Thinking about side channel attacks

When Cyrus wanted to capture Babylon, he attacked the river that flows through the city, drying it out and then sending his army under the walls through the river entrance and exit points. In a similar way, the ventilator is a movie favorite, used in both Lord of the Rings and Star Wars, probably along with a thousand other movies and stories throughout time. What do rivers and ventilators have to do with network security?

Side channel attacks. Now I don’t know if the attacks described in these papers, or Cyrus’ attack through the Euphrates, are considered side channel, or just lateral, but either way: the most vulnerable point in your network is just where you assume you can’t be attacked, or that point where you haven’t thought through security. Two things I read this week reminded me of the importance of system level thinking when it comes to security.

security-netThe first explores the Network Time Protocol (NTP), beginning with the general security of the protocol. Security in a time protocol is particularly difficult, as the entire point of encryption is to use algorithms that take a lot of time for an attacker to calculate—and there’s probably some relationship between Continue reading

IBM Throws Weight Behind Phase Change Memory

There is no question that the memory hierarchy in systems is being busted wide open and that new persistent memory technology that can be byte addressable like DRAM or block addressable like storage are going to radically change the architecture of machines and the software that runs on them. Picking what memory might go mainstream is another story.

It has been decades since IBM made its own DRAM, but the company still has a keen interest in doing research and development on core processing and storage technologies and in integrating new devices with its Power-based systems.

To that end, IBM

IBM Throws Weight Behind Phase Change Memory was written by Timothy Prickett Morgan at The Next Platform.

FCC’s ‘relentless regulatory assault’ threatens cable industry

BOSTON -- The head of the leading cable trade group feels like the federal government is trying to pick winners and losers.Michael Powell, president and CEO of NCTA, the organization representing firms like Comcast and Cox in Washington, argues that federal regulators have been pursuing policies that would create a two-tier regulatory regime that favors Internet firms over the telecom providers that deliver broadband and cable access services."What I believe is most troubling is an emerging government view that the communication market is bifurcated and should be regulated differently -- Internet companies are nurtured and allowed to run free, but network providers are disparagingly labeled 'gatekeepers' that should be shackled," Powell said in a keynote address at NCTA's annual Internet and TV conference. "The implications of this world view go far beyond how it affects one industry."To read this article in full or to leave a comment, please click here

FCC’s ‘relentless regulatory assault’ threatens cable industry

BOSTON -- The head of the leading cable trade group feels like the federal government is trying to pick winners and losers.Michael Powell, president and CEO of NCTA, the organization representing firms like Comcast and Cox in Washington, argues that federal regulators have been pursuing policies that would create a two-tier regulatory regime that favors Internet firms over the telecom providers that deliver broadband and cable access services."What I believe is most troubling is an emerging government view that the communication market is bifurcated and should be regulated differently -- Internet companies are nurtured and allowed to run free, but network providers are disparagingly labeled 'gatekeepers' that should be shackled," Powell said in a keynote address at NCTA's annual Internet and TV conference. "The implications of this world view go far beyond how it affects one industry."To read this article in full or to leave a comment, please click here

iPhone 7 said to be ‘more complex’ than previous models

In a general sense, it appears that Apple's effort to double down on product secrecy is paying off. The fact is, it's already mid-May, and we truthfully don't know all that much about the iPhone 7. Sure, we've seen a few reports pass through the rumor mill, but many of those reports seemingly contradict one another, a situation that inevitably brings us back to square one.While it's widely assumed that the iPhone 7 will sport the same form factor as the iPhone 6s and won't be a blockbuster device, a new report out of Taiwan via CNBC intimates that Apple's next-gen iPhone may be more interesting than most people anticipate.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How IoT with bio-mimicry reduces indoor air pollution

