Cisco launches code review after Juniper’s spyware disclosure

Cisco Systems has launched an internal code review following Juniper's disclosure last week of unauthorized spying code found in its enterprise firewall products.So far, "we have no indication of unauthorized code in our products," wrote Anthony Grieco, senior director of Cisco's Security and Trust Organization, in a blog post Monday.The code review was initiated by Cisco and not the result of contact by law enforcement, Grieco wrote.Juniper said on Thursday an internal audit uncovered code that could allow secret remote access and also compromise encrypted VPN connections. The code was found in some versions of an operating system called ScreenOS that powers firewall devices.To read this article in full or to leave a comment, please click here

Salesforce backs new wind farm in 12-year renewable-energy deal

A few months ago Salesforce committed to a goal of eventually powering its global operations entirely with renewable energy, and on Monday it took a key step in that direction by signing a 12-year agreement to back a brand-new wind farm in West Virginia.The farm is expected to become operational in December 2016. Once it does, the electricity generated under the agreement is expected to be 125,000 megawatt hours annually, which is more than Salesforce used in its data centers during all of fiscal year 2015.It's also equivalent to about 90 percent of its total electricity use over that time period, putting Salesforce well on the way toward that 100 percent goal.To read this article in full or to leave a comment, please click here

Battle over LTE in Wi-Fi bands may soon be resolved

The fight over LTE networks using the same frequencies as Wi-Fi may be headed toward a peaceful resolution at last.Powerhouses of the wireless world that have clashed over LTE in unlicensed spectrum are now committed to creating tests for whether these new types of networks can coexist with Wi-Fi. Those tests may be ready to go in February.Powerful mobile vendors including Qualcomm and Ericsson are pushing gear that would let carriers put LTE signals on unlicensed channels now used by Wi-Fi. Carriers including Verizon Wireless, T-Mobile USA and SK Telecom want to use those technologies, which would give already licensed operators a way to boost network speed without buying more frequencies.To read this article in full or to leave a comment, please click here

Cloud, virtualization take toll on data centers

The data center is transforming -- modernizing to meet business demand as technologies such as software-defined architecture, cloud and virtualization take hold. This modernization is also being driven by CIOs and IT executives taking a hard look at their computing needs and asking whether they want to own and/or operate data centers any longer, industry experts say.Managing the transitionTo read this article in full or to leave a comment, please click here(Insider Story)

U.S. still No. 1 for unsecured security cameras: Creepy site linked to over 5,700 in U.S.

In November 2014, access to the video streams of 73,011 unsecured security cameras were available on a site that provided a Peeping Tom paradise for voyeurs and creepers. At that time, there were 11,046 unsecured security cameras in the U.S. Now there is roughly half that amount, but the U.S. is still number one by having more insecure security cameras than any other nation in the world.On December 17, there were 4,104 unsecured security cameras located in the United States that were listed as part of the Insecam project, which claims to have “the world’s biggest directory of online surveillance security cameras.” With six cameras per page, that was equal to 684 pages which I viewed while counting the brand of network video cameras available online, because each of those U.S. cameras did not have a unique password to protect it. That took between five and six hours, including the time to grab some screenshots as well; during that time, the number of unsecured cameras in the U.S. fluctuated wildly and dropped to barely 4,000 before going back up to cover 684 pages again. The most common unsecured cameras in the U.S. Continue reading

Juniper NetScreen firewall should be patched now

The Internet Storm Center has upgraded its warning about the corruption of Juniper ScreenOS firewalls to yellow, which means it’s imperative to patch them today, literally, given that details on how to exploit the flaws has been published and that it’s a holiday week when applying firewall patches can be easily overlooked. According to the ISC warning, the upgraded yellow warning was made because Juniper’s NetScreen firewalls are popular and that the “'backdoor’ password is now known, and exploitation is trivial at this point,” and for most businesses, this “being a short week for many of us, addressing this issue today is critical.”To read this article in full or to leave a comment, please click here

Gartner Data Center, Infrastructure and Operations Management Conference

I had the opportunity to attend this year’s Gartner Data Center Infrastructure and Operations Management Conference in Las Vegas December 7th – 10th.  The sessions were very informative, providing insight into both high-level trends and tactical topics, including bimodal IT, cloud (both public and private) and converged/ hyperconverged infrastructure. I leveraged Twitter at the conference as a means of taking, and sharing, copious notes (@RobertNoel3). Here’s a look at the conference’s main themes:

Bimodal IT:

Bimodal IT is a topic that Gartner has been discussing at length in recent years. The concept of bimodal IT is that organizations need to behave in two modes simultaneously (mode1 and mode 2). According to Ray Paquet, Managing VP at Gartner, mode 1 is predictable where orders are taken from customers of IT and delivered upon.  This is the process of “keeping the lights on” and supporting legacy tools and processes. Mode 2 is exploratory where new tools and processes are considered hand-in-hand with customers of IT.  Mode 2 is all about moving fast and taking risks as a means to support the agility required for the next generation of IT. As a metaphor, Paquet described mode 1 Continue reading

Google joins Mozilla, Microsoft in pushing for early SHA-1 crypto cutoff

Google is considering banning certificates signed with the SHA-1 cryptographic function in Google Chrome starting Jul. 1. This follows similar announcements from Mozilla and Microsoft over the past two months.The browser vendors had previously decided to stop trusting SHA-1-signed certificates presented by HTTPS websites on Jan. 1, 2017, a year after certificate authorities are supposed to stop issuing new ones.However, due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months.To read this article in full or to leave a comment, please click here

5 information security trends that will dominate 2016

Every year, it seems, the threats posed by cybercriminals evolve into new and more dangerous forms while security organizations struggle to keep up.As 2015 draws to a close, we can expect the size, severity and complexity of cyber threats to continue increasing in 2016, says Steve Durbin, managing director the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members."For me, 2016 is probably the year of cyber risk," Durbin says. "I say that because increasingly I think we are seeing a raised level awareness about the fact that operating in cyber brings about its own peculiarities."To read this article in full or to leave a comment, please click here

Juniper updates list of backdoored enterprise firewall OS versions

Juniper revised the list of ScreenOS versions that contain a backdoor allowing attackers to bypass authentication and gain administrative access to NetScreen enterprise firewall devices.The networking equipment manufacturer announced last week that it found, during an internal audit, two instances where rogue code was added to its ScreenOS operating system without authorization. The code could be used by attackers to gain privileged access to NetScreen firewall devices and to decrypt VPN connections.The company said at the time that ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 were vulnerable, but an analysis by researchers from security firm Rapid7 revealed that not all listed versions are vulnerable to both issues.To read this article in full or to leave a comment, please click here

Juniper updates list of backdoored enterprise firewall OS versions

Juniper revised the list of ScreenOS versions that contain a backdoor allowing attackers to bypass authentication and gain administrative access to NetScreen enterprise firewall devices.The networking equipment manufacturer announced last week that it found, during an internal audit, two instances where rogue code was added to its ScreenOS operating system without authorization. The code could be used by attackers to gain privileged access to NetScreen firewall devices and to decrypt VPN connections.The company said at the time that ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 were vulnerable, but an analysis by researchers from security firm Rapid7 revealed that not all listed versions are vulnerable to both issues.To read this article in full or to leave a comment, please click here

1 3,058 3,059 3,060 3,061 3,062 3,693