Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw

A sophisticated group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn’t been patched by Oracle.The zero-day exploit was recently observed by researchers from antivirus vendor Trend Micro in attacks against the armed forces of an unnamed NATO country and a U.S. defense organization. Those targets received spear-phishing emails that contained links to Web pages hosting the exploit.The cyberespionage group, known as APT28 and Pawn Storm, has been active since at least 2007. Some security vendors believe that it operates out of Russia and has ties to that country’s intelligence services.To read this article in full or to leave a comment, please click here

Huawei buys software networking tech from Irish Amartus

Chinese networking giant Huawei has bought the software-defined networking (SDN) division of Irish telecom software maker Amartus.Amartus’ senior team and product staff in Ireland will join Huawei, which sees the acquisition as a way to expand its investment in research and development in Ireland and Europe, it said in a news release.The part of privately held Amartus that remains unsold will continue serving current customers and will focus on providing telecom software development, integration expertise and services to vendors and service providers.Amartus’s main product is Chameleon SDS, which it describes as a “service orchestration platform” for cloud and network services. It allows telecom operators to control networks virtually and automate the delivery of network services.To read this article in full or to leave a comment, please click here

IoT analytics brings new levels of innovation to new product development

Worth Reading: Crypto Wars

By setting up a system in which it can access a backdoor, the government turns itself into a huge target for foreign governments and other malicious actors. Backdoors would be concerning enough from a civil-liberties perspective if they truly were limited to lawful use by the government. But the government’s own security vulnerabilities, laid bare by years of cyberattacks and leaks, show that even a well-intentioned FBI couldn’t prevent a backdoor from being exploited.

The post Worth Reading: Crypto Wars appeared first on 'net work.

How OPM data breach could have been prevented

The recently disclosed data breach at the U.S. government's Office of Personnel Management follows a long history of lax security at the agency, according to the inspector general's office.In testimony before a joint House subcommittee hearing, Michael Esser, OPM's assistant inspector general for audits, told lawmakers that the agency's "long history of systemic failures to properly manage its IT infrastructure" may have invited a pair of related hacking incidents that compromised more than 21 million current and former government employees' personal information.[ Related: The OPM lawsuit will only make the lawyers rich ]To read this article in full or to leave a comment, please click here

Interested in Mesh Wireless Networks?

Engineers developing open-source wireless mesh network protocols and solutions get together every now and then to test the performance of competing mesh network ideas.

The next conference is organized in August 2015 in Maribor, Slovenia, so if you ever needed a good excuse to drop by Slovenia, now you have one ;)

DEF CON: Come hack the Internet of Things

The Internet of Things is talked about a lot and many people are unsure what it really is, but at DEF CON 23 this summer in Las Vegas, that should become a lot more clear as attendees compete to hack IoT devices.“Pwning IoT via Hardware Attacks” is a competition starting this year as part of IoT Village, a new sector of the conference focusing on security of proliferating device such as sensors, meters, industrial controls and smart appliances.A LOOK BACK: Leftovers of Black Hat, Defcon As part of the village attendees can enter their successful compromises against IoT devices in an attempt to win prizes. The entries will be judged on the severity of the compromise – how thoroughly a machine is taken over – and how it can be accessed, such as remotely or without being detectable, says Chase Schultz, a security researcher for Independent Security Evaluators (ISE), which is organizing the competition.To read this article in full or to leave a comment, please click here

False Dichotomy

Last week wasn’t a good one for the cause of network engineering. United Airlines grounded flights because of a router failure, the New York Stock Exchange stopped trading for several hours because of a technical problem, and the Wall Street Journal went off line for several hours due to a technical malfunction. How should engineers react to these sorts of large scale public outages? The first option, of course, is to flail our arms and run out of the room screaming. Panic is a lot of fun when you first engage, but over time it tends to get a little boring, so maybe panic isn’t the right solution here.

