Thoughts on Cisco Live 2015

Cisco Live 2015 Twitter Pic

We’ve secretly replaced Tom with Mike Rowe. Let’s see if anyone notices…

Cisco Live 2015 is in the books. A great return to San Diego. A farewell from John Chambers. A greeting from Chuck Robbins (@ChuckRobbins). And a few other things.

The Community is Strong, But Concerned

The absolute best part of Cisco Live is the community that has grown from the social media attendees. More than once I heard during the week “I can’t believe this used to be 20-30 people!”. The social community continues to grow and change. Some people move on. Others return from absence. Still others are coming for the first time.

The Cisco Live social community is as inclusive as any I have seen. From the Sunday night Tweetup to the various interactions throughout the week, I’m proud to be a part of a community that strives to make everyone feel like they are part of a greater whole. I met so many new people this year and marveled at the way the Social Media Hub and Meetup Area were both packed at all hours of the day.

That being said, the community does have some concerns. Some of them are around Continue reading

Software applications have on average 24 vulnerabilities inherited from buggy components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.Even worse, these software makers wouldn’t be able to tell which of their applications are affected by a known component flaw even if they wanted to because of poor inventory practices.Last year, large software and financial services companies downloaded 240,757 components on average from one of the largest public repositories of open-source Java components. Over 15,000 of those components, or 7.5 percent, had known vulnerabilities, according to Sonatype, the company that manages the repository.To read this article in full or to leave a comment, please click here

Want an easily repaired smartphone? Fairphone 2 might be for you

Fairphone, the Dutch company that aims to sell socially responsible smartphones, is working on a second model that be repaired with little hassle and won’t easily break. The company is also sticking with its goal of using conflict-free or fair trade minerals.One of the company’s key aims with the Fairphone 2 was to extend the longevity of the product.Making it easy to repair is part of that. For example, it will be possible to replace the display on the Fairphone 2 in less than a minute, the company promises. After removing the case and battery, the two clips that lock the display in place are slid towards each other, and then the entire unit can be taken out, CTO Olivier Hebert said in a blog post on Tuesday.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, June 16

Civil liberties faction walks out on facial recognition talksU.S. talks aimed at crafting rules on responsible use of facial recognition technology have fallen apart after a united front of civil rights and consumer groups walked out, saying the bare minimum of their demands on behalf of consumers aren’t being met. That position, accord to a statement issued by the coalition, is that “people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement—and identifying them by name—using facial recognition technology.”To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, June 16

Civil liberties faction walks out on facial recognition talksU.S. talks aimed at crafting rules on responsible use of facial recognition technology have fallen apart after a united front of civil rights and consumer groups walked out, saying the bare minimum of their demands on behalf of consumers aren’t being met. That position, accord to a statement issued by the coalition, is that “people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement—and identifying them by name—using facial recognition technology.”To read this article in full or to leave a comment, please click here

Should I panic because Lastpass was hacked?

Maybe, maybe not. Lastpass uses 100000 iterations in its PBKDF2 algorithm. If you chose a long, non-dictionary password, nobody can crack it. Conversely, if you haven't, then yes, you need to change it.

I benchmarked this on my computer using "oclHashcat". It's not an exact match with the Lastpass algorithm, but it's close enough to show the performance.


As you can see, my machine is getting 2577 (two and a half thousand) random password guesses per second. This may sound like a lot, but it's not not, because cracking passwords is exponentially difficult.

Consider normal hashes, not the stronger ones used by Lastpass. My desktop can crack 1 billion of those per second.  Consider that a password can be built from UPPER and lower case letters, numbers, and punctuation marks -- or about 64 variations per character.

In this case, a 5 letter password has 1 billion combinations, so a fast computer can guess it in a second. Adding one letter, with it's 64 different possibilities, makes this 64 times harder, meaning it'll take a minute. Another letter (7), and it becomes an hour. Another letter (to 8), and it becomes several days. Another letter (9), and it becomes a Continue reading

Privacy groups to quit US talks on facial recognition standards

Nine privacy groups plan to withdraw from U.S. government-hosted negotiations to develop voluntary facial-recognition privacy standards because the groups feel the process won’t lead to adequate privacy protections.Industry representatives at the talks have been pushing to limit consumer control over the facial recognition data collected, the groups said in a letter to be released Tuesday.“We are convinced that in many contexts, facial recognition should only occur when an individual has affirmatively decided to allow it to occur,” wrote the groups, including the Center for Digital Democracy, the Electronic Frontier Foundation and Consumer Action. “Industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.”To read this article in full or to leave a comment, please click here

Cisco Live – The Complaints

You should know by now that I always find something to complain about.  Is that a bad thing?  Probably.  Does it help improve things?  Absolutely!

