Source code for powerful Android banking malware is leaked

The source code for a powerful Android malware program that steals online banking credentials has been leaked, according to researchers with IBM.The malware family is known by several names, including GM Bot, Slempo, Bankosy, Acecard, Slempo and MazarBot. GM Bot has been sold on underground hacking forums for around US$500. But it appears someone who bought the code then leaked it on a forum in December, perhaps to increase his standing, wrote Limor Kessem, a cybersecurity analyst with IBM Trusteer.The person included an encrypted archive file containing the source code of GM Bot, according to Kessem.To read this article in full or to leave a comment, please click here

CloudFlare DDoS Mitigation Pipeline

The Usenix Enigma 2016 talk from Marek Majkowski describes CloudFlare's automated DDoS mitigation solution. CloudFlare provides reverse proxy services for millions of web sites and their customers are frequently targets of DDoS attacks. The talk is well worth watching in its entirety to learn about their experiences.

Network switches stream standard sFlow data to CloudFlare's "Gatebot" Reactive Automation component, which analyzes the data to identify attack vectors. Berkeley Packet Filter (BPF) rules are constructed to target specific attacks and apply customer specific mitigation policies. The rules are automatically installed in iptables firewalls on the CloudFlare servers.

The chart shows that over a three month period CloudFlare's mitigation system handled between 30 and 300 attacks per day.

Attack volumes mitigated regularly hit 100 million packers per second and reach peaks of over 150 million packets per second. These large attacks can cause significant damage and automated mitigation is critical to reducing their impact.

Elements of the CloudFlare solution are readily accessible to anyone interested in building DDoS mitigation solutions. Industry standard sFlow instrumentation is widely supported by switch vendors. Download sFlow-RT analytics software and combine real-time DDoS detection with business policies to automate mitigation actions. A number of DDoS mitigation examples are Continue reading

Nokia & Alcatel-Lucent Get Down to Business (While Acquiring Nakina, Too)

Kicking off Mobile World Congress with the state of the new Nokia.

Attackers hack Linux Mint website to add ISO with backdoor

“I’m sorry I have to come with bad news,” wrote Clement Lefebvre, head of the Linux Mint project, before announcing Linux Mint suffered an intrusion; on February 20, “hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.”It’s not all Linux Mint, ranked by DistroWatch as the most popular Linux distribution for the last year, that were affected, but only the ISO for Linux Mint 17.3 Cinnamon edition downloaded from the site on Saturday. Lefebvre noted that other ISO releases downloaded from the site on Feb. 20 as well as the Cinnamon edition ISOs downloaded via torrents or a direct HTTP link should not be affected.To read this article in full or to leave a comment, please click here

Cisco Live 2016 Europe

Hi CLEUR! This year, for the fourth year in a row, I’ve attended Cisco Live Europe. I’ve earned the “Netvet” status, that means my name was on the wall before the keynote, ain’t that great? ;-) Aesthetics apart, this year’s event was the biggest I’ve attended so far, twelve thousands people in a huge venue […]

SDxCentral News Roundup: Container World 2016

Progress in Linux containers from the likes of Avi, Mesosphere, and PLUMgrid.

Docker on Raspberry Pi

I recently purchased Raspberry Pi 2 modelB and I wanted to use it to try out some home IoT projects. I wanted to combine Docker with Raspberry Pi so that I can develop IoT application using Containers. There is already lot of work ongoing to get Docker working on Raspberry Pi and I learnt that it is … Continue reading →

ContainerWorld2016 conference in review – Part I

One would think that attending a multi-day conference is sedentary, just meeting new people and lending your ear to speakers and watching presentations. On the contrary it isn't so. Its extremely tiring and by the end of the day you are completely drained out. In this sense, ContainerWorld2016 that took place last week (17th, 18th Feb) proved no different than other conferences and I ended quite exhausted at the end of the conference. Although exhausting, it was informative and it turned out to be more of a vendor neutral & community oriented conference compared to many others. Talk subjects varied from customer production deployment of containers to pain points of adopting the cloud native model. This multi-part post tries to summarize take-aways and interesting discussions that took place over the two days.

The conference was well received with participation from multiple vendors and customers such as RedHat, Canonical, Docker, Google, Yelp, CapitalOne, Paypal, eBay, Netflix, Veritas and Nordstrom to name a few. Right from day one keynote all the way to closing remarks on day two, customers and vendors alike reasoned the various advantages Continue reading

The top Wi-Fi pen testing tools in Kali Linux 2.0

Last August Offensive Security released Kali Linux 2.0, the Linux distro that’s pretty much everybody’s favorite penetration-testing toolkit (if it’s not your favorite, let me know what you prefer). This release was, to borrow a word from the kool kids, epic. Kali Linux 2.0 is based on Debian 8 (“Jessie”) which means that it’s now using the Linux 4.0 kernel which has a sizable list of changes. The biggest change in version 2.0 is arguably the addition of rolling releases which means that all of the latest versions of the included packages will be available as normal updates thus future point releases will really be snapshots rather than completely new builds. To read this article in full or to leave a comment, please click here

The Naming of Hosts

The Naming of Hosts

The Naming of Hosts is a difficult matter,
It isn’t just one of your holiday games;
You may think at first I’m as mad as a hatter
When I tell you, a host must have THREE DIFFERENT NAMES.

First of all, there’s the CNAME you want to use daily,
Such as nms, intranet, HR or games–
Such as payroll, or passwordchange, IT or training,
All of them sensible everyday names.

There are fancier names if you think they sound better,
Vendors and products that all sound the same,
Such as PeopleSoft, OpenView, Cisco, or NetApp–
But all of them sensible everyday names.

