NetworkingNexus.net

JavaScript-based ASLR bypass attack simplifies browser exploits

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.To read this article in full or to leave a comment, please click here

IBM Wants to Make Mainframes Next Platform for Machine Learning

Despite the emphasis on X86 clusters, large public clouds, accelerators for commodity systems, and the rise of open source analytics tools, there is a very large base of transactional processing and analysis that happens far from this landscape. This is the mainframe, and these fully integrated, optimized systems account for a large majority of the enterprise world’s most critical data processing for the largest companies in banking, insurance, retail, transportation, healthcare, and beyond.

With great memory bandwidth, I/O, powerful cores, and robust security, mainframes are still the supreme choice for business-critical operations at many Global 1000 companies, even if the …

IBM Wants to Make Mainframes Next Platform for Machine Learning was written by Nicole Hemsoth at The Next Platform.

HPE and Telco Partners Demonstrate Next-Gen Services at MWC

Join HPE and its partners at the OpenNFV Partner Showcase at Booth 3E11 in Hall 3. Mobile World Congress is the world’s largest gathering for the mobile industry, organized by the GSMA and held in Barcelona, Spain.

RSA: Elite cryptographers scoff at idea that law enforcement can ‘overcome’ encryption

U.S. Attorney General Jeff Sessions’ call for a way to “overcome” cryptography met with scorn from a panel of elite cryptographers speaking at this week’s RSA Conference 2017 in San Francisco.“Any one of my students will be capable of writing good crypto code,” says Adi Shamir, the ‘S’ in RSA and a professor at the Weizmann Institute in Israel.Sessions’ use of the term “overcome” during his confirmation hearings actually means installing backdoors, says Ronald Rivest, the ‘R’ in RSA and a professor at MIT. He cited a joint Congressional study that concluded that weakening encryption works against the national interest, and that encryption is global anyway -- so the U.S. can’t call all the shots.To read this article in full or to leave a comment, please click here

RSA: Elite cryptographers scoff at idea that law enforcement can ‘overcome’ encryption

Ericsson Unveils 5G-Ready Platform That Supports Network Slicing

Deutsche Telekom and SK Telecom are testing federated network slicing.

Worth Reading: The inconvenience of privacy

Unfortunately, it is not easy to assess the weight of privacy losses. Typically, in the online world, no small privacy loss will create a catastrophe. One business tracking one click of yours is not a big deal. But privacy losses accumulate, and the entirety of what you have revealed online through browsing, clicking, buying and liking, can paint a frighteningly detailed portrait of you. Privacy losses are like ecologic damages or health deterioration: no one act of littering, no one puff of a cigarette will bring about disaster, but the sum of them through time might. —Connecting

The post Worth Reading: The inconvenience of privacy appeared first on 'net work.

IDG Contributor Network: Serverless computing — new idea or a new implementation of an old one?

My clients have started asking questions about a new industry catch phrase that they've started to hear coming from suppliers of cloud-based computing services. The phrase is "serverless" computing. They've also run into a related phrase, "Function as a Service." Is this really a new idea or a new implementation of an older one?In short, there is little new under the sun in the world of IT and this can be seen as yet another take at supporting a microservice in the context of a cloud computing service.To read this article in full or to leave a comment, please click here

In and Around the 2017 RSA Conference

As you may have guessed from my blogs, I was really excited about the year’s RSA Security Conference. At the end of January, I wrote a blog about my expectations for endpoint security at RSA. I followed up with another ditty about network security banter at this year’s show and concluded the series with a blog about security analytics and operations talk at RSA. To read this article in full or to leave a comment, please click here

In and Around the 2017 RSA Conference

NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating

Advanced endpoint security products don’t do you much good if they can be evaded or eat your time by consistently throw false positives. Since enterprises are expected to defend against sophisticated threats and money in the security budget only goes so far, you might be interested in the results from NSS Labs’ testing of 13 security vendors AEP solutions. The results were released during the RSA conference.According to NSS Labs’ CEO Vikram Phatak, “The AEP test results provide vendor neutral insight and analysis to help enterprises accelerate their decision process and make informed decisions about when to deploy these products to manage their risk posture.”To read this article in full or to leave a comment, please click here

NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating

Researchers trick ‘CEO’ email scammer into giving up identity

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.To read this article in full or to leave a comment, please click here

Researchers trick ‘CEO’ email scammer into giving up identity

CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier

Today at the RSA Conference 2017 in San Francisco, our Chief Internet Technology Officer Olaf Kolkman will be speaking as part of a panel on:

Internet of Insecurity: Can Industry Solve It or Is Regulation Required?