Again, I love going to Cisco Live every year.  Without question, it’s my favorite event of the year.  It’s a great event with great people and great things to do.  With that said, let’s look at what could have been a bit better this year.

  • Seating – There was a terrible lack of seating around the convention center this year.  I spent a good part of the time standing around when I wasn’t in a session, which is not good for a lazy, fat guy like me.  We’re talking standing for 5 days here.  In the past, there have been plenty of places to sit throughout the event, so I don’t really know what happened here.
  • Logistics at the CAE – This happens every year.  You’re told to go in one gate at the CAE, but no one listens or your information is wrong; you wind up standing in line behind 18849298 people who were all behind you at one point.  Then you have to get your bag searched.  Then they take half your swag Continue reading

Duqu 2.0 used digital certificates belonging to Foxconn

A deeper look into the latest version of malware known as Duqu shows it used digital certificates from prominent contract manufacturer Foxconn Technology Group to help mask its activity.Kaspersky Lab, which published a report on Duqu 2.0 last week, wrote in a blog post Monday that a 64-bit driver within the malware employed a digital certificate signed by Hon Hai Precision Industry, also known as Foxconn.Digital certificates are used for encrypting data and verifying the legitimacy of websites and applications. Using a digital certificate issued to a trusted organization makes it less likely that an application is going to be detected as harmful.To read this article in full or to leave a comment, please click here

SD-WAN Gives Us The Best Path We Always Wanted

In networking, we rely on routing protocols to compute best path. That is to ask, from the perspective of a given router in a routing domain, what is the best way to reach a destination? Best path is typically computed using simplistic metrics like hop count, cost, bandwidth, and delay. Traditional "best path" thinking is effective, insofar as it goes. It scales to a large number of devices and destinations. It is resilient. It is mature. However, it has its limitations. Software defined WAN brings a much more sophisticated metric to the computation of best path.

Online password locker LastPass hacked

LastPass users will be prompted to change their master passwords after the online password locker company reported that its network was breached on Friday.The company revealed the breach in a blog post Monday after investigating “suspicious activity” discovered by its security team. According to LastPass, the investigation did not reveal any evidence that the attackers stole encrypted data from users’ password vaults, nor did the intruders gain access to LastPass users’ accounts. That said, the attackers were able to steal account email addresses, password reminders, server per user salts, and authentication hashes.To read this article in full or to leave a comment, please click here

Self-driving cars? Get ready for self-driving data

Once the dreams of science-fiction, self-driving cars will soon allow passengers to specify a destination and let the car pick the best route based on factors such as time, traffic, freeways and fuel consumption. This kind of automation for an enterprise’s most precious commodity – data – is also soon coming to a data center near you.

Intelligent data mobility delivered through data virtualization will allow IT professionals to specify service-level objects (SLO) such as performance, reliability, high availability, archiving and cost, and then let software automatically move data to the right storage in real time. Let’s examine the problem of data immobility and how data placement through data virtualization will finally solve common mismatch of compute and storage, resource sprawl and the cost of overprovisioning.

To read this article in full or to leave a comment, please click here

Self-driving cars? Get ready for self-driving data

Once the dreams of science-fiction, self-driving cars will soon allow passengers to specify a destination and let the car pick the best route based on factors such as time, traffic, freeways and fuel consumption. This kind of automation for an enterprise’s most precious commodity – data – is also soon coming to a data center near you.Intelligent data mobility delivered through data virtualization will allow IT professionals to specify service-level objects (SLO) such as performance, reliability, high availability, archiving and cost, and then let software automatically move data to the right storage in real time. Let’s examine the problem of data immobility and how data placement through data virtualization will finally solve common mismatch of compute and storage, resource sprawl and the cost of overprovisioning.To read this article in full or to leave a comment, please click here

Qualcomm may adapt LTE into a network anyone can deploy

As if the all the controversy over LTE networks crowding out Wi-Fi isn’t enough, a new technology in the works at Qualcomm Research might allow a lot more people to set them up.LTE was designed to run on frequencies licensed by mobile operators for their exclusive use. But an emerging technology called LTE-Unlicensed allows the cellular system to supplement those frequencies with unlicensed spectrum that’s shared with systems like Bluetooth and Wi-Fi. This gives the carriers additional spectrum that they don’t have to pay for in an auction.To read this article in full or to leave a comment, please click here

Network Break 40

Take a Network Break! Grab a coffee, a doughnut and then join us for an analysis of the latest IT news, vendor moves and new product announcements. We’ll separate the signal from the noise–or at least make some noise of our own. Cisco Execs Quit, Naturally. The predicted leadership exodus at Cisco has started. Leadership […]

The post Network Break 40 appeared first on Packet Pushers.

1 3,402 3,403 3,404 3,405 3,406 3,809