Windows 10 will allow apps to actively scan their content for malware

Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users’ computers.The goal of the new Antimalware Scan Interface (AMSI) is to let applications send content to the locally installed antivirus product to be checked for malware.According to Microsoft, this can have important benefits when dealing with script content in particular, because malicious scripts are commonly obfuscated to bypass antivirus detection. Scripts also typically get executed in the memory of the applications that are designed to interpret them, so they don’t create files on disk for antivirus programs to scan.To read this article in full or to leave a comment, please click here

House panel votes to delay net neutrality rules

A U.S. House of Representatives subcommittee has voted to require the Federal Communications Commission to suspend new net neutrality rules until a series of lawsuits challenging the regulations are resolved.The action by the House Appropriations Committee’s general government subcommittee Thursday comes too late to stop the new rules from going into effect as scheduled Friday. The requirement could force the FCC to suspend the rules in the coming months though it’s unlikely that President Barack Obama, a strong supporter of net neutrality rules, would sign the appropriations bill requiring a delay of the regulations.The net neutrality rules, which classify broadband as a regulated telecom service, will go into effect Friday unless a U.S. appeals court decides at the last minute to delay the rules, as requested by several broadband groups.To read this article in full or to leave a comment, please click here

BRKSEC-2137 – Snort Implementation in Cisco Products

Presenter: Eric Kostlan, Technical Marketing Engineer, Cisco Security Technologies Group

Above all, Snort is a community –Eric

Snort stats

• over 4 million downloads
• nearly 500,000 registered users

Snort was created in 1998 (!!). Sourcefire founded in 2001.

The Snort engine

• Packet sniffer (DAQ)
• Packet decoder
• Preprocessors
• Detection engine
• Output module

DAQ – packet acquisition library(ies?). Snort leverages this to pull packets off the wire (Snort doesn’t have its own built-in packet capture abilities). DAQ provides a form of abstraction between the Snort engine and the hardware where the bits are flowing. DAQ – Data AcQusition. DAQ modes: inline, passive or read from file.

Packet decoder – look for header anomalies, look for weird TCP flags, much more. Generator id (GID) is 116 for the packet decoder. Decodes Layer  and Layer 3 protocols with a focus on TCP/IP suite.

Preprocessors – apply to Layer 3, 4, and 7 protocols. “Protocol decoders”. Normalizes traffic. Major preprocessors: frag3 (reassembly), stream5 (reconstruct TCP streams), http_inspect (normalizes http traffic), protocol decoders (telnet, ftp, smtp, so on).

Detection engine – various performance settings (eg, how long to spend on regex). Two components: rule builder and inspection component. Rule builder: assembles the rules into Continue reading

Featured Interview: When is Open Not Open? Dell Discusses Their Anti-lock-in NFV Strategy

Jeff Baher discusses Dell's NFV Strategy and what we can expect from Dell's NFV approach.

Chip vendors work to make Bluetooth perfect fit for IoT

Bluetooth Low Energy (BLE) has become a key building block for the Internet of Things, and chip makers are working to make it an even better fit by using the technology to further reduce power consumption of devices and helping developers implement it.Applications have been a key ingredient in making smartphones a huge success. Vendors are hoping to repeat that recipe for IoT, with semiconductor companies such as ST Microelectronics coming up with tools to make BLE, a set of specifications for reduced-power wireless networking, easier for developers to use.ST has launched an offering for voice over BLE, which includes the necessary software, components and development tools to integrate voice control in wearables and home-automation systems. Voice control can aid battery life by minimizing touchscreen usage, while improving ease-of-use, according to ST.To read this article in full or to leave a comment, please click here

Last Call to Register for the HP DemoFriday: Enhance Optimization & Visibility with HP SDN Applications

Last call for registration! Sign up now for the HP DemoFriday and learn how your organization can enhance optimization & visibility with HP SDN applications.

10 hot enterprise storage companies to watch

  Amidst all the venture investments this year in startups that generate gobs of data -- from those focused on everything from apps to drones to the Internet of Things to Big Data -- are a batch of newcomers aiming to help organizations store and access all that information. Yes, storage companies are pulling in big bucks in 2015, as they did in 2014, and a couple have even double-dipped this year and announced two rounds of funding.To read this article in full or to leave a comment, please click here

9 hot enterprise storage companies to watch

  Amidst all the venture investments this year in startups that generate gobs of data -- from those focused on everything from apps to drones to the Internet of Things to Big Data -- are a batch of newcomers aiming to help organizations store and access all that information. Yes, storage companies are pulling in big bucks in 2015, as they did in 2014, and a couple have even double-dipped this year and announced two rounds of funding.To read this article in full or to leave a comment, please click here

An Example of Obsfucation

With reference to the Verification exercise embarked upon as a result of the Payment Claim Application received from you on the settlement of the subsidiary contract payment on the Over Due Contract Resettlement, I wish to inform you that a Provisional Approval have been given to recognize your claim and consequently commence the final process of the payment regularization, validation and release to you. By Standard Chartered Bank.

When you read a sentence and think, “I don’t know what that says,” it generally means nothing was actually said. IE — it’s spam.

The post An Example of Obsfucation appeared first on 'net work.

