Archive

Category Archives for "Networking"

Web Real Time Communication (WebRTC) applications emerge as the tech stabilizes

Perhaps the single-most significant standards based technological advancement in the field of unified communications over the past year has been the completion of Web Real Time Communication (WebRTC) standard and the appearance of several WebRTC based implementations.

WebRTC 1.0 APIs are defined by the World Wide Web Consortium (W3C) and the IETF (Internet Engineering Taskforce) RTCWeb Working Group, and they make it possible for Web browsers to support voice calling, video chat, and peer-to-peer connections.

There has been considerable stabilization of the WebRTC browser implementation over the past year or so, enabling much more robust WebRTC apps to be developed. On the other hand, there still remains considerable and substantial work to be done on the IETF protocols for WebRTC.  

To read this article in full or to leave a comment, please click here

Tesla patches Model S after researchers hack car’s software

Tesla has issued a security update to its Model S car after security researchers discovered six flaws that allowed them to control its entertainment software and hijack the vehicle.With access to the entertainment software, Kevin Mahaffey, CTO of security startup Lookout, and Marc Rogers, a security researcher at CloudFlare, turned off the engine while a person was driving, changed the speed and map information displayed on the touchscreen, opened and closed the trunk and controlled the radio.The pair, who will discuss their findings Friday at the DEF CON hacking conference in Las Vegas, also uploaded a remote access application that allowed them to lock and unlock the car using an iPhone.To read this article in full or to leave a comment, please click here

Tesla patches Model S after researchers hack car’s software

Tesla has issued a security update to its Model S car after security researchers discovered six flaws that allowed them to control its entertainment software and hijack the vehicle.With access to the entertainment software, Kevin Mahaffey, CTO of security startup Lookout, and Marc Rogers, a security researcher at CloudFlare, turned off the engine while a person was driving, changed the speed and map information displayed on the touchscreen, opened and closed the trunk and controlled the radio.The pair, who will discuss their findings Friday at the DEF CON hacking conference in Las Vegas, also uploaded a remote access application that allowed them to lock and unlock the car using an iPhone.To read this article in full or to leave a comment, please click here

FCC rejects proposal favoring small carriers in spectrum auction

Small mobile carriers lost a battle Thursday when the U.S. Federal Communications Commission declined to make it easier for them to get access to a reserved slice of spectrum during a 2016 auction of television spectrum.The FCC, in a 3-2 vote, approved a wide-ranging set of rules for the upcoming incentive auction in which U.S. TV stations have the option of giving up their current spectrum and moving to other channels or stop broadcasting over the air in exchange for a piece of the auction proceeds. The world’s first, two-way spectrum auction, with TV stations selling spectrum and mobile carriers buying, will begin March 29, 2016, the FCC announced.To read this article in full or to leave a comment, please click here

Prominent healthcare CIO: FDA medical device security warning “will be the first of many”

Dr. John Halamka has taken to his "Life as a Healthcare CIO" blog to sound the alarm on medical device threats in the wake of the FDA late last week issuing its first cybersecurity warning about a specific medical device.The Food and Drug Administration urged healthcare facilities to stop using Hospira's Symbiq Infusion System, a common device for dispensing fluids/drugs to patients that the manufacturer says is being removed from the market. The warning spells out that the devices could be accessed via a hospital network and rejiggered to mess up a patient's dosage. The FDA said it's not aware of any hacking incidents involving the pumps, whose vulnerability was initially warned of on the US-CERT site in June and then the Industrial Control Systems CERT site in mid-July.To read this article in full or to leave a comment, please click here

Consumers still don’t get two-factor authentication

LAS VEGAS – Telesign, a mobile identity solutions provider, continued to educate the public about its free “Turn It On” Campaign – a step-by-step instructional guide to two-factor authentication (2FA) on some of the most visited websites – at this year’s Black Hat security conference.  Co-founder Ryan Disraeli says that based on Telesign’s “Consumer Account Security Report,” it’s clear consumers want more security but don’t know much – if anything – about 2FA.The report, a study of the changing attitudes and behavior of consumers around their online security, found that “80 percent of consumers worry about online security and 45 percent are extremely or very concerned about their accounts being hacked.”To read this article in full or to leave a comment, please click here

