Reaction: Innovation and the Internet

Industries mature, of course. That they do so shouldn’t be surprising to anyone who’s watched the world for very long. The question is — do they mature in a way that places a few players at the “top,” leaving the rest to innovate along the edges? Or do they leave broad swaths of open space in which many players can compete and innovate? Through most of human history, the answer has been the first: industries, in the modern age, tend to ossify into a form where a few small players control most of the market, leaving the smaller players to innovate along the edges. When the major impetus in building a new company is to “get bought,” and the most common way for larger companies to innovate is by buying smaller companies (or doing “spin ins”), then you’ve reached a general point of stability that isn’t likely to change much.

Is the networking industry entering this “innovation free zone?” Or will the networking industry always be a market with more churn, and more innovation? There are signs in both directions.

For instance, there’s the idea that once technology reaches a certain level of capability, there’s just no reason for Continue reading

Cisco patches permission hijacking issue in WebEx Meetings app for Android

Cisco has fixed a vulnerability in its WebEx Meetings application for Android that allowed potentially rogue applications to hijack its permissions.The issue, which affected all versions of the app older than 8.5.1, stemmed from the way custom application permissions were implemented and assigned at initialization time.In addition to the default permissions defined by the OS, applications can declare and request custom permissions, a feature that the Android developers recommend be used only if absolutely necessary. It is also possible for apps to request to use custom permissions declared by another application.To read this article in full or to leave a comment, please click here

Cisco patches permission hijacking issue in WebEx Meetings app for Android

Cisco has fixed a vulnerability in its WebEx Meetings application for Android that allowed potentially rogue applications to hijack its permissions.The issue, which affected all versions of the app older than 8.5.1, stemmed from the way custom application permissions were implemented and assigned at initialization time.In addition to the default permissions defined by the OS, applications can declare and request custom permissions, a feature that the Android developers recommend be used only if absolutely necessary. It is also possible for apps to request to use custom permissions declared by another application.To read this article in full or to leave a comment, please click here

Google accused of tracking school kids after it promised not to

Google has been collecting information about schoolchildren's browsing habits despite signing a pledge saying it was committed to their privacy, the Electronic Frontier Foundation said in a complaint filed Tuesday.The digital rights group said Google's use of the data, collected through its Google for Education program, puts the company in breach of Section 5 of the Federal Communications Act and asked the Federal Trade Commission to investigate.“Despite publicly promising not to, Google mines students’ browsing data and other information, and uses it for the company’s own purposes," the EFF said.To read this article in full or to leave a comment, please click here

IRS says it will get a warrant before using cell-site simulators

The U.S. Internal Revenue Service is drafting a policy to restrict the use without a warrant of cell-site simulator technology to snoop on the location and other information from mobile phones.The head of the IRS, John Koskinen, wrote in a letter that the agency was drafting a policy that would mirror an earlier Department of Justice rule,  which requires a search warrant supported by probable cause before using the technology,  except in exigent or exceptional circumstances.INSIDER: 5 ways to prepare for Internet of Things security threats Cell-site simulators, also referred to as stingrays or 'IMSI catchers,' track the location and other information from mobile phones by mimicking cellphone towers. The use of the technology without a warrant by law enforcement has been criticized by civil rights groups.To read this article in full or to leave a comment, please click here

Is Flow-Based Forwarding Just Marketing Fluff?

When writing the Packet- and Flow-Based Forwarding blog post, I tried to find a good definition of flow-based forwarding (and I was not the only one being confused), and the one from Junos SRX documentation is as good as anything else I found, so let’s use it.

TL&DR: Flow-based forwarding is a valid technical concept. However, when mentioned together with OpenFlow, it’s mostly marketing fluff.

Read more ...

Brocade VDX SNMP Changes

Brocade tightened up some SNMP settings with NOS 6.0.x. This improves security, but it also means that you will need to modify your configuration if you upgrade. If you don’t, SNMP won’t work, and you’ll get errors with BNA/Nagios/Cacti/etc. Here’s the changes, and how to get SNMP working with NOS 6.0.x. NB This applies to VDX Data Centre switches. Other product lines have different configuration.

