Archive

Category Archives for "Networking"

The US has sanctioned Russia over election hacking

The U.S. government has sanctioned Russia's main two intelligence agencies, four military intelligence officers and is kicking out 35 Russian diplomats over what it says was aggressive harassment of U.S. officials and cyber operations around the 2016 presidential election. The move follows up on a pledge made by President Obama to retaliate against Russia for hacks of the Democratic National Committee and other political targets. The U.S. also released a detailed assessment by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) of the cyber attacks.To read this article in full or to leave a comment, please click here

The US has sanctioned Russia over election hacking

The U.S. government has sanctioned Russia's main two intelligence agencies, four military intelligence officers and is kicking out 35 Russian diplomats over what it says was aggressive harassment of U.S. officials and cyber operations around the 2016 presidential election. The move follows up on a pledge made by President Obama to retaliate against Russia for hacks of the Democratic National Committee and other political targets. The U.S. also released a detailed assessment by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) of the cyber attacks.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

It’s 2017 and changing other people’s flight bookings is incredibly easy

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people's reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem. Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.To read this article in full or to leave a comment, please click here

It’s 2017 and changing other people’s flight bookings is incredibly easy

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people's reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem. Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.To read this article in full or to leave a comment, please click here

brvirt: when brctl meets virsh

Hypervisors diversity is definitely one of the benefits of having Nuage managing your next-generation network. That means that we, as Nuage engineers, have to play with all kinds of hypervisors — like KVM, ESXi and Hyper-V to be more precise. As to me, I love to work with KVM most, simply because it gives you that feel that you

IDG Contributor Network: More file sync and sharing industry FUD

I received a pitch the other day from a vendor in the enterprise file sharing and synchronization (EFSS) space. I won't name the company. I probably should, to really show my scorn, but I'll deny them the Google juice instead.Anyway, the pitch told me about how said vendor made a "startling discovery" as it was planning a routine Google Adwords Campaign. It seemed that searches inadvertently turned up sensitive and confidential materials.Said vendor apparently disclosed the finding to the two other EFSS vendors, who indicated they would address the "security flaw." Now, some three years later, the same thing is happening.To read this article in full or to leave a comment, please click here

APIC-EM Path Trace Examples – Overlay Networks

Since seeing the APIC-EM Path Trace demo for the first time and seeing how it represents CAPWAP, I’ve been curious how well it deals with other types of overlay/underlay networking. This article is a brief synopsis of that testing and provides some visuals around what was produced with this free management tool.

TL;DR–APIC-EM adds value to most network path traces and typically represents what it knows. The single exception is with MPLS VPNv4. If the MPLS PE nodes are pulled into the device inventory, path trace has a total lack of understanding around the recursive lookup into the global vrf that is required for VPNv4 functionality.

CAPWAP Representation — The Gold Standard

I wanted to start out by showing what an ideal representation of an overlay network would be for a tool like this. Path Trace understands AND clearly represents both the underlay and the overlay network for traffic flowing through a CAPWAP tunnel. The image below shows the extent of the tunnel (darker gray) and the physical components that are responsible for delivery (both through the tunnel and outside of the tunnel).

pathtrace-capwap

 

Testing Topology

For the additional testing, I built the following topology and integrated APIC-EM into my Continue reading

5 signs we’re finally getting our act together on security

The high-water line in information security gets higher each year. Just as we think we’ve finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next.For example, ransomware has surged in the last year. Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently. Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day. A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time. As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said.To read this article in full or to leave a comment, please click here

5 signs we’re finally getting our act together on security

The high-water line in information security gets higher each year. Just as we think we’ve finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next.For example, ransomware has surged in the last year. Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently. Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day. A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time. As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said.To read this article in full or to leave a comment, please click here

Apple’s 10 biggest wins, fails, and WTF moments of 2016

Apple has been doomed for decades, if the steady stream of headlines about the company, its stock price, and its product lineup are to be believed. If The Macalope has taught us anything, it's that the Apple deathwatch business is a brisk (and bizarre) one. The truth is much more complex. But by any measure, 2016 was a particularly tough year for Apple.The company endured a bitter legal fight with the FBI, saw its first revenue decline in more than a decade, and faced backlash over hardware tweaks in its upgraded flagship products: the iPhone 7’s lack of a 3.5mm audio jack and the overhauled MacBook Pro’s less-than-pro specs for a decidedly pro price.To read this article in full or to leave a comment, please click here

What to do if your data is taken hostage

Getting duped online by a cybercriminal is infuriating. You let your guard down for a minute and the thieves find their way in to your machine.And then the “fun” begins if ransomware is involved. Hopefully you have your data backed up, but if not now starts the dance with those who have ultimately taken you hostage. Ransomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof.Look no further for help than the Institute for Critical Infrastructure Technology report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here

What to do if your data is taken hostage

Getting duped online by a cybercriminal is infuriating. You let your guard down for a minute and the thieves find their way in to your machine.And then the “fun” begins if ransomware is involved. Hopefully you have your data backed up, but if not now starts the dance with those who have ultimately taken you hostage. Ransomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof.Look no further for help than the Institute for Critical Infrastructure Technology report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here

1 2,024 2,025 2,026 2,027 2,028 3,354