Predicting winners and losers in the EMV rollout

We're just a couple months shy of the big EMV liability shift. That’s when companies that don't accept chip-enabled debit and credit cards take on financial responsibility for hacks and fraud.But who's ready? Who's not? And who will come out ahead when that October 1 deadline rolls around?"We operate a very large, diversified, complex payments ecosystem in the U.S.," says Randy Vanderhoof, director of the EMV Migration Forum. "We have thousands of issuers of payment cards. We have millions of merchant retailers and tens of millions of point of sale devices that all need to be upgraded and changed to support EMV."To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, July 27

Facebook prevails in shareholder lawsuit over IPOYou have to own stock to participate in a shareholder class action lawsuit, an appeals court has ruled, confirming an earlier Manhattan district court ruling. The case brought by Facebook shareholders accused the company of withholding key financial information from the public until after its IPO. Circuit Judge Dennis Jacobs said that because the shareholders weren’t owners of Facebook stock at the time the sales information wasn’t disclosed, they had no legal standing to sue.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, July 27

Facebook prevails in shareholder lawsuit over IPOYou have to own stock to participate in a shareholder class action lawsuit, an appeals court has ruled, confirming an earlier Manhattan district court ruling. The case brought by Facebook shareholders accused the company of withholding key financial information from the public until after its IPO. Circuit Judge Dennis Jacobs said that because the shareholders weren’t owners of Facebook stock at the time the sales information wasn’t disclosed, they had no legal standing to sue.To read this article in full or to leave a comment, please click here

New products of the week 07.27.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CudaLaunchKey features – CudaLaunch is designed for both mobile workers and IT administrators, with simple end-user features for productivity and easy-to-use management features for administrators. More info.  To read this article in full or to leave a comment, please click here

How much do CIOs really make? Pay packages of 25 Fortune 500 execs revealed

Inside CIO paychecksCIO salaries in the U.S. average between $157,000 and $262,500, according to Robert Half Technology. But salary is just the beginning. Cash bonuses and equity awards can propel pay packages into the millions. To find out how much CIOs at giant global companies really earn, we scoured the proxy statements of the 500 largest U.S. companies (according to Fortune's ranking) and found 25 that disclosed CIO pay. Here are the details on their pay packages, organized from lowest to highest paid. If available, compensation for these individuals in prior years is included.To read this article in full or to leave a comment, please click here

Security – Just Another Risk

I made a conscious decision to move away from full-time information security work. I retain an interest, and try to keep up with developments, but I don’t want to be “the security guy.” There are several reasons for it, but a large part is due to the hype, the bullshit, and general inability for the security industry to act like grown-ups.

The most frustrating part was the inability to properly classify risk. Robert Graham put this eloquently here:

Infosec isn’t a real profession. Among the things missing is proper “risk analysis”. Instead of quantifying risk, we treat it as an absolute. Risk is binary, either there is risk or there isn’t. We respond to risk emotionally rather than rationally, claiming all risk needs to be removed. This is why nobody listens to us. Business leaders quantify and prioritize risk, but we don’t, so our useless advice is ignored.

Security folk often forget that they are just another risk. Yes, it’s a risk shipping the product with that bug. But not shipping at all might be a larger risk to the business. Even complete data breach may or may not be catastrophic to the business – RSA is still Continue reading

US Census Bureau says breach didn’t expose household data

The U.S. Census Bureau said a data breach early last week did not expose survey data it collects on households and businesses.The leak came from a database belonging to the Federal Audit Clearinghouse, which collects audit reports from government agencies and other organizations spending federal grants, wrote John H. Thompson, the Census Bureau’s director, on Friday.The exposed information included the names of people who submitted information, addresses, phone numbers, user names and other data, he wrote.A group calling itself Anonymous Operations posted a link on Twitter leading to four files. The cyberattack was allegedly in protest of the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership, two pending trade agreements that have been widely criticized.To read this article in full or to leave a comment, please click here

Security holes in the 3 most popular smart home hubs and Honeywell Tuxedo Touch

At the 2015 Intelligent Defense European Technical Research Conference in June, Tripwire security researcher Craig Young presented Smart Home Invasion and revealed zero-day flaws in the “brains” of Internet of Things platform hubs such as SmartThings hubs, Wink hubs and MiOS Vera. The Wink and Vera products “contained critical remotely exploitable flaws.” Young warned that “if not addressed, smart home flaws can give rise to a new type of ‘smart criminal' able to case victims without being seen. Once a target is chosen, it is possible to unlock doors and disable security monitoring.”To read this article in full or to leave a comment, please click here

Citizens of Tech 011 – Prosthetic Phone Diving

In today’s show, we acknowledge our software overlords, let the cars do the driving, investigate Lego prosthetics, deep dive on diving, and more.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Citizens of Tech 011 – Prosthetic Phone Diving appeared first on Packet Pushers Podcast and was written by Ethan Banks.