Attackers could take over Android devices by exploiting built-in remote support apps

Many smart phone manufacturers preload remote support tools on their Android devices in an insecure way, providing a method for hackers to take control of the devices through rogue apps or even SMS messages.The vulnerability was discovered by researchers from security firm Check Point Software Technologies, who presented it Thursday at the Black Hat security conference in Las Vegas. According to them, it affects hundreds of millions of Android devices from many manufacturers including Samsung Electronics, LG Electronics, HTC, Huawei Technologies and ZTE.Most of the flagship phones from different vendors come preloaded with remote support tools, Check Point researchers Ohad Bobrov and Avi Bashan said. In some cases they are installed by the manufacturers themselves, while in other cases by mobile carriers, they said.To read this article in full or to leave a comment, please click here

Has Epson killed the printer ink cartridge?

The answer is yes, at least based on this headline the other day in The Wall Street Journal: Review: Epson Kills the Printer Ink Cartridge.However, reading the analysis underneath the headline reveals a much more complicated picture: Epson has a new printer line that can store so much ink that you can practically forget about the need to ever refill it again.From the review written by Wilson Rothman: Epson, the maker of my nightmare printer, has finally put an end to the horror of ink cartridges, at least for people willing to throw cash at the problem up front. The five new EcoTank series printers look like normal models, only they have containers on their sides that hold gobs and gobs of ink. How much? Years’ worth. Enough that your children—or at least mine—could go on a two-hour coloring-page-printing bender and you wouldn’t even notice.To read this article in full or to leave a comment, please click here

IBM’s new $1B acquisition will help Watson ‘see’

IBM plans to buy Merge Healthcare in a $1 billion deal that promises to bring new image-focused capabilities to its Watson Health platform.Under the terms of the acquisition, which was announced Thursday and is expected to close later this year, Merge shareholders will receive $7.13 per share in cash. The deal is IBM’s third and largest major health-related acquisition since it launched its Watson Health unit in April.Merge’s technology provides medical image handling and processing and is currently used at more than 7,500 U.S. health care sites. IBM plans to use its Watson Health Cloud to analyze and cross-reference Merge’s medical images against lab results, electronic health records, genomic tests, clinical studies and other health-related data sources amounting to 315 billion data points and 90 million unique records.To read this article in full or to leave a comment, please click here

Black Hat 2015: IoT devices can become transmitters to steal data

It’s possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks, a researcher tells the Black Hat 2015 conference.By rapidly turning on and off the outputs from I/O pins on chips within the printer, it’s possible to generate a signal strong enough to pass through a concrete wall and beyond to a receiver, says Ang Cui, a researcher who works at Red Balloon Security and did the research at Columbia University.+ Follow all the stories out of Black Hat 2015 +To read this article in full or to leave a comment, please click here

Wireshark 1.12.6 on Yosemite (OS X 10.10.4)

To run Wireshark on OS X you have to install X11 for some reason, and Apple has apparently stopped developing this.  It is now a separate thing called XQuartz.

It seems that at some point, either some files moved or a symlink got deleted, so Wireshark won’t start.  When you click it, the top menu says “Wireshark” but the user interface never appears.

To get Wireshark running do the following:

Download Quartz 2.2.7 and install it on your OS X 10.10.4 system.

Open a terminal window and enter this command to re-make the symbolic link:

sudo ln -s /opt/X11 /usr/X11

(you will need to be an admin user of the system and put in your password at this point).

Now install Wireshark and you should be good to go.


Wireshark 1.12.6 on Yosemite (OS X 10.10.4)

To run Wireshark on OS X you have to install X11 for some reason, and Apple has apparently stopped developing this.  It is now a separate thing called XQuartz.

