New Stagefright exploit puts millions of Android devices at risk

Millions of Android devices are at risk yet again after researchers found a new way to exploit an older vulnerability that was previously patched by Google. NorthBit, based in Herzliya, Israel, published a paper outlining Metaphor, a nickname for a new weakness they found in Stagefright, Android's mediaserver and multimedia library.  The attack is effective against devices running Android versions 2.2 through 4.0 and 5.0 and 5.1, NorthBit said. The company said its attack works best on Google's Nexus 5 with stock ROM, and with some modifications for HTC's One, LG's G3 and Samsung's S5. The attack is an extension of other ones developed for CVE-2015-3864, a remote code execution vulnerability which has been patched twice by Google.To read this article in full or to leave a comment, please click here

Can’t have SDDC without SD-WAN: Nuage

SANTA CLARA -- SDN can’t be done on an island, according to Nuage Networks.If an enterprise is doing a software-defined datacenter, it must also do a software-defined WAN to ensure consistent policy across the IT infrastructure, said Sunil Khandekar, Nuage CEO and co-founder.“You can’t view SDDC and SD WAN as two separate puzzles,” Khandehar said during a presentation at the Open Networking Summit here. “If you do you’ve created islands of automation.”To read this article in full or to leave a comment, please click here

Can’t have SDDC without SD-WAN: Nuage

SANTA CLARA -- SDN can’t be done on an island, according to Nuage Networks.If an enterprise is doing a software-defined datacenter, it must also do a software-defined WAN to ensure consistent policy across the IT infrastructure, said Sunil Khandekar, Nuage CEO and co-founder.“You can’t view SDDC and SD WAN as two separate puzzles,” Khandehar said during a presentation at the Open Networking Summit here. “If you do you’ve created islands of automation.”To read this article in full or to leave a comment, please click here

Technology Short Take #63

Welcome to Technology Short Take #63. I’ve managed to (mostly) get back to my Friday publishing schedule, though I’m running much later in the day this time around than usual. I’ll try to correct that for the next one. In any case, here’s another collection of links and articles from around the Net on the major data center technology areas. Have fun reading!

Networking

  • At DevOps Networking Forum 2016, I had the opportunity to share a presentation on some Linux networking options. If you’d like to see the presentation, it’s available on Slideshare and Speakerdeck. If you’d like to re-create the demo environment, check out the presentation’s GitHub repository. I’m also thinking of creating a video version of the presentation with some expanded content; I’d love to hear from readers if they would find that useful.
  • Here’s another topic that came up at the recent DevOps Networking Forum: Spotify’s SDN Internet Router (SIR). Here’s a two-part series (Part 1 and Part 2) that discusses the SIR, the motivations for building it, the challenges they faced in building SIR, and the solutions to those challenges. It’s a pretty interesting read, in my opinion.
  • I recently came across a couple Continue reading

FTC warns app developers against using audio monitoring software

 The U.S. Federal Trade Commission has sent warning letters to 12 smartphone app developers for allegedly compromising users' privacy by packaging audio monitoring software into their products.The software, from an Indian company called SilverPush, allows apps to use the smartphone's microphone to listen to nearby television audio in an effort to deliver more targeted advertisements. SilverPush allows the apps to surreptitiously monitor the television viewing habits of people who downloaded apps with the software included, the FTC said Thursday."This functionality is designed to run silently in the background, even while the user is not actively using the application," the agency said in its letter to the app developers. "Using this technology, SilverPush could generate a detailed log of the television content viewed while a user’s mobile phone was turned on."To read this article in full or to leave a comment, please click here

IDG Contributor Network: Modular data center startup gets funding

Pre-fabricated, shipping container-like stackable modules, containing data center gear are the future, according to Keystone NAP, a startup vendor, who’s recently obtained new funding. The modular specialist has borrowed $15 million through finance adviser White Oak to complete a property acquisition, and “finance expansion,” the Philadelphia Enquirer says. Modular data centers are one of the three top trends in data center land, according to Keystone NAP co-founder Shawn R. Carey, writing last year on the Advance Healthcare Network website . The other two fads being outsourcing, and hybrid cloud.To read this article in full or to leave a comment, please click here

Cisco’s acquisition of Synata brings search to Spark

Last week the Enterprise Connect trade show was held in Orlando, Florida. The show is the collaboration industry’s largest event and because of that, there were dozens of vendors that issued press releases touting the latest and greatest innovations in the market.One announcement that I thought flew under the radar was Cisco’s intent to acquire privately held Synata. Jim Duffy wrote a short article covering the news but the importance of this acquisition hasn’t been discussed.Explaining what Syanta does is fairly simple. It lets user search encrypted files and messages, even if they’re stored in cloud storage drives. Cisco will use this technology to enhance its team-messaging product, Cisco Spark.To read this article in full or to leave a comment, please click here

Research:The Evolution of Layered Protocol Stacks Leads to an Hourglass-Shaped Architecture

One reason why IPv6 has slow adoption is that the seven layer model has created a “waist” where change is possible in some layers but impossible in others. As the diagram below suggests, change in applications and protocols (Layer 5/6/7) is possible while Layer 1/2 has slower change but it does happen. The one thing that […]

The post Research:The Evolution of Layered Protocol Stacks Leads to an Hourglass-Shaped Architecture appeared first on EtherealMind.