But I tell you, a host needs a name that’s unusual,
A name that’s peculiar, and more dignified,
Else how can it justify license renewals,
Or memory upgrades, or hybrid flash drives?

For names of this kind, I can give you a standard,
Twelve bytes for location, and fifteen for app,
These names are the ones that are never remembered,
They’re cryptic, unreadable, frustrating crap.

But above and beyond there’s still one name left over,
And that is the name that you never will guess;
The name that no human research can discover–
But Continue reading

Response: Why You Shouldn’t Be Hosting Your DNS

Michelle Chubirka from Post Modern Security spent ten years as a sysadmin with a primary focus on managing a BIND DNS for a very large university in the US. With some regret, she says: This history makes what I’m about to recommend even more shocking. Outside of service providers, I no longer believe that organizations should […]

The post Response: Why You Shouldn’t Be Hosting Your DNS appeared first on EtherealMind.

SDxCentral Weekly News Roundup — February 19, 2016

NTT will run EPC in its network with NFV technology, starting in March.

Ansible Roles and Variables

While automation is great, we have to be careful not to recreate past problems. What I mean is that playbooks should be written in a generic fashion that can be applied to more than one host. If we’re writing playbooks that only work on one single host, we aren’t much further ahead than we were before.

Two of the key components of making playbooks reusable are Ansible variables and roles. Let’s try and define each of them individually and while showing some examples along the way.

Roles
Roles allow you to call a set of variables, tasks, and handlers by simply specifying a defined role. Roles require the use of a defined file structure in order to work. Per the Ansible documentation, that structure looks like this…

Roles are really just a way to split up your playbook into smaller reusable parts. For instance, let’s consider we added another host to our lab…

Now look at this playbook…

---
- hosts: linuxservers
  tasks:
    - name: Install Apache Web Server
      yum: name=httpd state=latest
      notify:
        - openport
        - startwebserver
  handlers:
    - name: openport
      service: name=httpd state=started
    - name: startwebserver
      firewalld: port=80/tcp permanent=true state=enabled immediate=yes

- hosts:  Continue reading

Docker Online Meetup #33: Docker Engine 1.10 Security Enhancements

Earlier today, Dr. Diogo Mónica, Security Lead here at Docker Inc., presented during a Docker Online Meetup that was all about the security enhancements in Docker Engine 1.10! Diogo discussed all of the big security features in Docker Engine 1.10 you’ve … Continued

On Demand Network Labs [FREE]

Way too often do we want to learn a new technology, but end up spending countless hours just getting the product, tool, or technology downloaded, installed, and at a point to begin using. This is unacceptable.

We need a platform that offers on-demand network infrastructure labs that makes it extremely easy to test and learn how to use network device APIs, how to write code against a network device, and how to use DevOps tool chains in the context of networking.

It’s true, this has all become easier with tools such as Virtual Box and Vagrant, but you can still spend the same amount of time getting the underlying infrastructure setup as you spend on the actual tests you need to perform. In that model, you also need to be able have enough horsepower to run enough virtual machines as well, which often isn’t the case. On top of that, many Enterprises don’t allow tools such as these to be installed.

On Demand Network Labs

What I am proposing and getting ready to launch is a cloud based platform that allows you to launch pre-built network topologies in minutes. Upon launch, they are ready to be used, automated, and managed Continue reading

On Demand Network Labs [FREE]

It’s true, this has all become easier with tools such as Virtual Box and Vagrant, but you can still spend the same amount of time getting the underlying infrastructure setup as you spend on the actual tests you need to perform. In that model, you also need to be able have enough horsepower to run enough virtual machines as well, which often isn’t the case. On top of that, many Enterprises don’t allow tools such as these to be installed.

On Demand Network Labs

About McAfee’s claim he could unlock iPhone

So John McAfee has claimed he could unlock the terrorist's iPhone. Is there any truth to this?

http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2

No, of course this is bogus. If McAfee could do it, then he's already have done it.

In other words, if it were possible, he'd just say "we've unlocked an iPhone 5c running iOS 9 by exploiting {LTE baseband, USB stack, WiFi stack, etc.}, and we can therefore do the same thing for the terrorist's phone". Otherwise, it's just bluster, because everyone knows the FBI won't let McAfee near the phone in question without proof he could actually accomplish the task.

There's a lot of bluster in the hacking community like this. There is a big difference between those who have done, and those who claim they could do.

I suggest LTE baseband, USB stack, and WiFi stack because that's how I'd attack the phone. WiFi these days is pretty well tested, so that's the least likely, but LTE and USB should be wide open. I wouldn't do anything to help the FBI, though. The corrupt FBI goes around threatening security-researchers like me, trampling on our rights, so they've burned a lot of bridges with precisely the people Continue reading

Tips for migrating applications to Software Defined Networks

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.Software Defined Networking (SDN) is one of the hottest trends in security and networking right now. Many enterprises are considering moving to virtualized networks such as VMware NSX as part of an overall shift from relatively inflexible hardware-based architectures to nimbler, faster, more scalable virtualized deployments.But as with any migration project, careful planning and management is required. Here we look at the steps involved in an SDN migration and what you need to consider at each stage.To read this article in full or to leave a comment, please click here

Web Gateways Need Backstops

New report emphasizes the importance of layered defense.

How a Security Obsession Made CoreOS a Linux Container Player

It's not about containers or Docker. CoreOS claims a bigger mission.

« Previous 1 … 3,130 3,131 3,132 3,133 3,134 … 3,841 Next »