Cisco patches critical authentication flaw in conferencing servers

Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here

Cisco patches critical authentication flaw in conferencing servers

Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here

Practical DMVPN Example

In this post, I will put together a variety of different technologies involved in a real-life DMVPN deployment.

This includes things such as the correct tunnel configuration, routing-configuration using BGP as the protocol of choice, as well as NAT toward an upstream provider and front-door VRF’s in order to implement a default-route on both the Hub and the Spokes and last, but not least a newer feature, namely Per-Tunnel QoS using NHRP.

So I hope you will find the information relevant to your DMVPN deployments.

First off, lets take a look at the topology I will be using for this example:

As can be seen, we have a hub router which is connected to two different ISP’s. One to a general purpose internet provider (the internet cloud in this topology) which is being used as transport for our DMVPN setup, as well as a router in the TeleCom network (AS 59701), providing a single route for demonstration purposes (8.8.8.8/32). We have been assigned the 70.0.0.0/24 network from TeleCom to use for internet access as well.

Then we have to Spoke sites, with a single router in each site (Spoke-01 and Spoke-02 respectively).
Each one Continue reading

Possible ‘glitch’ summons woman for jury duty 9 times in 12 years

A woman from Ohio tells a Cleveland TV station that she has been summoned for jury nine times in the past 12 years."Usually what I do is snap a picture (of the summons) and send it to my friend, like, again!" she says. From that TV station story: Administrative judge for the Cuyahoga County Common Pleas Court John Russo says that people are supposed to get called about every two years. According to him, jury selection is random, with 300 names picked electronically per week based on voter registration. But Russo says there could be a glitch with addresses that would put your name back in the pot too soon.To read this article in full or to leave a comment, please click here

Possible ‘glitch’ summons woman for jury duty 9 times in 12 years

A woman from Ohio tells a Cleveland TV station that she has been summoned for jury nine times in the past 12 years."Usually what I do is snap a picture (of the summons) and send it to my friend, like, again!" she says. From that TV station story: Administrative judge for the Cuyahoga County Common Pleas Court John Russo says that people are supposed to get called about every two years. According to him, jury selection is random, with 300 names picked electronically per week based on voter registration. But Russo says there could be a glitch with addresses that would put your name back in the pot too soon.To read this article in full or to leave a comment, please click here

Samsung’s Galaxy Note7 from hell

There's a lot of clap-trap going around about what could be wrong with the lithium-ion batteries in the dozens of Note7s that overheated, smoked, and even caught fire in original and replacement units.The truth is that the public doesn't know -- yet. Many analysts are questioning whether Samsung knows and just hasn't said.Samsung killed production of the Note7 and stopped sales and exchanges yesterday, less than two months after the South Korean giant started shipping the original device in the U.S. on Aug. 19. It's not clear what the company plans to do next to recover.To read this article in full or to leave a comment, please click here

6 reasons to try Linux today

There’s never been a better time to give Linux a try.Wait, don’t slam on that back button! I’m not one of those rabid “Year of the Linux desktop” types. Windows works just fine for hundreds of millions of people, and—sorry, Linux lovers—there’s little to suggest Linux usage will ever be more than a rounding error compared to Microsoft’s behemoth.INSIDER: SUSE Linux 12 challenges Red Hat That said, there are some pretty compelling reasons you might want to consider switching to Linux on your computer, or at least give it a hassle-free trial run.To read this article in full or to leave a comment, please click here

GitHub’s 7 top productivity tools for programmers

GitHub's 7 most popular productivity tools for programmersImage by Wikipedia; pixabayBorn of ingenuity -- or, in some cases, laziness -- programming tools created by developers for developers have become an essential component of modern software development. Developers seeking to enhance their productivity or simply cut down on keystrokes have enjoyed a boon of possibilities thanks to open source repo host GitHub.To read this article in full or to leave a comment, please click here

Michael Dell tells IT leaders all they need to know about the new Dell Technologies

In September, Dell and EMC finalized the largest ever merger of tech companies, creating privately held Dell Technologies - a "family" of companies that provides everything from PCs to hyperconverged infrastructure with annual revenue of some $75 billion. Ahead of next week's Dell EMC World conference, CEO Michael Dell spoke with IDG Chief Content Officer John Gallant about what Dell and EMC customers can expect -- in sales, service, product integration -- from this landscape-altering combination.I wanted to spend time talking with you about how your competitive approach, how the path you've taken, differs and offers benefit to customers compared to some of their other strategic providers today. I had the opportunity to talk to Hewlett Packard Enterprise CEO Meg Whitman some time ago about their very different approach with HP splitting apart. And Meg's comment was, and this is a direct quote from her, "Dell EMC has taken an entirely different strategy than we have. We decided to get smaller, they decided to get bigger. We decided to de-lever the company, they've chosen to lever up. We've chosen to lean into new technology like 3Par all-flash storage, our next generation of servers, high-performance compute, hyperconverged Composable infrastructure and Continue reading

