Cisco tries to squash Smart Install security abuse

Cisco is playing down a security issue with its Smart Install switch management software that could allow unauthenticated access to customer configuration details.Cisco defines Smart Install as a legacy feature that provides zero-touch deployment for new switches, typically access layer switches.+More on Network World: Cisco Jasper grows Internet of Things reach, breadth+To read this article in full or to leave a comment, please click here

Cisco tries to squash Smart Install security abuse

Cisco is playing down a security issue with its Smart Install switch management software that could allow unauthenticated access to customer configuration details.Cisco defines Smart Install as a legacy feature that provides zero-touch deployment for new switches, typically access layer switches.+More on Network World: Cisco Jasper grows Internet of Things reach, breadth+To read this article in full or to leave a comment, please click here

Trend Micro report: Ransomware booming

The profitability of ransomware made it the top cyber threat last year in two categories: the number of attacks and the amount of money generated for crooks, according to a Trend Micro lookback on data collected from customers.Not only is the ransomware business booming, it’s innovating, with Trend Micro researchers identifying 752 new families last year, up from 29 in 2015.Add to this the rise of ransomware as a service (RaaS) and payments made to anonymous bitcoin accounts, and the result is a booming criminal enterprise worth $1 billion last year, according to TrendLabs 2016 Security Roundup. Neophyte crooks are being drawn in because it’s so easy to set up a ransomware operation, the report says. “Since RaaS is available in the underground, the service provides fledgling cybercriminals the necessary tools to run their own extortion campaigns,” it says.To read this article in full or to leave a comment, please click here

Trend Micro report: Ransomware booming

The profitability of ransomware made it the top cyber threat last year in two categories: the number of attacks and the amount of money generated for crooks, according to a Trend Micro lookback on data collected from customers.Not only is the ransomware business booming, it’s innovating, with Trend Micro researchers identifying 752 new families last year, up from 29 in 2015.Add to this the rise of ransomware as a service (RaaS) and payments made to anonymous bitcoin accounts, and the result is a booming criminal enterprise worth $1 billion last year, according to TrendLabs 2016 Security Roundup. Neophyte crooks are being drawn in because it’s so easy to set up a ransomware operation, the report says. “Since RaaS is available in the underground, the service provides fledgling cybercriminals the necessary tools to run their own extortion campaigns,” it says.To read this article in full or to leave a comment, please click here

AI scheduling startup launches subscription for businesses

Setting up meetings can be a pain, since they often require folks to send emails back and forth figuring out a time before finally sending off a calendar invitation to block everyone’s schedule. A New York startup called x.ai wants to simplify that with a helpful bot, and they just launched a product aimed at serving businesses.The service provides users with access to x.ai’s assistant, which can go by Andrew or Amy Ingram, to automatically set up meetings with people inside a company and help schedule time with folks who work elsewhere. It’s an extension of the company’s existing service, which is built for individuals.To read this article in full or to leave a comment, please click here

MediaTek will sit out the ARM race for Windows 10 PCs

Despite a turbulent past, Windows PCs with ARM are making a grand return later this year, but only with Qualcomm chips. Another big ARM chipmaker, MediaTek, is sitting out the opportunity to put its ARM-based chips in Windows PCs because the company sees it as a limited opportunity. MediaTek's chips are already used in Chromebooks, but ARM has had a turbulent history with Windows. That's another reason for the company to stay out. ARM getting into PCs is like Intel trying to get into smartphones -- it's a risky proposition, said Finbarr Moynihan, general manager of sales at MediaTek. PCs are dominated by x86 chips from companies like Intel and AMD. But Intel failed in its attempt to unseat a dominant ARM in smartphones, and ultimately quit making chips for handsets.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Can a PC support multiple users? A few suppliers say yes

We have all watched a major cultural shift in the world of IT, from optimizing the use of the computer to optimizing the use of the developer and user.This move makes a great deal of sense. At one time, the computer, its memory and its storage were the biggest costs of supporting an IT solution. Over time, that changed. The drastic improvement in processing power and memory capacity, combined with amazing decreases in system and component prices, changed the ratio so that people, communications and power were all more costly than the machines and their components themselves.These factors, along with users' desire for graphical user interfaces, changed the world of IT. It is not really clear, however, if all of the changes were beneficial.To read this article in full or to leave a comment, please click here

Sponsored Post: Aerospike, Loupe, Clubhouse, GoCardless, Auth0, InnoGames, Contentful, Stream, Scalyr, VividCortex, MemSQL, InMemory.Net, Zohocorp

Who's Hiring?

Verizon’s Fixed 5G Service May Be Ready to Roll by Late 2018

But it won't be standards compliant.

