Widespread exploit kit, password stealer and ransomware program mixed into dangerous cocktail

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.To read this article in full or to leave a comment, please click here

QOTW: Labor and Morality

null

The post QOTW: Labor and Morality appeared first on 'net work.

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

IDC predicts bad news for old-school IT as CEOs embrace digital transformation

More and more CEOs are peppering their corporate strategy talks with two words: digital transformation. In fact, market-research firm IDC says “it is becoming increasingly difficult to keep track of all the CEO proclamations related to digital transformation.”To read this article in full or to leave a comment, please click here(Insider Story)

Net neutrality could be on the line in Washington court battle

The FCC's net neutrality rules go on trial Friday as oral arguments begin in 10 lawsuits that could dramatically change the way Internet service providers are regulated.In February, the Federal Communications Commission voted to ban service providers from giving some content preferential treatment. It also reclassified broadband as a communications service, similar to old-fashioned telecommunications except with exemptions from pricing and other regulations.The rules went into effect in April but soon faced a barrage of lawsuits by carriers and industry groups that want to see them gutted. The suits were combined into one proceeding in the federal appeals court in Washington, where opening arguments will start Friday.To read this article in full or to leave a comment, please click here

Tools for debugging, testing and using HTTP/2

With CloudFlare's release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you'll want to be using an up to date web browser (all the major browsers support HTTP/2).

But there are some non-browser tools that come in handy when working with HTTP/2. This blog post starts with a useful browser add-on, and then delves into command-line tools, load testing, conformance verification, development libraries and packet decoding for HTTP/2.

If you know of something that I've missed please write a comment.

Browser Indicators

For Google Chrome there's a handy HTTP/2 and SPDY Indicator extension that adds a colored lightning bolt to the browser bar showing the protocol being used when a web page is viewed.

The blue lightning bolt shown here indicates that the CloudFlare home page was served using HTTP/2:

A green lightning bolt indicates the site was served using SPDY and gives the SPDY version number. In this case SPDY/3.1:

A grey lightning bolt indicates that neither HTTP/2 no SPDY were used. Here the web page was served using HTTP/1.1.

There's a similar extension for Firefox.

Online testing

There's also a handy online Continue reading

SD-WAN: Streamlining Branch Office Connectivity

Traditional WANs are expensive and complex. Enterprises can tackle the problem by extending SDN from the data center to the WAN.

What Data Centers Can Learn From The Military

Hyperscale innovators are driving technology today in the way that NASA and the military introduced new capabilities decades ago, but some principles remain the same.

Why Do We Need VXLAN (and What Is It)?

Do you need VXLAN in your data center or could you continue using traditional bridging? Do layer-2 fabrics make sense or are they a dead end in the evolution of virtual networking?

I tried to provide a few high-level answers in the Introduction to VXLAN video which starts the VXLAN Technical Deep Dive webinar. The public version of the video is now available on ipSpace.net Free Content web site.

Watch the video

Millions of smart TVs, phones and routers at risk from old vulnerability

A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn't been patched by many vendors, thus posing a risk, according to Trend Micro.Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst."These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well," he wrote.To read this article in full or to leave a comment, please click here

Microsoft, law enforcement disrupt Dorkbot botnet

Microsoft said Thursday it aided law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide.The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix.It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.Microsoft didn't provide much detail on how Dorkbot's infrastructure was disrupted. The company has undertaken several such actions over the last few years in cooperation with law enforcement.To read this article in full or to leave a comment, please click here

Network Automation with Ansible – Dynamically Configuring Interface Descriptions

It’s been a while since my last post, but let’s hope that changes with the flurry of posts planned for this month. Most of my recent time has been spent traveling and teaching courses that cover how to use Python and Ansible for Network Automation. I’ve written about many of these concepts in the past, but to re-iterate what I’ve been saying, and what I’ve written in the past, it’s crucial to start small when it comes to automation (otherwise it’s easy to feel overwhelmed trying to automate everything and then you never make any real progress). By starting small, you can get a quick win, and can gradually expand from there. In this post, I’m going to review one very small example of how to use Ansible for network automation. We’ll review how to use Ansible to dynamically configure interface descriptions populated with real-time LLDP neighbor information. While this post focuses on Cisco Nexus switches, note that the same approach can be used for any vendor.

The process that we’ll be using to auto-configure the interface descriptions is a three-step process:

1. Discover the device
While we are only using Cisco switches in this example, we still go through Continue reading

Free digital certificate project opens doors for public beta

Let's Encrypt, the project offering free digital certificates for websites, is now issuing them more broadly with the launch of a public beta on Thursday.The beta label will eventually be dropped as the software they've developed is refined, wrote Josh Aas, executive director of the Internet Security Research Group (ISRG), which runs Let's Encrypt."Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms," he wrote.Digital certificates use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt traffic exchanged between a user and a service, adding a higher level of privacy and security.To read this article in full or to leave a comment, please click here

Artificial Intelligence Handles Phone Calls for NTT

NTT also announced a reseller partnership with Hewlett Packard Enterprise.

Wait: Did I just detect a flicker of personality in the enterprise IT industry?

Long gone are the days of the colorful enterprise networking industry I knew filled with provocative personalities like Cabletron Systems President Bob Levine and 3Com’s Bob Metcalfe. But at this week’s Xconomy Enterprise Tech Strikes Back event held at the Fidelity Center for Applied Technology in Boston, I actually detected some real-life individuality and swagger to go along with good business ideas being touted by the industry’s latest batch of young companies.To read this article in full or to leave a comment, please click here

Vapor IO Scores First Round of Funding

The investors include Goldman Sachs and AVX Partners, but the amount is unknown.

IDG Contributor Network: The future of virtualization: Don’t forget the so-called ‘old’

This is an exciting moment for data virtualization. The options available for virtualization are expanding, and are providing advances in processing speed around big data and data integration. This is just one of many areas around virtualization getting attention…and usually with the words "new" and "future" close by. But if the technology that pioneered virtualization – mainframes – is mentioned at all, it is usually dismissed. Why? Usually, the motivation is to serve the interests of the people who are trying to sell their product.Do you remember the classic sci-fi movie Logan's Run? In it, anyone who reaches the age of 30 meets his or her end in a public ceremony. Sometimes it feels like our industry has the same attitude towards existing software and hardware. This shortsighted approach does a disservice to technology, new and old. Let's look at the reasons why from the perspective of mainframes and virtualization.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Self-healing gel breakthrough could lead to flexible electronics

The fact that circuits are not designed to flex hinders product design, causes maintenance issues in the field, and is slowing the move towards bendable, rollable gadgets.However, some scientists think they've got a solution. Researchers in the Cockrell School of Engineering at The University of Texas at Austin say they've invented a healing gel that doesn't need an application of light or heat to fix a broken connection.Until now, you'd need "external stimuli" to mend cracks or breaks in circuits, Guihua Yu, the UT Assistant Professor who developed the gel, said in an article at UT News.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Self-healing gel breakthrough could lead to flexible electronics

« Previous 1 … 2,864 2,865 2,866 2,867 2,868 … 3,444 Next »

Archive

Browser Indicators

Online testing