The Upload: Your tech news briefing for Tuesday, June 16

Civil liberties faction walks out on facial recognition talksU.S. talks aimed at crafting rules on responsible use of facial recognition technology have fallen apart after a united front of civil rights and consumer groups walked out, saying the bare minimum of their demands on behalf of consumers aren’t being met. That position, accord to a statement issued by the coalition, is that “people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement—and identifying them by name—using facial recognition technology.”To read this article in full or to leave a comment, please click here

Should I panic because Lastpass was hacked?

Maybe, maybe not. Lastpass uses 100000 iterations in its PBKDF2 algorithm. If you chose a long, non-dictionary password, nobody can crack it. Conversely, if you haven't, then yes, you need to change it.

I benchmarked this on my computer using "oclHashcat". It's not an exact match with the Lastpass algorithm, but it's close enough to show the performance.


As you can see, my machine is getting 2577 (two and a half thousand) random password guesses per second. This may sound like a lot, but it's not not, because cracking passwords is exponentially difficult.

Consider normal hashes, not the stronger ones used by Lastpass. My desktop can crack 1 billion of those per second.  Consider that a password can be built from UPPER and lower case letters, numbers, and punctuation marks -- or about 64 variations per character.

In this case, a 5 letter password has 1 billion combinations, so a fast computer can guess it in a second. Adding one letter, with it's 64 different possibilities, makes this 64 times harder, meaning it'll take a minute. Another letter (7), and it becomes an hour. Another letter (to 8), and it becomes several days. Another letter (9), and it becomes a Continue reading

Privacy groups to quit US talks on facial recognition standards

Nine privacy groups plan to withdraw from U.S. government-hosted negotiations to develop voluntary facial-recognition privacy standards because the groups feel the process won’t lead to adequate privacy protections.Industry representatives at the talks have been pushing to limit consumer control over the facial recognition data collected, the groups said in a letter to be released Tuesday.“We are convinced that in many contexts, facial recognition should only occur when an individual has affirmatively decided to allow it to occur,” wrote the groups, including the Center for Digital Democracy, the Electronic Frontier Foundation and Consumer Action. “Industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.”To read this article in full or to leave a comment, please click here

Cisco Live – The Complaints

You should know by now that I always find something to complain about.  Is that a bad thing?  Probably.  Does it help improve things?  Absolutely!

Again, I love going to Cisco Live every year.  Without question, it’s my favorite event of the year.  It’s a great event with great people and great things to do.  With that said, let’s look at what could have been a bit better this year.

  • Seating – There was a terrible lack of seating around the convention center this year.  I spent a good part of the time standing around when I wasn’t in a session, which is not good for a lazy, fat guy like me.  We’re talking standing for 5 days here.  In the past, there have been plenty of places to sit throughout the event, so I don’t really know what happened here.
  • Logistics at the CAE – This happens every year.  You’re told to go in one gate at the CAE, but no one listens or your information is wrong; you wind up standing in line behind 18849298 people who were all behind you at one point.  Then you have to get your bag searched.  Then they take half your swag Continue reading

Duqu 2.0 used digital certificates belonging to Foxconn

A deeper look into the latest version of malware known as Duqu shows it used digital certificates from prominent contract manufacturer Foxconn Technology Group to help mask its activity.Kaspersky Lab, which published a report on Duqu 2.0 last week, wrote in a blog post Monday that a 64-bit driver within the malware employed a digital certificate signed by Hon Hai Precision Industry, also known as Foxconn.Digital certificates are used for encrypting data and verifying the legitimacy of websites and applications. Using a digital certificate issued to a trusted organization makes it less likely that an application is going to be detected as harmful.To read this article in full or to leave a comment, please click here

SD-WAN Gives Us The Best Path We Always Wanted

In networking, we rely on routing protocols to compute best path. That is to ask, from the perspective of a given router in a routing domain, what is the best way to reach a destination? Best path is typically computed using simplistic metrics like hop count, cost, bandwidth, and delay. Traditional "best path" thinking is effective, insofar as it goes. It scales to a large number of devices and destinations. It is resilient. It is mature. However, it has its limitations. Software defined WAN brings a much more sophisticated metric to the computation of best path.

Online password locker LastPass hacked

LastPass users will be prompted to change their master passwords after the online password locker company reported that its network was breached on Friday.The company revealed the breach in a blog post Monday after investigating “suspicious activity” discovered by its security team. According to LastPass, the investigation did not reveal any evidence that the attackers stole encrypted data from users’ password vaults, nor did the intruders gain access to LastPass users’ accounts. That said, the attackers were able to steal account email addresses, password reminders, server per user salts, and authentication hashes.To read this article in full or to leave a comment, please click here

Self-driving cars? Get ready for self-driving data

Once the dreams of science-fiction, self-driving cars will soon allow passengers to specify a destination and let the car pick the best route based on factors such as time, traffic, freeways and fuel consumption. This kind of automation for an enterprise’s most precious commodity – data – is also soon coming to a data center near you.

