Analyzing real WordPress hacking attempts

In my last few posts I’ve pondered the issue of how insecure WordPress installations have become. Here’s an interesting thing to try if you run a Wordpress site; install the 404 to 301 plugin and in its settings check the “Email notifications” option and enter an email address in the “Email address” field. Now, whenever a nonexistent URL is requested, you’ll get notified and, at least for me, it’s been pretty interesting to see how hackers attempt to enter my WordPress installations. To read this article in full or to leave a comment, please click here

Analyzing real WordPress hacking attempts

In my last few posts I’ve pondered the issue of how insecure WordPress installations have become. Here’s an interesting thing to try if you run a Wordpress site; install the 404 to 301 plugin and in its settings check the “Email notifications” option and enter an email address in the “Email address” field. Now, whenever a nonexistent URL is requested, you’ll get notified and, at least for me, it’s been pretty interesting to see how hackers attempt to enter my WordPress installations. To read this article in full or to leave a comment, please click here

Question: How did hackers steal $81 million? Answer: Pretty easily.

One of the peculiar things about computer security is how much the topic is written about and discussed (a huge amount) compared to how much is actually done (always less than you think). But what’s really peculiar is that enterprises, which you’d think would have better security than organizations in, say, the SMB space, often have serious security deficiencies. Case in point: The Bangladesh Central Bank.In February this year, hackers managed to get into the Bangladesh Central Bank’s network and acquired the bank’s SWIFT credentials, codes that authorize interbank transfers. The hackers then used the credentials four times to transfer some $81 million to various accounts in the Philippines and Sri Lanka via the New York Federal Reserve but on the fifth attempt, the hackers misspelled the receiving account’s name (they spelled “Shalika Foundation” as Shalika “Fandation”)(du’oh). To read this article in full or to leave a comment, please click here

Question: How did hackers steal $81 million? Answer: Pretty easily.

One of the peculiar things about computer security is how much the topic is written about and discussed (a huge amount) compared to how much is actually done (always less than you think). But what’s really peculiar is that enterprises, which you’d think would have better security than organizations in, say, the SMB space, often have serious security deficiencies. Case in point: The Bangladesh Central Bank.In February this year, hackers managed to get into the Bangladesh Central Bank’s network and acquired the bank’s SWIFT credentials, codes that authorize interbank transfers. The hackers then used the credentials four times to transfer some $81 million to various accounts in the Philippines and Sri Lanka via the New York Federal Reserve but on the fifth attempt, the hackers misspelled the receiving account’s name (they spelled “Shalika Foundation” as Shalika “Fandation”)(du’oh). To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — April 22, 2016

Here are the top stories SDxCentral wrangled this week related to SDN, NFV, cloud, and virtualization infrastructure: Verizon Publishes an SDN/NFV Reference Architecture — We can’t let AT&T have all the fun. On the heels of Ma Bell’s Ecomp specification, Verizon lays down some SDN/NFV knowledge of its own. A bit of Friday fun from the NFV World Congress. How... Read more →

US no longer requires Apple’s help to crack iPhone in New York case

The U.S. no longer requires Apple’s assistance to unlock an iPhone 5s phone running iOS 7 used by the accused in a drug investigation, stating that an “individual provided the passcode to the iPhone at issue in this case.” The Department of Justice has withdrawn its application in the U.S. District Court for the Eastern District of New York. DOJ  had earlier appealed to District Judge Margo K. Brodie an order from Magistrate Judge James Orenstein, ruling that Apple could not be forced to provide assistance to the government to extract data from the iPhone 5s.To read this article in full or to leave a comment, please click here