Another potential reaction is to jump on the “it’s too complex” bandwagon. sure, a lot of these systems are very complex — in fact, they’re probably too complex for the actual work they do. Complexity is required to solve hard problems; elegance is choosing the path with the least amount of complexity that will solve the problem. Far too often, in the engineering world, we choose the more complex path because of some imagined requirement that never actually materializes, or because we imagine a world where the solution we’re putting in Continue reading

Mailing List

I think I’ve finally fixed the mailing list to send an email of the posts here twice a week (Tuesdays and Thursdays) — an attempt at balancing between spamming people and providing information about what’s going on at ‘net Work. Sign up here if you’re interested (the bottom half of the page).

The post Mailing List appeared first on 'net work.

Hacking Team’s arsenal included at least three unpatched exploits for Flash Player

Recently breached surveillance software maker, Hacking Team, had access to three different exploits for previously unknown vulnerabilities in Flash Player. All of them are now out in the open, putting Internet users at risk.Milan-based Hacking Team develops and sells surveillance software to government agencies from around the world. On July 5, a hacker released over 400GB of data stolen from the company on the Internet, including email communications, business documents, source code and other internal files.On Tuesday, researchers found a proof-of-concept exploit among Hacking Team’s files that worked against the latest version of Flash Player. Cybercriminals were quick to adopt it and were already using it in large-scale attacks by the time Adobe Systems released a patch for it on Wednesday.To read this article in full or to leave a comment, please click here

New products of the week 07.13.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Unified Communications Command Suite 8.1Key features: UCCS 8.1 helps gain insights into workforce activity, email usage and trends, and communication consumption across multiple UC platforms. It also drives cross-platform adoption and usage to realize maximum ROI. More info.To read this article in full or to leave a comment, please click here

New products of the week 07.13.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Unified Communications Command Suite 8.1Key features: UCCS 8.1 helps gain insights into workforce activity, email usage and trends, and communication consumption across multiple UC platforms. It also drives cross-platform adoption and usage to realize maximum ROI. More info.To read this article in full or to leave a comment, please click here

China retains supercomputing crown in latest Top 500 ranking

A supercomputer developed by China’s National Defense University remains the fastest publically known computer in the world while the U.S. is close to an historic low in the latest edition of the closely followed Top 500 supercomputer ranking, which was published on Monday.The Tianhe-2 computer, based at the National Super Computer Center in Guangzhou, has been on the top of the list for more than two years and its maximum achieved performance of 33,863 teraflops per second is almost double that of the U.S. Department of Energy’s Cray Titan supercomputer, which is at Oak Ridge National Laboratory in Tennessee.The IBM Sequoia computer at Lawrence Livermore National Laboratory in California is the third fastest machine, and fourth on the list is the Fujitsu K computer at Japan’s Advanced Institute for Computational Science. The only new machine to enter the top 10 is the Shaheen II computer of King Abdullah University of Science and Technology in Saudi Arabia, which is ranked seventh.To read this article in full or to leave a comment, please click here

Interviewing for the “Ideal Candidate”: Looking for “Nerdvana”

I was going through a stock photo website the other day and came across a “formula” that was supposed to equal the “perfect job candidate”.  I chuckled a little out loud.  The person sitting next to me looked over at what was on my laptop screen. Paused. Then asked me what I look for when […]

Author information

Denise "Fish" Fishburne

CPOC Engineer at Cisco Systems

Denise "Fish" Fishburne, (CCIE #2639, CCDE #2009:0014) is a team lead with Cisco's Customer Proof of Concept Lab in RTP, N.C. Fish loves playing in the lab, troubleshooting, learning, and passing it on. CLI girl living in a GUI world.

Twitter

The post Interviewing for the “Ideal Candidate”: Looking for “Nerdvana” appeared first on Packet Pushers Podcast and was written by Denise "Fish" Fishburne.

It’s 2015: “Supports IPv6″ should mean full support

It’s 2015. ARIN is finally out of IPv4 addresses, more than 20% of Google users in the US are using IPv6…and vendors are still doing a half-assed job with IPv6 support. I purchased a new TP-Link Wi-Fi router/modem recently, and it doesn’t fully support IPv6. It’s not good enough, and I will be returning it.

