Google: Lock up your Compute Engine data with your own encryption keys

Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they’re concerned about the company snooping on their corporate information.On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.“Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request,” wrote Leonard Law, Google product manager, in a blog post describing the new feature.To read this article in full or to leave a comment, please click here

EU privacy watchdog weighs in on data protection reform, shares concerns

As European Union lawmakers in the Commission, Parliament and Council debate a new data protection law, the EU’s data protection watchdog has chimed in, expressing some concerns and saying individuals’ privacy rights should be at the core of the legislation.Although he is perhaps best placed to offer an opinion on the matter, legislators have no obligation to listen to European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who released his own proposed draft of the law on Monday.A lot is at stake, said Buttarelli. “This reform will shape data processing for a generation which has no memory of living without the internet. The EU must therefore fully understand the implications of this act for individuals, and its sustainability in the face of technological development.”To read this article in full or to leave a comment, please click here

Google tells its publisher partners to comply with EU cookie directive

Google is now requiring that publishers that carry its ads comply with a European Union directive and ask their site visitors’ for permission before setting cookies on their computers.Google spelled out the requirement in its new EU User Consent Policy for publishers that participate in services including AdSense, DoubleClick Ad Exchange and DoubleClick for Publishers.“If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today,” said Jason Woloz, Google’s security and privacy program manager for display and video ads, in a blog postTo read this article in full or to leave a comment, please click here

Brinks safe — with a USB port — proves easy hacking for security researchers

“Every step of the way, we were like, ‘This can’t be possible.’ ”Yet this – opening a Brinks CompuSafe Galileo using its standard USB port, a keyboard and 100 lines of code – was most definitely possible for a pair of security researchers, Daniel Petro and Oscar Salazar, who work for the IT security consulting company Bishop Fox.From an IDG News Service story on our site: They bought a Galileo CompuSafe on eBay. The most egregious problem they found is a fully functional USB port on the side of the safe. That allowed them to plug in a keyboard and a mouse, which worked.To read this article in full or to leave a comment, please click here

MetalCaptcha: Free service uses metal band logos as CAPTCHAs

Hacker News had me laughing today as a company called HeavyGifts took a joke and turned it into a real and free product by using metal band logos as CAPTCHAs. Unless there is another computer virus based on weaponizing heavy metal, such as the malware reported to F-Secure’s Mikko Hypponen by an Iranian nuclear scientist after AC/DC’s Thunderstruck was allegedly blasting from workstations in the middle of the night, when else can I write about metal music?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Software vulnerabilities hit a record high in 2014, report says

How safe is the software you use? Do you have a system in place to identify vulnerabilities and patch them when they are discovered? How quickly do you react to vulnerability reports? There's evidence that software vulnerabilities are on the rise, and few companies are taking the necessary action to combat them.There was some worrying news in the recent Secunia Vulnerability Review 2015. The number of recorded vulnerabilities hit a record high of 15,435 last year, up 18% from 2013. The vulnerability count has increased 55% in the last five years. The report also found a rise in the number of zero-day vulnerabilities with 20 being uncovered in the 50 most popular programs. These are vulnerabilities that have already been exploited by hackers before being made public or being patched.To read this article in full or to leave a comment, please click here

Xen patches new virtual-machine escape vulnerability

A new vulnerability in emulation code used by the Xen virtualization software can allow attackers to bypass the critical security barrier between virtual machines and the host operating systems they run on.The vulnerability is located in the CD-ROM drive emulation feature of QEMU, an open source hardware emulator that’s used by Xen, KVM and other virtualization platforms. The flaw is tracked as CVE-2015-5154 in the Common Vulnerabilities and Exposures database.The Xen Project released patches for its supported releases Monday and noted that all Xen systems running x86 HVM guests without stubdomains and which have been configured with an emulated CD-ROM drive model are vulnerable.To read this article in full or to leave a comment, please click here

Getting to Know Tim Cramer, VP of Engineering at Ansible

TimC_780x300Knowing the members of our Ansible community is important to us, and we want you to get to know the members of our team in the Ansible office. Stay tuned to the blog to learn more about the people who are helping to bring Ansible to life.

