As it turns out, the Power10 actually has 51-bit physical addressing and a cluster of its processors can indeed see an address space that is 2 PB in size – if enough nodes with enough DDR memory slots are lashed together in the right way. As far as we know, no other CPU out there can do that.

ViacomCBS has struck a deal to sell its CNET unit to Red Ventures for $500 million. The transaction, which is expected to close in the fourth quarter of 2020, is subject to regulatory approvals and customary closing conditions.

NTP (Network Time Protocol) messages are sometimes rate-limited or blocked entirely by Internet operators. This little-known “NTP filtering” was put into place several years ago in response to DDoS (Distributed Denial of Service) attacks. NTP filtering may drop NTP messages based on rate or message size.

In Europe and beyond we struggle with effective policing of online communications. As generations before, we want to be both: free and safe when we interact with others, go shopping or get our news. While this balance is difficult, it is possible to achieve: the rapid development of online communications, often proclaimed the wild west of modern society, is clear evidence that an increasing number of users feel safe enough to move new aspects of their daily lives online.

Imagine a network operator wants to hire a new upstream provider, but they want a bit more information. They can go to NetOX and get background information about a particular Autonomous System (AS).

The DNS, though, is also dependent on the global routing system for sending DNS queries from resolvers to servers and then returning the responses. The integrity of the routing system is extremely important for ensuring DNS transactions are delivered efficiently to the correct destination, yet few DNS registries are implementing Routing Public Key Infrastructure (RPKI) at present.

IT and healthcare providers were targeted in late 2019 by a new ransomware campaign calling itself Zeppelin, a variant of the Buran ransomware-as-a-service family. According to researcher Vitali Kremez, Zeppelin binaries are generated via a GUI wizard by affiliates who then distribute the malware in exchange for revenue sharing.

The first significant difference between the two types of firewalls lies in how they evaluate traffic. Most traditional firewalls are “stateful” firewalls while next-gen devices tend to do some form of deeper packet inspection. So what does that really mean?

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE).

A system that allows companies to submit breach data anonymously and then benefit from the aggregate statistics for their industries could give executives and policymakers a more accurate understanding of how breaches impact businesses and give companies the timely threat intelligence they need to prepare for attacks.

Data privacy legislation and regulation implemented in the US in the mid-2000s drove demand for cyber insurance in the North American market, as businesses looked to protect their digital assets. We expected much the same trends to translate to Europe with the introduction of GDPR, with the enforcement of the legislation and prohibitive potential fines leading to an increase in cyber insurance uptake.

A recent extension that aims to add support for transport options to the User Datagram Protocol (UDP) is already showing promise. Unfortunately, its deployment may be undermined by the way existing network devices process UDP length and checksum. In this post we at the Electronics Research Group, University of Aberdeen, show how using an ad-hoc option can help to overcome these limitations.

KPIs are industry-specific and should be aligned carefully with your AI strategy. My course at UC Berkeley drills down heavily on how to define success when implementing your AI strategy, and measurement, like anything else, is the top priority.

The idea of using light instead of electricity in computing has been around for decades. Boston-based startup Lightmatter Inc. believes the technology’s time has finally come.

In our final article on Kubernetes RBAC, we are focusing on RBAC itself. Everything else in the series led towards this key piece. In part one we discussed authentication and authorization on a high level and in part two we focused specifically on authentication. Now let’s dive into authorization.

LitmusChaos is a CNCF sandbox project. Its mission is to help Kubernetes SREs and developers to find weaknesses in Kubernetes platform and applications running on Kubernetes by providing a complete Chaos Engineering framework and associated chaos experiments.

China’s drive for technological dominance has resulted in a long-term, government-driven national strategy. This includes the creation of native technologies which reflect local policies and politics, micromanagement of the internet from the top down, and the use of international standards development organisations (SDOs), such as the UN agency the International Telecommunication Union (ITU), to legitimize and protect these technologies in the global marketplace.

The implementation of prop-132 (AS0 for unallocated and unassigned spaces) is completed, and APNIC is now publishing an AS0 Route Origin Authorization (ROA) covering the undelegated IPv4 and IPv6 ranges under our management.

Privacy has become a business imperative. May 25, 2020, marked the two-year anniversary of General Data Protection Regulation (GDPR) enforcement, which has already wrought dozens of hefty fines, including €50 million for Google and €99 million for Marriott. Although these fines are less severe than the 4% of annual revenue that GDPR could levy, organizations should still be concerned since dozens of lesser-known companies have also been fined hundreds of thousands of dollars each.

