US court says ‘pocket-dialed’ calls are not private

A federal appeals court in Ohio has ruled that a person who accidentally “pocket dials” someone shouldn’t expect any overheard conversation to be considered private.The case involves the chairman of the Airport Board in Kenton, Kentucky, which oversees the Cincinnati/Northern Kentucky International Airport. The chairman, James Huff, was on a business trip in Italy with his wife and a colleague when he accidentally pocket-dialed the secretary of the airport’s CEO back in the U.S.The secretary, Carol Spaw, said “hello” a few times and soon figured out the call wasn’t meant for her. But she overheard Huff and his colleague talking about personnel matters, including the possibility that the airport’s CEO—Spaw’s boss—might be replaced. The inadvertent call continued after Huff got back to his hotel room with his wife.To read this article in full or to leave a comment, please click here

Qualcomm plans cuts, may spin off assets

Qualcomm will cut costs by about $1.4 billion per year and study the possible sale of assets as part of a company realignment.The mobile technology juggernaut is also shaking up its board of directors as part of an agreement with investment company Jana Partners. Jana, which owns a chunk of Qualcomm’s stock, has pressured the company to spin off its chip division from its patent licensing business.The realignment was announced as Qualcomm reported its profit fell by nearly half in the April-to-June quarter on revenue that declined by 14 percent from a year earlier.“The changes we are announcing today are designed to enable us to right-size our cost structure and reposition Qualcomm for improved financial and operating performance,” CEO Steve Mollenkopf said in a statement.To read this article in full or to leave a comment, please click here

Infosec’s inability to quantify risk

Infosec isn't a real profession. Among the things missing is proper "risk analysis". Instead of quantifying risk, we treat it as an absolute. Risk is binary, either there is risk or there isn't. We respond to risk emotionally rather than rationally, claiming all risk needs to be removed. This is why nobody listens to us. Business leaders quantify and prioritize risk, but we don't, so our useless advice is ignored.

An example of this is the car hacking stunt by Charlie Miller and Chris Valasek, where they turned off the engine at freeway speeds. This has lead to an outcry of criticism in our community from people who haven't quantified the risk. Any rational measure of the risk of that stunt is that it's pretty small -- while the benefits are very large.

In college, I owned a poorly maintained VW bug that would occasionally lose power on the freeway, such as from an electrical connection falling off from vibration. I caused more risk by not maintaining my car than these security researchers did.

Indeed, cars losing power on the freeway is a rather common occurrence. We often see cars on the side of the road. Few accidents are caused Continue reading

Open Container Format Progress Report

Follow Up from Open Container Initiative (formerly Project) Announcement of 6/22 written by Michael Crosby, Chief Maintainer of Docker, Inc. Approximately one month ago, we announced the creation of the Open Container Initiative*, under the auspices of the Linux Foundation … Continued

CCIE Podcast Pilot Episode 1

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
This is the pilot episode of the CCIE Podcast, a project I started in April 2015 and never completed, but I am now going to test the water. Please note this episode was recorded in April 2015 before my attempt at the exam in May 2015. Sadly I failed and […]

Post taken from CCIE Blog

Original post CCIE Podcast Pilot Episode 1

How to configure a cheap, secure RAID backup system

We usually store our photos, documents, and more on a single hard disk—or, increasingly these days, a solid state drive (SSD)—but there’s always the nagging worry that the disk will fail, taking all your work and memories with it. Backing up using Time Machine, Super Duper!, or CrashPlan, say, is a good way of reducing this risk, but there is another: RAID. RAID can be incredibly complicated, but it’s extremely worthwhile—one of the things it can do is to mirror the contents of one disk completely to another, all the time. While cloning your hard disk using Super Duper!, for example, is something that might happen once a day, with a RAID system, every bit of data that’s written to one disk is simultaneously written to the second, so that if one drive fails, you have a perfect copy of everything it contained on the second. (And optionally, if you replace the failed drive, everything will be mirrored back across to it automatically.)To read this article in full or to leave a comment, please click here

8 most in-demand IT security certifications

In-demand IT security certifications Image by ThinkstockAs high-profile security breaches (e.g., Target, Sony, Adobe and most recently, Ashley Madison) continue to dominate headlines, companies are doubling down on pay to hire the best and the brightest IT security professionals. The most recent IT Skills and Certifications Pay Index (ITSCPI) from research and analysis firm Foote Partners confirms that IT pros holding security certifications can expect premium pay. Market values for 69 information security and cybersecurity certifications in the ITSCPI have been on a slow and steady upward path for two years, up 8 percent in average market value during this time, states co-founder, chief analyst and research officer David Foote in the report.To read this article in full or to leave a comment, please click here

Belgian government phishing test goes off-track

An IT security drill went off the tracks in Belgium, prompting a regional government office to apologize to European high-speed train operator Thalys for involving it without warning.Belgium’s Flemish regional government sent a mock phishing email to about 20,000 of its employees to see how they would react.The email purported to be a booking confirmation from Thalys for a trip from Brussels to Paris, including a stay in a fancy hotel. The cost—almost €20,000 (about US$22,000)—would be charged to the recipient’s credit card unless the person cancelled within three days, the email said. To cancel the trip, the email instructed recipients to send their credit card information to Thalys, Belgian media reported.To read this article in full or to leave a comment, please click here

