Miche67 writes: Cloud computing offers many benefits, but not everyone profits equally from the changes--as witnessed by Cisco's announcement that it is laying off 5,500 workers.
Basically, Cisco is trying to keep up with fundamental changes in the world of infrastructure, writes Fredric Paul, the biggest of which is the rise of cloud computing.
"Not surprisingly, that epic shift is having a profound effect on the types of networking equipment that companies buy from vendors such as Cisco, as well as the kinds of companies that make up the switching giant’s customer base," he writes.
So, while cloud computing has many benefits, it also has a downside. And the pain of those laid off workers is very real. Because of that, Paul urges everyone to think about how they can help those Cisco workers.
Because while the cloud is clearly today’s red-hot trend, no one knows what tomorrow’s technology innovations will bring, and any one of us could be the one in need of a helping hand in a couple years.
itwbennett writes: Brendan Dolan-Gavitt, an assistant professor at New York University’s school of engineering, is one of the researchers going over the samples from the stolen cache of files that may belong to the National Security Agency, after an anonymous group called the Shadow Brokers posted them online. What he's finding is genuine hacking tools that not only work, but show a level of sophistication rarely seen, including malware that can infect a device’s firmware and persist, even if the operating system is reinstalled. 'It's terrifying because it demonstrates a serious level of expertise and technical ability,' said Dolan-Gavitt. But the hacks, which target firewall and router products, may not be as dangerous as researchers initially feared. For example, the exploits found within the samples rely on having direct access to the firewall’s interface, which is normally restricted from outside Internet users, said Brian Martin, a director at Risk Based Security, who has been studying the sample files as well.
itwbennett writes: Analyst firm Wikibon 'believes that leading vendors are currently at or below a $100M/yr run-rate for OpenStack-related business (hardware, software, services),' writes John Furrier on LinkedIn. This means, 'the sum total of all [OpenStack] vendors has to be less than $2 billion,' says Bernard Golden, who foretells the death of private cloud in a recent article. Meanwhile, in public cloud land, Amazon Web Services posted $2.88 billion in revenue in Q2 2016, and Azure revenues, which are harder to figure because Microsoft includes services like Office 365 in its 'cloud business' numbers were about $800 million in the quarter ending June 30, writes Golden. The numbers don't tell the whole story, of course, but that's not good news either, because, as Golden puts it, 'While private cloud proponents have spent the last five years focusing on getting their IaaS offerings working, Amazon, Microsoft and Google have moved way beyond core computing services.'
itwbennett writes: At r00tz Asylum, a kids-only gathering at DEF CON, 10-year-old Evan Robertson presented his first-place winning school science fair project, which showed how quickly people will hand over their privacy for a little free Wi-Fi. Robertson set up a Wi-Fi hotspot with terms-of-service that would allow him to access or modify connecting devices 'in any way.' In his science fair experiment, 76 people at local malls and stores connected to his hotspot, and 40 of them (52%) accepted the TOS to gain access. And, proving that security pros aren't all quite as privacy-minded as you might expect them to be, Robertson later set up his hotspot at BSides San Antonio, where 41 people connected to his hotspot, and 20 of them accepted the TOS.
itwbennett writes: At the DEF CON security conference this week, researchers Alex Chapman and Paul Stone showed how the WPAD protocol, which is enabled by default on Windows and supported by other operating systems, can be used to expose computer users' online accounts, web searches, and other private data. Their advice: disable WPAD now. 'No seriously, turn off WPAD!' one of their presentation slides said. 'If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file.' Chapman and Stone were not the only researchers to highlight security risks with WPAD. A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled BadWPAD.
itwbennett writes: As previously reported on Slashdot, in Tuesday's updates, Microsoft disabled RC4 in its Microsoft Edge and Internet Explorer browsers on Windows 7, Windows 8.1 and Windows 10, after deeming the cipher 'no longer cryptographically secure.' The company also fixed 'a serious security flaw in the Windows PDF Library.' But these aren't the only bugs being reported in the Windows 20 Anniversary Update. CIO.com's Bill Snyder reports that 'there are widespread reports of significant bugs in the update, and they're causing systems to freeze, browsers to misbehave, and peripherals — including Xbox One controllers — to malfunction. Two major antivirus companies also warn that incompatibilities with Windows 10 could open up users to security risks.'
