Archive

Category Archives for "Networking"

I come to bury SHA1, not to praise it

Most cryptography is theoretical research. When it is no longer theoretical, in practice it can become a harmful exploit.Google and Dutch research institute CWI proved that the SHA1 hash method, first introduced 20 years ago, could produce a duplicate hash from different documents using a technique that consumed significant computational resources: 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase. The exercise was computationally intensive but proved it is within the realm of possibility, especially compared to a brute force attack that would require 12 million GPU compute years.To read this article in full or to leave a comment, please click here

I come to bury SHA1, not to praise it

Most cryptography is theoretical research. When it is no longer theoretical, in practice it can become a harmful exploit.Google and Dutch research institute CWI proved that the SHA1 hash method, first introduced 20 years ago, could produce a duplicate hash from different documents using a technique that consumed significant computational resources: 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase. The exercise was computationally intensive but proved it is within the realm of possibility, especially compared to a brute force attack that would require 12 million GPU compute years.To read this article in full or to leave a comment, please click here

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month's Patch Tuesday and postpone its previously planned security fixes until March.Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a "last minute issue" that could have had an impact on customers, but the company hasn't clarified the nature of the problem.To read this article in full or to leave a comment, please click here

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month's Patch Tuesday and postpone its previously planned security fixes until March.Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a "last minute issue" that could have had an impact on customers, but the company hasn't clarified the nature of the problem.To read this article in full or to leave a comment, please click here

FCC puts the brakes on ISP privacy rules it just passed in October

The new chairman of the U.S. Federal Communications Commission will seek a stay on privacy rules for broadband providers that the agency just passed in October.FCC Chairman Ajit Pai will ask for either a full commission vote on the stay before parts of the rules take effect next Thursday or he will instruct FCC staff to delay part of the rules pending a commission vote, a spokesman said Friday.The rules, passed when the FCC had a Democratic majority, require broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details, with third parties. Without the stay, the opt-in requirements were scheduled to take effect next week.To read this article in full or to leave a comment, please click here

FCC puts the brakes on ISP privacy rules it just passed in October

The new chairman of the U.S. Federal Communications Commission will seek a stay on privacy rules for broadband providers that the agency just passed in October.FCC Chairman Ajit Pai will ask for either a full commission vote on the stay before parts of the rules take effect next Thursday or he will instruct FCC staff to delay part of the rules pending a commission vote, a spokesman said Friday.The rules, passed when the FCC had a Democratic majority, require broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details, with third parties. Without the stay, the opt-in requirements were scheduled to take effect next week.To read this article in full or to leave a comment, please click here

Cisco unveils Hierarchy of Needs for the digital enterprise

The European edition of Cisco Live took place this week in Berlin, which is a fitting location given the amount of innovation happening in that city right now. If you ever find yourself in Berlin, be sure to check out Cisco’s Open Berlin innovation center where inventive start-ups are building and showcasing solutions that run on Cisco technology. Innovation and digital transformation are linked together like Kirk and Spock. You can’t have one without the other. At this week’s event, Ruba Borno, Cisco vice president of growth initiatives and chief of staff for the office of the CEO, gave her first-ever keynote to a Cisco Live audience. Not surprisingly, she focused on digital transformation. However, unlike many keynotes I have seen, Borno didn’t just talk about digitization at a high level. Instead she was more prescriptive and gave the audience a guide on how to proceed with making the shift to a digital enterprise. To read this article in full or to leave a comment, please click here

Cisco unveils Hierarchy of Needs for the digital enterprise

The European edition of Cisco Live took place this week in Berlin, which is a fitting location given the amount of innovation happening in that city right now. If you ever find yourself in Berlin, be sure to check out Cisco’s Open Berlin innovation center where inventive start-ups are building and showcasing solutions that run on Cisco technology. Innovation and digital transformation are linked together like Kirk and Spock. You can’t have one without the other. At this week’s event, Ruba Borno, Cisco vice president of growth initiatives and chief of staff for the office of the CEO, gave her first-ever keynote to a Cisco Live audience. Not surprisingly, she focused on digital transformation. However, unlike many keynotes I have seen, Borno didn’t just talk about digitization at a high level. Instead she was more prescriptive and gave the audience a guide on how to proceed with making the shift to a digital enterprise. To read this article in full or to leave a comment, please click here

Cisco unveils Hierarchy of Needs for the digital enterprise

The European edition of Cisco Live took place this week in Berlin, which is a fitting location given the amount of innovation happening in that city right now. If you ever find yourself in Berlin, be sure to check out Cisco’s Open Berlin innovation center where inventive start-ups are building and showcasing solutions that run on Cisco technology. Innovation and digital transformation are linked together like Kirk and Spock. You can’t have one without the other. At this week’s event, Ruba Borno, Cisco vice president of growth initiatives and chief of staff for the office of the CEO, gave her first-ever keynote to a Cisco Live audience. Not surprisingly, she focused on digital transformation. However, unlike many keynotes I have seen, Borno didn’t just talk about digitization at a high level. Instead she was more prescriptive and gave the audience a guide on how to proceed with making the shift to a digital enterprise. To read this article in full or to leave a comment, please click here

Fraud rises as cybercriminals flock to online lenders

Cybercrime is becoming more automated, organized and networked than ever before, according to the ThreatMetrix Cybercrime Report: Q4 2016.Cybercriminals are increasingly targeting online lenders and emerging financial services, says Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.[ Related: 8 tips to defend against online financial fraud threats ]To read this article in full or to leave a comment, please click here

Fraud rises as cybercriminals flock to online lenders

Cybercrime is becoming more automated, organized and networked than ever before, according to the ThreatMetrix Cybercrime Report: Q4 2016.Cybercriminals are increasingly targeting online lenders and emerging financial services, says Vanita Pandey, vice president of strategy and product marketing, ThreatMetrix.[ Related: 8 tips to defend against online financial fraud threats ]To read this article in full or to leave a comment, please click here

Replace SHA-1. It’s not that hard.

Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard. The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here

iPhone 7 Plus catches fire and melts in crazy new video

In 2016, Samsung experienced the mother of all public relations nightmares after scores of Galaxy Note 7 owners reported that their new devices were prone to catching fire, and in some cases exploding. Samsung was ultimately forced to issue a worldwide recall for its well-reviewed phablet, costing the company billions in the process, not to mention a resulting black mark on the company's reputation.Flash forward to 2017 and we have an interesting story of a smartphone smoking, catching fire and melting. Only thing is, the story doesn't involve a Samsung device, but rather Apple's iPhone 7 Plus.In a video that has gone viral, we see the iPhone 7 Plus in question self-destructing.To read this article in full or to leave a comment, please click here

Replace SHA-1. It’s not that hard.

Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard. The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here

Change All Your Passwords, Right Now!

by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one of the largest Content Delivery Networks (CDNs) on the Internet. Many popular Web sites, mobile apps, etc. make use of the CloudFlare CDN, which hosts content […]

Cloudflare bug exposed passwords, other sensitive data from websites

For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here

Cloudflare bug exposed passwords, other sensitive data from websites

For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here