Inaudible voice commands: the long-range attack and defense
Inaudible voice commands: the long-range attack and defense Roy et al., NSDI’18
Although you can’t hear them, I’m sure you heard about the inaudible ultrasound attacks on always-on voice-based systems such as Amazon Echo, Google Home, and Siri. This short video shows a ‘DolphinAttack’ in action:
To remain inaudible, the attack only works from close range (about 5ft). And it can work at up to about 10ft when partially audible. Things would get a whole lot more interesting if we could conduct inaudible attacks over a longer range. For example, getting all phones in a crowded area to start dialling your premium number, or targeting every device in an open plan office, or parking your car on the road and controlling all voice-enabled devices in the area. “Alexa, open my garage door…”. In today’s paper, Roy et al. show us how to significantly extend the range of inaudible voice command attacks. Their experiments are limited by the power of their amplifier, but succeed at up to 25ft (7.6m). Fortunately, the authors also demonstrate how we can construct software-only defences against the attacks.
We test our attack prototype with 984 commands to Amazon Echo and 200 commands to smartphones Continue reading
Protego Scores $2M in Seed Funds to Target Serverless Security
A recent report found 21 percent of open source serverless projects contained at least one critical vulnerability or misconfiguration.
Cycle Pedals Bare Metal Container Orchestrator as Kubernetes Alternative
The barebones platform is available through Packet's bare metal compute, network, and storage resources.
History Of Networking – Geoff Houston – BGP Security
Recent history tells us that even after decades of pervasive use, BGP is far from a fully secure protocol. In this episode of History of Networking on Network Collective, Geoff Houston joins us to talk about how we got here and why previous attempts at BGP security have fallen by the wayside.
Geoff Houston
Guest
Russ White
Host
Donald Sharp
Host
Jordan Martin
Host
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post History Of Networking – Geoff Houston – BGP Security appeared first on Network Collective.
NetApp Partners With Google, Ups the Ante in its Cloud-Connected Game
Analysts praised the company for its ongoing effort to transition from a traditional storage vendor to a cloud data services company
RIPE NCC: The Future of BGP Security
I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion on where we are now, and where we might go to make BGP security better.
Masergy Picks Bitglass Cloud Security Tech for Managed CASB Service
The managed security service provider tested Netskope’s and McAfee Skyhigh’s technology before choosing Bitglass.
Aqua Security Sprinkles Support Over CRI-O Kubernetes Runtime Platform
CRI-O was launched as a lighter alternative to using Docker as the runtime for Kubernetes.
What is BGP Hijacking, Anyway?
Two weeks ago, we learned about yet another routing security incident, namely the hijack of BGP routes to the Amazon DNS infrastructure, used as a stepping stone to steal about $150,000 of Ethereum cryptocurrency from MyEtherWallet.com. We’ve been talking a lot lately about BGP hijacking, digging into the details of what happened in this post. But maybe we need to back up a minute and answer: What in the world is BGP hijacking, anyway, and why does it matter? Here, we’ll explain the basics and how network operators and Internet Exchange Points can join MANRS to help solve the problem.
What is BGP?
BGP, or Border Gateway Protocol, is used to direct traffic across the Internet. Networks use BGP to exchange “reachability information” – networks they know how to get to. Any network that is connected to the Internet eventually relies on BGP to reach other networks.
What is BGP Hijacking?
In short, BGP hijacking is when an attacker disguises itself as another network; it announces network prefixes belonging to another network as if those prefixes are theirs. If this false information is accepted by neighboring networks and propagated further using BGP, it distorts the “roadmap” of the Continue reading
Zero Trust. Maximize Network Virtualization and Micro-segmentation
It’s official: when it comes to security threats, the question IT teams should be asking is not if but when. VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation. Analysis found that 92% of respondents reported having faced minor security incidents in the last 12 months alone, while 65% of respondents endured a major incident in the same time span. These figures seal the deal; the naïve days of preparing for potential issues are long gone. Cyber threats are real, imminent, and happen often.