You may be better off not inhaling—especially when you consider all the airborne pollutants indoors.The EPA estimates that there are over 65,000 chemicals releasing pollutants into the air that are often too small for regular air filters to catch. Mold, flame retardants on carpets, and vapors from synthetic materials are just some of the sources of this type of pollution. For people with breathing difficulties, children, and the elderly, the impact is especially hazardous.Biome's solution is based on bio-mimicry: "innovation that seeks sustainable solutions to human challenges by emulating nature’s time-tested patterns and strategies.The goal is to create products, processes, and policies—new ways of living—that are well-adapted to life on earth over the long haul. The core idea is that nature has already solved many of the problems we are grappling with. Animals, plants, and microbes are the consummate engineers." To read this article in full or to leave a comment, please click here

Cybercriminals are increasingly embracing a sophisticated business-model approach

Cybercriminals can call on an extensive network of specialists for "business" expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE.The cybercriminal underground includes people who provide human resources functions, like recruiting and background checks, but also specialists who help market and sell exploit kits and compromised data and others who serve as middlemen in anonymous transactions, says The Business of Hacking white paper from Hewlett Packard Enterprise.To read this article in full or to leave a comment, please click here

Cybercriminals are increasingly embracing a sophisticated business-model approach

Cybercriminals can call on an extensive network of specialists for "business" expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE.The cybercriminal underground includes people who provide human resources functions, like recruiting and background checks, but also specialists who help market and sell exploit kits and compromised data and others who serve as middlemen in anonymous transactions, says The Business of Hacking white paper from Hewlett Packard Enterprise.To read this article in full or to leave a comment, please click here

Quaker Oats threatens to sue actual Quakers for trademark infringement

A gray hat replacing the Locky ransomware payload with a PSA, Windows 10 to double the number of ads after the Anniversary Update, and Quaker Oats threatening to sue actual Quakers for trademark infringement are some of the varied bits and bytes which caught my attention today.New Locky ransomware PSAThe command and control servers for Locky ransomware were previously hacked to show a “Stupid Locky” message instead of locking a victim’s machine, but F-Secure researcher Sean Sullivan discovered “a similar grey hat hack” that delivers a PSA to would-be Locky victims.To read this article in full or to leave a comment, please click here

Quaker Oats threatens to sue actual Quakers for trademark infringement

A gray hat replacing the Locky ransomware payload with a PSA, Windows 10 to double the number of ads after the Anniversary Update, and Quaker Oats threatening to sue actual Quakers for trademark infringement are some of the varied bits and bytes which caught my attention today.New Locky ransomware PSAThe command and control servers for Locky ransomware were previously hacked to show a “Stupid Locky” message instead of locking a victim’s machine, but F-Secure researcher Sean Sullivan discovered “a similar grey hat hack” that delivers a PSA to would-be Locky victims.To read this article in full or to leave a comment, please click here

Stealthy malware Skimer helps hackers easily steal cash from ATMs

Security researchers have found a new version of a malware program called Skimer that's designed to infect Windows-based ATMs and can be used to steal money and payment card details.Skimer was initially discovered seven years ago, but it is still actively used by cybercriminals and has evolved over time. The latest modification, found by researchers from Kaspersky Lab at the beginning of May, uses new techniques to evade detection.Upon installation, the malware checks if the file system is FAT32 or NTFS. If it's FAT32 it drops a malicious executable file in the C:WindowsSystem32 directory, but if it's NTFS, it will write the file in the NTFS data stream corresponding to Microsoft's Extension for Financial Services (XFS) service.To read this article in full or to leave a comment, please click here

Stealthy malware Skimer helps hackers easily steal cash from ATMs

Security researchers have found a new version of a malware program called Skimer that's designed to infect Windows-based ATMs and can be used to steal money and payment card details.Skimer was initially discovered seven years ago, but it is still actively used by cybercriminals and has evolved over time. The latest modification, found by researchers from Kaspersky Lab at the beginning of May, uses new techniques to evade detection.Upon installation, the malware checks if the file system is FAT32 or NTFS. If it's FAT32 it drops a malicious executable file in the C:WindowsSystem32 directory, but if it's NTFS, it will write the file in the NTFS data stream corresponding to Microsoft's Extension for Financial Services (XFS) service.To read this article in full or to leave a comment, please click here

