0

Android Stagefright: The heart attack that never happened

Since Joshua Drake of Zimperium announced his talk at the Black Hat conference on Twitter, speculation in the blogosphere has been rampant.    BLACKHAT USA 2015 Stagefright: Scary Code in the Heart of Android: https://t.co/oBZpiBFx1x by @jduck— Mobile Security (@Mobile_Sec) July 23, 2015 If some of the claims were true, Android phones would be exploding into flames. Since the introduction of version 4.1 Jelly Bean, Android has been protected from buffer-overflow vulnerabilities such as Stagefright with Address Space Layout Randomization (ASLR). A glance at the chart below reveals that 90% of the Android devices are protected by ASLR. Drake's estimate of one billion Android devices affected by this vulnerability was inflated.To read this article in full or to leave a comment, please click here

0

FBI hopes low-tech video will spark answers to $500 million art heist mystery

It’s been 25 years since two thieves, dressed as Boston police officers made off with $500 million worth of art from the Isabella Stewart Gardner Museum in Boston.The FBI this week released new video it says was captured by Museum security cameras 24 hours before the Gardner heist which the agency hopes might trigger some new leads in the very cold case.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+To read this article in full or to leave a comment, please click here

0

Black Hat 2015: Hacker shows how to alter messages on satellite network

Globalstar satellite transmissions used for tracking truck fleets and wilderness hikers can be hacked to alter messages being sent with possibly dire consequences for pilots, shipping lines, war correspondents and businesses that use the system to keep an eye on their remote assets.The technique, described at Black Hat 2015, can’t affect control of the Globalstar satellites themselves, just the messages they relay, but that could mean altering the apparent location of assets the system tracks. So a cargo container with a satellite location device in it could be made to seemingly disappear, or an airplane could be made to seem to veer off course, according to a briefing by Colby Moore, a security staffer at Synack.To read this article in full or to leave a comment, please click here

0

DNS parser, meet Go fuzzer

Here at CloudFlare we are heavy users of the github.com/miekg/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clear.

Hot Fuzz

Fuzzing is the technique of testing software by continuously feeding it inputs that are automatically mutated. For C/C++, the wildly successful afl-fuzz tool by Michał Zalewski uses instrumented source coverage to judge which mutations pushed the program into new paths, eventually hitting many rarely-tested branches.

go-fuzz applies the same technique to Go programs, instrumenting the source by rewriting it (like godebug does). An interesting difference between afl-fuzz and go-fuzz is that the former normally operates on file inputs to unmodified programs, while the latter asks you to write a Go function and passes inputs to that. The former usually forks a new process for each input, the latter keeps calling the function without restarting often.

There is no strong technical reason for this difference (and indeed afl recently gained the ability to behave like go-fuzz), but it's likely due to the different ecosystems in which they Continue reading

0

IDG Contributor Network: How one startup hopes to solve server underutilization

Only 20% to 50% of in-house server capacity is actually used, even with virtualization gains, according to numbers from MIT-connected startup Jisto. The company says it has a solution, though, which will save enterprises money.The problem that Jisto is looking to solve is that, although companies usually provision plenty of cloud and in-house server space, artificial static walls, which are created with ownership profiles and resource groups, create waste. Servers are underutilized.Redundancy-prone It isn't just the in-house servers, either. Cloud capacity is also redundancy-prone.To read this article in full or to leave a comment, please click here

0

U.S. Internet connection speeds still lag behind other developed nations

The average U.S. Internet connection speed continues to lag behind that of many other developed nations, according to the latest State of the Internet report from CDN and cloud service provider Akamai. In the first quarter of 2015, Akamai said, the average U.S. Internet connection speed was 11.9Mbps - considerably below the 23.6Mbps mark posted by South Korea, which had the fastest average connection speed worldwide. The top 10 was dominated by countries from Europe and east Asia, including Ireland, Hong Kong, Sweden and the Netherlands. The U.S. placed 19th in the rankings.To read this article in full or to leave a comment, please click here

0

Network Configuration Automation

This post will give a brief overview of network configuration automation, describe its challenges and benefits and will set off a series of posts showing how to automate a configuration of a typical enterprise network.