It seems that at some point, either some files moved or a symlink got deleted, so Wireshark won’t start.  When you click it, the top menu says “Wireshark” but the user interface never appears.

To get Wireshark running do the following:

Download Quartz 2.2.7 and install it on your OS X 10.10.4 system.

Open a terminal window and enter this command to re-make the symbolic link:

sudo ln -s /opt/X11 /usr/X11

(you will need to be an admin user of the system and put in your password at this point).

Now install Wireshark and you should be good to go.


Proxy ARP

How does Internet work - We know what is networking

I found differed kinds of explanations about what that Proxy ARP is all about. After going through all of them this explanation came out. It is fairly simple technique for nodes to get MAC address of a destination host that is on the same subnet but behind a router. It’s a technique that enables our R7 router on the image below to proxy ARP request from C1 computer which tries to find MAC address of computer C3. You need to note that C1 has address from /16 range and that is why it thinks that 192.168.50.50 is the same subnet as

Proxy ARP

Android Stagefright: The heart attack that never happened

Since Joshua Drake of Zimperium announced his talk at the Black Hat conference on Twitter, speculation in the blogosphere has been rampant.    BLACKHAT USA 2015 Stagefright: Scary Code in the Heart of Android: https://t.co/oBZpiBFx1x by @jduck— Mobile Security (@Mobile_Sec) July 23, 2015 If some of the claims were true, Android phones would be exploding into flames. Since the introduction of version 4.1 Jelly Bean, Android has been protected from buffer-overflow vulnerabilities such as Stagefright with Address Space Layout Randomization (ASLR). A glance at the chart below reveals that 90% of the Android devices are protected by ASLR. Drake's estimate of one billion Android devices affected by this vulnerability was inflated.To read this article in full or to leave a comment, please click here

FBI hopes low-tech video will spark answers to $500 million art heist mystery

It’s been 25 years since two thieves, dressed as Boston police officers made off with $500 million worth of art from the Isabella Stewart Gardner Museum in Boston.The FBI this week released new video it says was captured by Museum security cameras 24 hours before the Gardner heist which the agency hopes might trigger some new leads in the very cold case.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+To read this article in full or to leave a comment, please click here

Black Hat 2015: Hacker shows how to alter messages on satellite network

Globalstar satellite transmissions used for tracking truck fleets and wilderness hikers can be hacked to alter messages being sent with possibly dire consequences for pilots, shipping lines, war correspondents and businesses that use the system to keep an eye on their remote assets.The technique, described at Black Hat 2015, can’t affect control of the Globalstar satellites themselves, just the messages they relay, but that could mean altering the apparent location of assets the system tracks. So a cargo container with a satellite location device in it could be made to seemingly disappear, or an airplane could be made to seem to veer off course, according to a briefing by Colby Moore, a security staffer at Synack.To read this article in full or to leave a comment, please click here

DNS parser, meet Go fuzzer

Here at CloudFlare we are heavy users of the github.com/miekg/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clear.

Hot Fuzz

Fuzzing is the technique of testing software by continuously feeding it inputs that are automatically mutated. For C/C++, the wildly successful afl-fuzz tool by Michał Zalewski uses instrumented source coverage to judge which mutations pushed the program into new paths, eventually hitting many rarely-tested branches.

go-fuzz applies the same technique to Go programs, instrumenting the source by rewriting it (like godebug does). An interesting difference between afl-fuzz and go-fuzz is that the former normally operates on file inputs to unmodified programs, while the latter asks you to write a Go function and passes inputs to that. The former usually forks a new process for each input, the latter keeps calling the function without restarting often.

There is no strong technical reason for this difference (and indeed afl recently gained the ability to behave like go-fuzz), but it's likely due to the different ecosystems in which they Continue reading

1 3,013 3,014 3,015 3,016 3,017 3,465