The next tech talent wars may be less about the free stuff, and more about the freedom to work from anywhere in the world. Those famously expensive Silicon Valley campuses that double as adult playgrounds, with their nap pods and herb gardens and bike-shares, are competing with a newfound love for the home office.
Looking at the Resource Public Key Infrastructure (RPKI) landscape today, it is vastly different from two to three years ago. At the time, resource holders around the world had created a considerable amount of Route Origin Authorization (ROAs), but actually using RPKI data to perform Route Origin Validation (ROV) was only done by a handful of networks
A newly discovered breed of cyber assault is threatening corporate networks. Dubbed “FragAttacks” (Fragmentation and Aggregation Attacks) by Mathy Vanhoef, the researcher who discovered them, these security breaches are a subcategory of digital airborne attacks performed over Wi-Fi networks.
While there’s enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword. Cybercriminals and other threat actors can engage the same techniques or manipulate the automated systems businesses employ.
The seemingly endless battle against copyright infringement has caused plenty of collateral damage. But now that damages is reaching new levels, as copyright holders target providers of basic internet services. For example, Sony Music has persuaded a German court to order a Swiss domain name service (DNS) provider, Quad9, to block a site that simply indexes other sites suspected of copyright infringement.
In most circumstances, I think it is bad practice for a vendor to do anything other than having patch and advisory publication synchronized. There may be exceptions to this, such as when a vulnerability is under active attack before a patch is available, but there are risks worth considering on either side of a synchronized release.
Why all this talk about an obscure game? Well, the game came to mind the other day as I was working my way through some security data trying to pinpoint a specific piece of information. The problem I had was that there are many signals (like the players looking the wrong way) that distracted from what I was looking for, and even when I started to zoom in on a general area, assessing the space was difficult.
For example, the crazy gyrations in bitcoin prices are ample evidence that financial markets are not efficient. Since bitcoins generate no income, their intrinsic value is zero, yet people have paid hundreds, thousands, and tens of thousands of dollars for bitcoins.
And one of the central tenets of that belief is that, given how many HPC and AI applications are bound by memory bandwidth – not compute capacity or even memory capacity – that some form of extremely close, very high bandwidth memory would come to all manner of calculating chips: GPUs, CPUs, FPGAs, vector engines, whatever.
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
The RIPE NCC is very invested in Resource Public Key Infrastructure (RPKI) and runs a Trust Anchor (one of the root certificate authorities (CAs). It also hosts a platform for maintaining Route Origin Authorizations (ROAs). The NCC also offers a publication server accessible over rsync and RRDP.
Social media platforms like Instagram and Facebook have become key places for businesses to communicate with customers and even sell directly to consumers. Yet when it comes to actually making a purchase, do consumers trust a social media site over a domain?
Christopher Belfi was waiting tables in a lakeside resort near this Upstate New York town a decade ago when he got the career break he’d been waiting for — an invitation to work at a semiconductor factory
The InfiniBand interconnect emerged from the ashes of a fight about the future of server I/O at the end of the last millennium, and instead of becoming that generic I/O it became a low latency, high bandwidth interconnect used for high performance computing.
It is a microkernel operating system aimed primarily at midrange to high-end processors such as RISC-V with a memory management unit (MMU) and provides a competitive software platform for all industries in the embedded space.
Having your laptop stolen isn’t just stressful because you need to replace a pricey piece of hardware—it also poses a threat to your digital security. Fortunately, there are steps you can take to protect yourself both before and after your laptop goes missing.
Businesses in need of chips are taking supply-chain risks they wouldn’t have considered before, only to find that what they buy doesn’t work. Dubious sellers are buying ads on search engines to lure desperate buyers. Sales of X-ray machines that can detect fake parts have boomed.
In a nutshell, GDPR states that the personally identifiable information of EU citizens must be protected against disclosures, and there are laws in the US that require precisely such disclosures (FISA with its section 702 and the CLOUD Act).
According to the company’s market research, just about every demographic wants more data privacy: young, old, male, female, urban, rural. Public polling backs that up, though the results vary based on how the question is asked. One recent survey found that “93 percent of Americans would switch to a company that prioritizes data privacy if given the option.”
In a blog post on March 3, Google announced that it would be removing third-party cookies from its Chrome browser—a decision that would effectively end use of third-party cookies. Google also pledged to avoid any other technology for tracking individuals as they browse the web.
The Judiciary Committee of the U.S. House of Representatives recently released a comprehensive series of bills designed to curb the excesses of Big Tech. One of them, the Platform Competition and Opportunity Act, addresses one of the biggest, most obvious problems among the largest tech companies: that they use their deep pockets to buy up services and companies which might have one day competed with them.
The robot revolution is always allegedly just around the corner. In the utopian vision, technology emancipates human labor from repetitive, mundane tasks, freeing us to be more productive and take on more fulfilling work.