Continue reading

0

Qualcomm bets on superfast broadband over copper with latest acquisition

Qualcomm has entered into an agreement to acquire Ikanos Communications in order to speed up its efforts to build home gateways with integrated support for G.fast, which promises to offer hundreds of megabit per second over copper.If all goes according to plan, Ikanos will become part of the company’s Qualcomm Atheros subsidiary. Qualcomm seems keen on getting Ikanos, because it’s paying US$2.75 per share, compared to the $1.75 Ikanos’ shares were worth at the close of the market on Wednesday.Qualcomm’s plan is to combine its own Wi-Fi, powerline, small cell, and ethernet chipsets with Ikanos wired modem technology to create a more complete offering for home gateway products, it said.To read this article in full or to leave a comment, please click here

0

Worth Listening: Optical for the Campus

The post Worth Listening: Optical for the Campus appeared first on 'net work.

0

SDN, SD-WAN and FCoE on Gartner Networking Hype Cycle

Gartner has updated their networking hype cycle. Not surprisingly:

• Ethernet switching fabrics are on the slope of enlightenment (finally – we’ve been educating networking engineers on what they really are for half a decade);
• SDN is well on its way into the trough of disillusionment (shameless plug: I guess not enough people attended real-life SDN workshops) and whitebox switching is going the same way;
• SD-WAN is nearing the peak of inflated expectations;
• FCoE and Long-Distance vMotion will be dead before they reach the plateau.

Gartner won’t give you free access to the graph, but you’ll find it in an article published on The Register.

0

How a Chinese Hacking Ring Loots Corporate Secrets

A Dell SecureWorks survey explains how compromised sites can be used for highly selective attacks.

0

Obama pushes tech startup community for more diversity

WASHINGTON -- If startups in the tech sector and other high-growth industries are going to continue to emerge and thrive, the business landscape must become a more inclusive environment, one that is more welcoming of women, minorities and regions outside major urban and university centers, the White House is warning."We've got to make sure that everybody is getting a fair shot," President Obama said this week in remarks at the White House. "The next Steve Jobs might be named Stephanie or Esteban. They might never set foot in Silicon Valley. We've got to unleash the full potential of every American -- not leave more than half the team on the bench."To read this article in full or to leave a comment, please click here

0

For Clemson & Big Switch Networks, Collaborative Past Leads to Collaborative Future

Big Switch, Clemson, and SDN go way back together.

0

HL: The Art of Network Architecture

The post HL: The Art of Network Architecture appeared first on 'net work.

0

Black Hat: Hackers urged to protect Internet freedom

Las Vegas -- Security researchers need to fight for the rights to study, modify and reverse engineer Internet hardware and software or the general population risks losing Internet freedom, the Black Hat 2015 conference was told. Jennifer Granick “The dream of Internet freedom is dying,” warned Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society during the conference keynote. Four things are killing it: centralization, regulation, globalization and loss of “the freedom to tinker,” she says.To read this article in full or to leave a comment, please click here

0

Good Works

As some one says, “The Devil used to try to prevent people from doing good works, but he has now learned a new trick worth two of that: he organizes them instead.”
C.S. Lewis, Letters to an American Lady

The post Good Works appeared first on 'net work.

0

HP, Cisco Ranked As Top WLAN Vendors

HP reaps rewards from its acquisition of Aruba Networks, asserting itself as an enterprise WLAN market leader alongside rival Cisco, according to IHS research.

0

Converged Infrastructure Vs. Disaggregated Systems

Deciding whether converged systems or network disaggregation is right for your organization requires looking beyond the hype.

0

Why I’m Listening To John Chambers’ Dire Warning

The final keynote by Cisco's former CEO reeked of fire and brimstone. But do regular IT pros need to worry about an impending IT apocalypse?

0

Securing BGP Not As Difficult As You’d Think

But few service providers and organizations bother to deploy security for BGP, security expert says.