Usual disclaimers apply: Yes, I work for Brocade. Doesn’t mean that I’m an official spokesperson, or a replacement for TAC. I’m just putting this info out there to help others who get bitten by this.

5.x and earlier defaults

NOS 5.x and earlier had default SNMP settings that looked like this:

snmp-server contact "Field Support."
snmp-server location "End User Premise."
snmp-server sys-descr "Brocade VDX Switch."
snmp-server community ConvergedNetwork
snmp-server community OrigEquipMfr rw
snmp-server community "Secret C0de" rw
snmp-server community common
snmp-server community private rw
snmp-server community public
snmp-server user snmpadmin1 groupname snmpadmin
snmp-server user snmpadmin2 groupname snmpadmin
snmp-server user snmpadmin3 groupname snmpadmin
snmp-server user snmpuser1
snmp-server user snmpuser2
snmp-server user snmpuser3

Yeah. Pretty open. So if you’re lazy, and your NMS tried a default discovery string of Continue reading

Ransomware and scammy tech support sites team up for a vicious one-two punch

Symantec has seen a curious fusing of two pernicious online threats, which would cause a big headache if encountered by users.Some websites offering questionable tech support services are also dishing up ransomware, which locks up a users files until they pay a fee to decrypt them.The support scams involve trying to convince users they have a computer problem and then selling them overpriced software or support services to fix it. It's often done via a pop-up message that urges people to call a number or download software.To read this article in full or to leave a comment, please click here

Toy maker VTech says breach hit 6.4 million kids’ accounts

Educational toy maker VTech has said 11.6 million accounts were compromised in a cyberattack last month, including those of 6.4 million children.The total number of accounts affected is nearly double that reported last week by the security news site Motherboard, which interviewed a hacker who claimed credit for the breach.Most of the account holders were in the U.S., including 2.2 million parents and 2.8 million children, VTech said Wednesday in Hong King, where the company is based. France, the U.K., Germany and Canada round out the top five countries hit, VTech said in an updated FAQ.To read this article in full or to leave a comment, please click here

NSA needs more EFF hoodies

A few months ago, many stories covered "intelexit.org", a group that bought billboards outside NSA buildings encouraging moderates to leave intelligence organizations. This is a stupidbad idea.

For one thing, it's already happening inside the intelligence community. Before Snowden, EFF hoodies were tolerated. From what I hear, they aren't anymore. Anybody who says anything nice about the EFF or Snowden quickly finds their promotion prospects reduced. And if you aren't being promoted, you are on track to be pushed out, to make room for new young blood.

The exit of moderates is radicalizing the intelligence community. More and more, those who stay want more surveillance.

In my own experience, the intelligence community is full of pro-EFF moderates. More than anybody, those inside the community can see the potential for abuse. For all that mass surveillance is unacceptable, the reality is that it's not really being abused. It really is just focused on catching evil terrorists, not on tracking political activists in America. All this power is in the hands of people who use the power as intended.

A mass exodus of moderates, though, will change this, creating a more secretive and more abusive organization. The NSA is nowhere near Continue reading

Windows 10 update didn’t remove spying utility, Microsoft just renamed it

One of the services at the heart of Windows 10's user information gathering (otherwise known as spying) that many thought was removed in the latest update to the operating system is, in fact, still there, doing what it always did.The Diagnostics Tracking Service, aka DiagTrack, was one of the main culprits in telemetry and other user activity gathering in Windows 10. It has been identified as a keylogger, although some people dispute that. Given the concerns around spying in Windows 10, just the accusation is damaging enough.See also: Windows 10 update deep dive: Big changes, minor tweaks, and common problems With the release of Build 10586, or Threshold 2, DiagTrack disappeared and there was much rejoicing. However, the white hat hackers at Tweakhound (and confirmed by BetaNews) have discovered that Microsoft merely renamed it to the Connected User Experiences and Telemetry service, which throws people off, along with all the utilities to turn off these services, like DoNotSpy10.To read this article in full or to leave a comment, please click here

1 3,084 3,085 3,086 3,087 3,088 3,695