Java and Python FTP attacks can punch holes through firewalls

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.To read this article in full or to leave a comment, please click here

Java and Python FTP attacks can punch holes through firewalls

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.To read this article in full or to leave a comment, please click here

Cisco deepens enterprise network virtualization, security detection of DNA suite

Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers.The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization, automation, analytics, cloud service management and security under a single suite.+More Cisco News on Network World: Cisco reserves $125 million to pay for faulty clock component in switches, routers+To read this article in full or to leave a comment, please click here

Cisco deepens enterprise network virtualization, security detection of DNA suite

Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers.The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization, automation, analytics, cloud service management and security under a single suite.+More Cisco News on Network World: Cisco reserves $125 million to pay for faulty clock component in switches, routers+To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco Rapid Threat Containment quickly detects, removes infected end points

Many of the readers of this blog are aware that ever since Cisco acquired SourceFire, and cybersecurity industry legends such as Marty Roesch took leadership roles within the company, Cisco's initiative is for all security products to be open and to interoperate with other products.Another very large acquisition was OpenDNS, and the CEO from OpenDNS now leads all of the security business at Cisco. The culture is all about Cisco products, as well as non-Cisco products, working better together. + Also on Network World: Cisco ONE simplifies security purchasing + For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cisco Rapid Threat Containment quickly detects, removes infected end points

Many of the readers of this blog are aware that ever since Cisco acquired SourceFire, and cybersecurity industry legends such as Marty Roesch took leadership roles within the company, Cisco's initiative is for all security products to be open and to interoperate with other products.Another very large acquisition was OpenDNS, and the CEO from OpenDNS now leads all of the security business at Cisco. The culture is all about Cisco products, as well as non-Cisco products, working better together. + Also on Network World: Cisco ONE simplifies security purchasing + For many, it's shocking to think about Cisco as a vendor pushing for openness and standards. I'm not sure why because Cisco has spent its life creating networking protocols and then helping them to become standards available to all. But I digress.To read this article in full or to leave a comment, please click here

Intel’s Atom is underwhelming no more: New chip packs 16 cores

Intel's Atom was mostly known as a low-end chip for mobile devices that underperformed. That may not be the case anymore.The latest Atom C3000 chips announced on Tuesday have up to 16 cores and are more sophisticated than ever. The chips are made for storage arrays, networking equipment, and internet of things devices.The new chips have features found mostly in server chips, including networking, virtualization, and error correction features.Networking and storage devices don't require a lot of horsepower, so the low-power Atom chips fit right in. Only a handful of Intel server chips have more than 16 cores, but the number of Atom cores means the chip can handle more streams of data.To read this article in full or to leave a comment, please click here

Intel’s Atom is underwhelming no more: New chip packs 16 cores

Intel's Atom was mostly known as a low-end chip for mobile devices that underperformed. That may not be the case anymore.The latest Atom C3000 chips announced on Tuesday have up to 16 cores and are more sophisticated than ever. The chips are made for storage arrays, networking equipment, and internet of things devices.The new chips have features found mostly in server chips, including networking, virtualization, and error correction features.Networking and storage devices don't require a lot of horsepower, so the low-power Atom chips fit right in. Only a handful of Intel server chips have more than 16 cores, but the number of Atom cores means the chip can handle more streams of data.To read this article in full or to leave a comment, please click here

The Internet of Things as an Attack Tool

Akamai has published its Q4 2016 State of the Internet/Security report As always, an interesting read and an opportunity to look at trends in attacks.

Not all trends are up and to the right. As the report states, Q4 2016 was "the third consecutive quarter where we noticed a decrease in the number of attack triggers". Still, "the overall 2016 attack count was up 4% as compared to 2015". Also, the volume and number of "mega-attacks" is on the rise.

Andrei Robachevsky

Worth Reading: The Root of the DNS

The namespace of the DNS is a hierarchically structured label space. Each label can have an arbitrary number of immediately descendant labels, and only one immediate parent label. Domain names are expressed as an ordered sequence of labels in left-to-right order starting at the terminal label and then each successive parent label until the root label is reached. When expressing a domain name the ascii period character denotes a label delimiter. Fully qualified domain names (FQDNs) are names that express a label sequence from the terminal label through to the apex (or “root”) label. —Potaroo

The post Worth Reading: The Root of the DNS appeared first on 'net work.

