FBI warns businesses of spike in email/DDOS extortion schemes

The FBI said there has been a significant uptick in the number of businesses being hit with extortion schemes where a company receive an e-mail threatening a Distributed Denial of Service (DDoS) attack to its Website unless it pays a ransom, usually in varying amounts of Bitcoin.The report comes from the FBI’s partner, the Internet Crime Complaint Center (IC3) which stated that victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution.“Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, Wordpress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the IC3 stated in the warning.To read this article in full or to leave a comment, please click here

Qualys offers free IT asset management service for enterprises

IT security firm Qualys has unveiled a free inventory service that can help organizations keep track of all their computers and virtual machines.The service, called Qualys AssetView, provides an inventory of an organization’s computers and their software.Administrators can use the service to run reports that compile asset information, or to run search queries to find out which of their computers are running outdated or unlicensed software, for instance.Qualys AssetView gives IT and security staff a “simple and quick way” of figuring out what assets they have and what software is on them, said Sumedh Thakar, Qualys chief product officer.To read this article in full or to leave a comment, please click here

Skyport DemoFriday: Learn How SkySecure Intends to Disrupt the Security & Server Markets

Security threats are changing. Your security measures need to change, too. Find out what to do with the help of Skyport Systems and its SkySecure product.

IDG Contributor Network: Fueling the need for speed, Fastly raises $75 million

Fastly has a plan. And that plan revolves around unseating traditional content distribution network (CDN) vendors. For those unaware, CDNs are a critically important, but largely invisible (at least to end users), part of the infrastructure of the web. Quite simply, CDNs introduce locations close to consumption where content can be cached. What that means is that if you're in Timbuktu and trying to reach a website hosted in Outer Mongolia, rather than having to pull down all those pages all the way between the two points, you can leverage a CDN located near you to reduce page load times.And in a word where empirical data has shown massive revenue gains from even tiny increments in page load speed, every microsecond counts. Enter Fastly, a CDN vendor founded in 2011 that has built a significant presence and already powers such web properties as Twitter, the Guardian, Gov.UK, GitHub and Pinterest. Funded by a bevy of top-tier investors, including Amplify Partners, August Capital, Battery Ventures, ICONIQ Capital, IDG Ventures, and O’Reilly AlphaTech Ventures, Fastly is today announcing another raise, this time $75 million by way of a Series D round.To read this article in full or to leave Continue reading

Terracotta VPN Piggybacks On Network Of Compromised Windows Servers

Petition to Increase Cisco VIRL Node Limit

Cisco VIRL is a great tool but it is artificially limited to a maximum of 15 nodes today. I have created a petition to collect names to send to Cisco, to show that the community really wants to increase this limit to at least 30 nodes.

Please go sign the petition if you are interested in seeing VIRL get support for more than 15 nodes.

Please sign here.

Review: The Craft of Research

The Craft of Research
Booth, Colomb, and Williamns

Engineers don’t often think of themselves as researchers. After all, what does writing a bit of code, or building a network design, have to do with research? Isn’t research something academic type folks do when they’re writing really long, and really boring, papers that no-one ever reads? If that’s what you really think, then you’ve come to the wrong blog this week. In fact, I’d guess that a good many projects get off track, and a good number of engineering avenues aren’t explored, because people just don’t know how to — or don’t enjoy — research. Research is at the very heart of engineering.

Even if it’s never published, writing a research style paper can help you clarify and understand the issues you’re facing, and think through the options. Reading IETF drafts, software design specs, and many other documents engineers produce is depressing some times.

Can’t we do better? Of course we can. Read this book.

This book, while it does focus on the academic side of writing a research paper, is also a practical guide to how to think through the process of researching a project. The authors begin with a Continue reading

FREE COURSE: Hack yourself first (before the bad guys do)

If you can't think like a hacker, it's difficult to defend against them. Such is the premise of this free, nine-part online course, presented by Computerworld and training company Pluralsight, about how to go on the cyber-offensive by using some of the same techniques and tools the bad guys do.This course comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks -- and now you can learn how they go about it. This approach helps IT managers and staffers, developers and others to begin immediately assessing their applications even when the apps are already running in a live environment without access to the source. After all, that's what the attackers are doing.To read this article in full or to leave a comment, please click here(Insider Story)

SDN switches aren’t hard to compromise, researcher says

Software-defined switches hold a lot of promise for network operators, but new research due to be presented at Black Hat will show that security measures haven't quite caught up yet.Gregory Pickett, founder of the Chicago-based security firm Hellfire Security, has developed several attacks against network switches that use Onie (the Open Network Install Environment).Onie is a small, Linux based operating system that runs on a bare-metal switch. A network operating system is installed on top of Onie, which is designed to make it easy and fast for the OS to be swapped with a different one.To read this article in full or to leave a comment, please click here

Worth Reading; The Great Man Theory

This matters because the great-man narrative carries costs. First, it has helped to corrode the culture of Silicon Valley. Great-man lore helps excuse (or enable) some truly terrible behavior. … And finally, technology hero worship tends to distort our visions of the future. via MIT

A note to remember — I don’t agree with everything I put up as a worth reading article. There are some good things here, and some bad. Watermelon seeds are meant to be spit out, though, not eaten with the sweet red stuff. And don’t even get into the rind.

