Hyatt hackers hit payment processing systems, scooped cards used at 250 locations

Hackers managed to compromise payment cards used at 250 Hyatt Hotels locations in around 50 countries after infecting the company's payment processing systems with malware.Hyatt announced the data breach back in December and launched an investigation. On Thursday, it published the full list of affected locations and the time interval during which the payment cards were exposed: Aug 13. to Dec. 8.Most of the potentially compromised cards were used at restaurants in the affected locations, but a small percentage were used at spas, golf shops, parking systems, front desks and sales offices.To read this article in full or to leave a comment, please click here

Cisco launches tool to uncover shadow IT in the enterprise

"You can't manage what you can't see" is a popular saying in the network industry. Historically, it's been used for traditional network management, with the thought being that one can't fix a problem on the network without having visibility into the applications, traffic flows, and infrastructure. Recently, though, the meaning of that phrase has changed as "shadow IT" has become increasingly popular. Shadow IT is when lines of business or individual users purchase their own cloud services without any involvement in IT. The problem today is very real. An interesting data point to support this comes from a ZK Research report that showed that 96% of organizations claim to be running cloud applications that are not sanctioned by IT (disclosure: I am an employee of ZK Research).To read this article in full or to leave a comment, please click here

OpenSSH patches information leak that could expose private SSH keys

If you're connecting to servers over the secure shell (SSH) protocol using an OpenSSH client, you should update it immediately. The latest version patches a flaw that could allow rogue or compromised servers to read users' private authentication keys.The vulnerability stems from an experimental feature known as roaming that allows SSH connections to be resumed. This feature has been enabled by default in OpenSSH clients since version 5.4, released in March 2010, but is not present in the OpenSSH server implementation. As a result only clients are affected.The vulnerability allows a server to read information from a connecting client's memory, including its private keys. It has been fixed in OpenSSH 7.1p2, released Thursday.To read this article in full or to leave a comment, please click here

Automating VMware NSX Security Rules Creation using Splunk and Some Code

The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll demonstrate one example of automation around security policies/rules that can be done with NSX.

VMware NSX allows for micro-segmentation with a distributed firewall service (DFW). The DFW is a kernel-level module and allows for enhanced segmentation and security across a virtualized environment. One of the common questions we get asked is, “how do I decide what rules to build?” NSX allows for multiple options to create rules such as the use of NSX flow-monitoring or analyzing traffic patterns via logging to create the rules.

We’ll demonstrate how the VMware NSX DFW can be monitored with the popular Splunk platform. Further, we’ll demonstrate, along with using Splunk for monitoring traffic passing through the DFW, how the NSX REST API can be leveraged to automate workflows and creation of DFW rules. Continue reading

Researcher finds fault in Apple’s Gatekeeper patch

Apple hasn't completely fixed a weakness in Gatekeeper, its security technology that blocks harmful applications from being installed. Patrick Wardle, director of research with the company Synack, said in an interview he reverse-engineered a patch Apple released in October and found it wasn't quite the fix he expected. Wardle found he could still bypass Gatekeeper and install malware. He's going public with his latest findings on Sunday at the Shmoocon security conference, which starts Friday in Washington, D.C. To read this article in full or to leave a comment, please click here

Google Go upgrade fixes bug that could leak RSA private key

Google has released an upgrade to Go 1.5.3 to fix a security issue with the math/big package for implementing multiprecision arithmetic. Go programs must be recompiled with this version to receive the fix."This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls," a golang-dev post in Google Groups says. "TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way." Incorrect results in one part of the RSA Chinese Remainder computation can lead to the wrong outcome down the line such that it leaks a prime number.To read this article in full or to leave a comment, please click here

IBM to tackle fraud with Iris Analytics

IBM is going to apply machine learning to fraud busting with Iris Analytics.While that makes it sound as though it will be using Watson AI systems to identify fraudsters by gazing deep into their eyes, this is really about its acquisition of a German software firm called Iris Analytics.Iris monitors banking transactions and uses machine learning to spot previously unknown patterns of fraudulent transactions in real time. The system can work alone or in conjunction with human analysts, according to IBM.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords With only one bank in six equipped with real-time fraud detection systems, and even those taking a month or more to learn to stop new attacks once they are identified, IBM sees a big market for integrating systems like that of Iris with its existing antifraud products.To read this article in full or to leave a comment, please click here

CCIE Lab Builder Review

The Cisco CCIE Lab Builder allows you to run your R&S topologies in the actual CCIE Routing & Switching virtual environment. To access the CCIE Lab Builder you purchase a subscription package from Cisco of either a 100 or 500 hour subscription. 100-Hour, Six-Month Subscription $300 – $3 per hour 500-Hour, 12-Month Subscription – $1000 – $2 […]

The post CCIE Lab Builder Review appeared first on Roger Perkin - Networking Articles.