911 emergency services ripped by HBO’s John Oliver

It’s definitely a service that’s taken for granted but HBO’s John Oliver this week pointed out that there’s a lot to be concerned about over the nation’s 911 emergency service.On Oliver’s Last Week Tonight HBO show, Oliver said 911 emergency call centers are antiquated, disjointed and in desperate need of funding and new technology. He said everyone should Google “understaffed 911 dispatch and [your town name]” to get an idea of problems near you and nationwide.Watch: The watchdogs at the Government Accountability Office in 2013 wrote about 911 technologies: “The continuing evolution of communications technologies and wireless phones has implications for 911 services. Since 911 call centers predominantly use older, analog-based infrastructure and equipment, the current E911 system is not designed to accommodate emergency communications from the range of new technologies in common use today, including text and picture messaging and Voice-over-Internet Protocol (VoIP) telephony (e.g., Skype). In response to changing technologies, the Department of Transportation (DOT) launched the Next Generation 911 (NG911) Initiative, which has focused on the research required to develop an NG911 system. With NG911 services, the public could reach 911 call centers through various modes, including voice and data, and transmit multimedia Continue reading

911 emergency services ripped by HBO’s John Oliver

It’s definitely a service that’s taken for granted but HBO’s John Oliver this week pointed out that there’s a lot to be concerned about over the nation’s 911 emergency service.On Oliver’s Last Week Tonight HBO show, Oliver said 911 emergency call centers are antiquated, disjointed and in desperate need of funding and new technology. He said everyone should Google “understaffed 911 dispatch and [your town name]” to get an idea of problems near you and nationwide.Watch: The watchdogs at the Government Accountability Office in 2013 wrote about 911 technologies: “The continuing evolution of communications technologies and wireless phones has implications for 911 services. Since 911 call centers predominantly use older, analog-based infrastructure and equipment, the current E911 system is not designed to accommodate emergency communications from the range of new technologies in common use today, including text and picture messaging and Voice-over-Internet Protocol (VoIP) telephony (e.g., Skype). In response to changing technologies, the Department of Transportation (DOT) launched the Next Generation 911 (NG911) Initiative, which has focused on the research required to develop an NG911 system. With NG911 services, the public could reach 911 callTo read this article in full or to leave a comment, please click here

911 emergency services ripped by HBO’s John Oliver

It’s definitely a service that’s taken for granted but HBO’s John Oliver this week pointed out that there’s a lot to be concerned about over the nation’s 911 emergency service.On Oliver’s Last Week Tonight HBO show, Oliver said 911 emergency call centers are antiquated, disjointed and in desperate need of funding and new technology. He said everyone should Google “understaffed 911 dispatch and [your town name]” to get an idea of problems near you and nationwide.Watch: The watchdogs at the Government Accountability Office in 2013 wrote about 911 technologies: “The continuing evolution of communications technologies and wireless phones has implications for 911 services. Since 911 call centers predominantly use older, analog-based infrastructure and equipment, the current E911 system is not designed to accommodate emergency communications from the range of new technologies in common use today, including text and picture messaging and Voice-over-Internet Protocol (VoIP) telephony (e.g., Skype). In response to changing technologies, the Department of Transportation (DOT) launched the Next Generation 911 (NG911) Initiative, which has focused on the research required to develop an NG911 system. With NG911 services, the public could reach 911 callTo read this article in full or to leave a comment, please click here

Worth Reading: Docker Launches Vulnerability Scanner

The Docker Cloud hosted container service now offers the ability to scan containers for known security vulnerabilities. The technology behind the security service, called Docker Security Scanning, will also be a core component of the Docker Datacenter, Docker’s software for running a container management service in house. -via The New Stack

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Docker Launches Vulnerability Scanner appeared first on 'net work.

1 2,926 2,927 2,928 2,929 2,930 3,808