Companies today attribute more of their security issues to improper network segmentation than to the volume of threats overall. In response, leaders across industries are turning to network virtualization – specifically the Zero Trust security model – as a key strategy in combating threats. This strategy posits that whether a network is labeled secure or insecure, both should be treated as equally vulnerable. Further, the Zero Trust model supports the argument that ”traditional, perimeter-based security configurations are no longer a sufficient measure for protecting the network, and highlights steps companies can take to better secure their network, starting with network virtualization Continue reading
Zero Trust. Maximize Network Virtualization and Micro-segmentation
VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation.
NetScout Revenue Sinks 27% in Q4 Fiscal 2018
The company also reported more downward guidance for its upcoming fiscal year, but remains optimistic about its product revenue.
Carbon Black Stock Raises $125 Million in Public Debut
The security company priced its IPO at the high end of its $17-$19 range.
Fortinet Quadruples Q1 Revenues, Posts Triple-Digit Cloud Growth
Investors were not as impressed as the company's stock was trading down early Friday off of a recent 52-week high.
Spectre Next Gen Bugs Hit Intel CPUs, Cisco Catches Cryptojacking Threats
Intel classified four of the new flaws as “high risk” and four as “medium,” and it's working on patches.
HPC Container Security: Fact, Myth, Rumor, And Kernels
It is fair to say that containers in HPC are a big deal. Nothing more clearly shows the critical nature of any technology than watching the community reaction when a new security issue is discovered and released.
In a recent announcement from the team over at Sylabs, they stated that multiple container systems on kernels that do not support PR_SET_NO_NEW_PRIVS were now vulnerable. This was big news, and it obviously spread like a proverbial wildfire through the HPC community, with many mostly voicing their upset that the initial announcement came out at the start of a long holiday weekend …
HPC Container Security: Fact, Myth, Rumor, And Kernels was written by James Cuff at The Next Platform.
Radware Reports Third Consecutive Quarter of Double Digit Growth
The company’s recent transition to a SaaS subscription model proves favorable as it reported an 11 percent increase in revenue year over year, along with several deals in the first quarter of 2018.
Google Secures 5 Partners for Its Cloud Security Command Center
The five container-focused partners include Aqua Security, Capsule8, Stackrox, Sysdig Secure, and Twistlock.
Automating Compliance for Highly Regulated Industries with Docker Enterprise Edition and OSCAL
Highly-regulated industries like financial services, insurance and government have their own set of complex and challenging regulatory IT requirements that must be constantly maintained. For this reason, the introduction of new technology can sometimes be difficult. Docker Enterprise Edition provides these types of organization with both a secure platform on which containers are the foundation for building compliant applications and a workflow for operational governance at scale.
The problem remains that even with the technology innovation of containers, cloud and other new tools, the area of IT compliance has remained relatively unchanged with security standards that lag far behind, creating mismatches of traditional controls to modern systems. Organizations are still dependent on the same mundane, paperwork-heavy audit and reporting processes of previous decades. The time and cost to build a PCI, FISMA or HIPAA compliant system is no small feat, even for large enterprises, due to the resources required to develop and maintain the documentation and artifacts that must be continuously audited by a third party.
To address these requirements, Docker has collaborated with the National Institute of Standards and Technology (NIST), and today, we are excited to announce that Docker is fully embracing Continue reading
Hackathon at Africa Internet Summit Focuses on Time, Vehicular Communications, and Network Programmability
We are pleased to announce the 2nd Hackathon@AIS will be held in Dakar, Senegal, on 9-10 May, alongside the Africa Internet Summit. Participants from 14 countries have confirmed their participation and will work on activities centered around three main topics:
- The Network Time Protocol (or NTP)
- Wireless communication in vehicular environments – based on Intelligent Transportation Systems
- Network Programmability
Working on open Internet standards involves a collaborative effort whereby individuals from different backgrounds provide input and expertise to improve the Internet. Work is focused on common objectives with set timelines. This work is mostly done by people in different geographical locations using the Internet (and online tools) to collaborate on the work. In some cases, short technical events called hackathons place experts in one physical location to work collaboratively to solve a problem or develop a new product or output in a short period of time.
Last year, the Internet Society’s African Regional Bureau, together with AFRINIC, organized a hackathon in Kenya, during the 2017 Africa Internet Summit. In Africa, work on open Internet standards development is low, with only a handful of Request For Comments (RFCs) known to have been published by experts from the region. One of Continue reading