0

Apple lists 25 apps impacted by XcodeGhost

Apple has identified 25 apps on its stores that had used a rogue version of its Xcode development tool, and advised users to update the affected apps to fix the issue on their devices.Figuring in the list are the WeChat app from Tencent and the Didi ride-hailing app, which had been identified earlier as affected. Other apps included in the list released by Apple on its China website include local chatting tool Encounter, the app for Baidu Music and China Unicorn's customer service app.To read this article in full or to leave a comment, please click here

0

Networking Field Day 10 – Arista

I finally had the chance to finish watching all of the Arista videos from Networking Field Day 10.  They did quite a few presentations and if you haven’t watched them yet I would recommend you do…

EOS Evolution and Quality

EOS SDK Demo

CloudVision Overview

7500 Series Architecture

Leaf SSU Demo

While the bulk of the videos talked about Arista platforms or features, Ken Duda’s presentation (EOS Evolution and Quality) really struck a chord with me.  Early in the presentation Ken summarizes the problem by saying “when the network ain’t working, ain’t nothing working”.  The software powering your network just has to work and it has to work consistently.  Ken then goes into where he thinks quality should come from breaking it into 3 pieces.

Culture – It’s obvious from Ken’s talk that Arista legitimately cares about software quality.  While I don’t think this is unique to Arista, I think it’s something they’ve fully embraced because they can.  Arista was born out of the commodity network era.  When you are working with commodity chips, the real differentiator becomes software.  This puts them at a unique position compared to other traditional vendors who Continue reading

0

Cisco in China: If You Can’t Beat ‘Em, Join ‘Em

Having struggled in China since Snowden, Cisco is taking a new tack.

0

Opengear Saves the Day from 35K Feet

On Tuesday, I was boarding a flight heading to the west coast and realized I had 3 switches powered down in the colo that I needed for a presentation and demo on Wednesday. Not a good feeling.

We have an IP enabled PDU that I usually connect to with no issues from the office and home office since we also have an SD-WAN deployed using Viptela. The only issue — there is not a way to VPN into the colo (yes, that’s my fault).

As it turns out, I had exposed the Opengear console server, that we used for all out of band access, to the Internet a few months prior. On a flight that I was only planning to do offline work, I was forced to purchase Wifi…from there, the fix was pretty simple.

I SSH’d into the Opengear console server, got access to the Juniper SRX perimeter FW, and then added a temporary NAT configuration that exposed the PDU to the Internet. I was able to now access the PDU directly from 35K feet in the air, get the devices powered up, and have some peace that they could be used in the demo. Sure, I could have Continue reading

0

ONF Debuts Northbound Interfaces for Intent-Based Networking

The intent-based Boulder & Aspen projects are designed to open up networking.

0

Increased Security Spending: Good Money After Bad?

A couple of recent analyst reports tout significant growth in the information security market. But More security spending on products doesn’t necessarily mean better outcomes for customers.

The post Increased Security Spending: Good Money After Bad? appeared first on Packet Pushers.

0

Datiphy tracks what data is up to for security, auditing purposes

Datiphy, a service provider founded in Taiwan, has bundled its technology for sale as a software package to make inroads in the U.S. as a security/data auditing tool that detects and reports suspicious access to databases.The company has been selling its service in Asia-Pacific since 2011 but has decided to improve the user interface and give it natural-language search to make it more attractive in the U.S. where the large enterprises it seeks as customers want to have an on-premises platform, says Mike Hoffman, executive vice president of sales and marketing.Datiphy has also gotten a financial shot in the arm, pulling down $7 million from Highland Capital Partners in its first round of institutional funding that it will use in part to hire staff to pursue partnerships so data gathered by the platform can be shared with other security products.To read this article in full or to leave a comment, please click here

0

DerbyCon: Former BlueHat prize winner will bypass Control Flow Guard in Windows 10

Windows 10, and even Windows 8.1 Update 3, uses Control Flow Guard (CFG) to protect against memory-corruption attacks. Close to the end of last year, Microsoft said the CFG security feature could "detect attempts to hijack your code" and stop executing the code "before the hijacker can do damage to your data or PC."This summer at Black Hat, Yunhai Zhang showed how to "Bypass Control Flow Guard Comprehensively" (pdf). And at DerbyCon on Friday, Jared DeMott and Rafal Wojtczuk will present "Gadgets Zoo: Bypassing Control Flow Guard in Windows 10."To read this article in full or to leave a comment, please click here