US no longer requires Apple’s help to crack iPhone in New York case

The U.S. no longer requires Apple’s assistance to unlock an iPhone 5s phone running iOS 7 used by the accused in a drug investigation, stating that an “individual provided the passcode to the iPhone at issue in this case.” The Department of Justice has withdrawn its application in the U.S. District Court for the Eastern District of New York. DOJ  had earlier appealed to District Judge Margo K. Brodie an order from Magistrate Judge James Orenstein, ruling that Apple could not be forced to provide assistance to the government to extract data from the iPhone 5s.To read this article in full or to leave a comment, please click here

Mininet-WiFi: Software defined network emulator supports WiFi networks

Mininet-WiFi is a fork of the Mininet SDN network emulator. The Mininet-WiFi developers extended the functionality of Mininet by adding virtualized WiFi stations and access points based on the standard Linux wireless drivers and the 80211_hwsim wireless simulation driver. They also added classes to support the addition of these wireless devices in a Mininet network scenario and to emulate the attributes of a mobile station such as position and movement relative to the access points.

The Mininet-WiFi extended the base Mininet code by adding or modifying classes and scripts. So, Mininet-WiFi adds new functionality and still supports all the normal SDN emulation capabilities of the standard Mininet network emulator.

In this post, I describe the unique functions available in the Mininet-WiFi network emulator and work through a few tutorials exploring its features.

How to read this post

In this post, I present the basic functionality of Mininet-WiFi by working through a series of tutorials, each of which works through Mininet-WiFi features, while building on the knowledge presented in the previous tutorial. I suggest new users work through each tutorial in order.

I do not attempt to cover every feature in Mininet-WiFi. Once you work through the tutorials in this post, Continue reading

Facebook bug hunter stumbles on backdoor left by… another bug hunter

When Orange Tsai set out to participate in Facebook's bug bounty program in February, he successfully managed to gain access to one of Facebook's corporate servers. But once in, he realized other hackers had beaten him to it.Tsai thought he had stumbled on some malicious activity in Facebook's network. But, according to a statement from Facebook on Friday, what he found was something else.Tsai, a consultant with Taiwanese penetration testing outfit Devcore, had started by mapping Facebook's online properties, which extend beyond user-facing services like facebook.com or instagram.com.One server that caught his attention was files.fb.com, which hosted a secure file transfer application made by enterprise software vendor Accellion and was presumably used by Facebook employees for file sharing and collaboration.To read this article in full or to leave a comment, please click here

Facebook bug hunter stumbles on backdoor left by… another bug hunter

When Orange Tsai set out to participate in Facebook's bug bounty program in February, he successfully managed to gain access to one of Facebook's corporate servers. But once in, he realized other hackers had beaten him to it.Tsai thought he had stumbled on some malicious activity in Facebook's network. But, according to a statement from Facebook on Friday, what he found was something else.Tsai, a consultant with Taiwanese penetration testing outfit Devcore, had started by mapping Facebook's online properties, which extend beyond user-facing services like facebook.com or instagram.com.One server that caught his attention was files.fb.com, which hosted a secure file transfer application made by enterprise software vendor Accellion and was presumably used by Facebook employees for file sharing and collaboration.To read this article in full or to leave a comment, please click here

The Ethernet community is working to introduce six new rates in the next 3 years

In its first 27 years of existence we saw the introduction of six Ethernet rates – 10Mbps, 100Mbps, 1Gbps, 10Gbps 40Gbps and 100Gbps.  And the Ethernet community is now working feverously to introduce six new rates -- 2.5Gbps, 5Gbps, 25Gbps 50Gbps, 200Gbps and 400Gbps-- in the next three years. Higher Ethernet rates used to be introduced when industry bandwidth requirements drove the need for speed.  Butwith Ethernet’s success, it soon became apparent that one new advance could satisfy the requirements of each Ethernet application space.  This was clearly illustrated nearly 10 years ago when it was recognized that computing and networking were growing at different rates.   This led to 40Gbps being selected as the next rate for servers beyond 10Gbps, while 100Gbps was selected as the next networking rate.   To read this article in full or to leave a comment, please click here