Google is proposing a new standard called WebBundles. This standard allows websites to “bundle” resources together, and will make it impossible for browsers to reason about sub-resources by URL. This threatens to change the Web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing “blobs” (like PDFs or SWFs). Organizations, users, researchers and regulators who believe in an open, user-serving, transparent Web should oppose this standard.

SONiC has come a long way in just a few short years, but we aim to take it even further—beyond fixed system IP fabric deployments. Our goal is to make SONiC ubiquitous throughout the data center, WAN core and edge. Now, we’ve taken major steps in doing it by implementing multiple packet forwarding engines (PFEs) in SONiC platforms. By bringing SONiC to multi-PFE chassis, we can provide a simpler, better-performing network solution for the most demanding cloud and service provider environments—without sacrificing the flexibility of an open, disaggregated NOS.

Cisco has warned of an active zero-day vulnerability in its router software that’s being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device.

Give your DNS Statistics Collector (DSC) a facelift with a new Grafana dashboard, featuring a host of applications and metrics that will provide server administrators far richer commentary on the health of their DNS.

In recent years, the ubiquitous nature of Internet-of-Things (IoT) applications as well as the pervasive character of next-generation communication protocols, such as the 5G technology, have become widely evident. In this work, we identify the need for low-cost security in current and next-generation IoT networks and address this demand through the implementation, testing, and validation of an intrinsic low-cost and low-overhead hardware-based security primitive within an inherent network component.

Running a bit late this week … 🙂

Researchers at University College London (UCL) have set a new bandwidth record for fiber optic bandwidth transmission. They’ve been able to communicate through a fiber optic cable at over 178 terabits per second, or 178,000 gigabits per second.

Having spent my career in various roles in IT security, Ivan and I always bounced thoughts on the overlap between networking and security (and, more recently, Cloud/Container) around. One of the hot challenges on that boundary that regularly comes up in network/security discussions is the topic of this blog post: microsegmentation and host-based firewalls (HBFs).

For engineers, instead of whodunit, the question is often “what failed and why?” When a problem occurs, we put on our detective hats and start our mystery-solving process by gathering evidence. The more complex a system, the more places to look for clues. An engineer can find herself digging through logs, poring over traces, and staring at dozens of dashboards.

A vast majority of IoT hardware in homes and offices is vulnerable to attacks that allow devices to be easily taken over and manipulated for malicious purposes.

That said, Intel over the past couple of years has expanded its GPU ambitions and has pushed those efforts further into the spotlight. At an Intel Architecture Day event two years ago, David Blythe, Intel Fellow and chief GPU architect, introduced the company’s Xe initiative to build integrated and discrete GPUs for a range of workloads, from laptops and gaming systems to datacenter and HPC systems. The plan is to become a complete GPU vendor that will rival Nvidia and AMD.

The Google Chrome Enterprise Upgrade unlocks the management capabilities that are innate in the cloud-native Chrome OS operating system. Chrome Enterprise mobile device management allows for the definition and enforcement of security controls plus user and device orchestration—all from a centralized cloud administration panel.

Today, Qualcomm announced a breakthrough in mmWave transmission range, successfully achieving a 5G data connection over a 3.8-kilometer (2.36-mile) distance — over twice the range originally promised by its long-range QTM527 antenna system last year.

The ‘Quality of Experience’ (QoE) level for an Internet service provider is the client’s level of satisfaction using the Internet for variety of applications. From a client point of view, this indicates the overall Internet quality, based on which the service provider is judged. Clients may decide to either renew or cancel service contracts based on the QoE they experience.

At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.

According to Reuters, cash market trading on the floor of the New Zealand’s Exchange (NZX) came to a halt at 11:24 local time on August 26. Trading resumed several hours later at 15:00 local time, though additional disruptions occurred during the day’s final hour of trading.

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.

Dark patterns are user interfaces that benefit an online service by leading users into making decisions they might not otherwise make. Some dark patterns deceive users while others covertly manipulate or coerce them into choices that are not in their best interests.

But both privacy talk and privacy law in the U.S. have shifted sharply toward increased protection. U.S. companies now often must comply with both European and California regulations. State after state has enacted new privacy laws, and Congress has been making the most serious attempts at enacting a national privacy law in decades. Former U.S. Presidential candidate Andrew Yang even made data privacy a centerpiece of his campaign.

A recent survey of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag. Ponemon’s “Cost of a Data Breach Report 2020” (commissioned by IBM) reveals that despite an apparent decline in the average cost of a data breach — from $3.92 million in 2019 to $3.86 million this year — the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes. In the same vein, Ponemon’s examination of the average cost per record varied widely according to the kind of data that was exposed or stolen.

CENTR has published a white paper separating registry lock services into two standardized models. This categorization and the included recommendations can help top-level domain registries (re)design their registry lock services.

Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.

Blockchain technology is going to change everything: the shipping industry, the financial system, government … in fact, what won’t it change? But enthusiasm for it mainly stems from a lack of knowledge and understanding. The blockchain is a solution in search of a problem.

Or you could reduce all of that complexity to a single roll of 25 dice into a plastic box.

Multitenancy is a common pattern in Kubernetes. Many organizations deploy Kubernetes-as-a-Service, where one cluster houses many tenants and workloads. This pattern might sound familiar, as cloud computing services like AWS, Azure, and GCP have enabled multiple customers (tenants) to run their business-critical workloads in a single cluster for years.

As gaming grows in stature in the lives of Americans during the pandemic, it has highlighted the extraordinary grip that two of the four tech companies under investigation have over the white-hot industry.

In general I dislike operating load balancers and IP multicast: I’m a network engineer. Load balancers and IP multicast are very complicated, have a large amount of state, and they are hard to understand and debug.

One of the “fathers of the internet,” Vint Cerf, in a September 2019 article he published, said: “Today, hackers routinely break into online accounts and divert users to fake or compromised websites. We constantly need to create new security measures to address them. To date, much of the internet security innovation we’ve seen revolves around verifying and securing the identities of people and organizations online.”

Quantum computing, which exploits the entanglement of particles that so infuriated Einstein (“spooky action at a distance”), is not a receding mirage like cold fusion, feasible in theory but not in prac­tice. It is already with us as Google, IBM, IonQ, Rigetti, and Honey­well have assembled working specimens of suitably otherworldly appearance.

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home.

The SOLID Principles are five principles of Object-Oriented class design. They are a set of rules and best practices to follow while designing a class structure.

On August 15th the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware.

In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident. Such dwell time gave attackers all they needed to move throughout an infected network and exfiltrate sensitive data. The finding shared above raises an important question: h

The B-17 could roar through angry squalls of shrapnel and bullets, emerging pockmarked but still airworthy. It was a symbol of American ingenuity, held aloft by four engines, bristling with a dozen machine guns.

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.

When a zero-day vulnerability is exploited in the wild, it’s essential to identify the bug at the root of the attack. This “root cause analysis” informs researchers how an attack unfolded.

The House Judiciary chairman was closing in on his Perry Mason moment with Facebook CEO Mark Zuckerberg. Fortified with “hot” internal company documents, Rep. Jerrold Nadler was building his case at a hearing that seemed almost like a trial for Facebook and three other tech giants over alleged anti-competitive tactics.

While it’s true consumers have largely moved on, data centers are still looking for higher capacity hard drives. That’s why Western Digital (WD) developed new enterprise drives, which are packing what the company calls “ePMR” (energy-assisted perpendicular magnetic recording). For simplicity’s sake, we’ll stick with energy-assisted magnetic recording (EAMR).

Respondents to Tripwire’s survey revealed that they’re specifically worried about their employers’ cloud security. Indeed, 37% of participants indicated that risk management capabilities in the cloud were at least somewhat worse in the cloud than in other parts of the organization’s infrastructure.

In our previous blog about IcedID, we explored some of the changes in the malware and how it tries to evade detection. We also detailed how threat actors took advantage of the COVID-19 pandemic to phish their target victims. Recently, we discovered an evolution in their phishing methods, particularly how they attempt to evade detection by implementing a password protected attachment, keyword obfuscation and minimalist macro code in their trojanized documents.

Imagine a workplace in which all of the staff support the function of information security. Employees report suspicious events, are committed to data privacy and see the value in completing the regularly scheduled compliance trainings. How much easier life would be for security professionals!

When your kids are in high school or college, you tend to think about what the job market will have in store for them. That’s certainly true for Mike O’Malley, VP of strategy at Radware. As both a hiring manager in security and father of kids this age, the 20-year-plus industry veteran is often asked plenty of questions by fellow parents about promising jobs in his field.

Tiger Lake is Intel’s upcoming line of processors, and at its 2020 Architecture Day, the company made some bold claims about the performance gains in this latest generation.

As it turns out and as you can see from the roadmap above, one flavor of the ThunderX3 chip will have 60 cores and another will scale to 96 cores – but that latter chip is a dual-chip module, or DCM.

It has been a long time since Intel changed its manufacturing process – what it used to call a “tick” – and the microarchitecture and architecture of a processor design – what it used to call a “tock” – at the same time.

The CIS Top 20 Critical Security Controls give you a set of steps. Start from the top, and work your down the list, adding layers of security along the way. They start with the basics. Knowing what is changing in your environment and how things are configured are two very basic parts of the 20 Controls.