0

Book Report: Future Crimes

Future Crimes by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes.  In just under 400 pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.Fair warning to prospective readers: the story isn’t pretty. The author starts with a wake-up call about data privacy and how a plethora of companies like Facebook, Google, and OkCupid, and the $150 billion dollar data broker industry regularly collect, sell, and abuse user data.  Future Crimes also explores the current derelict world of cyber peeping toms, bullies, revenge porn, and extortion. While these crimes are already rampant today, Goodman theorizes that things will get worse with the proliferation of surveillance cameras, geo-location services, RFID tags, and wireless networking technology. The point is crystal clear: each technology innovation increases the attack surface, and cybercriminals are only too happy to exploit these vulnerabilities for profit.To read this article in full or to leave a comment, please click here

0

OPM underestimated the number of stolen fingerprints by 4.5 million

The number of people whose fingerprints have been stolen as a result of the high-profile hack into the computer systems of the U.S. Office of Personnel Management earlier this year is now 5.6 million.The agency revised its original estimate of 1.1 million Wednesday after finding fingerprint data in archived records that had previously not been taken into account.This does not change the overall number of 21.5 million former, current and prospective federal employees and contractors whose Social Security numbers, personal information and background investigation records were exposed in the breach.The OPM announced in June that it was the target of a cybersecurity breach that resulted in the theft of personnel data including full names, birth dates, home addresses, and Social Security numbers of 4.2 million current and former government employees.To read this article in full or to leave a comment, please click here

0

OPM breach: 4.5 million more individuals open to future fingerprint abuse

Now the federal Office of Personnel Management says the number of individuals whose fingerprints were stolen is 5.6 million – up from 1.1 million – and that they can look forward to having those prints misused as criminals get better at exploiting them.OPM says, “an interagency working group with expertise in this area … will review the potential ways adversaries could misuse fingerprint data now and in the future. This group will also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”To read this article in full or to leave a comment, please click here

0

Citrix Sale Options Would Likely Include Netscaler & GoToMeeting

Citrix is reportedly mulling a selloff of its entire business, or certain assets. Dell is a possible suitor.

0

Last Chance! Maximize Network Programmability with NX-API REST, NX-Toolkit, & NX-API

Join the Cisco DemoFriday on September 25th and learn how you can benefit from network programmability as you transition from legacy systems to open standard interfaces.

0

CloudFlare Raises $110M with Promise to Eliminate Lots of Hardware

A five-year-old upstart garners investments from Google, Microsoft, Baidu, and Qualcomm and sets its sights on competing with Amazon Web Services.

0

Former Gigamon CEO Raises $7M for a Different Type of Security Monitoring

Datiphy watches how data is being used — a managed service that's being turned into a software product for the U.S. market.

0

Thousands of iOS apps infected by XcodeGhost

The impact of iOS app developers unknowingly using a rogue version of the Xcode development tool is turning out to be greater than initially thought: early reports listed just 39 apps that had been trojanized with the tool, but security researchers have since identified thousands more.On Friday, security research firm Palo Alto Networks reported that 39 apps found in the App Store had been compromised after their developers -- most of them located in China -- used a rogue version of Xcode that had been distributed on forums. Xcode is a development tool for iOS and OS X apps provided by Apple.To read this article in full or to leave a comment, please click here

0

Worth Reading: How the IETF is fixing its open standards process

A number of changes have been put in place in the last year to improve the speed at which the IETF can operate. This final post in my series on open standards and open source models examines these changes, along with the tradeoffs. via network computing

The post Worth Reading: How the IETF is fixing its open standards process appeared first on 'net work.

0

Alcatel-Lucent BGP configuration tutorial. Part 2 – BGP policies. Community

In the first part of this BGP tutorial we prepared the ground by configuring eBGP/iBGP peering. We did a good job overall, yet plain BGP peering relationship is useless, the power of BGP in its ability for granular management of multiple routes from multiple sources. And the tools that help BGP to handle this complex task are BGP

0

Reaction: Interoperate or Die

Ethan has an excellent post up on Interoperate or Die. Herewith, a few thoughts in response.

From my perspective, the importance of open standards in the world of network engineering can hardly be overstated. As networks become more complicated (or complex, depending on what word you want to use), having consistent interfaces will become increasingly important. Think of the old IP model — every transport runs on top of IP, and IP runs on top of every physical/link layer. Using IP as a “choke point” built a “wasp waist,” a single API everyone on both sides of the narrow point in the protocol layer could talk to.

in recent years, we’ve forgotten the wasp waist. We’ve built everything over HTTP, and everything over Ethernet over IP, and everything over GRE over IP, and… The entire stack, above IP, is a hornet’s nest of convoluted caverns and side halls pointing, apparently, everywhere at once (like the guy from the forest in The Point, above).

If you think of IP as an API (which is really what it is), the point is to have a single layer API between any two interacting systems. This creates a clean interaction surface that helps you to Continue reading

0

Cisco VIRL: More Than A Certification Study Lab

Cisco's Virtual Internet Routing Lab provides students and experienced networking pros with a tool to build network topologies. Here's what to expect in terms of capabilities and limitations.