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here

This tool can help you discover Cisco Smart Install protocol abuse

For the past few weeks attackers have been probing networks for switches that can potentially be hijacked using the Cisco Smart Install (SMI) protocol. Researchers from Cisco's Talos team have now released a tool that allows network owners to discover devices that might be vulnerable to such attacks.The Cisco SMI protocol is used for so-called zero-touch deployment of new devices, primarily access layer switches running Cisco IOS or IOS XE software. The protocol allows newly installed switches to automatically download their configuration via SMI from an existing switch or router configured as an integrated branch director (IBD).The director can copy the client's startup-config file or replace it with a custom one, can load a particular IOS image on the client and can execute high-privilege configuration mode commands on it. Because the SMI protocol does not support any authorization or authentication mechanism by default, attackers can potentially hijack SMI-enabled devices.To read this article in full or to leave a comment, please click here

Worth Reading: Commercial incentives behind IPv6 deployment

The Best Practice Forum (BPF) on IPv6 at the Internet Governance Forum (IGF) explored what economic and commercial incentives drive providers, companies and organizations to deploy IPv6 on their networks and for their services. The BPF collected case studies, held open discussions online and at the 2016 IGF meeting, and produced a comprehensive output report. This article gives a high-level overview. —CircleID

The post Worth Reading: Commercial incentives behind IPv6 deployment appeared first on 'net work.

Cisco Jasper grows Internet of Things reach, breadth

Nearly a year after it bought Jasper for $1.4 billion, Cisco this week strengthened the company’s Internet of Things reach by adding support for an emerging low-power WAN technology and expanding its partner programs further into automotive and healthcare. Cisco bought Jasper and its Control Center platform to firmly establish a hold in the IoT world. And indeed, it has. CEO Chuck Robbins noted in Cisco’s recent earnings call that “Jasper connects more than 40 million devices including over 12 million connected vehicles, and we're adding more than 1.5 million new devices per month. The number of enterprise customers utilizing data from the Jasper platform has grown from 4,000 a year ago to more than 9,000 this quarter,” Robbins said.To read this article in full or to leave a comment, please click here

Make the internet great again

I miss the Old Internet.Call me a fuddy-duddy. Call me nostalgic for ye olden days. But I’ll say it right now, and I’ll stand by it: The internet was (in almost every way) better 15-plus years ago than it is today. And I’m not talking about just “the World Wide Web” either. All of it. It’s getting downright crummy. Let’s walk this through step by step. System resource usage  If you go to CNN.com today, the front page of their website will take up just shy of 100 MB of RAM while it is loaded. By comparison, the same page from the year 2000 takes literally 1/10th that (thanks Archive.org). CPU usage is even worse. The idle CNN.com from the year 2000 just sits there. Happily eating just about 0% of even the slowest CPUs. Today’s version gobbles up a good 10% of the i7 sitting in front of me—while sitting idle. For a single page. Displaying a few news headlines. To read this article in full or to leave a comment, please click here

Understanding the TOSCA Landscape in 2017

2017 is shaping up as the year of TOSCA.

38% off iClever Ultra Portable Tri-folding Bluetooth Keyboard With Touchpad – Deal Alert

Work more efficiently while on the go. Compact, versatile, durable and light, this new keyboard from iClever folds on two innovative hinges that double as grips to keep your board steady, while the grips on each end keep it from sliding around. It pairs quickly with up to 3 devices, switching with the push of a button, and features a high sensitivity touchpad for mouse functionality. When folded, it takes up roughly the same space as a smartphone. Compatible with not only IOS and Android, but also supports Windows/Mac/Linux-based tablets, Blackberry, Playstation, WebOS, and Sybian. Its list price is $79.99, but you can buy it right now on Amazon for 38% off, or just $49.99. See the discounted iClever folding keyboard on Amazon.To read this article in full or to leave a comment, please click here

SAP States Its Case in Platform-as-a-Service

SAP's cloud isn't just for databases any more.

821,000 user records exposed due to misconfigured MongoDB for smart stuffed toys

No one wants to learn that they have been hacked; if a company is not doing so well, then it might really be scared after it is breached. But burying your head in sand and hoping it will all go away if you ignore it for long enough is simply not going to make the breach disappear. In the case of CloudPets, owned by SpiralToys, it wasn’t the cute and huggable smart stuffed toys hackers were hugging, but the data. Here it is:- Toy captured kids voices- Data exposed via MongoDB- 2.2m recordings- DB ransom'd- And much more...https://t.co/HvePnZleXRTo read this article in full or to leave a comment, please click here

821,000 user records exposed due to misconfigured MongoDB for smart stuffed toys

No one wants to learn that they have been hacked; if a company is not doing so well, then it might really be scared after it is breached. But burying your head in sand and hoping it will all go away if you ignore it for long enough is simply not going to make the breach disappear. In the case of CloudPets, owned by SpiralToys, it wasn’t the cute and huggable smart stuffed toys hackers were hugging, but the data. Here it is:- Toy captured kids voices- Data exposed via MongoDB- 2.2m recordings- DB ransom'd- And much more...https://t.co/HvePnZleXRTo read this article in full or to leave a comment, please click here