Update May 17, 2018

Following the U.S. Senate’s 52-47 vote to reinstate net neutrality rules, U.S. Rep. Mike Doyle (D-Pa.) announced the House of Representatives will attempt to also force a vote on the issue under the Congressional Review Act (CRA).

“I have introduced a companion CRA in the House,” Doyle said during a press conference yesterday, “but I’m also going to begin a discharge petition, which we will have open for signature tomorrow morning. And I urge every member who supports a free and open internet to join me and sign this petition, so we can bring this legislation to the floor.”

To force a vote in the House, the petition needs 218 signatures. The Democrats hold only 193 seats there, so they need 25 Republicans to switch sides.

To read this article in full, please click here

VMware's vSAN (virtual SAN) architecture is designed to be a significant step into software-defined-computing, where the vSAN component is responsible for providing software-defined storage.

Previously, systems architecture was one server containing its own compute, operating system, networking and storage. Virtualization abstracted this so that more than one OS could run per server, if still bound by captive network functionality, and storage.

+See our review of vSAN 6.6+

What is hyper-convergence?

Hyper-convergence is the ability to abstract all of the components, be it the OS, storage, the network relationships a system has, and so forth. It’s the foundation of the software-defined-datacenter, distributed yet converged into a workload unit.

To read this article in full, please click here

There should be prizes for this. Let’s call them The Oopsies. The most bafflingly easy servers to hijack, turn out to be those running Intel’s Active Management Technology (AMT).

People warned me about this, and I pooh-pooh’d it. Please hand me a scraper so that I can wipe the egg off my face. The servers are so wickedly simple to jack that a third-grader can log into them and merrily do essentially root damage.

+ Also on Network World: The insecurities list: 10 ways to improve cybersecurity +

That the largest server CPU provider on earth doesn’t fall all over itself in sincere apologies (United Airlines gone wrong?) doesn’t surprise me. No one falls on their sword anymore. No one takes product managers out behind the cafeteria and strips the access key fob from the management toy room. It’s all just jolly. Oops. Sorry, folks

To read this article in full, please click here

There is no goal in stifling net neutrality other than profits for telcos and broadband providers and their media empires. The current stink about having your favorite data communications pathway classified under Title II is this: No preferential treatment is given for data transport paths, and they’ll tend to seek the shortest, lowest-cost routing in various ways. 

Perhaps you forgot these following paradoxes: 

• Xfinity owns NBC/Universal, but it believes that the FCC’s designation (by Wheeler and the FCC Commissioners in their prior regime) as a Title II Carrier is wrong, while at the same time it believes themselves to be in favor of net neutrality.
• Verizon owns AOL (along with the Huffington Post and perhaps bits of what we once knew as Yahoo!) and believes the very same paradox. 
• AT&T owns a lot of turf as well, including the Dish Network for both data and consumer video entertainment. 

Each provider, in this case, has something to gain by letting its own stuff ride on its own transport for cheap, to the detriment of other services on the internet. 

To read this article in full, please click here

Security certificates are designed to authenticate hosts. Browsers have become pretty good about understanding chains of authorities, and making users accept the risk when websites can’t prove the chain of authorities needed to verify they are who they say they are.

Sites masquerading as legitimate sites, however, employ sad little tricks, such as “punycode”—URL links embedded in otherwise official-looking phishing emails. These tricks are malicious. There are also sites that should be well-administrated but are not.

Then there are sites, important sites, that botch their own security with certificates ostensibly granted by places such as the U.S. Department of Homeland Security (DHS).

To read this article in full, please click here

The law of unintended consequences is once again rearing it’s ugly head: Google, Apple, Amazon and others now make virtual assitants that respond to commands, and recordings can trigger them.

Burger King found out how, via a radio commercial, it could get Google’s attention. It produced an ad designed to trigger Google Home to advertise the Whopper. The ad featured a Burger King employee saying, “OK, Google. What is the Whopper burger?” The Google Home device would then read the Wikipedia definition of a Whopper. The trigger stopped working a few hours after the ad launched.

To read this article in full, please click here

I can’t justify the vigilantism, but someone is bricking vulnerable IoT devices. I ponder the morality of it all. It’s called BrickerBot. It finds IoT devices with dubious security and simply bricks/disables them.

Insecure dishwashers, teapots, refrigerators, security cameras—all become part of vast botnets. The botnets can do many things, and we’ve seen them become the armies behind the largest internet attacks in history. How to cleanse these devices has become the crux of many cries, including numerous ones in this space.

To read this article in full, please click here

ISPs and providers can now sell your data and browser histories. The U.S. Congress sold you out. If you had any browsing dignity, you don’t now. Too bad you couldn’t pay the legislators as much as the data wolves.

You should have been doing these things all along, but now it’s time to decide just how much dignity you have. Most of you won’t bother. This isn’t for you. Click away, and go surf.

For those remaining, take these privacy tips seriously.

1. Educate yourself about cookies and clean them out regularly

For some of you, this means a daily cleanout. What you DO NOT clean out (will cause you hassles) are cookies associated with financial institutions. They will put you through a drill when they don’t find the cookie that they like. Scrape them. Every browser has the ability to do this, with Chrome being the most difficult. But we’re not surprised because it’s from Google—the company whose very life depends on knowing information about you.

To read this article in full, please click here

A friend asked me to list all of the cybersecurity things that bug me and what he should be diligent about regarding user security. We talked about access control lists, MAC layer spoofing, and a bunch of other topics and why they mattered. You should come up with a list of head-desk things.

After a bit of thought, here’s a list. It’s by NO means comprehensive, and it’s not an organized best practices document. Instead, these are marbles that roll around in my head and bother me a lot.

1. Ban and route to null t.co, bit.ly, and other URL shorteners

Why? Especially in phishing emails, a user has no idea where the link is going, what’s behind that link, or what kind of benevolent or conversely malicious payload is going to load in the default browser. Sure, your anti-malware or antivirus tool, or even the browser’s own instinct, might prevent a page load that opens a back door into your network. Maybe.

To read this article in full, please click here

They came from miles around to carry out a hallowed, decade-long mission: To eat your lunch. 

The security researchers assembled at the Pwn2Own 2017 hacking competition, sponsored by Trend Micro, and occasionally grouped together, then performed essentially zero-day exploits (at least by the rules, heretofore unknown) on your favorite stuff, such as Windows, MacOS and Linux. Smoldering pits in the screen were left, as teams collected cash prizes and creds. 

For giggles and grins, a Type 2 Hypervisor, VMWare Workstation was also left for shrapnel, one of the first times a hypervisor has been penetrated by a virtual machine in this way. It wasn’t a cascade effect, but rather a shot across the bow. I suspect there are more ways to penetrate a foundational hypervisor, too, but they haven’t been seen in captivity to my knowledge. 

To read this article in full, please click here