My BIS/Wassenaar comment

This is my comment I submitted to the BIS on their Wassenaar rules:

----
Hi.

I created the first “intrusion prevention system”, as well as many tools and much cybersecurity research over the last 20 years. I would not have done so had these rules been in place. The cost and dangers would have been too high. If you do not roll back the existing language, I will be forced to do something else.

After two months, reading your FAQ, consulting with lawyers and export experts, the cybersecurity industry still hasn’t figured out precisely what your rules mean. The language is so open-ended that it appears to control everything. My latest project is a simple “DNS server”, a piece of software wholly unrelated to cybersecurity. Yet, since hackers exploit “DNS” for malware command-and-control, it appears to be covered by your rules. It’s specifically designed for both the distribution and control of malware. This isn’t my intent, it’s just a consequence of how “DNS” works. I haven’t decided whether to make this tool open-source yet, so therefore traveling to foreign countries with the code on my laptop appears to be a felony violation of export controls.

Of course you don’t intend Continue reading

Google to begin closing Google+ Photos on Aug. 1

The end is near for Google+ Photos, the photo sharing service that’s part of the company’s social network.Google will begin closing down the service on Aug. 1 on Android, with the Web and iOS devices to follow soon after.For a time, Google touted the service as a key element in Google+, with a range of editing tools and image enhancement technologies rolled out over the years.But Google hinted that its days might be numbered when the company rolled out its new Google Photos service at Google I/O in May.To read this article in full or to leave a comment, please click here

Show 246 – Design & Build #4 – Data Center Migration

Join us for a step-by-step discussion of what's involved in a data center migration, including new builds, cloud/hybrid options, power & cooling, team preparation and planning, and execution.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 246 – Design & Build #4 – Data Center Migration appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Microsoft patches Windows zero-day found in Hacking Team’s leaked docs

Microsoft today issued one of its sporadic emergency, or "out-of-band," security updates to patch a vulnerability in Windows -- including the yet-to-be-released Windows 10 -- that was uncovered by researchers sifting through the massive cache of emails leaked after a breach of Italian surveillance vendor Hacking Team. The Milan-based vendor sells surveillance software to governments and corporations, and markets zero-day vulnerabilities that its clients can use to silently infect targets with the firm's software. Researchers have found several zero-days -- flaws that were not fixed before they went public -- in the gigabytes of pilfered documents and messages, including three in Adobe's Flash Player, since July 5.To read this article in full or to leave a comment, please click here

IBM’s Q2 sales slide 13 percent on sale of low-end server unit

IBM has reported another quarter of declining revenue and profit, though sales of its new mainframe gave it a lift.Revenue for its second quarter was $20.8 billion, down from $24 billion a year earlier, IBM announced Monday.The big drop is partly from IBM selling its x86 server business to Lenovo, as well as the impact of the strong U.S. dollar. Without those factors, revenue would have declined one percent, IBM said.Net income was $3.45 billion, down 16.6 percent.Revenue from IBM’s giant Global Technology Services segment were down 10 percent to $8.1 billion. Factoring out the currency effect and the sale of the x86 server business, revenues were up one percent, IBM said.To read this article in full or to leave a comment, please click here

Google slams proposed export controls on security tools

A proposed set of software export controls, including controls on selling hacking software outside the U.S., are “dangerously broad and vague,” Google said Monday.Google, commenting on rules proposed by the U.S. Department of Commerce (DOC), said the proposed export controls would hurt the security research community.A DOC Bureau of Industry and Security (BIS) proposal, published in May would require companies planning to export intrusion software, Internet surveillance systems and related technologies to obtain a license before doing so. Exports to Canada would be exempt from the licensing requirement.To read this article in full or to leave a comment, please click here

Google slams proposed export controls on security tools

A proposed set of software export controls, including controls on selling hacking software outside the U.S., are "dangerously broad and vague," Google said Monday.Google, commenting on rules proposed by the U.S. Department of Commerce (DOC), said the proposed export controls would hurt the security research community.A DOC Bureau of Industry and Security (BIS) proposal, published in May would require companies planning to export intrusion software, Internet surveillance systems and related technologies to obtain a license before doing so. Exports to Canada would be exempt from the licensing requirement.To read this article in full or to leave a comment, please click here

Report: Microsoft paying $320 million for cloud security provider Adallom

Microsoft is said to be paying $320 million to acquire Adallom, a cloud security provider whose services might help Microsoft in its new push toward becoming a “cloud-first” company.Adallom provides back-end security tools that gather usage data and detect suspicious activity. Its services are used by Netflix, SAP and Hewlett-Packard, according to the company’s website. The acquisition was reported Monday by the Calcalist financial newspaper.A spokesman for Adallom declined to comment, and Microsoft did not immediately respond to a request for comment.Adallom could help boost the defenses of Microsoft products including Office 365 and Yammer. Adallom’s tools can give businesses more granular control over who has access to Office 365, or identify anomalies in usage patterns for the cloud suite, according to Adallom’s website. An acquisition would bring those tools under Microsoft’s umbrella.To read this article in full or to leave a comment, please click here

Spy’s suicide adds to Hacking Team scandal in South Korea

A South Korean intelligence officer who used a controversial surveillance system from Italy’s Hacking Team was found dead over the weekend in an apparent suicide as controversy swirls in the country over use of the software.The officer, identified by local media only as Lim, was a 20-year cyber-security veteran of the country’s National Intelligence Service (NIS) and ran the department that used the software, according to reports.He was found dead on Saturday in a car south east of Seoul. Burnt coal was found in the car and an autopsy conducted a day after his death on Saturday found he died of asphyxiation, according to reports. Burning charcoal in a confined space is a relatively common method of committing suicide in South Korea and Japan.To read this article in full or to leave a comment, please click here

Next-generation endpoint protection not as easy as it sounds

Rather than looking for signatures of known malware as traditional anti-virus software does, next-generation endpoint protection platforms analyze processes, changes and connections in order to spot activity that indicates foul play and while that approach is better at catching zero-day exploits, issues remain.For instance, intelligence about what devices are doing can be gathered with or without client software. So businesses are faced with the choice of either going without a client and gathering less detailed threat information or collecting a wealth of detail but facing the deployment, management and updating issues that comes with installing agents.To read this article in full or to leave a comment, please click here

Microsoft issues critical out-of-band patch for flaw affecting all Windows versions

Happy Monday, IT folks. Ready to patch and then restart your machines? I hope so as Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected. It's being exploited in the wild and Microsoft admitted some of its customers could be attacked. It's not every day Microsoft releases an out-of-band patch, so when it does so instead of deploying the fix on Patch Tuesday, then it means patch now.This morning Microsoft Premier Support customers received notification that Microsoft would release an out-of-band patch for a critical remote code execution (RCE) vulnerability that affects all versions of Windows. There was no more information, other than that a reboot would be required after the patch was installed. Everyone else was notified when Microsoft made the out-of-band patch announcement at 10 am PST.To read this article in full or to leave a comment, please click here

1 3,341 3,342 3,343 3,344 3,345 3,791