Intelligent data mobility delivered through data virtualization will allow IT professionals to specify service-level objects (SLO) such as performance, reliability, high availability, archiving and cost, and then let software automatically move data to the right storage in real time. Let’s examine the problem of data immobility and how data placement through data virtualization will finally solve common mismatch of compute and storage, resource sprawl and the cost of overprovisioning.

To read this article in full or to leave a comment, please click here

Self-driving cars? Get ready for self-driving data

Once the dreams of science-fiction, self-driving cars will soon allow passengers to specify a destination and let the car pick the best route based on factors such as time, traffic, freeways and fuel consumption. This kind of automation for an enterprise’s most precious commodity – data – is also soon coming to a data center near you.Intelligent data mobility delivered through data virtualization will allow IT professionals to specify service-level objects (SLO) such as performance, reliability, high availability, archiving and cost, and then let software automatically move data to the right storage in real time. Let’s examine the problem of data immobility and how data placement through data virtualization will finally solve common mismatch of compute and storage, resource sprawl and the cost of overprovisioning.To read this article in full or to leave a comment, please click here

Qualcomm may adapt LTE into a network anyone can deploy

As if the all the controversy over LTE networks crowding out Wi-Fi isn’t enough, a new technology in the works at Qualcomm Research might allow a lot more people to set them up.LTE was designed to run on frequencies licensed by mobile operators for their exclusive use. But an emerging technology called LTE-Unlicensed allows the cellular system to supplement those frequencies with unlicensed spectrum that’s shared with systems like Bluetooth and Wi-Fi. This gives the carriers additional spectrum that they don’t have to pay for in an auction.To read this article in full or to leave a comment, please click here

Network Break 40

Take a Network Break! Grab a coffee, a doughnut and then join us for an analysis of the latest IT news, vendor moves and new product announcements. We’ll separate the signal from the noise–or at least make some noise of our own. Cisco Execs Quit, Naturally. The predicted leadership exodus at Cisco has started. Leadership […]

The post Network Break 40 appeared first on Packet Pushers.

Facebook releases a separate app for private photo sharing

Facebook has taken a step away from its main site to develop what it thinks is a better way to share photos privately.Moments, released Monday for iOS and Android, is a standalone app that will organize the photos on people’s smartphones, and let users share them privately with a select set of friends. The app groups photos together based on when they were taken, and, who’s in them. It uses the same facial recognition technology that powers the suggested tagging feature on Facebook’s site.Moments lets users sync photos with the people who are at a specific event, like a party or wedding.To read this article in full or to leave a comment, please click here

MIT researchers find unemployed workers stay off their phones

The amount of time people in a given area spend using their cell phones shrinks when the job market begins to dry up, according to a study co-authored by researchers at MIT.The study, which tracked people living in a European town in which a plant had just closed, found that the total number of calls made by laid-off workers fell by 51%, when compared to the phone activity of the employed. Individually, each unemployed worker made 5% fewer calls.+ ALSO ON NETWORK WORLD: First Look: How will Windows 10 play on tablets + What do today's graduates expect in the workplace? +To read this article in full or to leave a comment, please click here

Dell adds Pluribus, brings Linux-based OS to its data center switches

Dell has added Pluribus Networks to its lineup of disaggregation partners.Dell will now offer Pluribus’ Open Netvisor Linux operating system on its S6000-ON and S-4048-ON 10G/40G switches. This is an addition to the Cumulus Networks, Big Switch Networks, Midokura and VMware packages Dell already supports on those switches.Dell’s strategy is to make its merchant silicon-based hardware appealing to cloud providers who usually opt for bare metal switches running a variety of operating systems that they can easily replace or expand for scale or other requirements.To read this article in full or to leave a comment, please click here

Dell adds Pluribus, brings Linux-based OS to its data center switches

Dell has added Pluribus Networks to its lineup of disaggregation partners.Dell will now offer Pluribus’ Open Netvisor Linux operating system on its S6000-ON and S-4048-ON 10G/40G switches. This is an addition to the Cumulus Networks, Big Switch Networks, Midokura and VMware packages Dell already supports on those switches.Dell’s strategy is to make its merchant silicon-based hardware appealing to cloud providers who usually opt for bare metal switches running a variety of operating systems that they can easily replace or expand for scale or other requirements.To read this article in full or to leave a comment, please click here

Network Break 40

Take a Network Break! Grab a coffee, a doughnut and then join us for an analysis of the latest IT news, vendor moves and new product announcements. We’ll separate the signal from the noise–or at least make some noise of our own. Cisco Execs Quit, Naturally. The predicted leadership exodus at Cisco has started. Leadership […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Network Break 40 appeared first on Packet Pushers Podcast and was written by Greg Ferro.