Darkweb marketplaces can get you more than just spam and phish

The underground marketImage by ThinkstockUnderground markets offer a great variety of services for cyber criminals to profit from. These forums offer items ranging from physical world items like drugs and weapons to digital world items such as spam/phishing delivery, exploit kit services, "Crypters", "Binders", custom malware development, zero-day exploits, and bulletproof hosting.To read this article in full or to leave a comment, please click here

Why you need to create a social media policy

Whether it's Facebook, Instagram, Twitter, Snapchat or Reddit, chances are good that your employees are spending some time on at least one of these social networks during work hours. But before you run to IT and install company-wide web filters, there are a few things to consider about your employee's social media habits."Social media is more accessible than ever -- and it isn't going anywhere anytime soon -- so it's a great time for employers to get on board. If a company has a clear policy around social media usage at work and communicates those guidelines effectively, there should not be a need to block the sites, as employees will remain productive and engaged," says Tisha Danehl, vice president of Ajilon Professional Staffing.To read this article in full or to leave a comment, please click here

Hardcore fans mourn the death of Nexus by denouncing the Pixel

It seems Google would like people to think the Pixel is the first phone it has ever produced with its “Made by Google” ad campaign. The most devoted fans of the Android platform have never seen it that way. To them, the Nexus phones were about “pure Android,” but now they’re suddenly finding their phones have been demoted.Google has said there will be no new Nexus phones, and what's more, the Pixel and Pixel XL will get exclusive features that aren’t coming to the current Nexus line, and Nexus owners are understandably upset. How upset? Well, we cannot reprint some of what’s been said, if that gives you an idea.To read this article in full or to leave a comment, please click here

Yahoo shows that breach impacts can go far beyond remediation expenses

Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here

Yahoo shows that breach impacts can go far beyond remediation expenses

Companies that focus on the immediate breach remediation costs may be missing the big picture, and could be under-investing in security as a result.Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included costs.But the actual numbers could be several times higher.Take the Yahoo breach, for example, which could lead to a $1 billion drop in the company's value.To read this article in full or to leave a comment, please click here

Future of collaboration software all about integration — not consolidation

Enterprise software makers have tried to blend social tools and consumer technology for at least a decade. It's been a slow process, but by 2020 the biggest names in business software will likely be well-known consumer brands, instead of the stalwarts that dominated the market for decades, according to Aaron Levie, CEO of cloud storage service Box. Outsiders are redefining the future of workplace collaboration, and some of these companies, including Facebook, are focused on specific tools or technologies instead of platforms that try to serve every business need. The one-vendor-for-all-things-enterprise approach has no place in today's business landscape, Levie says.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Beyond logging: Using SIEM to combat security, compliance issues

As connectivity grows, so do threats to the IT infrastructures under your care—and, by extension, your organization’s ability to profit and serve its customers. Security strategies that worked fine in the not-so-distant past have grown woefully inadequate as the technology terrain shifts. You’ve probably heard the acronym SIEM being thrown around a lot these days and for good reasons. As security experts, we know that perimeter defenses simply aren’t enough anymore, and we need a holistic view of our IT infrastructures.  + Also on Network World: SIEM market dynamics in play +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Beyond logging: Using SIEM to combat security, compliance issues

As connectivity grows, so do threats to the IT infrastructures under your care—and, by extension, your organization’s ability to profit and serve its customers. Security strategies that worked fine in the not-so-distant past have grown woefully inadequate as the technology terrain shifts. You’ve probably heard the acronym SIEM being thrown around a lot these days and for good reasons. As security experts, we know that perimeter defenses simply aren’t enough anymore, and we need a holistic view of our IT infrastructures.  + Also on Network World: SIEM market dynamics in play +To read this article in full or to leave a comment, please click here

Postman Wants to Be De Facto Standard for APIs

Postman is geared towards internal applications and developer workflows.

Bringing Standards Development And Open Source Projects Together

How CSOs can better manage third-party risks

In the latest episode of Security Sessions, CSO Editor-in-Chief Joan Goodchild chats with Scott Schneider from CyberGRX, a startup in the third-party risk analysis space, about best practices and tips for CSOs when working on a risk analysis plan with third party vendors.