Black Hat 2015: Cracking just about anything

Researchers at the Black Hat 2015 conference next week will show how to crack Internet routing protocols, malware-detecting honeypots, radio-frequency ID gear that gates building access, and more, but also offer tips on how to avoid becoming victims to their new attacks.A pair of researchers will release a hardware device that exploits weaknesses in RFID access controls and show how to use it to break into buildings. The device exploits the communication protocol used by most access-control systems, according to the team, Eric Evenchick, a freelance developer, and Mark Baseggio, a security consultant for Accuvant.+ ALSO ON NETWORK WORLD: The Black Hat Quiz 2014 +To read this article in full or to leave a comment, please click here

Ad group urges FTC to reject right to be forgotten in US

The U.S. Federal Trade Commission should reject a privacy group’s push to extend the E.U.’s controversial right to be forgotten rules to the U.S. because such regulations would have a “sweeping” negative effect on many U.S. companies, a trade group said.The FTC should dismiss a July 7 complaint from Consumer Watchdog against Google, the Association of National Advertisers [ANA] said Friday, because the privacy group’s request that Google and other Internet firms enforce the right to be forgotten could open the door to more European privacy regulations in the U.S.To read this article in full or to leave a comment, please click here

Ad group urges FTC to reject right to be forgotten in US

The U.S. Federal Trade Commission should reject a privacy group’s push to extend the E.U.’s controversial right to be forgotten rules to the U.S. because such regulations would have a “sweeping” negative effect on many U.S. companies, a trade group said.The FTC should dismiss a July 7 complaint from Consumer Watchdog against Google, the Association of National Advertisers [ANA] said Friday, because the privacy group’s request that Google and other Internet firms enforce the right to be forgotten could open the door to more European privacy regulations in the U.S.To read this article in full or to leave a comment, please click here

QoS Terminology – Comparing Cisco to MEF and RFC Terminology

Have you every thought that you knew a topic pretty well but then someone uses terminology that you aren’t used to? People that use Cisco a lot or live outside the MEF world use another terminology than people that are working on MEF certified networks. Even if we both know the concepts, if we don’t speak a common language it will be difficult to communicate and to the the right end result.

When I took the CCDE written at Cisco Live, some of the QoS related material felt a bit off to me. I feel quite confident with QoS so this took me by surprise. My theory is that some of the material was written by someone coming from another background and uses some wording that just felt a bit off to me. I thought that I would read through some of the MEF material to broaden my QoS horizon and see what other terms are being used. At the very least I will have learned something new.

If we start with the basics, we have flows in our networks and these flows have different needs regarding delay, jitter and packet loss. I will write different terms and I will Continue reading

Why does SQL injection still exist?

After having spent the last two weeks in Asia I find myself sitting in a hotel room in Tokyo pondering something. I delivered a few talks in Singapore and in Manila and was struck by the fact that we’re still talking about SQL injection as a problem.So, what is SQL injection you might ask. This is a method to attack web applications that have a data repository. The attacker would send a specially crafted SQL, or structured query language, statement that is designed to cause some malicious action. These statements are successful too often as many web applications do not sanitize their inputs.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers The OWASP Top Ten is a collection of vulnerabilities that are of particular note. The problem that jumps out at me is that SQL injection has been on this list for the better part of a decade. Why does this continue to be the case? Well, there are contributing factors to be certain. One of which is the time to market issue which will most likely never be dealt with from a security perspective.To read this article in full or Continue reading

Hacker steals Bitdefender customer log-in credentials, attempts blackmail

A hacker extracted customer log-in credentials from a server owned by Bitdefender that hosted the cloud-based management dashboards for its small and medium-size business clients.The antivirus firm confirmed the security breach, but said in an emailed statement that the attack affected less than 1 percent of its SMB customers, whose passwords have since been reset. Consumer and enterprise customers were not affected, the company said.The hacker, who uses the online alias DetoxRansome, first bragged about the breach on Twitter Saturday and later messaged Bitdefender threatening to release the company’s “customer base” unless he was paid US$15,000.To read this article in full or to leave a comment, please click here

Understanding Rowhammer

As I learned in my early days in electronics, every wire is an antenna. This means that a signal in any wire, given enough power, can be transmitted, and that same signal, in an adjacent wire, can be received (and potentially decoded) through electromagnetic induction (Rule 3 may apply). This is a major problem in the carrying of signals through a wire, a phenomenon known as cross talk. How do communications engineers overcome this? By observing that a signal carried along parallel wires at opposite polarities will cancel each other out electromagnetically. The figure below might help out, if you’re not familiar with this.

induction

This canceling effect of two waveforms traveling a pair of wires 180deg out of phase is why the twisted is in twisted pair, and why it’s so crucial not to unbundle too much wire when punching down a jack or connector. The more untwisted the wire there is, the less effective the canceling effect is around the punch down, and the more likely you are to have near end or far end crosstalk.