I purchased the Archer D5 “AC1200 Wireless Dual Band Gigabit ADSL2+ Modem Router.” The website blurb includes this:

IPv6 Supported. The next generation of Internet protocol, helping you to future-proof your network.

And the specifications page says: “IPv6 and IPv4 dual stack.”

I checked the documentation for how to configure IPv6. This FAQ walks through configuring IPv6 on several TP-Link devices. Note that it includes this line “…choose Connection type (Here we just set up PPPoE as an example, if you are not sure, please contact your IPv6 provider)”

In New Zealand, most ADSL services are delivered as PPPoA. The specifications page says this device supports PPPoA. My ISP provides native IPv6 via DHCPv6 PD. So everything should be good to go, right?

Not so much. The Archer D5 does indeed support PPPoA. It also supports IPv6 with DHCPv6 PD. But it Continue reading

Leaked emails show Florida police interested in buying Hacking Team surveillance tech

“Developing the U.S. market. Well done,” reads an email from Hacking Team CEO David Vincenzetti dated on May 22. That comment was in regards to the Hacking Team meeting with the Florida Metropolitan Bureau of Investigation (MBI) in Orlando after the police agency expressed an interest in purchasing surveillance malware. MBI is a “a multi-agency task force that covers Orange and Osceola counties” and includes members from DEA, FBI, ICE, Secret Service and other agencies.To read this article in full or to leave a comment, please click here

[Ubuntu] New Repository for KVM & its Manager

How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack

As part of the Hacking Team fall out and all the details published on wikileaks, it became public knowledge that Hacking Team helped one of their customers Special Operations Group (ROS), regain access to Remote Access Tool (RAT) clients. ROS recommended using BGP hijacking and Hacking Team helped with the setup of new RAT CnC servers.
In this post we’ll take a closer look at the exact details of this incident and support the wikileaks findings with BGP data.

Raggruppamento Operativo Speciale and Hacking Team
The Raggruppamento Operativo Speciale or ROS is the Special Operations Group of the Italian National Military police. The group focuses on investigating organized crime and terrorism. Hacking Team sells its RAT software known as Remote Control System (RCS) to law enforcement and intelligence agencies, ROS included.

ROS infected and installed the RCS client on the machines of persons of interest (referred to in the emails as targets). These Remote Access Tools can provide ROS with all kinds of information and typically provide the tool’s operator with full access over a victim’s machine. The RCS clients normally need to check in with a server —for example a machine the clients can get their commands (orders) from— Continue reading

MikroTik and Ubiquity routers being Hijacked by Dyre Malware?

[adrotate banner=”4″]

Came across several interesting articles that claim there is a change in the way Dyre aka Upatre malware is spreading. Dyre seems to be getting a lot of press as it is used in browser hijacks to compromise online banking credentials and other sensitive private data. However, most recently – instead of infecting hosts, it appears to be compromising routers as well.  Blogger krebsonsecurity.com writes:

Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS.

As I first started researching this, I was wondering how they determined the router itself is compromised and not a host that sits on a NAT behind the router. Certainly different devices leave telltale signs visible in an IP packet capture that help point towards the true origin of a packet, so it’s possible that something was discovered in that way. It’s also possible the router isn’t being compromised via the Internet, but rather on the LAN side as it would be much easier for malware to scan the private subnet it sits on and attempt to use well known Continue reading

MikroTik and Ubiquity routers being Hijacked by Dyre Malware?

[adrotate banner=”4″]

Came across several interesting articles that claim there is a change in the way Dyre aka Upatre malware is spreading. Dyre seems to be getting a lot of press as it is used in browser hijacks to compromise online banking credentials and other sensitive private data. However, most recently – instead of infecting hosts, it appears to be compromising routers as well.  Blogger krebsonsecurity.com writes:

Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS.

As I first started researching this, I was wondering how they determined the router itself is compromised and not a host that sits on a NAT behind the router. Certainly different devices leave telltale signs visible in an IP packet capture that help point towards the true origin of a packet, so it’s possible that something was discovered in that way. It’s also possible the router isn’t being compromised via the Internet, but rather on the LAN side as it would be much easier for malware to scan the private subnet it sits on and attempt to use well known Continue reading