IRS: Tax breach much worse than originally thought

The cyberattack on U.S. taxpayer data reported by the Internal Revenue Service earlier this year now appears to be much worse than originally thought, the agency announced Monday, with as many as 300,000 citizens now believed to be potential victims.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords Whereas in May the IRS reported that sensitive information of about roughly 100,000 taxpayers had been stolen by thieves through its "Get Transcript" online application, its latest estimates more than double that number. It's now believed that the thieves potentially gained access to more than 300,000 taxpayer accounts after attempting to breach more than 600,000.To read this article in full or to leave a comment, please click here

10 more security startups to watch

The emergence of cybersecurity startups has continued unabated as entrepreneurs vie for corporate customers seeking new technologies to battle ever increasing and innovative attackers. The expertise of these new companies range from various improvements to encryption products to analyzing the wealth of security-incident data gathered from networks to gear that detects the potentially malicious wireless activity of Internet of Things devices.MORE ON NETWORK WORLD: 10 young security companies to watch in 2015 Based on the continued interest in these startups from venture capital investors, these companies will continue to proliferate. Here are 10 more security startups we are watching and why.To read this article in full or to leave a comment, please click here

Darkode vendor of Facebook malware pleads guilty to one charge

A New York man pleaded guilty Monday to one federal spam-related charge for selling access to a botnet of Facebook accounts on a now-shuttered cybercriminal forum.Eric L. Crocker, 29, of Binghamton, New York, could face up to three years in prison and a US$250,000 fine, according to the U.S. Attorney's Office for the Western District of Pennsylvania. He was charged with violating the CAN-SPAM Act, according to a court document.Crocker was accused of selling access to a botnet he and others built of compromised Facebook accounts, according to the indictment. His customers used the access to send high volumes of spam.To read this article in full or to leave a comment, please click here

Gaming services, hosting companies hit with new type of DDoS attack

Gaming and hosting companies have been hit with a new kind of DDoS attack that could snowball without preventive steps, Level 3 Communications warned on Monday. Attackers have figured out how to abuse portmap services that have been left openly accessible on the Internet, said Dale Drew, chief security officer for Level 3. "We think it has the potential to be very, very bad," Drew said. Portmap, also referred to as RPCbind, is an open-source utility for Unix systems but also is in Windows. It maps network port numbers to available services. For example, portmap might be used if someone wants to mount a Windows drive from a Unix file system. Portmap would tell Unix where the drive is located and the right port number.To read this article in full or to leave a comment, please click here

When a Port Channel Member Link Goes Down

Mohamed Anwar asked the following question on my post “4 Types of Port Channels and When They're Used".

I need a clarification, where if a member link fails, what will happen to the traffic already sent over that link ? Is there any mechanism to notify the upper layer about the loss and ask it to resend ? How this link failure will be handled for data traffic and control traffic ?

— Mohamed Anwar

I think his questions are really important because he hits on two really key aspects of a failure event: what happens in the data plane and what happens in the control plane.

A network designer needs to bear both of these aspects in mind as part of their design. Overlooking either aspect will almost always open the network up to additional risk.

I think it's well understood that port channels add resiliency in the data plane (I cover some of that in the previous article). What may not be well understood is that port channels also contribute to a stable control plane! I'll talk about that below. I'll also address Mohamed's question about what happens to traffic on the failed link.

Drive a dumb car but buy Tesla stocks?

It would be a heck of time to be shopping for a new set of wheels. The theme of digitally beating up cars continued by two teams of security researchers at the 24th USENIX Security Symposium.After two years of having their research suppressed by Volkswagen and a UK court, Flavio Garcia, Roel Verdult and Baris Ege were finally able to present their research (pdf) at USENIX. The researcher paper details “how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by malicious hackers looking to steal luxury vehicles.”To read this article in full or to leave a comment, please click here

Path MTU Discovery with DMVPN Tunnels

Ivan Pepelnjak's excellent article on IP fragmentation from 2008 is very thorough, but it doesn't cover the functionality of Cisco's tunnel path-mtu-discovery feature when applied to mGRE (DMVPN) interfaces.

I played with it a bit, and was delighted to discover that the dynamic tunnel MTU mechanism operates on a per-NBMA neighbor basis, much the same as ip pim nbma-mode on the same interface type. Both features do all the right things, just like you'd hope they would.

Here's the topology I'm using:
Constrained MTU in path between R1 and R4


The DMVPN tunnel interface on R1 is configured with a 1400-byte MTU. With GRE headers, it will generate packets that can't reach R4. It's also configured with tunnel MTU discovery.
 interface Tunnel0  
  ip address 192.168.1.1 255.255.255.0  
  no ip redirects  
  ip mtu 1400  
  ip pim sparse-mode  
  ip nhrp map multicast dynamic  
  ip nhrp network-id 1  
  tunnel source FastEthernet0/0  
  tunnel mode gre multipoint  
  tunnel path-mtu-discovery  
  tunnel vrf TRANSIT  
 end

The two spokes are online with NBMA interfaces (tunnel source) using 10.x addressing. Both routers have their NBMA interfaces configured with 1500 byte MTU, and their tunnel MTU set at 1400 bytes:
 R1#show dmvpn  
 Legend:  Continue reading

BitTorrent programs can be abused to amplify distributed denial-of-service attacks

