Amplifying Black Energy

Click here to download the full report. The Black Energy malware family has a long and storied history dating back to 2007. Originally a monolithic DDoS platform, significant advancements were made in 2010 including support for an extensible plugin architecture that allowed Black Energy 2 to more easily expand beyond DDoS into other activities such […]

Amplifying Black Energy

Click here to download the full report.

The Black Energy malware family has a long and storied history dating back to 2007. Originally a monolithic DDoS platform, significant advancements were made in 2010 including support for an extensible plugin architecture that allowed Black Energy 2 to more easily expand beyond DDoS into other activities such as info-stealing, web-based banking attacks, spamming, etc.

This report examines, in-depth, a new Black Energy 2 plugin (ntp.dll) that allows “BE2” botnets to launch true distributed NTP reflection/amplification attacks. This is significant for a couple of reasons:

  • To the best of our knowledge, this may represent one of the first C&C-controlled (not standalone) Windows bots to correctly and effectively implement an NTP-based reflection/amplification attack.
  • Reflection/amplification attacks are already responsible for generating the largest of DDoS attacks. Integrating this attack method into traditional Windows botnets could increase the impact of these attacks even further.

In detailing the relatively impressive technical implementation of this new BE2 DDoS attack plugin, this report provides some excellent general networking insights, an understanding of what it takes to really pull off a reflection/amplification attack on the Windows platform, and a somewhat humorous look at some prior attempts by other malware Continue reading

Leftover Training Budget? Let Me Help You

If you have some leftover training budget for 2015, there’s no better way to spend it than to invest it in a workgroup ipSpace.net subscription ;)

You can choose between two standard packages (6 or 21 users) which include online consulting sessions, or create your own customized package.

Finally, if you plan to buy one of the standard packages, hurry up – the Dec15 promotional code gives you 10% discount till the end of the year.

Avoiding an ISSUe on the Nexus 5000

The idea for this post came from someone I was working with recently. Thanks Fan (and Carson, and Shree) :-)

In Service Software Upgrade (ISSU) is a method of upgrading software on a switch without interrupting the flow of traffic through the switch. The conditions for successfully completing an ISSU are usually pretty strict and if you don't comply, the hitless upgrade can all of a sudden become impacting.

The conditions for ISSU on the Nexus 5000 are pretty well documented (cisco.com link) however, there are a couple bits of knowledge that are not. This post is a reminder of the ISSU conditions you need to comply with and a call out to the bits of information that aren't so well documented.

Joomla patches critical remote execution bug

The open-source project behind the widely used Joomla content management system has issued a patch for a vulnerability that is now being widely used by hackers.Sucuri, a company that specializes in securing websites, wrote on Monday that attackers have been trying exploit the flaw for the last two days.As of Monday, Sucuri said "the wave of attacks is even bigger, with basically every site and honeypot we have being attacked. That means that probably every other Joomla site out there is being targeted as well."The vulnerability, which affects Joomla versions 1.5 to 3.4.5, involves the user agent string, which is information transmitted by a browser to a Web server when a user visits a Web page.To read this article in full or to leave a comment, please click here

F5 Networks brings back retired CEO after successor resigns over “personal conduct”

F5 Networks, the Seattle-based application delivery networking company with an increasingly cloud-oriented focus, has announced that CEO and President Manuel Rivelo has resigned "for matters regarding personal conduct unrelated to the operations or financials of the Company."Or as F5 spins it in its press release headline on Monday: "F5 Networks Announces Appointment of Long-Time F5 Executive John McAdam as President and CEO."To read this article in full or to leave a comment, please click here

F5 Networks brings back retired exec after CEO resigns over “personal conduct”

F5 Networks, the Seattle-based application delivery networking company with an increasingly cloud-oriented focus, has announced that CEO and President Manuel Rivelo has resigned "for matters regarding personal conduct unrelated to the operations or financials of the Company."Or as F5 spins it in its press release headline on Monday: "F5 Networks Announces Appointment of Long-Time F5 Executive John McAdam as President and CEO."To read this article in full or to leave a comment, please click here

IDG Contributor Network: Small, community banks using machine learning to reduce fraud