The Ethernet community is working to introduce six new rates in the next 3 years

In its first 27 years of existence we saw the introduction of six Ethernet rates – 10Mbps, 100Mbps, 1Gbps, 10Gbps 40Gbps and 100Gbps.  And the Ethernet community is now working feverously to introduce six new rates -- 2.5Gbps, 5Gbps, 25Gbps 50Gbps, 200Gbps and 400Gbps-- in the next three years. Higher Ethernet rates used to be introduced when industry bandwidth requirements drove the need for speed.  Butwith Ethernet’s success, it soon became apparent that one new advance could satisfy the requirements of each Ethernet application space.  This was clearly illustrated nearly 10 years ago when it was recognized that computing and networking were growing at different rates.   This led to 40Gbps being selected as the next rate for servers beyond 10Gbps, while 100Gbps was selected as the next networking rate.   To read this article in full or to leave a comment, please click here

The Ethernet community is working to introduce six new rates in the next 3 years

Flagship HTC 10 to debut on Verizon Wireless

The HTC 10 announcement left the impression that HTC built another desirable unlocked phone like the HTC One A9 that Verizon Wireless customers were locked out of buying. But today, without a formal announcement the HTC 10 appeared on Verizon’s website. The Verizon version of the HTC 10 isn’t available on HTC’s website.Preorders begin on April 29 2016. There was no mention of price and availability. It should be priced at $699 unless HTC diverges from its usual policy of pricing the same models at the same prices; though promotions can be different between carriers for the same models. Looking at the hardware, the same model that supports AT&T and T-Mobile also has the frequency bands for Verizon, indicating that the early May availability could be the same for all three models.To read this article in full or to leave a comment, please click here

How AMD is ressurecting itself as a formidable rival to Intel

The rivalry between AMD and Intel peaked during the first decade of the 2000s, when the companies consistently challenged each other with a stream of chip innovations.Since then, AMD lost its way, and today it barely registers as a threat to Intel. But the competitive landscape could start changing as early as next year.Intel's x86 chips are installed in most PCs and servers, and AMD has been losing market share for years. AMD's chip technology has fallen behind Intel's after some ill-advised architectural changes, acquisitions, and manufacturing problems.Intel's x86 processor market share was 87.7 percent the fourth quarter of 2015, growing from 86.3 percent a year earlier. AMD held just a 12.1 percent share, falling from 13.6 percent, according to Mercury Research.To read this article in full or to leave a comment, please click here

The Packet Pushers Are On Google Play Music

Packet Pushers podcasts are now available on Google Play Music. You'll need to sign in with a Google account to listen.

The post The Packet Pushers Are On Google Play Music appeared first on Packet Pushers.

The Packet Pushers Are On Google Play Music

Packet Pushers podcasts are now available on Google Play Music. You'll need to sign in with a Google account to listen.

The post The Packet Pushers Are On Google Play Music appeared first on Packet Pushers.

Worth Reading: The IETF as a model

Imagine a world where you would be judged by the power of your ideas and not by your title, your origin, your age, your sex or even your academic credentials. Imagine a world where ideas can be debated with great openness and where it is still possible to make decisions by consensus. Imagine a world where competitors work together for the future of humanity.

The post Worth Reading: The IETF as a model appeared first on 'net work.

In the Software Defined Data Center, application response time trumps infrastructure capacity management

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.The adoption of software-defined data center (SDDC) technologies is driven by tremendous potential for dynamic scalability and business agility, but the transition is fraught with complexities that need to be considered.This ecosystem relies on the abstraction or pooling of physical resources (primarily compute, network and storage) by means of virtualization. With software orchestrating new or updated services, the promise is these resources can be provisioned in real-time, without human intervention. In essence, this is the technology response to the agility demands of the modern digital business.To read this article in full or to leave a comment, please click here

Verizon Publishes an SDN/NFV Reference Architecture

It worked with Cisco, Ericsson, HPE, Intel, etc.