A long-standing, generally accepted norm in the computing field distinguishes between software interfaces and implementations: Programmers should have to write their own implementing code, but they should be free to reimplement other developers’ program interfaces.
The traditional approach to statistical disclosure control (SDC) for privacy protection is utility-first. Since the 1970s, national statistical institutes have been using anonymization methods with heuristic parameter choice and suitable utility preservation properties to protect data before release.
Shared libraries encourage code reuse, promote consistency across teams, and ultimately improve product velocity and quality. But application developers are still left to choose the right libraries, figure out how to correctly configure them, and wire everything together.
When October 5 came, there was no vulnerability advisory being published and I still had not heard a CVSS or CVE for the issue, so I reached out again to their PSIRT who this time replied that the release had been postponed until October 14th now due to a delay in QA.
Organizations relying on traditional signature-based tools to detect security threats would likely have missed roughly three-quarters of malware samples that hit their networks and systems last quarter, a new analysis shows.
PolarProxy is a transparent TLS proxy that outputs decrypted TLS traffic as PCAP files. PolarProxy doesn’t interfere with the tunnelled data in any way, it simply takes the incoming TLS stream, decrypts it, re-encrypts it and forwards it to the destination.
Google has launched an updated version of Scorecards, its automated security tool that produces a “risk score” for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis.
Now one researcher has found a collection of bugs that allow him to hack ATMs—along with a wide variety of point-of-sale terminals—in a new way: with a wave of his phone over a contactless credit card reader.
There was an outside chance that China might pull a surprise on the HPC community and launch the first true exascale system – meaning capable of more than 1 exaflops of peak theoretical 64-bit floating point performance if you want to be generous, and 1 exaflops sustained on the High Performance Linpack (HPL) benchmark if you don’t – but that didn’t happen. And so, we wait.
In the reorganization that relatively new chief executive officer and formerly not only Intel’s first chief technology officer (in 2001) and also the first general manager (in 2005) of its Digital Enterprise Group, the company’s first implementation of Data Center Group.
The 2020 calendar year will long be remembered as an annus horribilis for most, except for a handful of technology companies that reaped the rewards of a global shift to remote work with successful initial public offerings (IPOs).
In 2021, the high-end TV landscape is just as confusing to new buyers as ever. There’s a bunch of new televisions to consider, a raft of technical-sounding features — 8K, HDR, Ultra HD 4K, 120Hz and HDMI 2.1 — and a stable of familiar brand names competing for your dollar.
Confidence isn’t new when it comes to cybersecurity. All the way back in 2015, for example, 86% of security professionals working in the energy sector told Tripwire that they were confident they could detect a breach in a week. Just less than half (49%) said it wouldn’t take them longer than a day to spot an attack.
On Hacker News, this article claiming “You won’t live to see a 128-bit CPU” is trending”. Sadly, it was non-technical, so didn’t really contain anything useful. I thought I’d write up some technical notes.
If you are new to the security world, it is fair to ask yourself, “Isn’t access to data and systems always conditional? Isn’t it always granted to someone who has access to the credentials (ID and password)?”
Could artificial intelligence be better at designing chips than human experts? A group of researchers from Google’s Brain Team attempted to answer this question and came back with interesting findings.
The CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.
In this article, we look at the key differences between the most popular cloud technology delivery models: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and (Infrastructure-as-a-Service).
Daily decisions should be motivated by how they can improve the company, and your understanding should be that they will have a lasting impact. Think about this responsibility in the context of minimizing corporate risk and building a strong security posture to protect corporate assets.
Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software.
ECDSA is a digital signature algorithm that is based on a form of cryptography termed Elliptical Curve Cryptography (ECC). This form of cryptography is based on the algebraic structure of elliptic curves over finite fields.
The only sure-fire way to eliminate such a threat is to fix the vulnerability in the codebase. But until a security patch is released, your systems are at the mercy of being exploited. Many of us accept this status quo.
Electric vehicles are expected to account for 58% of global passenger vehicle sales by 2040. The software and electrical components markets are also likely to face increased pressure and new challenges as they develop secure designs and equipment for these futuristic vehicles.
In a world that is constantly evaluating costs, it is little wonder that there is an increasing demand for cost-effective solutions to business problems. In the real world, this means ‘free,’ and in the digital marketplace, it means ‘open source.’
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim’s web browser to a different TLS service endpoint located on another IP address to steal sensitive information.
Moore’s Law is not just a simple rule of thumb about transistor counts, it’s an economic, technical, and developmental force—and one strong enough to push some of the largest chipmakers to future-proof architectural approaches.
Multi-factor authentication (MFA) is among the most useful measures companies can use against the rise in credential attacks, but attackers are adapting, as demonstrated in a variety of bypasses that allowed them to infiltrate networks — even those protected by MFA.