FREE COURSE: Hack yourself first (before the bad guys do)

If you can't think like a hacker, it's difficult to defend against them. Such is the premise of this free, nine-part online course, presented by Computerworld and training company Pluralsight, about how to go on the cyber-offensive by using some of the same techniques and tools the bad guys do.This course comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks -- and now you can learn how they go about it. This approach helps IT managers and staffers, developers and others to begin immediately assessing their applications even when the apps are already running in a live environment without access to the source. After all, that's what the attackers are doing.To read this article in full or to leave a comment, please click here(Insider Story)

SDN switches aren’t hard to compromise, researcher says

Software-defined switches hold a lot of promise for network operators, but new research due to be presented at Black Hat will show that security measures haven't quite caught up yet.Gregory Pickett, founder of the Chicago-based security firm Hellfire Security, has developed several attacks against network switches that use Onie (the Open Network Install Environment).Onie is a small, Linux based operating system that runs on a bare-metal switch. A network operating system is installed on top of Onie, which is designed to make it easy and fast for the OS to be swapped with a different one.To read this article in full or to leave a comment, please click here

Worth Reading; The Great Man Theory

This matters because the great-man narrative carries costs. First, it has helped to corrode the culture of Silicon Valley. Great-man lore helps excuse (or enable) some truly terrible behavior. … And finally, technology hero worship tends to distort our visions of the future. via MIT

A note to remember — I don’t agree with everything I put up as a worth reading article. There are some good things here, and some bad. Watermelon seeds are meant to be spit out, though, not eaten with the sweet red stuff. And don’t even get into the rind.

The post Worth Reading; The Great Man Theory appeared first on 'net work.

Worth Reading: Toxic Employees

A clear disconnect is occurring at organizations across the U.S. when it comes to employee satisfaction, according to a new study released by Fierce, Inc., leadership development and training experts. The survey found that four out of five employees believe a toxic employee is extremely debilitating to team morale, while the same number agreed that their organizations are somewhat or extremely tolerant of these individuals. via fierce

The post Worth Reading: Toxic Employees appeared first on 'net work.

VMworld 2015 Networking and Security Sessions – Part I

vmworld2015-logo-black

At VMworld 2014 we focused on the basics of network virtualization. What VMware NSX is, what it does, and how network virtualization would change datacenter networking.  We shared the many benefits of virtualizing networks and you caught on.

Just one year later, network virtualization is going mainstream. So at VMworld 2015, have nearly 100 sessions that are guaranteed to fit your needs, whether you’re an #NSXninja or a network virtualization newbie.

Thinking about virtualizing the network at your company or organization? Want to see how others have done it? We’ve got 20 VMware NSX customers ready to share their learnings and insights and talk about how they’ve virtualized their networks.

Curious about how VMware is collaborating with industry leaders and emerging startups to solve customer problems around security, operations, and integration between the physical and virtual worlds? We’ve got sessions on those topics, too. Our partner ecosystem is growing and our partners will share the benefits of their integrated offerings.

But that’s not all! We will be highlighting proven VMware NSX use cases that will teach you all you need to know about a whole range of topics—from micro-segmentation to IT automation, multi-tenancy, application continuity, and security for VDIs.

Continue reading

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.Researchers from security firm Imperva found that attackers could easily hijack user accounts for services from Dropbox, Google Drive, Microsoft OneDrive and Box if they gain limited access to computers where such programs run—without actually stealing user names and passwords.Once the accounts are hijacked, attackers could use them to grab the data stored in them, and to remotely control the compromised computers without using any malware programs that could be detected by antivirus and other security products.To read this article in full or to leave a comment, please click here

China to plant Internet police in top online firms

China’s control over the Internet is set to expand. In a bid to better police local websites, the country’s security forces are establishing offices at the biggest online firms in the country.The country’s Ministry of Public Security announced the new measures on Tuesday, at a time when authorities have been increasingly concerned also about cyberthreats.Websites based in China already have to abide by strict provisions for online censorship, and will often delete any content deemed offensive by government censors.To read this article in full or to leave a comment, please click here

Dublin, Ireland: CloudFlare’s 38th data center

Top of the morning to our users and readers from Ireland! Our latest PoP in Dublin is our 38th globally, and 14th in Europe following our Bucharest deployment last week. As of yesterday, traffic from Ireland's 3.6 million Internet users will now be routed through Dublin as opposed to our London PoP (which will still serve as a point of redundancy).

Silicon Docks

By now you've heard of Silicon Valley, Silicon Alley, and possibly even Silicon Prairie, but across the pond there's another tech hub making quite a name for itself. Silicon Docks, the Dublin neighborhood bordering the Grand Canal Docks, is home to the European headquarters of Google, Facebook, Twitter, Dropbox, AirBnb, LinkedIn and CloudFlare customer, Yelp, just to name a few. While our own European headquarters is in London, Dublin's exploding tech scene made it an obvious choice for a new PoP.

Clearly our focus was more on helping #savetheweb than on the photo itself...

Dublin is also near to our hearts as the home of CloudFlare customers Web Summit and F.ounders, two of the world's premier tech conferences. Visitors to the 2012 Web Summit and F.ounders events may even remember being greeted Continue reading

Unsupported BNA Hacks

Here’s a couple of quick hacks for working with Brocade Network Advisor. It’s unsupported, but you can run BNA on Ubuntu. You can also suppress the client-side JRE version mismatch warning.

