June 18, 2014

Network Functions Virtualization demands new network management models
An alternate approach preserves these past practices by creating a new operations model that sits above the ETSI NFV processes. This model would define services as a collection of virtual elements some of which might be implemented through NFV processes and some through normal legacy-network provisioning and management. Efficiencies in service agility and operations efficiency would be created by this new operations model and could be applied even to services with no NFV components at all.


U.K. allows British spies to intercept Google and Facebook traffic
Farr, one of the U.K.'s most senior security officials, said British spies have the right to intercept Internet communications even if they are from British citizens because the services often use Web servers located outside the U.K. Many messages "such as a Google search, a search of YouTube for a video, a 'tweet' on Twitter, or the posting of a message on Facebook," could be qualified as external by the intelligence services, he said. Under British laws, the country's intelligence services require a special warrant to monitor communications of British residents located within the U.K., which can only be granted if there is reason to suspect the person is involved in unlawful activity.


NAS device botnet mined $600,000 in Dogecoin over two months
It's not the first time that nefarious mining operations have been set up: scammers behind Android malware thatGoogle yanked from the Play store earlier this year used hijacked smartphones to mine "thousands" of Dogecoin. But the Android effort was nothing compared to NAS mining network, according to a security researcher at Dell's SecureWorks, who said this illegitimately acquired mining operation is the "single most profitable" to date, earning its operator an estimated $600,000 over two months earlier this year. The key to the entire operation were four security vulnerabilities in the Linux-based OS running on a NAS box by Taiwanese manufacturer Synology.


How to start a human capital initiative
No matter how well you manage human capital or how you choose to incorporate the process into your business, human capital strategy is doomed to be just one more plan – indeed, just one more empty ritual — unless it plays out in a vibrant cultural dialogue that motivates, inspires and magnifies greatness in all your people. As you devise a human capital strategy, you are aiming for the multipliers. You want to plan for the ineffable quality that gets you to a sum of five when you start with two and two.


How to Write a Job Description That Attracts Top IT Talent
It's also crucial to be specific when outlining the necessary skills and knowledge, Borre says. Make sure you understand what is a necessity and what isn't, and be forthright about communicating that in the description. "You have to outline the 'must-haves' first; the skills and knowledge that candidates should possess or they shouldn't even bother applying," she says. "Make sure you separate these in the description from what's 'nice to have,' and be very granular and specific when explaining the skills and knowledge," Borre says.


Shortage of cybersecurity professionals poses risk to national security
Some of the recommendations from the RAND study include waiving civil service rules that impede the hiring of talented cybersecurity professionals, maintaining government hiring of these professionals through sequestrations, funding software licenses and related equipment for educational programs, refining tests to identify candidates likely to succeed in these careers, and developing methods to attract women into the field. A longer-term approach entails reducing the demand for cybersecurity professionals in the first place by limiting the use of problematic computer applications or encouraging the development of harder-to-hack operating systems.


Cloud Innovations in Higher Education [INFOGRAPHIC]
With the advancement of technology, Cloud computing has become a huge driving force for the enterprise and public sector in recent years. Inevitably, colleges and higher education institutions have also started to make use of the technology. So much in fact, that 55% of higher education IT administrators and professionals have said that the cloud is the #1 technology improving their efficiency. Furthermore, 80% of students are expected to take some sort of cloud-based online class by the end of 2014. Institutions have been able to make use of the cloud by improving productivity suites, messaging/social networking, conferencing, storage and computational power – with well-known universities like MIT and Berkeley using the technology.


API gateways emerge to address growing security demands
Morrison said API gateways bear some resemblance to Web application firewalls in the sense that they serve to apply security measures that were previously missed in the development process. He emphasized though that a Web application firewall's value is limited only to security, while API gateways provide extensive management and other capabilities that are enticing to enterprises. The technology can help protect against various attacks that would bypass a traditional enterprise firewall, according to Morrison, including the aforementioned SQL injection attacks.


Better messaging means security can grow with IoT
As IoT grows, it'll become a wider and a more attractive target for hackers who want to disrupt industrial systems, said VDC Research analyst Chris Rommel. Some systems, such as aircraft, are better equipped to contain hacking attempts than are others. "Messaging security is becoming more and more important," Rommel said. Maybe the best thing about DDS Security is that it scales better, Barnett said. With SSL, each time a device communicates with another device or application, it has to set up one secure channel with one private encryption key. That can become a problem when there are many different apps and machines to talk to.


SaltStack for Flexible and Scalable Configuration Management
Configuration management is the foundation that makes modern infrastructure possible. Tools that enable configuration management are required in the toolbox of any operations team, and many development teams as well. Although all the tools aim to solve the same basic set of problems, they adhere to different visions and exhibit different characteristics. The issue is how to choose the tool that best fits each organization's scenarios. This InfoQ article is part of a series that aims to introduce some of the configuration tools on the market, the principles behind each one and what makes them stand out from each other.



Quote for the day:

"Our thoughts and imaginations are the only real limits to our possibilities. " -- Ralph Waldo Trine