Don’t wait for 5G: LTE could be your key to IoT

One of the many whiz-bang features promised in 5G is a new way of connecting millions of small, low-powered IoT devices. But there's no need to wait: Two forms of LTE tuned for IoT have entered a market that's already heating up with rapidly expanding specialist networks.The new standards, LTE-M and NB-IoT, were completed last year and will share the spotlight at Mobile World Congress next week with an array of network miracles envisioned for the next generation of cellular, due for commercial launches in 2020.As major carriers now upgrade LTE to serve IoT applications, more companies are likely to find available LPWANs (low-power, wide-area networks) in the areas where they want to deploy IoT. The new technologies add to a list of options some enterprises can already buy. They're here just in time for enterprises to start comparing networks.To read this article in full or to leave a comment, please click here

Don’t wait for 5G: LTE could be your key to IoT

One of the many whiz-bang features promised in 5G is a new way of connecting millions of small, low-powered IoT devices. But there's no need to wait: Two forms of LTE tuned for IoT have entered a market that's already heating up with rapidly expanding specialist networks.The new standards, LTE-M and NB-IoT, were completed last year and will share the spotlight at Mobile World Congress next week with an array of network miracles envisioned for the next generation of cellular, due for commercial launches in 2020.As major carriers now upgrade LTE to serve IoT applications, more companies are likely to find available LPWANs (low-power, wide-area networks) in the areas where they want to deploy IoT. The new technologies add to a list of options some enterprises can already buy. They're here just in time for enterprises to start comparing networks.To read this article in full or to leave a comment, please click here

Network Modernization Webinar Now Available Online

On February 8th I gave a webinar on network modernization initiatives with Doug Nash, the Deputy Chief Information Officer, Operations & Infrastructure at the USDA. I thoroughly enjoyed the opportunity to speak with Doug and discuss some of the new directions that various Federal agencies are undertaking to create more modernized and agile networks. This webinar is now available …

Continue reading "Network Modernization Webinar Now Available Online"

Ansible Community – 2016 Year in Review


It's time again for the annual Ansible community review. Time flies. Our upward trajectory generally continued from 2014 and 2015 through 2016, and our growth continued to bring new challenges and new opportunities.

Let's start again, as we do every year, with a look at the numbers.

Debian Popcon

Debian’s Popularity Contest is an opt-in way for Debian users to share information about the software they’re running on their systems.

Debian Popcorn graph

Caveats abound with this graph -- but even though it represents only a small sample of the Linux distro world, it’s useful because it’s one of the few places where we can really see an apples-to-apples comparison of install bases of the various tools. Because Ansible is agentless, we compare the Ansible package to the server packages of other configuration management tools. (Chef does not make a Debian package available for Chef server.)

We see that Ansible has continued its steady growth through the end of 2016, nearly doubling its Popcon install base again in 2016.

Github Stars

Ansible continued in 2016 to extend its already significant lead in GitHub Stars over other tools in the configuration management space, passing the 20k mark in December 2016.

Github Stars


Github Contributors

We Continue reading

IDG Contributor Network: IoT in crime prevention: Balancing justice with privacy

A homeowner reports a robbery. His IoT-enabled pacemaker doesn’t indicate any change in heart rate during the robbery? Can investigators obtain that information from the service provider? Should they?+ Also on Network World: Cops use pacemaker data to charge homeowner with arson, insurance fraud + Issues of privacy increase as IoT sensors collect more information about us. What rights do individuals have over the information collected about them? Can the accuracy of sensor data be trusted?To read this article in full or to leave a comment, please click here

IDG Contributor Network: IoT in crime prevention: Balancing justice with privacy

A homeowner reports a robbery. His IoT-enabled pacemaker doesn’t indicate any change in heart rate during the robbery? Can investigators obtain that information from the service provider? Should they?+ Also on Network World: Cops use pacemaker data to charge homeowner with arson, insurance fraud + Issues of privacy increase as IoT sensors collect more information about us. What rights do individuals have over the information collected about them? Can the accuracy of sensor data be trusted?To read this article in full or to leave a comment, please click here

Inside Exxon’s Effort to Scale Homegrown Codes, Keep Architectural Pace

Many oil and gas exploration shops have invested many years and many more millions of dollars into homegrown codes, which is critical internally (competitiveness, specialization, etc.) but leaves gaps in the ability to quickly exploit new architectures that could lead to better performance and efficiency.

That tradeoff between architectural agility and continuing to scale a complex, in-house base of codes is one that many companies with HPC weigh—and as one might imagine, oil and gas giant, ExxonMobil is no different.

The company came to light last week with news that it scaled one of its mission-critical simulation codes on the

Inside Exxon’s Effort to Scale Homegrown Codes, Keep Architectural Pace was written by Nicole Hemsoth at The Next Platform.

LTE speeds outpace home internet with new Qualcomm and Intel modems

With every new generation of smartphone, LTE connections get faster. That's because the devices have faster modems that can transfer data at unprecedented download speeds.The top modem providers are Intel and Qualcomm, whose cellular chips are used in the iPhone. On Tuesday they both announced modems that will push LTE connections to speeds well over those of regular home internet connections.Qualcomm unveiled the X20 LTE chipset, which can transfer data at speeds of up to 1.2Gbps. Intel announced the XMM 7560 LTE modem, which can download data at speeds of up to 1Gbps.However, cellular networks aren't yet designed to handle such fast speeds. One exception is Telstra, an Australian telecommunications company, which has launched a gigabit LTE service for commercial use in that country.To read this article in full or to leave a comment, please click here

1 2,244 2,245 2,246 2,247 2,248 3,795