Apple computers vulnerable to ‘Thunderstrike 2’ firmware worm

An improved attack on the firmware in Apple computers makes them vulnerable to hard-to-detect malware without even being connected to a network, according to a Black Hat conference presentation due to be given later this week.The new research highlights ongoing weaknesses in the low-level software that runs on every computer before an operating system is loaded.It comes from researchers Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments. They showed earlier this year how they could infect a Mac’s firmware with malware by connecting malicious devices to them using Thunderbolt, Apple’s high-speed data transfer interface. The attack was dubbed Thunderstrike.To read this article in full or to leave a comment, please click here

IBM launches new services to help enterprises embrace Macs

IBM's year-long partnership with Apple took a new turn on Wednesday with the PC giant's announcement of new cloud services designed to help large companies incorporate Macs into their IT infrastructures.With the new offering, which is part of IBM's MobileFirst services portfolio, clients can order Macs and have them delivered directly to their employees without the need for any additional setup, imaging or configuration. Employees can then quickly and securely gain network access, connect to email and download business applications, IBM said.The services can also accommodate employees' own, personal Macs in corporate "bring-your-own-device" settings. They are delivered via the cloud as a software-as-a-service (SaaS) product but are also available on-premises in clients' data centers.To read this article in full or to leave a comment, please click here

Hardware issue blamed for wireless and Internet outage in Southeast

A cell phone and Internet outage Tuesday evening in several Southeastern states was caused by a hardware problem, AT&T reported."Wireless and wireline service has been restored for all customers in parts of the Southeast affected by a hardware-related network issue," AT&T said in a statement Tuesday. "Our engineers completed repairs and service is running normally. We apologize for any inconvenience."AT&T would not describe the nature of the hardware problem, and said it only could speak about service for its own customers.MORE: 10 mobile startups to watch However, the outage was reported on social media and other sources to have affected thousands of customers for all the major carriers, lasting from about 4 p.m. to 8 p.m. ET Tuesday. It hit customers in parts of Tennessee, Kentucky, Indiana, Alabama, Georgia and Missouri, and possibly other states.To read this article in full or to leave a comment, please click here

Tweaks to Windows 10 settings for privacy

For as cool as it might be to use Microsoft's virtual assistance Cortana, she is also a big reason why the Windows 10 settings are so unfriendly to privacy. Start typing in the "Search Windows" box on the taskbar and Cortana wants to help…or to be turned on. It may be a bummer to lose so many features in Windows 10, but you have to choose if you want as much privacy as possible or if you want as many Windows 10 features as possible. Sorry, but you can't have both. Settings>Privacy>To read this article in full or to leave a comment, please click here

See Video: Sysadmins take wild ride in contraption made of iMac boxes

And there I was, thinking I was making the most of my MacBook Air box by using it as a stand for my laptop rather than forking over the money for a fancier stand. But the IT department at George Fox University in Oregon easily has me beat with its human transport wheel, made from 36 trapezoid-shaped iMac boxes. They took out the computers and styrofoam, and built the 120-pound iWheel. According to the school's blog, sysadmin Mike Campadore had been plotting the iWheel for more than a year, initially estimating he'd need 38 boxes. He joined with colleague Rich Bass this past Friday (SysAdmin Day, as it turns out) and gave the taped-together box wheel a big old spin across campus. To read this article in full or to leave a comment, please click here

See Video: Sysadmins take wild ride in giant iMac wheel

And there I was, thinking I was making the most of my MacBook Air box by using it as a stand for my laptop rather than forking over the money for a fancier stand.But the IT department at George Fox University in Oregon easily has me beat with its human transport wheel, made from 36 trapezoid-shaped iMac boxes. They took out the computers and styrofoam, and built the 120-pound iWheel.According to the school's blog, sysadmin Mike Campadore had been plotting the iWheel for more than a year, initially estimating he'd need 38 boxes. He joined with colleague Rich Bass this past Friday (SysAdmin Day, as it turns out) and gave the wheel a big old spin across campus. To read this article in full or to leave a comment, please click here

FBI warns businesses of spike in email/DDOS extortion schemes

The FBI said there has been a significant uptick in the number of businesses being hit with extortion schemes where a company receive an e-mail threatening a Distributed Denial of Service (DDoS) attack to its Website unless it pays a ransom, usually in varying amounts of Bitcoin.The report comes from the FBI’s partner, the Internet Crime Complaint Center (IC3) which stated that victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution.“Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, Wordpress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the IC3 stated in the warning.To read this article in full or to leave a comment, please click here

Qualys offers free IT asset management service for enterprises

IT security firm Qualys has unveiled a free inventory service that can help organizations keep track of all their computers and virtual machines.The service, called Qualys AssetView, provides an inventory of an organization’s computers and their software.Administrators can use the service to run reports that compile asset information, or to run search queries to find out which of their computers are running outdated or unlicensed software, for instance.Qualys AssetView gives IT and security staff a “simple and quick way” of figuring out what assets they have and what software is on them, said Sumedh Thakar, Qualys chief product officer.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Fueling the need for speed, Fastly raises $75 million