It will come as no surprise to hear that fraud is an increasing problem across all financial institutions, but it is not only plaguing larger banks but also smaller financial institutions. Statistics show that charges of debit card fraud have grown over 400% in only three years.A case in point is Orrstown Bank, a community bank located in Pennsylvania and Maryland. Orrstown wanted a way of tackling fraud in an ongoing way, but within the context of their budget and technology constraints. Fraudulent credit card scammers have developed more abilities to work around the majority of safeguards that banks have in place.For Orrstown, analyzing the patterns of activity from transactions where a card is present used to be much simpler. Historically, the bank could either search for charges made outside of their region or rely on customers to flag fraudulent activity on their statements. However, identifying fraud today has become much more complex. For example, there has been an increasing number of cases where criminals are selling cards back into the local area from which they were stolen—thus making tracking by locality more difficult. As a result, Orrstown explored more advanced forms of data analysis that could do Continue reading

Cisco will need to tackle these high-tech issues in 2016

As it sets its sights on becoming the No. 1 IT company in the industry, Cisco will continue to face challenges and opportunities in virtually every IT market. Here’s an arbitrary list of 10 areas that will impact Cisco in 2016 as the company evolves to address emerging trends that are shaping the industry in the coming year and beyond.The antithesis of Cisco is disaggregation, taking off the shelf switching hardware and mixing and matching multivendor and open source operating systems to run it. It decouples the dependencies and integration of the hardware and software, which Cisco argues is an integration and total cost of ownership nightmare. But the big cloud companies are using it and eventually the enterprise, so Cisco will need to continue to address it by offering compelling consumption options in addition to competitive product. Perhaps uncoupling its own? (Read all Network World's predictions for next year.)To read this article in full or to leave a comment, please click here

Developer claims ‘PS4 officially jailbroken’

If you have a PS4 and want to run homebrew content, then you might be happy to know developer CTurt claimed, “PS4 is now officially jailbroken.”Over the weekend, CTurt took to Twitter to make the announcement. CTurt CTurt He did not use a jail vulnerability, he explained in a tweet. Instead, he used a FreeBSD kernel exploit.To read this article in full or to leave a comment, please click here

Google to revoke trust in a Symantec root certificate

Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate.The announcement comes after Symantec unveiled plans to retire the Class 3 Public Primary Certification Authority from public use. This is a widely trusted CA that it acquired along with Verisign's SSL business in 2010.In an alert, the company said that as of Dec. 1, it no longer was using the root certificate, which is trusted by default in most browsers and operating systems, to issue TLS/SSL or code signing certificates.To read this article in full or to leave a comment, please click here

Top 10 tech stories 2015: Transformation and transition

Cloud and mobile computing have created an imperative for the tech world: Change or fail. This year, legacy vendors like Dell, EMC and Microsoft all took major steps to reinvent themselves, sparking some of the biggest tech stories of the year. And all around us we've seen portents of big change at the intersection of tech and culture: self-driving cars, wearable technology, the use of drones for fun and profit. That's prompting increased attention on safety, privacy and public policy concerns as consumers and businesses alike figure out how to manage in this pervasively connected world. Here, not necessarily in order of importance, are the IDG News Service's picks for the top 10 tech stories of 2015.To read this article in full or to leave a comment, please click here

Top 10 tech stories 2015: Transformation and transition

Cloud and mobile computing have created an imperative for the tech world: Change or fail. This year, legacy vendors like Dell, EMC and Microsoft all took major steps to reinvent themselves, sparking some of the biggest tech stories of the year. And all around us we've seen portents of big change at the intersection of tech and culture: self-driving cars, wearable technology, the use of drones for fun and profit. That's prompting increased attention on safety, privacy and public policy concerns as consumers and businesses alike figure out how to manage in this pervasively connected world. Here, not necessarily in order of importance, are the IDG News Service's picks for the top 10 tech stories of 2015.To read this article in full or to leave a comment, please click here

Does AMP Counter an Existential Threat to Google?

When AMP (Accelerated Mobile Pages) was first announced it was right inline with Google’s long standing project to make the web faster. Nothing seemingly out of the ordinary.

Then I listened to a great interview on This Week in Google with Richard Gingras, Head of News at Google, that made it clear AMP is more than just another forward looking initiative from Google. Much more.

What is AMP? AMP is two things. AMP is a restricted subset of HTML designed to make the web fast on mobile devices. AMP is also a strategy to counter an existential threat to Google: the mobile web is in trouble and if the mobile web is in trouble then Google is in trouble.

In the interview Richard says (approximately):

The alternative [to a strong vibrant community around AMP] is devastating. We don’t want to see a decline in the viability of the mobile web. We don’t want to see poor experiences on the mobile web propel users into proprietary platforms.

This point, or something very like it, is repeated many times during the interview. With ad blocker usage on the rise there’s a palpable sense of urgency to do something. So Google stepped Continue reading

1 3,217 3,218 3,219 3,220 3,221 3,844