Warning: These are both completely unsupported by Brocade. Do not be surprised if it does not work as expected, and do not log a TAC case about it. These are provided for informational purposes only. If it breaks, you keep the pieces.

Ubuntu Install

If you try to install BNA on Ubuntu, it fails during the DB initialization & setup phase. There are two reasons for this:

  • gawk is not where the installer thinks it should be
  • Some scripts run as “/bin/sh”, but use bashisms.

Before running the installation, make these two changes:

  • Run “sudo ln -s /usr/bin/gawk /bin/gawk”
  • Run “sudo dpkg-reconfigure dash” and select “No”

After that the DB setup will complete. Leaving the gawk symlink in place won’t hurt anything else. You can probably change the system shell back to dash, but you may run into problems if you run any of the BNA utility scripts.

Client-side JRE check

When you launch the BNA Desktop client, it checks your local JRE version against a list of supported versions. It’s Continue reading

Up and to the Right: Forrester Research Ranks CloudFlare as a “Leader” for DDoS Services Providers

alt

Forrester Research, Inc. has released The Forrester Wave™: DDoS Services Providers, Q3 2015 report which ranks CloudFlare as a leader. How do you get placed “up and to the right”? The leaders in this Wave, including CloudFlare, demonstrated effective portals, good client and revenue growth, and a focus on customer service. They also all have the ability to defend against the largest amplification attacks and the most pernicious application attacks.

Here’s some of the criteria CloudFlare received the highest possible scores for:

  • Attack types defended
  • Data/scrubbing center geographic presence
  • Detection tactics
  • SSL traffic inspection

The DDoS Services Providers Wave also notes that CloudFlare boasts fast mitigation times, and that our customers gave us high marks for service delivery. The report cited CloudFlare’s excellent capabilities to deliver hybrid DDoS solutions as well.

So how does the report evaluate vendors? It evaluates vendors based on three major categories, each with specific criteria:

  • Current offering: The strength of vendors’ current DDoS product offering is based on evaluation categories including: business description, amplification attack defense, attack types defended, customer portal features, customer references, data/scrubbing center geographic presence, SSL traffic inspection, and standard mitigation times.

  • Strategy: Vendors’ position on the horizontal axis of Continue reading

Sounds can knock drones out of the sky

Knocking a drone out of the sky is sometimes possible using an invisible weapon—sound.The vulnerability in some drones comes from a natural property of all objects—resonance. Take a wine glass: if a sound is created that matches the natural resonant frequency of the glass, the resulting effects could cause it to shatter.The same principle applies to components inside drones. Researchers at the Korea Advanced Institute of Science and Technology (KAIST) in Daejon, South Korea, analyzed the effects of resonance on a crucial component of a drone, its gyroscope. Their paper will be presented next week at the 24th USENIX Security Symposium in Washington, D.C.To read this article in full or to leave a comment, please click here

NetSol’s new con; renewing unwanted .xyz domains

My friend Michael Williams, a private investigator based in Santa Barbara, Calif., is really pissed off with Network Solutions. This is what made him mad: Mike Williams That’s from an email message he received from Network Solutions a couple of weeks ago and Mike’s problem is that he doesn’t own the domain mswssi.xyz. While Mike does own the domains mswssi.com, mswssi.net, and mswssi.org this was a domain he knew nothing about so the letter made no sense. Mike called Network Solutions customer service and discovered that he had been “given” the domain by the company but, to his knowledge, had never been told anything about it. To read this article in full or to leave a comment, please click here

Using Vagrant and Docker Machine Together

In this post, I’m going to show you a quick tip I used today to combine the power of Vagrant with that of Docker Machine to quickly and easily create Docker-enabled virtual machines (VMs) on your laptop. This could be useful in a variety of scenarios; I leave it as an exercise for the reader to determine the best way to leverage this functionality in his or her own environment.

In my case, I needed to be able to easily create/destroy/recreate a couple of Docker-enabled VMs for a project on which I’m working. The problem I faced was that the tools I would normally use for such a task—Vagrant and Docker Machine—each had problems when used on their own:

  • Vagrant has a Docker provisioner, but I could only get it to install the latest released version of Docker. In my case, I needed to run a test version (specifically, the RC2 build of Docker 1.8.0).
  • Docker Machine has various back-end drivers that can create VMs into which Docker is provisioned, but the VMware Fusion driver for Machine only works with Boot2Docker. In my case, I needed to run Ubuntu 14.04 in the VMs.

As it turns Continue reading

How to set up a local account in Windows 10 during or after installation

You can setup a local account in Windows 10 during a clean installation, as well as after installing Windows 10 using a Microsoft account. The process is a bit more straightforward than it was with Windows 8.If you wanted to create a local account in Windows 8.1, Microsoft made you jump through hoops and numerous screens before finally selecting "Sign in without a Microsoft account (not recommended)." Skip down to the second half if you want to know how to create a local account while installing Windows 10.To read this article in full or to leave a comment, please click here

How to setup a local account in Windows 10 during or after installation

You can setup a local account in Windows 10 during a clean installation and you can also setup a local account after installing Windows 10 using a Microsoft account. The process is a bit more straightforward than it was in Windows 8. If you wanted to create a local account in Windows 8.1, Microsoft made you jump through hoops and numerous screens before finally selecting “Sign in without a Microsoft account (not recommended).” Skip down to the second half if you want to know how to create a local account while installing Windows 10.To read this article in full or to leave a comment, please click here

1 3,326 3,327 3,328 3,329 3,330 3,796