The post Worth Reading; The Great Man Theory appeared first on 'net work.

Worth Reading: Toxic Employees

A clear disconnect is occurring at organizations across the U.S. when it comes to employee satisfaction, according to a new study released by Fierce, Inc., leadership development and training experts. The survey found that four out of five employees believe a toxic employee is extremely debilitating to team morale, while the same number agreed that their organizations are somewhat or extremely tolerant of these individuals. via fierce

The post Worth Reading: Toxic Employees appeared first on 'net work.

Avni Strikes a Cloud Partnership With HP

HP buys into the Software Defined Cloud.

VMworld 2015 Networking and Security Sessions – Part I

At VMworld 2014 we focused on the basics of network virtualization. What VMware NSX is, what it does, and how network virtualization would change datacenter networking.  We shared the many benefits of virtualizing networks and you caught on.

Just one year later, network virtualization is going mainstream. So at VMworld 2015, have nearly 100 sessions that are guaranteed to fit your needs, whether you’re an #NSXninja or a network virtualization newbie.

Thinking about virtualizing the network at your company or organization? Want to see how others have done it? We’ve got 20 VMware NSX customers ready to share their learnings and insights and talk about how they’ve virtualized their networks.

Curious about how VMware is collaborating with industry leaders and emerging startups to solve customer problems around security, operations, and integration between the physical and virtual worlds? We’ve got sessions on those topics, too. Our partner ecosystem is growing and our partners will share the benefits of their integrated offerings.

But that’s not all! We will be highlighting proven VMware NSX use cases that will teach you all you need to know about a whole range of topics—from micro-segmentation to IT automation, multi-tenancy, application continuity, and security for VDIs.

Continue reading

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.Researchers from security firm Imperva found that attackers could easily hijack user accounts for services from Dropbox, Google Drive, Microsoft OneDrive and Box if they gain limited access to computers where such programs run—without actually stealing user names and passwords.Once the accounts are hijacked, attackers could use them to grab the data stored in them, and to remotely control the compromised computers without using any malware programs that could be detected by antivirus and other security products.To read this article in full or to leave a comment, please click here

Dark Reading News Desk Live At Black Hat 2015

China to plant Internet police in top online firms

China’s control over the Internet is set to expand. In a bid to better police local websites, the country’s security forces are establishing offices at the biggest online firms in the country.The country’s Ministry of Public Security announced the new measures on Tuesday, at a time when authorities have been increasingly concerned also about cyberthreats.Websites based in China already have to abide by strict provisions for online censorship, and will often delete any content deemed offensive by government censors.To read this article in full or to leave a comment, please click here

Dublin, Ireland: CloudFlare’s 38th data center

Top of the morning to our users and readers from Ireland! Our latest PoP in Dublin is our 38th globally, and 14th in Europe following our Bucharest deployment last week. As of yesterday, traffic from Ireland's 3.6 million Internet users will now be routed through Dublin as opposed to our London PoP (which will still serve as a point of redundancy).

Silicon Docks

By now you've heard of Silicon Valley, Silicon Alley, and possibly even Silicon Prairie, but across the pond there's another tech hub making quite a name for itself. Silicon Docks, the Dublin neighborhood bordering the Grand Canal Docks, is home to the European headquarters of Google, Facebook, Twitter, Dropbox, AirBnb, LinkedIn and CloudFlare customer, Yelp, just to name a few. While our own European headquarters is in London, Dublin's exploding tech scene made it an obvious choice for a new PoP.

Dublin is also near to our hearts as the home of CloudFlare customers Web Summit and F.ounders, two of the world's premier tech conferences. Visitors to the 2012 Web Summit and F.ounders events may even remember being greeted Continue reading

Improve Your Open Networking Experience with Cumulus Virtual Appliance

Unsupported BNA Hacks

Here’s a couple of quick hacks for working with Brocade Network Advisor. It’s unsupported, but you can run BNA on Ubuntu. You can also suppress the client-side JRE version mismatch warning.

Ubuntu Install

If you try to install BNA on Ubuntu, it fails during the DB initialization & setup phase. There are two reasons for this:

• gawk is not where the installer thinks it should be
• Some scripts run as “/bin/sh”, but use bashisms.

Before running the installation, make these two changes:

• Run “sudo ln -s /usr/bin/gawk /bin/gawk”
• Run “sudo dpkg-reconfigure dash” and select “No”

After that the DB setup will complete. Leaving the gawk symlink in place won’t hurt anything else. You can probably change the system shell back to dash, but you may run into problems if you run any of the BNA utility scripts.

Client-side JRE check

When you launch the BNA Desktop client, it checks your local JRE version against a list of supported versions. It’s Continue reading

10 signs your SysAdmin is really a superhero