EARLY ACCESS Q&A: New Cisco CEO Chuck Robbins heads into “hyper-connected” mode

When Cisco Systems employees head into work Monday they’ll encounter something they haven’t seen in two decades: A new boss. Chuck Robbins – formerly senior vice president of worldwide operations – takes over as CEO from John Chambers, one of the most visible and quotable figures in business.In this early-access interview with John Gallant, chief content officer of IDG US Media, Robbins sets out his priorities for Cisco and his new management team, and talks about the opportunities and challenges facing the network giant. Robbins dissects the competitive landscape and explains why so-called ‘white box’ data center gear and software-defined networks are not the threats to Cisco that some pundits contend. He also describes his vision for the “hyper-connected architecture” that will speed customer digitization efforts and help IT capture the value in the Internet of Things. Finally, Robbins talks about life at Cisco under a leader not named John.To read this article in full or to leave a comment, please click here

MikroTik CCR1072-1G-8S+ Review (Part 2) – BGP Performance

 

[adrotate banner=”4″]

 

Here is Part 1 of the CCR1072-1G-8S+ review in case you missed it!

CCR1072-1G-8S+ Ultimate BGP Performance test

After many days of testing, Part 2 is finally here! Welcome to the stubarea51.net BGP gauntlet. We subjected the CCR1072 to different types of network torture stress testing. Continuing on from our initial review, we chose BGP as the first way to test the limits and capacity of the CCR1072-1G-8S+.

Here is an overview of our lab environment to test the new CCR

  • CCR1072-1G-8S+
  • CCR1009-8G-1S-1S+
  • CRS-125-24G-1S+
  • x86 VMs on ESXi 6.0 for upstream BGP peering
  • (2) ESXi 6.0 Hosts with 20 Gb (4×10) connectivity
  • Multimode 10 gig SFP+ using 50/125 OM3 fiber

All RouterOS devices were loaded with the latest stable code (6.30.1 at the time of testing)

Network Design of the StubArea51 LAB setup for BGP testing

For this series of testing, we took our two ESXi 6.0 hosts and built a number of VMs using RouterOS and Ubuntu to supply the 1.21 Gigawatts 3.6 Million routes we would need to beat up on the CCR1072 for a few days. If you’re not familiar with the RIPE Routing Information Service Continue reading

/bin/sh – checking for bash vs dash incompatibilities

I have been investigating a problem where an application would install on RHEL/CentOS, but not on Ubuntu. I tracked it down to a problem with shell scripts that assumed that /bin/sh was bash. Ubuntu uses dash by default, so some ‘bashisms‘ don’t work. This will be old news to Ubuntu types that migrated to dash a while back, but I normally use CentOS/RHEL systems, and/or well-behaved cross-platform scripts. Luckily ‘checkbashisms‘ can help with figuring out what changes are needed.

I don’t want to go into the history of Unix shells, but there are probably more shell variants than there are *nix variants. Some are very different, and completely incompatible. But others are only different in subtle ways, and most things works without modification. If your script explicitly calls the required shell with “#!/bin/zsh” or “#!/bin/csh”, all will be fine. The problem comes when your script starts with “#!/bin/sh”. That will call the system shell, which can vary across different systems. If you’re using that, your script should be portable, and only implement a subset of possible functionality. People get in the habit of using “/bin/sh”,  but using shell-specific features. That’s when things get ugly when you run Continue reading

CloudFlare headed to HostingCon 2015. Thanks for the memories and let’s create some more!

alt

The CloudFlare team is heading to HostingCon 2015 in San Diego next week. We are excited to meet colleagues from the industry, reconnect with partners, and make new friends.

This year’s conference marks a milestone of sorts. It’s our fifth time at HostingCon and we’ve come full circle - our first HostingCon took place in San Diego. Here are some fun facts on what we’ve accomplished since our first HostingCon in 2011:

  • 25 new data centers expanded our network to a total of 36 worldwide
  • 2M+ customers served
  • 800+ conference attendees transported in our signature limo service. If you haven’t already, sign up to arrive in style.
  • 2,500+ Nerf guns delivered. Check out the new models this year in celebration of Railgun 5.0 launch
  • 3,000+ CloudFlare t-shirts bringing smiles to our partners

Today, CloudFlare is trusted by over 5,000 partners who offer performance and security to millions of customers accelerating and protecting websites, APIs, and mobile apps. We work hard to deliver real savings for our partners. For example, over the past month we saved our partners more than 25 petabytes in aggregate bandwidth (roughly equivalent to 350 hours of HDTV video); stopped 65 billion+ malicious attacks that would Continue reading

Apple Pay rival CurrentC to start rolling out next month

CurrentC, an electronic payment system backed by many of the biggest retailers in the U.S., will begin a limited public roll-out in August, Bloomberg News reported on Friday.The smartphone-based technology is intended to rival payment services from Apple, Google and Samsung, and an August launch would be in line with the “mid-2015” schedule the company told IDG News Service in April.CurrentC will offer the same type of convenience as its rivals, enabling consumers to pay at participating retail outlets by phone. But rather than rely on the phone’s wireless NFC (near-field communications) chip, the first-generation CurrentC involves the customer scanning a barcode on a retail terminal to initiate payment.To read this article in full or to leave a comment, please click here

1 3,401 3,402 3,403 3,404 3,405 3,860