The abstract of the session is:

Dan York

Ixia Vision ONE – Tap the Planet

Ixia Logo Whenever I start talking about network visibility and aggreagation taps I can’t help but think of The Matrix. Millions of packets flowing through your network every minute of every day, tapping into that can be a daunting exercise. Luckily we have some new blood in this space, at least in my view, Ixia Vision ONE. For those of you that recognize the name, yes I’m talking about that Ixia.. previously one of the leaders in the load testing market, they’ve moved into the network packet broker space.

Vision ONE is Ixia’s all-in-one product attempts to provide assurance that the network traffic you want to reach your monitoring and security tools is actually reaching your tools. Vision ONE is able to take the input from your device, and send it out in several directions, applying filters to the traffic as needed. This means that you can filter out specific traffic and send it to a monitoring / security tool with traffic it doesn’t need to process. All of this is managed through a clean, easy to user interface that displays the connections between the TAP’s physical ports, filters, and tool ports.

Take a look at the Vision One demo here.

My Continue reading

Python – Kirk Byers Course Week 2 Part 2

This post will describe the exercises and solutions for week two of Kirk Byers Python for Network Engineers.

The second exercise of week two is the following:

II. Create an IP address converter (dotted decimal to binary):

    A. Prompt a user for an IP address in dotted decimal format.

    B. Convert this IP address to binary and display the binary result on the screen (a binary string for each octet).

    Example output:
    first_octet    second_octet     third_octet    fourth_octet
    0b1010         0b1011000        0b1010         0b10011

We already have the knowledge to achieve this and the previous post went through all of the concepts needed to finish this task so I won’t bee too verbose with the code here.

The first part is to ask the user for an IP address using the “input()” function.

ip_add = input("\n\nPlease enter an IP address: ")

The next step is to split the IP address into octets using “split()”.

octets = ip_add.split(".")

After that each octet is converted into binary with the following code:

first_octet_bin = bin(int(octets[0]))
second_octet_bin = bin(int(octets[1]))
third_octet_bin = bin(int(octets[2]))
fourth_octet_bin = bin(int(octets[3]))

Like in the previous post we have to convert the strings to integers before we can use “bin()” on them. We Continue reading

A Baker’s Dozen, 2016 Edition

As is our annual tradition, this blog provides a year-end review of how the Internet providers at the top of our Internet Intelligence – Transit global rankings fared over the previous year. The structure, performance and security of the Internet remains a huge blind spot for most enterprises, even those critically dependent on it for business operations. These are familiar topics that we’ve covered over the years in this blog and our Twitter feed, and 2016 was no different. We saw bogus routing and subsequent grossly misdirected traffic from Ukraine and Iran, for just two examples. We saw cable breaks, new cable activations, censorship and crippling attacks. And much, much more. Dyn provides such critical insight into the structure and performance of the Internet, both real-time and historical, and uses this data set to make 40 billion traffic steering decisions daily for customers.

Back in 2008, we chose to look at the 13 providers that spent at least some time in the Top Ten that year, hence the name “Baker’s Dozen“. We repeated that exercise in 2009, 2010, 2011, 2012, 2013 Continue reading

RSA: Watch out for a new weapon – your own data

As tens of thousands of the world’s top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,” he says.He calls this corruption “data landmines,” which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here

RSA: Watch out for a new weapon – your own data

« Previous 1 … 2,271 2,272 2,273 2,274 2,275 … 3,808 Next »