The Back Door Feature Problem

In Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy, the authors ran an experiment that tested for open ports in IPv4 and IPv6 across a wide swath of the network. What they discovered was interesting—

IPv6 is more open than IPv4. A given IPv6 port is nearly always more open than the same port is in IPv4. In particular, routers are twice as reachable over IPv6 for SSH, Telnet, SNMP, and BGP. While openness on IPv6 is not as severe for servers, we still find thousands of hosts open that are only open over IPv6.

This result really, on reflection, should not be all that surprising. There are probably thousands of networks in the world with “unintentional” deployments of IPv6. The vendor has shipped new products with IPv6 enabled by default, because one large customer has demanded it. Customers who have not even thought about deploying IPv6, however, end up with an unprotected attack surface.

The obvious solution to this problem is—deploy IPv6 intentionally, including security, and these problems will likely go away.

But the obvious solution, as obvious as it might be, is only one step in the right direction. Instead of just Continue reading

State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed

How is Writing Lord of the Rings Like Writing Software?

Have you ever read a book and wondered how any human could have written something so brilliant? For me it was Lord of the Rings. I despaired that in a hundred lifetimes I could never write a book so rich, so deep, so beautiful. Since then I've learned a few things about about how LoTr was created that has made me reconsider. The kick-in-the-head is that it's the same lesson I learned long ago about writing software.

I've always been amazed how a program can start as a single source file and after years of continued effort turn into a working system that is so large no human can come close to understanding it. If you had tried from the start to build the system you ended up with you would have never ever got there. That's just not how it works. Software is path dependent.

I've experienced this growth from a single cell to a Cambrian explosion many times so I know it's a thing. What I hadn't considered is how it's also a thing for writing books too. 

Creating good software is a process of evolution through the mechanism of constant iteration for the purpose of survival. Continue reading

AWS touts new enterprise workload magnet

Amazon Web Services recently announced a new Managed Services product for its public cloud that aims to ease migration of legacy enterprise applications to that cloud.AWS Managed Services is a series of infrastructure operations management tools meant to provide ongoing management, support, monitoring and security of an AWS cloud environment. It’s delivered jointly by AWS employees and certified AWS partners and is meant to serve AWS’s largest clients who are planning to migrate workloads to Amazon’s public cloud.+MORE AT NETWORK WORLD: 10 Must-watch IaaS cloud trends for 2017 | Why Azure’s chief believes Microsoft is in prime position in IaaS +To read this article in full or to leave a comment, please click here

HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks

Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.To read this article in full or to leave a comment, please click here

HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks

Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Enterprise software: A look forward to 2017

I spend a reasonable amount of time formally or informally consulting to large organizations about their technology choices. These engagements can be as simple as a quick discussion over a coffee or a long-term consulting gig. In either case, vendors seek to leverage the fact that, as an independent observer of the technology space, I can give a broader take on what is going on and what that means for their particular technology requirements.Often technology practitioners within a large organization simply don’t have the time or bandwidth to look broadly, and while they may be deeply aware of what their own particular technology supplier does, they lack a more industry-wide perspective.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Kuzzle wants to productize consulting firm development services

The Consumer Electronics Show (CES) is usually used to launch new hardware—from laptops to mobile phones, from Wi-Fi routers to connected toasters.One thing it doesn’t see much of is the launch of software products. But that is what we’re seeing today with the launch of Kuzzle, a new backend platform that sees itself as the route to “seamless software development across all devices, services and platforms.”That’s a pretty lofty claim (OK, a very lofty one), especially since Kuzzle goes up against a range of tools: Salesforce’s platform, pure mobile backend as a service (MBaaS) solutions like Kinvey, as well as mobile development platforms. So, what is Kuzzle about, and what gives it the confidence to claim differentiation?To read this article in full or to leave a comment, please click here

Worth Reading: The Wandera Report

The Wandera 2017 Mobile Leak Report, a global analysis of almost 4 billion requests across hundreds of thousands of corporate devices, found more than 200 mobile websites and apps leaking personally identifiable information across a range of categories – including those that are essential for work. —The Internet Society

The post Worth Reading: The Wandera Report appeared first on 'net work.

TCL targets Apple, Samsung with new BlackBerry handset

TCL Communication has big plans for BlackBerry, even though it's a brand that's been written off by many.The China-based electronics company recently acquired rights to design, manufacture and sell smartphones under the BlackBerry name with BlackBerry's security and service software installed. The deal puts TCL in the driver's seat on hardware and the first phone under the new deal was previewed on Wednesday.While still in the final stages of development, the new handset sports the physical keyboard that propelled BlackBerry to the top of the smartphone market in the 2000s and is the first to combine that keyboard with the Android operating system.To read this article in full or to leave a comment, please click here

TCL targets Apple, Samsung with new BlackBerry handset

TCL Communication has big plans for BlackBerry, even though it's a brand that's been written off by many.The China-based electronics company recently acquired rights to design, manufacture and sell smartphones under the BlackBerry name with BlackBerry's security and service software installed. The deal puts TCL in the driver's seat on hardware and the first phone under the new deal was previewed on Wednesday.While still in the final stages of development, the new handset sports the physical keyboard that propelled BlackBerry to the top of the smartphone market in the 2000s and is the first to combine that keyboard with the Android operating system.To read this article in full or to leave a comment, please click here