This week we're happy to introduce you to Tim Cramer, VP of Engineering at Ansible. Tim brings over 20 years of enterprise software experience to Ansible. He was previously at HP where he was responsible for the overall delivery of Helion Eucalyptus Cloud, managing global teams of engineering, support and IT. He also worked as an executive at Dell, Eucalyptus, and Sun Microsystems, and as an engineer at Sun and Supercomputer Systems Inc.

What’s your role at Ansible?

  • Running the development and release of Ansible Tower and managing the Ansible open source team and community efforts

  • Scaling the engineering team and increasing the ability to release products more often and with higher quality

  • Overseeing partner engineering integrations that benefit Ansible customers and users; for example, working on enhancing Windows, VMware, OpenStack, and AWS functionality

  • Understanding and prioritizing the features for Tower releases

What’s your management philosophy?
My philosophy is not unlike the great Continue reading

The Score Is High. Who’s Holding On?

Checklist

If you haven’t had the chance to read Jeff Fry’s treatise on why the CCIE written should be dropped, do it now. He raises some very valid points about relevancy and continuing education and how the written exam is approaching irrelvancy as a prerequisite for lab candidates. I’d like to approach another aspect of this whole puzzle, namely the growing need to get that extra edge to pass the cut score.

Cuts Like A Knife

Every standardized IT test has a cut score, or the minimum necessary score required to pass. There is a surprising amount of work that goes into calculating a cut score for a standardized test. Too low and you end up with unqualified candidates being certified. Too high and you have a certification level that no one can attain.

The average cut score for a given exam level tends to rise as time goes on. This has a lot to do with the increasing depth of potential candidates as well as the growing average of scores from those candidates. Raising the score with each revision of the test guarantees you have the best possible group representing that certification. It’s like having your entire group be Continue reading

Website Migration Imminent – Please Stand By

The long overdue Website migration and overhaul is planned for this week. Possible disruptions ahead.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Website Migration Imminent – Please Stand By appeared first on Packet Pushers Podcast and was written by Greg Ferro.

The Next Generation Agile Data Center and the Birth of A Dynamic Network

At Plexxi we’re building a simply better network for the next era of IT to deliver agile data centers, enable scale-out applications and support distributed Cloud deployments.  In my prior blog, I discussed why the decades-old practice of pre-architecting, designing and implementing static network infrastructures wouldn’t support the dynamic needs of organizations moving forward. In this installment of my blog, I will review a case study from a large enterprise deploying an agile data center to meet their needs for the next generation.

I continue to spend a lot of time on the road, and I enjoy meeting with customers to make sure I stay on top of next generation data center networking requirements.  I recently visited a large enterprise that was experiencing scalability, management and performance problems with their existing data center network.  As the number of virtualized applications and corresponding virtual machines (VMs) grew in their data center, agility was actually decreasing rather than improving.  The data center was harder to manage due to application mobility and a lack of unified visibility across their virtual and physical environments.  In addition, their oversubscribed switches were experiencing capacity and buffering problems, caused in large part Continue reading

The Upload: Your tech news briefing for Tuesday, July 28

Samsung tipped to upstage Apple with August phone launchSamsung has sent out invitations to an event in New York next month that looks like it’s planned to be the coming out party for a new, larger version of its flagship Galaxy S6 edge smartphone. The S6 line has been a hot item but the company hasn’t been able to keep up with demand, and shortages of the smartphone may be a factor holding down Samsung’s quarterly earnings, to be reported on Thursday.Most Android phones can be hacked just by sending them a multimedia messageTo read this article in full or to leave a comment, please click here

Car and pedestrian collision? There’ll soon be an app for that

A safety system that ties cars and smartphones together to stop those heart-stopping near misses between cars and pedestrians could be standardized by the end of this year.The technology involves smartphones broadcasting data over a short-range radio channel to nearby cars, so the cars can determine if a collision is likely. Unlike today’s radar-based systems, this has the ability to warn around blind corners and can alert both the driver and pedestrian.It’s being developed by engineers at Honda and was demonstrated last week at the company’s new research and development center in Mountain View, in the heart of Silicon Valley.In the demonstration that took place in a parking lot, a car was slowly cruising a row looking for a space. Ahead, and unseen to the driver, a pedestrian was walking between a car and SUV while listening to music, and about to step into the path of the oncoming vehicle.To read this article in full or to leave a comment, please click here

1 3,379 3,380 3,381 3,382 3,383 3,840