Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking

Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in recent years and many vendors, including large networking and security appliance makers, are frequently issuing firmware updates to fix such basic flaws when they are discovered by internal and external security audits.To read this article in full or to leave a comment, please click here

Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking

Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in recent years and many vendors, including large networking and security appliance makers, are frequently issuing firmware updates to fix such basic flaws when they are discovered by internal and external security audits.To read this article in full or to leave a comment, please click here

Building nginx and Tarantool based services

Are you familiar with this architecture? A bunch of daemons are dancing between a web-server, cache and storage.

What are the cons of such architecture? While working with it we come across a number of questions: which language (-s) should we use? Which I/O framework to choose? How to synchronize cache and storage? Lots of infrastructure issues. And why should we solve the infrastructure issues when we need to solve a task? Sure, we can say that we like some X and Y technologies and treat these cons as ideological. But we can’t ignore the fact that the data is located some distance away from the code (see the picture above), which adds latency that could decrease RPS.

The main idea of this article is to describe an alternative, built on nginx as a web-server, load balancer and Tarantool as app server, cache, storage.

Improving cache and storage

Worth Reading: Leave Your Gas Can at Home

There seems to be a trend in IT, where everyone likes to play follow the leader. Everyone uses the same vendor for the same things, and they try to use the same cookie cutter pattern. If you have any decent exposure to various organizations, you’ll know that’s just not the case. Trying to shove a square peg in a round hole, never works out well. -via Packet Pushers

The post Worth Reading: Leave Your Gas Can at Home appeared first on 'net work.

Want to sell your brand to a developer? Laptop stickers could be yet another way!

© Arun Sriraman
A sign of pride and fun for some but chaos for others; laptop stickers as I recently figured out is yet another way of marketing and branding. I'm sure a lot of people have wondered why a company gives away goodies in conferences and exhibitions. It's for direct+indirect marketing. When you see people walking around wearing a company printed T-Shirt or a cap, that company reaches people it never spoke to directly. It can be thought about as "flooding" in networking terms.

If its known that stickers are a marketing technique, why would someone want to mutilate their laptop with them?

Good question indeed.  I have seen people fret at the sight of my laptop and come at me with the expression of - "Oh my god! What has he done to the poor laptop".. The picture you see above is my work laptop. I like stickers and I put them on my laptop because I agree with a product or the company that makes a product and would want to share this with others (i.m.o. it also makes it look cool).

Laptop stickers though a smaller marketing channel, are nevertheless effective. Continue reading

A case for cloud privacy brokerage

There is Software-as-a-Service, Disaster Recover-as-a-Service, SECurity-as-a-Service. What's currently missing, and the crux of much cloud-profiting malaise, is PRiVacy-as-a-Service.Cloud Access Security Broker (CASB) software, something that's in the lab right now, does a great job of things like infiltration/exfiltration (read: filtration) of organizational data from SaaS applications. Some do some wicked things as proxies for user apps. The idea is to help keep users honest and prevent organizational assets from jeopardy.But when we-as-civilians do everyday surfing, answering emails and going about our business on the Internet, we're protected at the firewall level as users. Perhaps it's Malwarebytes, or a myiad of client-side security packages. And we admonish people to NEVER open spam, as spam often delivers unbelievably nasty systems attack code, disguised as benign attachments.To read this article in full or to leave a comment, please click here

Will Cisco Shine On?

Digital Lights

Cisco announced their new Digital Ceiling initiative today at Cisco Live Berlin. Here’s the marketing part:

And here’s the breakdown of protocols and stuff:

Funny enough, here’s a presentation from just three weeks ago at Networking Field Day 11 on a very similar subject:

Cisco is moving into Internet of Things (IoT) big time. They have at least learned that the consumer side of IoT isn’t a fun space to play in. With the growth of cloud connectivity and other things on that side of the market, Cisco knows that is an uphill battle not worth fighting. Seems they’ve learned from Linksys and Flip Video. Instead, they are tracking the industrial side of the house. That means trying to break into some networks that are very well put together today, even if they aren’t exactly Internet-enabled.

Digital Ceiling isn’t just about the PoE lighting that was announced today. It’s a framework that allows all other kinds of dumb devices to be configured and attached to networks that have intelligence built in. The Constrained Application Protocol (CoaP) is designed in such a way as to provide data about a great number of devices, not just lights. Yet lights are the launch Continue reading

Junos Conditional Route Advertisement

University network borders tend to be more complicated than those in similarly sized corporate organizations. I recently helped a peer from another university transition from IOS to Junos for border routing. While most of the configuration was straightforward, he required a unique  conditional routing policy. Since I’ve been working with Junos for many years (starting […]

The post Junos Conditional Route Advertisement appeared first on Packet Pushers.

Junos Conditional Route Advertisement

University network borders tend to be more complicated than those in similarly sized corporate organizations. I recently helped a peer from another university transition from IOS to Junos for border routing. While most of the configuration was straightforward, he required a unique  conditional routing policy. Since I’ve been working with Junos for many years (starting […]

The post Junos Conditional Route Advertisement appeared first on Packet Pushers.

‘Unbreakable’ security that wasn’t: True tales of tech hubris

The $30,000 lockImage by Library of CongressEighteenth century British engineer Joseph Bramah invented a lock that, he was sure, could never be picked. He was so sure that he offered 200 guineas (roughly $30,000 today) to anyone who could defeat it. Cris Thomas, a 21st-century strategist at Tenable Network Security, calls this one of the first bug bounties in history. The lock remained seemingly impregnable for more than 67 years, until an American locksmith named Alfred Charles Hobbs defeated it in 1851, prompting a contemporary observer to remark that "the mechanical spirit, however, is never at rest, and if it is lulled into a false state of listlessness in one branch of industry, and in one part of the world, elsewhere it springs up suddenly to admonish and reproach us with our supineness."To read this article in full or to leave a comment, please click here

Arctic Wolf offers SIEM in cloud

Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices. Brian NeSmithTo read this article in full or to leave a comment, please click here

AttackIQ tests networks for known weaknesses attackers exploit

Startup AttackIQ can run attack scenarios against live networks to see whether the defenses customers think are in place are actually doing their job.The platform, called FireDrill, consists of an agent that is deployed on representative endpoints, and a server that stores attack scenarios and gathers data.The platform’s function is similar to that of another startup SafeBreach. Both companies differ from penetration testing in that they continuously test networks whereas a pen test gives a snapshot in time with large gaps between each snapshot.To read this article in full or to leave a comment, please click here

IBM launches new mainframe with focus on security

A new IBM mainframe includes security hardware to encrypt data without slowing down transactions and can integrate with IBM security software to support secure hybrid-cloud services. Ravi Srinivasan, vice president of strategy and offering management for IBM Security Thanks to an encryption co-processor, the new IBM z13s mainframe offloads encryption and doubles the speed at which previous mainframes could perform transactions, making for faster completion times and lower per-transaction costs, says Ravi Srinivasan, vice president of strategy and offering management for IBM Security.To read this article in full or to leave a comment, please click here

1 3,082 3,083 3,084 3,085 3,086 3,787