IDG Contributor Network: IoT to cause major security headaches, says report

Workers bringing Internet of Things (IoT) devices to work could add to future enterprise vulnerabilities, a new report says. RAND Corporation’s latest study on cybersecurity delves into how a growing number of connected devices will add to an enterprise’s “attack surface.” The researchers say that device protocols, of the kind used by IoT, probably won’t have gone through the same vulnerability testing as traditional software does. And that coupled with lean start-up mentalities by developers of IoT will create devices where security is an afterthought. Devices will be functional, but “riddled with security vulnerabilities,” the report reckons.To read this article in full or to leave a comment, please click here

Bahrain

The post Bahrain appeared first on 'net work.

How to sell the Internet of Things to consumers

Despite the tech industry's best efforts over the past few years, the Internet of Things (IoT) has only slowly begun to gain a foothold in consumer markets. Consumers do, however, still represent a massive opportunity for IoT, and the companies in this space will be paying close attention to consumer acceptance of the technology.Today, machine-to-machine company ThroughTek released results from its recent consumer survey on the IoT and smart home technology. The survey was conducted last month by research firm YouGov, and included 1,181 U.S. adults.See also: Smart home hacking is easier than you think Consumers appear to be growing more optimistic about the IoT in the near future. Thirty-one percent said they believe a "fully connected smart home" will be achievable in the next year, while 60% say it's possible within five years, according to the survey.To read this article in full or to leave a comment, please click here

Enterprise mobility slowed by security concerns

Mobility is marching forward in the enterprise in all sorts of ways, say some 430 companies at MobileIron's user conference in San Francisco this week. Yet they're facing the same stiff hurdle -- namely, security. These were the key highlights of the keynote session, which included a special guest appearance by an Uber executive.On the upside, mobility in the enterprise has room to grow. MobileIron asked attendees to give inspirational mobile ideas that will benefit customers, employees and shareholders alike, as well as rate these ideas. The most popular ones concerned security, such as having a security application that's available anytime, anywhere across a range of devices, thus allowing employees to work from home or while traveling.To read this article in full or to leave a comment, please click here

How to use enterprise Wi-Fi security in SMBs

It's become de rigeur to protect wireless networks with Wi-Fi Protected Access II (WPA2) security, but many small and even midsize businesses default to using the personal or pre-shared key (PSK) mode of WPA2, rather than its enterprise mode. Despite its name, however, the enterprise mode isn't only for large networks; it has a place in all businesses. Though you might think the simple personal mode is easier to use, the exact opposite can be true if you factor in the ongoing effort required to properly secure the business's network.Connecting devices that support enterprise modeTo read this article in full or to leave a comment, please click here(Insider Story)

Duqu spy group also targeted telecommunications companies

The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran.On Wednesday, Moscow-based antivirus firm Kaspersky Lab, which has been deeply involved in exposing sophisticated cyberespionage campaigns over the past few years, revealed that it too fell victim to such an attack.The company discovered in early spring that several of its internal systems were infected with a new version of Duqu, a sophisticated malware platform believed to be related to the Stuxnet worm used to sabotage Iran’s nuclear enrichment centrifuges at Natanz.To read this article in full or to leave a comment, please click here

ONOS and AT&T Team Up to Deliver CORD

ON.Lab wants to transform the CO into a data center, and will demo the concept at Open Networking Summit.

The Upload: Your tech news briefing for Thursday, June 11

Google wants in on this “smart cities” thing tooGoogle has launched Sidewalk Labs, a New York-based company that will develop technology to make urban transportation and government more efficient, as well as lower the cost of living and cut energy use. The search giant is a little late to the party: Cisco, IBM and Microsoft are already heavily invested in this space, and the European Union has a major Smart Cities initiative as part of its Digital Agenda.Ebay, PayPal scrutinized for claiming robocall rights in user agreementsTo read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, June 11

Google wants in on this “smart cities” thing tooGoogle has launched Sidewalk Labs, a New York-based company that will develop technology to make urban transportation and government more efficient, as well as lower the cost of living and cut energy use. The search giant is a little late to the party: Cisco, IBM and Microsoft are already heavily invested in this space, and the European Union has a major Smart Cities initiative as part of its Digital Agenda.Ebay, PayPal scrutinized for claiming robocall rights in user agreementsTo read this article in full or to leave a comment, please click here

Cisco Live!: In pictures

Group shotImage by FacebookOutgoing and incoming Cisco CEOs John Chambers and Chuck Robbins weren’t the only attractions at the annual Cisco event in San Diego this week, though they did seem to be everywhere (Chambers in center, with blazer).RELATED: Cisco boosts cloud software, lines up ISVs to write Internet of Everything servicesTo read this article in full or to leave a comment, please click here

iOS Developers — Migrate to iOS 9 with CloudFlare

Thousands of developers use CloudFlare to accelerate and secure the backend of their mobile applications and websites. This week is Apple’s Worldwide Developers Conference (WWDC), where thousands of Apple developers come to San Francisco to talk, learn and share best practices for developing software for Apple platforms. New announcements from Apple this week make CloudFlare an even more obvious choice for application developers.

New operating systems, new application requirements

The flagship announcement of WWDC 2015 was a new version of Apple’s mobile operating system, iOS 9, to be released in September with a developer preview available now. They also announced a new Mac operating system, OS X El Capitan, launching in the fall. Apple has a track record of developing and supporting technologies that enhance user privacy and security with iMessage and Facetime and the trend is continuing with these new operating systems. In both cases, Apple is requiring application developers to make use of two network technologies that CloudFlare is big fan of: HTTPS and IPv6.

For iOS 9 and El Capitan, all applications submitted to the iOS and Mac App Stores must work over IPv6. In previous versions, applications were allowed that only worked with IPv4.

From Continue reading