itwbennett writes: It probably won't come as a big surprise that Mr. 'IT doesn't matter' isn't a big fan of Silicon Valley's vision for the future, a future defined by autonomous cars and the inevitable rise of robots. In his new book, 'Utopia is Creepy: And Other Provocations,' Carr takes aim at the irrational exuberance of Silicon Valley, where tech is the answer to every problem. One of the exuberances that Carr takes particular exception to is the notion that social media is a better, freer form of media than 'old' media, which maybe makes sense coming from a former executive editor of the Harvard Business Review, but he does have a point. 'The old gatekeepers, to the extent they were gatekeepers, have been replaced by companies like Facebook and Google and companies that really now have become the new media companies and are very much controlling the flow of information,' Carr told CIO.com's Clint Boulton.
itwbennett writes: It starts with that terms of service notice you never read when you download a new piece of software. 'Buried in the text that nobody reads is information about the bundle of unwanted software programs in the package you're about to download,' says Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon and one of the researchers who studied the link between so-called "pay-per-install" (PPI) practices and the distribution of unwanted software. Between the hapless user and the adware or scareware that plagues them is a network of brokers who forge the deals to bundle the extra software with popular applications and place download offers on well-trafficked websites. They get paid by PPI businesses directly, sometimes as much as $2 per install, the researchers said. One of their most striking findings is the degree to which downloads are personalized to maximize the chances that their payload will be delivered. The paper will be presented at the USENIX Security Symposium in Austin, Texas, later this week.
itwbennett writes: Those older workers in your office, you know, the one ones you think can't handle dealing with new technology? Turns out, they struggle less with technology than their millennial colleagues. A survey by London-based market research firm Ipsos Mori, sponsored by Dropbox, found that older workers are less likely to find using technology in the workplace stressful and experience less trouble working with multiple devices than the younger cohort. The reason for this might lie in all the clunky old technologies older workers have had to master over the decades. Digital Natives don't know how good they've got it.
itwbennett writes: Russia's Federal Security Service (FSB) said Saturday that the country's critical infrastructure was targeted by customized malware delivered as an email attachment. Lucian Constantin reports that, according to the FSB, 'networks at some 20 organizations in Russia — including scientific and military institutions, defense contractors, and public authorities — were found to be infected with the malware.'
itwbennett writes: There will be a fundraiser for the Hillary Clinton presidential campaign this Wednesday during the evening hours of Black Hat in Las Vegas. While a Black Hat spokesperson said the conference is 'vendor (and politically) neutral,' and the fundraising event is not affiliated with the show, it will feature Black Hat founder, Jeff Moss, as well as former DHS White House Liaison, Jake Braun, and Michael Sulmeyer, the Clinton campaign's Cybersecurity Working Group Coordinator. Late last week Reuters reported that the Clinton campaign's network was hacked, which is, if nothing else, interesting timing.
itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of company's servers in Ireland were out of reach of the U.S. Government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace:
By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia – they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet', of lessening utility?
itwbennett writes: This week the creators of the Petya and Mischa ransomware programs leaked about 3,500 RSA private keys allegedly corresponding to systems infected with Chimera, another ransomware application. In a post Tuesday on Pastebin, Mischa's developers claimed that earlier this year they got access to big parts of the development system used by Chimera's creators. As a result of that hack, they obtained the source code for Chimera and integrated some of it into their own ransomware project, according to the Pastebin message. There's no confirmation yet that the newly leaked RSA keys work, but there's a good chance they do. In a blog post Tuesday, Malwarebytes researchers advised Chimera victims not to delete their files, saying "there is a hope that soon you can get your data back."
itwbennett writes: Eight popular wireless keyboards studied by IoT security company Bastille Networks were found to use no encryption at all in their wireless communications. 'The data that is transmitted to the USB dongle is in plain text,' said Marc Newlin, a member of the company's research team. All it takes to spy on the keyboards is less than $100 worth of commonly-available equipment, such as the $30 Crazyradio PA USB radio dongle, combined with a directional antenna, said Newlin. And the attacker doesn't even have to be physically within the targeted building. The company has collected all the relevant information on its KeySniffer website.
itwbennett writes: 'On Saturday evening, during the Eleventh HOPE conference in New York City, three hackers released the final master key used by the Transportation Security Administration (TSA), which opens Safe Skies luggage locks,' writes CSO's Steve Ragan. The hackers also released a 3D-printable model of the key. The issue, the hackers say, isn't that some creep can riffle through your delicates using one of these keys, but that government key escrow is inherently dangerous. Even the TSA admits that the Safe Skies locks have little to do with safety. 'These consumer products are convenience products that have nothing to do with TSA's aviation security regime,' an agency spokesperson said.