Fastly has a plan. And that plan revolves around unseating traditional content distribution network (CDN) vendors. For those unaware, CDNs are a critically important, but largely invisible (at least to end users), part of the infrastructure of the web. Quite simply, CDNs introduce locations close to consumption where content can be cached. What that means is that if you're in Timbuktu and trying to reach a website hosted in Outer Mongolia, rather than having to pull down all those pages all the way between the two points, you can leverage a CDN located near you to reduce page load times.And in a word where empirical data has shown massive revenue gains from even tiny increments in page load speed, every microsecond counts. Enter Fastly, a CDN vendor founded in 2011 that has built a significant presence and already powers such web properties as Twitter, the Guardian, Gov.UK, GitHub and Pinterest. Funded by a bevy of top-tier investors, including Amplify Partners, August Capital, Battery Ventures, ICONIQ Capital, IDG Ventures, and O’Reilly AlphaTech Ventures, Fastly is today announcing another raise, this time $75 million by way of a Series D round.To read this article in full or to leave Continue reading

Review: The Craft of Research

craft-of-researchThe Craft of Research
Booth, Colomb, and Williamns

Engineers don’t often think of themselves as researchers. After all, what does writing a bit of code, or building a network design, have to do with research? Isn’t research something academic type folks do when they’re writing really long, and really boring, papers that no-one ever reads? If that’s what you really think, then you’ve come to the wrong blog this week. :-) In fact, I’d guess that a good many projects get off track, and a good number of engineering avenues aren’t explored, because people just don’t know how to — or don’t enjoy — research. Research is at the very heart of engineering.

Even if it’s never published, writing a research style paper can help you clarify and understand the issues you’re facing, and think through the options. Reading IETF drafts, software design specs, and many other documents engineers produce is depressing some times.

Can’t we do better? Of course we can. Read this book.

This book, while it does focus on the academic side of writing a research paper, is also a practical guide to how to think through the process of researching a project. The authors begin with a Continue reading

FREE COURSE: Hack yourself first (before the bad guys do)

If you can't think like a hacker, it's difficult to defend against them. Such is the premise of this free, nine-part online course, presented by Computerworld and training company Pluralsight, about how to go on the cyber-offensive by using some of the same techniques and tools the bad guys do.This course comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks -- and now you can learn how they go about it. This approach helps IT managers and staffers, developers and others to begin immediately assessing their applications even when the apps are already running in a live environment without access to the source. After all, that's what the attackers are doing.To read this article in full or to leave a comment, please click here(Insider Story)

SDN switches aren’t hard to compromise, researcher says

Software-defined switches hold a lot of promise for network operators, but new research due to be presented at Black Hat will show that security measures haven't quite caught up yet.Gregory Pickett, founder of the Chicago-based security firm Hellfire Security, has developed several attacks against network switches that use Onie (the Open Network Install Environment).Onie is a small, Linux based operating system that runs on a bare-metal switch. A network operating system is installed on top of Onie, which is designed to make it easy and fast for the OS to be swapped with a different one.To read this article in full or to leave a comment, please click here

Worth Reading; The Great Man Theory

This matters because the great-man narrative carries costs. First, it has helped to corrode the culture of Silicon Valley. Great-man lore helps excuse (or enable) some truly terrible behavior. … And finally, technology hero worship tends to distort our visions of the future. via MIT

A note to remember — I don’t agree with everything I put up as a worth reading article. There are some good things here, and some bad. Watermelon seeds are meant to be spit out, though, not eaten with the sweet red stuff. And don’t even get into the rind.

The post Worth Reading; The Great Man Theory appeared first on 'net work.

Worth Reading: Toxic Employees

A clear disconnect is occurring at organizations across the U.S. when it comes to employee satisfaction, according to a new study released by Fierce, Inc., leadership development and training experts. The survey found that four out of five employees believe a toxic employee is extremely debilitating to team morale, while the same number agreed that their organizations are somewhat or extremely tolerant of these individuals. via fierce

The post Worth Reading: Toxic Employees appeared first on 'net work.

VMworld 2015 Networking and Security Sessions – Part I

vmworld2015-logo-black

At VMworld 2014 we focused on the basics of network virtualization. What VMware NSX is, what it does, and how network virtualization would change datacenter networking.  We shared the many benefits of virtualizing networks and you caught on.

Just one year later, network virtualization is going mainstream. So at VMworld 2015, have nearly 100 sessions that are guaranteed to fit your needs, whether you’re an #NSXninja or a network virtualization newbie.

Thinking about virtualizing the network at your company or organization? Want to see how others have done it? We’ve got 20 VMware NSX customers ready to share their learnings and insights and talk about how they’ve virtualized their networks.

Curious about how VMware is collaborating with industry leaders and emerging startups to solve customer problems around security, operations, and integration between the physical and virtual worlds? We’ve got sessions on those topics, too. Our partner ecosystem is growing and our partners will share the benefits of their integrated offerings.

But that’s not all! We will be highlighting proven VMware NSX use cases that will teach you all you need to know about a whole range of topics—from micro-segmentation to IT automation, multi-tenancy, application continuity, and security for VDIs.

Continue reading

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.Researchers from security firm Imperva found that attackers could easily hijack user accounts for services from Dropbox, Google Drive, Microsoft OneDrive and Box if they gain limited access to computers where such programs run—without actually stealing user names and passwords.Once the accounts are hijacked, attackers could use them to grab the data stored in them, and to remotely control the compromised computers without using any malware programs that could be detected by antivirus and other security products.To read this article in full or to leave a comment, please click here

1 3,388 3,389 3,390 3,391 3,392 3,860