After Juniper security mess, Cisco searches own gear for backdoors

While it says it has no reason to think there are backdoors in any of its products, Cisco has started an additional code review looking for “malicious modifications” after Juniper’s announcement that its ScreenOS operating system has been vulnerable for years. Anthony Greico “Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience,” according to the Cisco Security blog written by Anthony Grieco, senior director of the company’s Security and Trust Organization. The company says it will release its findings in accordance with its security vulnerability policy.To read this article in full or to leave a comment, please click here

Python script to generate RADIUS users

Just for future reference, I wrote this quick script using python to generate RADIUS users in the Freeradius /etc/raddb/users file.  Makes light work of what I used to do rather painfully in Excel:

 

__author__ = 'amulheirn'

# Create lots of radius users for /etc/raddb/users file

interface = 'ge-0/2/0'        # Local source interface
ipaddr = '89.20.80.'          # First three octets of IP addr
startuser = 1                 # Start of the user range
enduser   = 20                # End of the user

for i in range (startuser, enduser):
    print 'user%[email protected]     Cleartext-Password := "password"' % (i)
    print '                        Service-Type := "Framed-User",'
    print '                        Framed-Protocol := "PPP",'
    print '                        Framed-IP-Address := "%s%d",' % (ipaddr, i)
    print '                        Context-Name := "tuk_llu",'

    
print "======[END]====="

What’s in a Name?

What’s the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet’s Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names while the other two cannot be delegated. It seems that Internet no longer has a single coherent name space, but has developed a number of silent and unsignalled fracture lines, and instead of being administered by a single administrative body there are a number of folk who appear to want to have a hand on the tiller! How have we managed to get ourselves into this somewhat uncomfortable position?

Process images for your blog with ImageMagick

When writing a blog post about a technical topic, I often capture a lot of screen shots that I need to edit before adding them to my blog article. Usually I want to add a border around each image and I sometimes want to reduce the size of images that are too large. I want to do this quickly and easily so I use ImageMagick, an open-source command line image editor.

It takes too long to edit a large number of images one by one in an image editor like Photoshop or Gimp. Using ImageMagick makes it easy to batch process all images in a folder by entering a simple command. You may also incorporate ImageMagick into shell scripts, batch files, or other programs to automate the preparation of images for your blog.

ImageMagick is a powerful image manipulation tool with an intimidating set of options and subcommands. However, most bloggers will use only a few simple options. In this post, I will show how to install and use ImageMagick to perform the simple image conversions bloggers typically need. I will show how this can be done on each of the major operating systems: Linux, Windows, and Mac OS X.

Continue reading

Attackers are hunting for tampered Juniper firewalls

An experiment by a cybersecurity research center shows attackers are trying to find Juniper firewalls that haven't been patched to remove unauthorized spying code.The SANS Internet Storm Center set up a honeypot -- a term for a computer designed to lure attackers in order to study their techniques -- that mimicked a vulnerable Juniper firewall.The honeypot was configured so that it appeared to run ScreenOS, the operating system of the affected Juniper firewalls, wrote Johannes Ullrich, CTO of the Internet Storm Center, on Monday in a blog post.To read this article in full or to leave a comment, please click here

Cisco launches code review after Juniper’s spyware disclosure

Cisco Systems has launched an internal code review following Juniper's disclosure last week of unauthorized spying code found in its enterprise firewall products.So far, "we have no indication of unauthorized code in our products," wrote Anthony Grieco, senior director of Cisco's Security and Trust Organization, in a blog post Monday.The code review was initiated by Cisco and not the result of contact by law enforcement, Grieco wrote.Juniper said on Thursday an internal audit uncovered code that could allow secret remote access and also compromise encrypted VPN connections. The code was found in some versions of an operating system called ScreenOS that powers firewall devices.To read this article in full or to leave a comment, please click here

Salesforce backs new wind farm in 12-year renewable-energy deal

A few months ago Salesforce committed to a goal of eventually powering its global operations entirely with renewable energy, and on Monday it took a key step in that direction by signing a 12-year agreement to back a brand-new wind farm in West Virginia.The farm is expected to become operational in December 2016. Once it does, the electricity generated under the agreement is expected to be 125,000 megawatt hours annually, which is more than Salesforce used in its data centers during all of fiscal year 2015.It's also equivalent to about 90 percent of its total electricity use over that time period, putting Salesforce well on the way toward that 100 percent goal.To read this article in full or to leave a comment, please click here

Battle over LTE in Wi-Fi bands may soon be resolved

The fight over LTE networks using the same frequencies as Wi-Fi may be headed toward a peaceful resolution at last.Powerhouses of the wireless world that have clashed over LTE in unlicensed spectrum are now committed to creating tests for whether these new types of networks can coexist with Wi-Fi. Those tests may be ready to go in February.Powerful mobile vendors including Qualcomm and Ericsson are pushing gear that would let carriers put LTE signals on unlicensed channels now used by Wi-Fi. Carriers including Verizon Wireless, T-Mobile USA and SK Telecom want to use those technologies, which would give already licensed operators a way to boost network speed without buying more frequencies.To read this article in full or to leave a comment, please click here

Cloud, virtualization take toll on data centers

The data center is transforming -- modernizing to meet business demand as technologies such as software-defined architecture, cloud and virtualization take hold. This modernization is also being driven by CIOs and IT executives taking a hard look at their computing needs and asking whether they want to own and/or operate data centers any longer, industry experts say.Managing the transitionTo read this article in full or to leave a comment, please click here(Insider Story)

U.S. still No. 1 for unsecured security cameras: Creepy site linked to over 5,700 in U.S.

In November 2014, access to the video streams of 73,011 unsecured security cameras were available on a site that provided a Peeping Tom paradise for voyeurs and creepers. At that time, there were 11,046 unsecured security cameras in the U.S. Now there is roughly half that amount, but the U.S. is still number one by having more insecure security cameras than any other nation in the world.On December 17, there were 4,104 unsecured security cameras located in the United States that were listed as part of the Insecam project, which claims to have “the world’s biggest directory of online surveillance security cameras.” With six cameras per page, that was equal to 684 pages which I viewed while counting the brand of network video cameras available online, because each of those U.S. cameras did not have a unique password to protect it. That took between five and six hours, including the time to grab some screenshots as well; during that time, the number of unsecured cameras in the U.S. fluctuated wildly and dropped to barely 4,000 before going back up to cover 684 pages again. The most common unsecured cameras in the U.S. Continue reading

Juniper NetScreen firewall should be patched now

The Internet Storm Center has upgraded its warning about the corruption of Juniper ScreenOS firewalls to yellow, which means it’s imperative to patch them today, literally, given that details on how to exploit the flaws has been published and that it’s a holiday week when applying firewall patches can be easily overlooked. According to the ISC warning, the upgraded yellow warning was made because Juniper’s NetScreen firewalls are popular and that the “'backdoor’ password is now known, and exploitation is trivial at this point,” and for most businesses, this “being a short week for many of us, addressing this issue today is critical.”To read this article in full or to leave a comment, please click here