‘I will eliminate passwords’ in 2017

Sticking with your promisesImage by ThinkstockLike anyone else, security experts set up resolutions they hope to conquer in the new year. Now the question will remain, will they be able to follow through on them or -- like that diet people promised to hold to – will they go back to the same old habits.To read this article in full or to leave a comment, please click here

Don’t play games with your data center: Shift from Intel CPUs to NVIDIA GPUs

Central processing units (CPUs) from vendors such as Intel and to a lesser extent AMD have been staples in the data center for decades. Both companies have done an outstanding job making CPUs faster and containing more cores so businesses can run computationally intensive processes on them. However, digital technologies such as deep learning, artificial intelligence (AI), virtual reality (VR), augmented reality (AR) and the Internet of Things (IoT) are driving the need for a new model of computing beyond the capabilities of CPUs.To read this article in full or to leave a comment, please click here

‘I will eliminate passwords’ in 2017

Sticking with your promisesImage by ThinkstockLike anyone else, security experts set up resolutions they hope to conquer in the new year. Now the question will remain, will they be able to follow through on them or -- like that diet people promised to hold to – will they go back to the same old habits.To read this article in full or to leave a comment, please click here

Don’t play games with your data center: Shift from Intel CPUs to NVIDIA GPUs

Central processing units (CPUs) from vendors such as Intel and to a lesser extent AMD have been staples in the data center for decades. Both companies have done an outstanding job making CPUs faster and containing more cores so businesses can run computationally intensive processes on them. However, digital technologies such as deep learning, artificial intelligence (AI), virtual reality (VR), augmented reality (AR) and the Internet of Things (IoT) are driving the need for a new model of computing beyond the capabilities of CPUs.To read this article in full or to leave a comment, please click here

Hacker wiping unprotected MongoDB installs and holding data for ransom

How many years have we been hearing about the dangers of leaving MongoDB instances unprotected? In December 2015, Shodan creator John Matherly warned that there were 684.8 TB of data exposed due to publicly accessible MongoDB instances. Yet there are still people don’t who bother to learn how to lock it down and so now a hacker is targeting and erasing those MongoDB installations, replacing the data with a ransom demand.Security researcher Victor Gevers, aka @0xDUDE and co-founder of the GDI Foundation, has personally been notifying owners of exposed MongoDB for years. But near the end of 2016, he came across an open MongoDB server that had the database contents replaced with a ransom note.To read this article in full or to leave a comment, please click here

Hacker wiping unprotected MongoDB installs and holding data for ransom

How many years have we been hearing about the dangers of leaving MongoDB instances unprotected? In December 2015, Shodan creator John Matherly warned that there were 684.8 TB of data exposed due to publicly accessible MongoDB instances. Yet there are still people don’t who bother to learn how to lock it down and so now a hacker is targeting and erasing those MongoDB installations, replacing the data with a ransom demand.Security researcher Victor Gevers, aka @0xDUDE and co-founder of the GDI Foundation, has personally been notifying owners of exposed MongoDB for years. But near the end of 2016, he came across an open MongoDB server that had the database contents replaced with a ransom note.To read this article in full or to leave a comment, please click here

Intel Readying 5G Modem For Millimeter Wave & Sub-6 GHz Spectrum

The Goldbridge modem will start sampling in 2H'17.

Intel puts mobile chip failures in its past with first speedy 5G modem

Intel has a disastrous history with smartphones. It fumbled a chance to be in Apple's first iPhone, and then quit making its Atom smartphone chip to focus on modems. But the company is now set to ship a groundbreaking modem that will deliver data transfer rates many times faster than most wired internet connections. The chipmaker will start shipping its first 5G modem for testing in the second half this year. Beyond mobile devices, the modem could also be used in autonomous cars, servers, base stations, networking equipment, drones, robots, and other internet-of-things devices. In name, 5G is the successor to 4G in today's mobile devices, but it's significantly faster and more versatile. It will combine multiple wireless high-speed and low-bandwidth technologies and enable communications across an array of spectrum bands. New 5G networks are expected to be deployed starting in 2020.To read this article in full or to leave a comment, please click here

Intel puts mobile chip failures in its past with first speedy 5G modem

Intel has a disastrous history with smartphones. It fumbled a chance to be in Apple's first iPhone, and then quit making its Atom smartphone chip to focus on modems. But the company is now set to ship a groundbreaking modem that will deliver data transfer rates many times faster than most wired internet connections. The chipmaker will start shipping its first 5G modem for testing in the second half this year. Beyond mobile devices, the modem could also be used in autonomous cars, servers, base stations, networking equipment, drones, robots, and other internet-of-things devices. In name, 5G is the successor to 4G in today's mobile devices, but it's significantly faster and more versatile. It will combine multiple wireless high-speed and low-bandwidth technologies and enable communications across an array of spectrum bands. New 5G networks are expected to be deployed starting in 2020.To read this article in full or to leave a comment, please click here