0

Chinese firm admits its hacked products were behind Friday’s massive DDOS attack

A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.To read this article in full or to leave a comment, please click here

0

NANOG 68

NANOG held its 68th meeting in Dallas in October. Here's what I found memorable and/or noteworthy from this meeting.

0

A Brief History of the IANA

October 2016 marks a milestone in the story of the Internet. At the start of the month the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. No single government now has a unique relationship with the governance of the protocol elements of the Internet, and it is now in the hands of a community of interested parties in a so-called Multi-Stakeholder framework. This is a unique step for the Internet and not without its attendant risks. How did we get here?

0

IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating

Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here

0

IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating

Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here

0

Float Shelf: An elegant way for Apple users to clean up their desktops

I love my iMac. There’s something so elegant and practical about the design and, as a result, many companies have attempted to come up with products that fit the Apple aesthetic but, sadly, most fail. Now, way back in 2012 in a roundup of Kickstarter projects I wanted to get my hands on, I covered the Hand Stylus, a beautifully designed pen-style stylus for tablets that is still my favorite tool for drawing on an iPad. Designed by Steve King, the Hand Stylus was the first of a series of products from his company, Prism Designs, and the company’s latest product, the Float Shelf, echoes the whole Apple look and feel as well as being really useful. To read this article in full or to leave a comment, please click here

0

Why cybersecurity certifications suck

Robert Graham wrote a great blog post explaining why so many IT certifications suck.

TL&DR: because they are trivial pursuits instead of knowledge assessment tests… but do read the whole post and compare it to your recent certification experience.

0

dweet.io: A simple, effective messaging service for the Internet of Things

In my last post I discussed Freeboard, a powerful, polished, open source Web dashboard and mentioned that Bug Labs, the creators of Freeboard, also offer a very interesting Internet of Things messaging service called dweet which we’ll look at today.Now, there are many messaging services (for example MQTT) that can be used by IoT applications but few that are really simple and free as well; dweet is, indeed, simple and free though there is also an inexpensive enhanced level of dweet service we’ll get to later.To read this article in full or to leave a comment, please click here

0

TDWR 5 GHz Weather Radar Locations and Frequencies

Is your Wi-Fi network close to TDWR weather radar that may impact your deployment?

 

Use this list to know: 

Source: Cisco and WISPA

 http://www.wispa.org/Resources/Industry-Resources/TDWR-Resources/TDWR-Locations-and-Frequencies

 http://www.cisco.com/c/en/us/products/collateral/routers/3200-series-rugged-integrated-services-routers-isr/data_sheet_c78-647116.html

PDF version: 

 http://www.cisco.com/c/en/us/products/collateral/routers/3200-series-rugged-integrated-services-routers-isr/data_sheet_c78-647116.pdf

0

Deep Dive- Contrail Data Center Interconnect

In previous blog we discussed high level for  Juniper Contrail Data Center Interconnect and how to connect physical servers with servers deployed inside SDN environment. In this blog we will have deep dive for both scenarios. We will discuss in detail configuration options ,  control plane and data plane operations involved in both options:-

Following component are included in reference topology:-

1. 1 x MX-5 will be configured as Data Center Edge Router
2. Contrail Control Node
3. Compute 51 (which has 1 x vRouter)
4. Compute 52 (Which has 1 x vRouter)
5. MP-iBGP will be configured by Contrail Control Node between itself and all vRouters.
6. Contrail node will act as Route Reflector (RR) and all vRouter will act as client to RR.
7. vRouter will establish GRE tunnel (for data plane forwarding) with all other vRouter .
8. MX-5 (Data Center Edge Router) will also establish MP-iBGP  peer-ship with Contrail Control node and will establish GRE tunnel with all vRouters.

Now if we recall iBGP forwarding rules and co-relate to our environment:-

1. All vRouter which are RR  clients will transmit routes only to RR.
2. RR will receive the routes from any of the client and will transmit received routes to all clients (except the vRouter from where the Continue reading

0

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

0

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

0

How the Dyn DDoS attack unfolded

Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here

0

How the Dyn DDoS attack unfolded

Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here

0

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

0

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

0

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

0

Loggly aims to reveal what matters in log data  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Logs are one of those things that a lot of people take for granted. Every software, device and application generates its own logs, and they are often overlooked until something happens and someone needs to dig into the logs to try to discover a root cause of the issue. Companies that treat logs in this way are missing out on an opportunity to improve their business.Logs have an interesting property that makes them quite valuable: they are the only common thread across a company's entire technology stack. It doesn't matter if it's network devices, security devices, operating systems or applications—all generate logs. Because of that, and with the proper tools, it's possible to look end-to-end in the infrastructure and the application stack using logs. The result is the ability to see what is happening from node to node, and from process to process.To read this article in full or to leave a comment, please click here

0

Loggly aims to reveal what matters in log data  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Logs are one of those things that a lot of people take for granted. Every software, device and application generates its own logs, and they are often overlooked until something happens and someone needs to dig into the logs to try to discover a root cause of the issue. Companies that treat logs in this way are missing out on an opportunity to improve their business.Logs have an interesting property that makes them quite valuable: they are the only common thread across a company's entire technology stack. It doesn't matter if it's network devices, security devices, operating systems or applications—all generate logs. Because of that, and with the proper tools, it's possible to look end-to-end in the infrastructure and the application stack using logs. The result is the ability to see what is happening from node to node, and from process to process.To read this article in full or to leave a comment, please click here

0

Worth Reading: Facebook’s video views

The takeaway from Facebook’s bombshell that it had overstated a key measure of video ad viewership on its pages by about 80%: It’s not that the social-media giant “miscalculated” its numbers. It’s a fresh view into Facebook’s arrogance, both toward its advertisers and its nearly two billion users. Nothing’s new under the sun, of course — pride has goeth-ed before a fall for all of human history. And obviously does in the digital sphere, too: Facebook FB, +0.05% and its principal digital advertising rival, Google GOOG, +0.04% have been behaving as though customs and principles that have governed the advertising business for its entire history simply don’t apply to them. —Market Watch

The post Worth Reading: Facebook’s video views appeared first on 'net work.