If you consider one row of memory in a chip one wire, and a second, adjacent row of memory in the Continue reading

FREE COURSE: Learn basic Cisco networking

In partnership with Pluralsight, Network World presents a free course on CCNA routing and VLANs. In this course, the student will learn the fundamental concepts of networking, and then immediately apply this knowledge to the configuration of a router and switch.To read this article in full or to leave a comment, please click here(Insider Story)

Your Docker Agenda for August

Excited for Docker Global Hack Day #3 and DockerCon 2015 Europe? Us too! As you wait for these bigger Docker events, you can participate in awesome Docker meetup events and attend other Docker talks and conferences happening globally. Below is your Docker agenda for … Continued

The Upload: Your tech news briefing for Friday, July 31

Facebook’s new Internet-access drone set to fly by year endAn unmanned aircraft called Aquila was the star of the show as Facebook on Thursday showed how it plans to provide Internet access to hundreds of millions of people in remote parts of the world. The plane should get a test flight later this year; its entire surface is covered with solar panels to enable it to stay up in the air for three months at a time, at an altitude between 60,000 and 90,000 feet. From there, it will use laser-based technology to receive an Internet connection and share it with users in a 50-kilometer radius.To read this article in full or to leave a comment, please click here

Lawmakers headed to Silicon Valley to push tech companies on diversity

Three U.S. lawmakers are traveling to Silicon Valley to push tech companies to offer opportunities for African-Americans, an area in which most of these companies have poor track records.Congressional Black Caucus (CBC) Chairman G. K. Butterfield and Representatives Barbara Lee and Hakeem Jeffries, all members of the CBC Diversity Task Force, will travel to Silicon Valley on Sunday to meet with executives at companies and organizations there, including Apple, Bloomberg, Google, Intel, Kapor, Pandora and SAP.“Our goal for this trip is to encourage and partner with these organizations to implement a diversity plan that will place more African-Americans in the tech pipeline,” Butterfield said in a statement Thursday. “This will potentially lead to a wide range of opportunities, from student internships to positions on the boards of tech companies.”To read this article in full or to leave a comment, please click here

Cisco’s pay package for CEO Robbins is a sweet deal

Cisco will pay incoming CEO Chuck Robbins a higher salary than outgoing chief John Chambers made in fiscal 2014.Robbins will make US$1.15 million in salary in fiscal 2016, which began this week, and he could earn another $2.59 million based on performance under Cisco’s Executive Incentive Plan. Add in as much as $13 million in stock grants, and Robbins could bring in more than $16.7 million for his first year at the helm.By contrast, Chambers got $1.1 million in salary and a smaller basic percentage bonus under the Executive Incentive Plan in fiscal 2014, according to the company’s proxy statement issued last September. Chambers was a 20-year veteran at the helm of the company and was also chairman of the board. He’s now stepped back to become executive chairman.To read this article in full or to leave a comment, please click here

Cisco’s pay package for CEO Robbins is a sweet deal

Cisco will pay incoming CEO Chuck Robbins a higher salary than outgoing chief John Chambers made in fiscal 2014.Robbins will make US$1.15 million in salary in fiscal 2016, which began this week, and he could earn another $2.59 million based on performance under Cisco’s Executive Incentive Plan. Add in as much as $13 million in stock grants, and Robbins could bring in more than $16.7 million for his first year at the helm.By contrast, Chambers got $1.1 million in salary and a smaller basic percentage bonus under the Executive Incentive Plan in fiscal 2014, according to the company’s proxy statement issued last September. Chambers was a 20-year veteran at the helm of the company and was also chairman of the board. He’s now stepped back to become executive chairman.To read this article in full or to leave a comment, please click here

Hacker shows he can locate, unlock and remote start GM vehicles

A security researcher has posted a video on YouTube demonstrating how a device he made can intercept wireless communications to locate, unlock and remotely start GM vehicles that use the OnStar RemoteLink mobile app. Samy Kamkar, who refers to himself as a hacker and whistleblower, posted the video today showing him using a device he calls OwnStar. The device, he said, intercepts communications between GM's OnStar RemoteLink mobile app and the OnStar cloud service. Samy Kamkar Hacker Samy Kamkar shows how after hacking the OnStar mobile app, he's able to use it to control a Chevy Volt.To read this article in full or to leave a comment, please click here

1 3,343 3,344 3,345 3,346 3,347 3,809