Why Should You Place Less Emphasis on MPLS Traffic Engineering

If I input MPLS traffic engineering on any search engines, I will find about 100 articles on the internet providing the same explanations about MPLS traffic engineering. But unfortunately, nobody ask these questions: do I really need it? What are the reasons behind the implementation of MPLS Traffic Engineering? Would it worth the time and energy […]

The post Why Should You Place Less Emphasis on MPLS Traffic Engineering appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

WHY YOU SHOULD PLACE LESS EMPHASIS ON MPLS TRAFFIC ENGINEERING

If I input MPLS traffic engineering on any search engines, I will find about 100 articles on the internet providing the same explanations about MPLS traffic engineering. But unfortunately, nobody ask these questions: do I really need it? What are the reasons behind the implementation of MPLS Traffic Engineering? Would it worth the time and energy […]

The post WHY YOU SHOULD PLACE LESS EMPHASIS ON MPLS TRAFFIC ENGINEERING appeared first on Orhanergun.

Hackathon and New Way of Hiring

I’ve been very busy the past 6 months. I was juggling between my work at Cisco, my personal activities in Indonesia, SDN warriors group, my MBA final semester, traveling, my SDN & NFV skill transformation, family issues, and all other tasks. I don’t believe in multi-tasking, so what I did was actually task-switching. Make priority list of all the tasks, keep switching from one task to another, re-prioritize the list, continue switching and so on. And unfortunately updating this blog was never the top priority in the list.


Anyway, during August 2015 I was leading my team to host SDN Hackathon event in Jakarta, Indonesia. It was 3-day event, started with 8-hour SDN Workshop to explain the technology from the architecture, SDN & NFV use cases in real world, up to the discussion about the skills we must develop to become Network Programmability Engineer and Network DevOps. The Hackathon happened after the workshop where we challenge group of students for 30 hours straight to develop SDN solution ground-up, from setting up physical network infrastructure, virtual infrastructure, all the way to workflow automation to provision network services using Web User Interface.


I won’t talk in detail about the event. It’s been Continue reading

Modifying Packet Captures with tcprewrite

Recently I wanted to look at the structure of sFlow packets. Of course I can read the specs, but it’s often easier to look at some real packets. So I set up a simple network, configured sFlow, created some traffic across the network, and used tcpdump to capture the sFlow packets.

Unfortunately I had a bit of a brain fade, and configured sFlow to use port 2055, not port 6343. So it looked like this:

vagrant@ubuntu:~$ tcpdump -r sflow.cap
reading from file sflow.cap, link-type EN10MB (Ethernet)
13:48:37.812602 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:48:57.813663 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:48:59.061629 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 232
13:49:17.806908 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:49:37.804433 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:49:57.806000 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:50:17.808959 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP,  Continue reading

Technology Short Take #59

Welcome to Technology Short Take #59, the first Technology Short Take of 2016. As we start a new year, here’s a collection of links and articles from around the web. Here’s hoping you find something useful to you!

Networking

  • Nir Yechiel posted an article on using the Cumulus VX QCOW2 image with Fedora and KVM. Cumulus VX, if you aren’t aware, is a community-supported virtual appliance version of Cumulus Linux aimed at helping folks preview and test “full-blown” Cumulus Linux (which, of course, requires compatible hardware).
  • NAPALM (Network Automation and Programmability Layer with Multivendor support) looks like a really cool tool. I haven’t yet had the opportunity to work with it, but it is definitely something I’d like to explore in more detail. Here’s an article on an effort to add Cisco IOS support to NAPALM. Gabriele (the author of that post) also has a nice article on some resources to get you started with network automation.
  • Using Python and Netmiko for network automation is the topic of this post by Colin McAlister. This is a good introductory post, and one that I plan to leverage as I dive deeper into these tools.
  • Kuryr (the OpenStack project to allow Docker Continue reading