device passes grid-connected pilot test

A prototype wave energy device advanced with backing from the Energy Department and U.S. Navy has passed its first grid-connected open-sea pilot testing.According to the DOE, the device, called Azura, was recently launched and installed in a 30-meter test berth at the Navy’s Wave Energy Test Site (WETS) in Kaneohe Bay, on the island of Oahu, Hawaii.+More on Network World: 16 facts about our slowly mutating energy consumption+This pilot testing is now giving U.S. researchers the opportunity to evaluate the long-term performance of the nation’s first grid-connected 20-kilowatt wave energy converter (WEC) device to be independently tested by a third party—the University of Hawaii—in the open ocean, the DOE said.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Mainframes and mobile: What powers your mobile banking?

As someone who lives and breathes mainframes, I often forget that people who aren't part of this world don't always believe some of the truths that I believe to be self-evident. One  common way that I raise eyebrows is when I tell my fellow technologists that mainframes are perfect for supporting mobile applications. In fact, it is almost guaranteed to invoke skepticism. So let me just say it again: mainframes and mobile are a perfect combination.At first glance, it's easy to see why this might be somewhat incongruous. Mainframes have been around for more than half a century, and for most of their history the idea of small, portable devices was the stuff of science fiction. When laptops, smartphones and tablets (and, more recently, intelligent wearables) came on the scene they were truly revolutionary because they fulfilled the long-standing promise of truly portable computing. So what role could "Big Iron" possibly play in a world of increasingly smaller devices?To read this article in full or to leave a comment, please click here

1 3,326 3,327 3,328 3,329 3,330 3,758