I have a system with c servers, each of which can only handle a single concurrent request, and has no internal queuing. The servers sit behind a load balancer, which contains an infinite queue. An unlimited number of clients offer c * 0.8 requests per second to the load balancer on average.

Security researchers have discovered more than 400 pieces of vulnerable code inside the Qualcomm Snapdragon digital signal processor (DSP) chip that powers millions of high-end smartphones from Google, Samsung, LG, Xiaomi, OnePlus, and other device manufacturers.

The fundamental technologies for creating digital clones of people — text, audio, and video that sound and look like a specific person — have rapidly advanced and are within striking distance of a future in which digital avatars can sound and act like specific people, Tamaghna Basu, co-founder and chief technology officer of neoEYED, a behavioral analytics firm, told attendees at the virtual Black Hat conference on Aug. 6.

But, at least according to the specifications for the next two speed bumps on the PCI-Express roadmap, things are starting to look up on the peripheral bandwidth front and a much shorter two-year cadence is now possible, at least for the next several years.

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to ‘prefetching effect,’ resulting in hardware vendors releasing incomplete mitigations and countermeasures.

In March, OneWeb filed for Chapter 11 restructuring when it was clear that the company could not raise enough cash to continue the research and development of the satellite product. In July, a bankruptcy court in New York approved a $1 billion offer to take over the company filed jointly by the British Government and Bharti Airtel.

Although the specific issues outlined in this blog have since been resolved, the underlying concerns regarding privacy and safety in the industry still remain. The purpose of this article is to bring awareness to the issues surrounding Internet-connected devices and the centralized cloud computing that drives IoT.

IXPs are not so difficult to set up. All that is needed is a secure location to host it — usually this is a data centre that is easy to run fibre access lines to and offers 24/7 access to members, which typically are Internet Service Providers (ISPs), content providers (such as Facebook) and Content Distribution Networks (CDNs).

We’ve conventionally used the term governance to describe the relationship between citizens and the state, or more generally between a social group and its leaders. It’s intended to relate to the processes of decision making that reinforce societal norms and nurture a society’s institutions. Much has been said about the processes of governance, its accountability, its effectiveness and the ways in which it can degenerate and be abused. But I’m still somewhat challenged when I try to apply this governance concept to the vague and insubstantive digital environment.

The number of network layer–distributed denial-of-service (DDoS) attacks — like almost every other threat category in recent months — doubled last quarter compared with the previous three months.

Anycast depends on Border Gateway Protocol (BGP) routing to map users to PoPs. Therefore, its efficiency depends on both the CDN operator and the routing policies of ISPs on the path. Such a distributed environment makes detecting and diagnosing inefficiency challenging.

The network perimeter does not have the same impact and importance anymore, the modern perimeter is the identity. Remember, you do not trust anything, not the user, the device, the network, the application before they have proven to be trustworthy.

Having a solid foundation in Networking is essential to becoming a good penetration tester. After all, the internet is a bunch of complex networks that communicate with each other. If you are new to Networking, I recommend this playlist by Network Direction.

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.

Due to the increasing use of extensions that block third-party tracking, tracking providers introduced a new technique called Canonical Name (CNAME) cloaking.

And the ugly truth is that you’ve become addicted to arguing with the “End Is Nigh” sandwich board guy. The guy you used to quietly skirt, you now seek him out and you bring your friends and for some idiotic reason you think that if you just post a little bit more you’re going to get him to see reason. Or put him in his place.

On July 27, two companies — open source project management firm Snyk and development services firm xs:code — announced they have teamed up to provide a browser plug-in that will give developers important metrics by which to gauge the security of open source projects.

In any case, many of us are now living at work. And living at work means you have a new responsibility to your coworkers and clients: how you sound, how you look, and the visual appeal of your workspace is now your problem. You may feel that this isn’t your responsibility, but your home is now your office.

Modern applications, and the cloud platforms upon which they are built, need to be designed and continuously validated for failure. Developers need to account for known and unknown failure conditions, applications and services must be architected for redundancy, algorithms need retry and back-off mechanisms.

On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the healthcare and education sectors.

Probability Distributions play an important role in our daily lives. We commonly use them when trying to summarise and gain insights from different forms of data.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS).

It’s important for Westerners such as myself to remember that most of the world did not first interact with the Internet via desktop computer. In most emerging markets, people leapfrogged computers altogether on their way to using mobile apps.

The majority of significant threats we face today have been around for years, even centuries (for example, fake news via propaganda, demands for ransom, data compromise), and while we may see something new, it’s more likely that current attacks will continue to be refined, growing in sophistication to focus on what penetrates defenses best.