Belgian government phishing test goes off-track

An IT security drill went off the tracks in Belgium, prompting a regional government office to apologize to European high-speed train operator Thalys for involving it without warning.Belgium’s Flemish regional government sent a mock phishing email to about 20,000 of its employees to see how they would react.SLAPPED! Tech industry's biggest FINE$ of 2015The email purported to be a booking confirmation from Thalys for a trip from Brussels to Paris, including a stay in a fancy hotel. The cost—almost €20,000 (about US$22,000)—would be charged to the recipient’s credit card unless the person cancelled within three days, the email said. To cancel the trip, the email instructed recipients to send their credit card information to Thalys, Belgian media reported.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Druva aims to deliver complete data protection and compliance for the enterprise

With a product announcement this week, data protection company Druva aims to give enterprises assistance with managing the sometimes-conflicting aims of leveraging new technology for greater efficiency, while still remaining safe and secure in terms of data protection. So what has Druva got in the pipeline now?Utilized by more than 3,000 organizations around the world and protecting data on a reported 3 million devices, Druva is all about data protection for the mobile workforce. What that means is that Druva takes care of backup and availability of data, alongside broad governance. Druva's product aims to ensure that specific data remains within the confines of your organization, while other data can be shared externally. Druva then sits in two camps - both the data backup and recovery space and the endpoint security space. These two worlds are increasingly coming together, and Druva is an example of this trend.To read this article in full or to leave a comment, please click here

Plexxi Named A CRN 2015 Emerging Vendor

This week, Plexxi has been named to CRN’s 2015 Emerging Vendors List. The annual list features up-and-coming technology vendors that have introduced innovative new products that generate opportunities for their channel partners to create high-margin, cutting-edge solutions for their customers. This year’s vendors recognized have demonstrated a commitment to developing new technologies to satisfy the shifting IT market and to meet growing industry demands.

Plexxi partners like CloudGov Technologies have been a huge part of the company’s growth and success. Why? Because we have a simple formula: great products, aimed at a game changing opportunity brought to market by partners that are looking to carve a new path in the market.

In addition to today’s Emerging Vendors list, CRN reporter Mark Haranas recently included Plexxi in his list of the “The 10 Coolest Networking Startups Of 2015” on the heels of the launch of our new network switch series. Our CEO, Rich Napolitano spoke exclusively with Haranas just last week about the new Switch 2 Series and his predictions for the next era of IT.

“We are entering the next great era of IT which will transform the datacenter as we know it. We envision an entirely Continue reading

Bug exposes OpenSSH servers to brute-force password guessing attacks

A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.A security researcher who uses the online alias Kingcope disclosed the issue on his blog last week, but he only requested a public vulnerability ID to be assigned Tuesday.By default, OpenSSH servers allow six authentication retries before closing a connection and the OpenSSH client allows three incorrect password entries, Kingcope said.To read this article in full or to leave a comment, please click here

The Importance of BGP NEXT_HOP in L3VPNs

In an MPLS network with L3VPNs, it’s very easy for the NEXT_HOP attribute of a VPN route to look absolutely correct but be very wrong at the same time. In a vanilla IP network, the NEXT_HOP can point to any IP address that gets the packets moving in the right direction towards the ultimate destination. In an MPLS network, the NEXT_HOP must get the packets moving in the right direction but it must also point to the exact right address in order for traffic to successfully reach the destination.

The reason it has to be exact is because IOS only assigns MPLS labels to the next hop address and not to each individual VPN route. So when an ingress PE needs to forward a packet from a CE across the MPLS network, the PE finds the label associated with the NEXT_HOP address and uses that as the outer label to get the packet to the egress PE.

Since each NEXT_HOP has a different label, that means each NEXT_HOP is reachable through a different Label Switched Path (LSP). Different LSPs can, and likely will, forward traffic differently through the network.

An MPLS label identifies a Forwarding Equivalence Class (FEC). A FEC is Continue reading

EFF: Modify DMCA to protect independent research into car hacking

Car owners – in other words, almost everyone – were buzzing in a bad way yesterday about a report in Wired that showed two security experts demonstrating the ability to remotely commandeer and control a Jeep that was traveling on a highway.It was harrowing just to read about this sophisticated hack, never mind imagining the reality of finding oneself in such a situation.Whether coincidental or not, lawmakers are responding with calls to hold the auto industry to task.To read this article in full or to leave a comment, please click here

Saving the Web, Saving Community (Heavy Topic Warning)

Is the ‘web losing it’s populist (and/or democratic) spirit? Hossein Derakhshan, at least, thinks so. he argues that the ‘web is dying because the hyperlink is dying —

The hyperlink was my currency six years ago. Stemming from the idea of the hypertext, the hyperlink provided a diversity and decentralisation that the real world lacked. The hyperlink represented the open, interconnected spirit of the world wide web… Blogs gave form to that spirit of decentralization: They were windows into lives you’d rarely know much about; bridges that connected different lives to each other and thereby changed them. Blogs were cafes where people exchanged diverse ideas on any and every topic you could possibly be interested in. … Since I got out of jail, though, I’ve realized how much the hyperlink has been devalued, almost made obsolete.

Much could be made of the argument that Hossein is just feeling the effects of being disconnected for six years. After being put in prison as a political dissident six years ago, he reappears on the scene only to find out the world has moved on without him. There are several points in his article that might indicate this — that he felt like Continue reading

Senators propose bill to tighten vehicle security, privacy standards

Two U.S. senators today filed a bill that would require the federal government to establish standards to ensure automakers secure a driver against vehicle cyber attacks. The Security and Privacy in Your Car (SPY Car) Act, filed by Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.), also establishes a rating system — or "cyber dashboard"— that informs consumers about how well the vehicle protects drivers' security and privacy beyond the proposed federal minimum standards. "Drivers shouldn't have to choose between being connected and being protected," Sen. Markey said in a statement. "We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles."To read this article in full or to leave a comment, please click here