BitTorrent applications used by hundreds of millions of users around the world could be tricked into participating in distributed denial-of-service (DDoS) attacks, amplifying the malicious traffic generated by attackers by up to 50 times.DDoS reflection is a technique that uses IP (Internet Protocol) address spoofing to trick a service to send responses to a third-party computer instead of the original sender. It can be used to hide the source of malicious traffic.The technique can typically be used against services that communicate over the User Datagram Protocol (UDP), because unlike the Transmission Control Protocol (TCP), UDP does not perform handshakes and therefore source IP address validation. This means an attacker can send a UDP packet with a forged header that specifies someone else’s IP address as the source, causing the service to send the response to that address.To read this article in full or to leave a comment, please click here

Send attackers on a wild goose chase with deception technologies

Midsized companies with revenues from $100 million to $1 billion spent an average of $3 million on information security as of 2014 per “The Global State of Information Security Survey 2015” from PwC.“I promise you, bad guys are not spending $3 million to break into your organization,” says Allen Harper, chief hacker, Tangible Security. Still information burglars are getting through.And since 92 percent of IT and security professionals surveyed globally use signature-based antivirus software on their servers, despite AV’s inability to stop advanced threats and targeted attacks, according to Bit9’s 2013 Server Security Survey, exploits such as zero-days, which have no signatures give attackers the upper hand.To read this article in full or to leave a comment, please click here

DOJ calls for encryption balance that includes law enforcement needs

It’s possible for companies to design their encryption systems to allow law enforcement agencies to access customer data with court-ordered warrants while still offering solid security, U.S. Department of Justice officials said.When DOJ and FBI officials raised recent concerns over end-to-end encryption on Android and iOS mobile phones, some security experts suggested it was difficult or unsafe to build in provider access to encrypted consumer data. But many companies already offer encryption while retaining some access to user information, two senior DOJ officials said Wednesday.To read this article in full or to leave a comment, please click here

Docker Toolbox

Docker Toolbox simplifies the creation of Docker environment for Windows and Mac. This deprecates boot2docker. Following components are included in Docker Toolbox. Docker Client Docker Machine Docker Compose (Mac only) Docker Kitematic VirtualBox I recently tried out Docker Toolbox. I had few issues to get it working and after some hiccups, I was able to … Continue reading Docker Toolbox

Docker Toolbox

Docker Toolbox simplifies the creation of Docker environment for Windows and Mac. This deprecates boot2docker. Following components are included in Docker Toolbox. Docker Client Docker Machine Docker Compose (Mac only) Docker Kitematic VirtualBox I recently tried out Docker Toolbox. I had few issues to get it working and after some hiccups, I was able to … Continue reading Docker Toolbox

Espionage, Spying and Big Corporate Data, These Are a Few of China’s Favorite Things

ASERT provides a weekly threat bulletin for Arbor customers that highlights and analyzes the week’s top security events and provides other pertinent infosec material. Recently, we covered the public notification of a United Airlines breach by possible Chinese state-sponsored threat actors. In this blog, we offer an alternative hypothesis to the conclusions many have drawn regarding the motivation behind this and other recent attacks.

The Compromises

For those keeping score, the United States Office of Personnel Management (OPM), Anthem, Premera, and Carefirst Blue Cross all reported large data breaches, seemingly perpetrated by the same possible Chinese state-sponsored threat actors [1]. Research into the OPM breach provided information leading investigators to believe the same group of threat actors also compromised additional companies [2]. These investigators released IOC’s that United Airlines used to detect their own data breach in late May/early June of 2015. The data stolen reportedly included passenger manifests containing travel information and basic demographics about travelers. Additionally, according to Bloomberg, one of the individuals familiar with the case indicated information regarding United’s corporate merger and acquisition strategy was also possibly compromised.

Considering the context discussed so far, let’s highlight the current train of thought amongst many in the security Continue reading

Ensuring the web is for everyone

This is the text of an internal email I sent at CloudFlare that we thought worth sharing more widely. I annotated it a bit with links that weren't in the original.

"Tim Berners-Lee- Mosaic by Sue Edkins at Sheen Lane Centre" by Robert Smith - Own work. Licensed under CC BY-SA 4.0 via Commons

Subject: Days of future past

Folks,

One of the exciting things about working at CloudFlare is our continual push to stay on top of what's new for our customers. We've pushed things like IPv6 and SPDY in the past; and we'll soon be giving the world DNSSEC and HTTP/2. In the world of SSL we've stayed on top of changes in recommended cipher suites and offer the latest signature algorithms SHA-2 to our customers.

But as we do this we must not forget the old protocols. Because we serve a truly global audience we serve everyone on the planet. It's easy inside a Silicon Valley bubble to think that everyone is on 1Gbps Internet connection with the latest version of Chrome on a new Mac, but the worldwide reality is far different.

We see every type of machine and browser out there. And Continue reading

How Autodesk Implemented Scalable Eventing over Mesos

This is a guest post by Olivier Paugam, SW Architect for the Autodesk Cloud. I really like this post because it shows how bits of infrastructure--Mesos, Kafka, RabbitMQ, Akka, Splunk, Librato, EC2--can be combined together to solve real problems. It's truly amazing how much can get done these days by a small team.

I was tasked a few months ago to come up with a central eventing system, something that would allow our various backends to communicate with each other. We are talking about activity streaming backends, rendering, data translation, BIM, identity, log reporting, analytics, etc.  So something really generic with varying load, usage patterns and scaling profile.  And oh, also something that our engineering teams could interface with easily.  Of course every piece of the system should be able to scale on its own.

I obviously didn't have time to write too much code and picked up Kafka as our storage core as it's stable, widely used and works okay (please note I'm not bound to using it and could switch over to something else).  Now I of course could not expose it directly and had to front-end it with some API. Without thinking much I also Continue reading

1 3,297 3,298 3,299 3,300 3,301 3,784