Scaling up SDNs using TTPs (Table Type Patterns)

 

Software defined networking (SDN) solutions have been in the labs for a while, primarily to explore functionality and understand what possible benefit they could bring to current infrastructure and operations. Over the past couple years, SDN has emerged as a strong alternative for IT operations in the areas of WAN, data center and the overlay solutions. The primary benefit realized, besides open networking, is the ability to accelerate service deployments. SDN solutions using OpenFlow tackled complex problems including dynamic provisioning, interconnection and fault management. While the functionality of SDN evolved and matured, the scale of SDNs was still tied to ternary content-addressable memory (TCAM). OpenFlow by design was implemented in the TCAM.

A brief on Ternary Content Addressable Memory (TCAM) 

TCAMs are special memory devices that enable most of today’s intelligent networks. They enable match on a masked bit value rather than a binary match. This greatly enhances the usability of TCAM for network applications. There are many articles one can find on the Internet to get more details on TCAMs, but primarily they were responsible for the ideation of SDN. The possibilities in creating a policy-based forwarding model with a wild-card match introduced a multitude of network applications Continue reading

ISP Architechture – MPLS Overview, Design and Implementation for WISPs

WISPAmerica

Recently, I was fortunate enough to be invited by Brian Horn with WISPA.org to teach a session at WISP America 2016 in Lousiville, KY. We had the class on Tuesday, March 15th 2016 and the turnout and response were great.  Many different people have asked for the presentation, so I decided to go ahead and post it here. Hope this helps some of you who are trying to get into MPLS and although it does have a bit of a WISP focus, almost all of the concepts in the presentation apply to wireline networks as well.

About the presentation

Scope: This session was 30 minutes long with a Q&A afterwards, so the material is really a deep dive on MPLS. The goal was to introduce WISP engineers and owners to MPLS and how it improves the network as well as revenue.

When should I put MPLS in my WISP or Service Provider network?  The answer is ASAP! I was asked this question by a small WISP earlier in the week and he said i’m just too small to be thinking about MPLS. My response to him was simply – “Do you want to get MPLS in and working Continue reading

ISP Architechture – MPLS Overview, Design and Implementation for WISPs

WISPAmerica

Recently, I was fortunate enough to be invited by Brian Horn with WISPA.org to teach a session at WISP America 2016 in Lousiville, KY. We had the class on Tuesday, March 15th 2016 and the turnout and response were great.  Many different people have asked for the presentation, so I decided to go ahead and post it here. Hope this helps some of you who are trying to get into MPLS and although it does have a bit of a WISP focus, almost all of the concepts in the presentation apply to wireline networks as well.

About the presentation

Scope: This session was 30 minutes long with a Q&A afterwards, so the material is really a deep dive on MPLS. The goal was to introduce WISP engineers and owners to MPLS and how it improves the network as well as revenue.

When should I put MPLS in my WISP or Service Provider network?  The answer is ASAP! I was asked this question by a small WISP earlier in the week and he said i’m just too small to be thinking about MPLS. My response to him was simply – “Do you want to get MPLS in and working Continue reading

Safari, Chrome and Flash Player hacked during first day at Pwn2Own, some of them twice

Security researchers exploited previously unknown vulnerabilities in Apple Safari, Google Chrome and Flash Player to compromise the latest versions of OS X and Windows during the first day of the annual Pwn2Own hacking contest.On Wednesday, four teams and a researcher who competed on his own made six attempts to hack this year's targets: Safari running on OS X, Chrome running on Windows, Microsoft Edge running on Windows and Flash Player on Windows. Four attempts were successful, one was only partially successful and one failed.The 360Vulcan Team from Chinese Internet security company Qihoo 360 combined a remote code execution vulnerability in Flash Player with a vulnerability in the Windows kernel to gain system privileges. For this feat, they received a US$80,000 prize, $60,000 for the Flash Player exploit and a $20,000 bonus for the system-level escalation.To read this article in full or to leave a comment, please click here

Tim Cook to Time: ‘I feel like I’m in this bad dream’

Tim Cook gave a long interview to Time magazine about Apple’s fight with the FBI over its refusal to create “GovtOS,” a more crackable version of iOS to side-load onto the seized iPhone 5c used by San Bernardino shooter Syed Rizwan Farook. The edited version is here, and Time also published the full transcript.+ MORE: Apple cites iPhone, Mac security problems in rebuttal to FBI demands +To read this article in full or to leave a comment, please click here

NASA’s IG tells space agency to bolster space network security

The network NASA uses to deliver telemetry ground-based tracking, data and communications services to a wide range of current and future spacecraft needs a serious bump in security technology.That was the conclusion of the space agency’s Office of Inspector General which stated: “We found that NASA, [NASA’s Goddard Space Flight Center in Greenbelt, MD, which manages the network] failed to comply with fundamental elements of security risk management reflected in Federal and Agency policies. We believe that these deficiencies resulted from inadequate Agency oversight of the network and insufficient coordination between stakeholders. These deficiencies unnecessarily increase the network’s susceptibility to compromise.”To read this article in full or to leave a comment, please click here

NASA’s IG tells space agency to bolster space network security

The network NASA uses to deliver telemetry ground-based tracking, data and communications services to a wide range of current and future spacecraft needs a serious bump in security technology.That was the conclusion of the space agency’s Office of Inspector General which stated: “We found that NASA, [NASA’s Goddard Space Flight Center in Greenbelt, MD, which manages the network] failed to comply with fundamental elements of security risk management reflected in Federal and Agency policies. We believe that these deficiencies resulted from inadequate Agency oversight of the network and insufficient coordination between stakeholders. These deficiencies unnecessarily increase the network’s susceptibility to compromise.”To read this article in full or to leave a comment, please click here

1 2,946 2,947 2,948 2,949 2,950 3,696