Russian cyberspies targeted punk rock band Pussy Riot

A closely watched band of suspected Russian hackers have spied on domestic targets, including two members of the outspoken punk rock band Pussy Riot.Trend Micro said the group, which it refers to as Pawn Storm, has also targeted a software developer in Russia, politicians, artists and journalists in the country.“Pawn Storm’s targets have mostly been external political entities outside of Russia, but after our analysis we found that a great deal of targets can actually be found within the country’s borders,” wrote Feike Hacquebord, a Trend Micro threat researcher, in a blog post on Tuesday.To read this article in full or to leave a comment, please click here

Intrinsic Benefits Of Certification

I’m gearing up for a new certification effort, but after eighteen years of progressive experience in IT, a piece of paper or some new initials in my email signature was an extrinsic motivator I didn’t need. Still I found something about the entire process inviting and realized that it was the intrinsic benefits of certification […]

The post Intrinsic Benefits Of Certification appeared first on Packet Pushers.

Hackers release full data dump from Ashley Madison, extramarital dating site

AshleyMadison.com's owner said Tuesday it is examining a large batch of data posted online by hackers who breached the website last month. A group calling itself Impact Team initially posted a sample of the data online on July 19, giving the site's owner, Avid Life Media, a month to shut down AshleyMadison.com and another site, Establishedmen.com. The group in part contested the moral position of Ashley Madison, which caters to people seeking extramarital affairs.  Avid Life Media, based in Toronto, said in a statement that it is "actively monitoring and investigating this situation to determine the validity of any information posted online."To read this article in full or to leave a comment, please click here

Microsoft pushes emergency update for Internet Explorer vulnerability

Windows users are encouraged to update their computers as soon as possible, after Microsoft pushed out a patch for an issue in Internet Explorer that lets attackers remotely run malicious code with whatever privileges the current user has.  The "Critical" vulnerability affects Internet Explorer versions 7 through 11 on Windows 7, 8, 8.1, 10 and Vista. Windows Server 2008, 2012, 2012 R2 and the Windows Server Technical Preview are all effected, but Internet Explorer runs in a "Enhanced Security Configuration" that should mitigate the effects of this problem. The "out-of-band" patch was released outside Microsoft's typical Patch Tuesday release cycle and allows users and administrators to update their computers quickly. To read this article in full or to leave a comment, please click here

DARPA wants low-power chips that handle high-impact applications

DARPA DARPA’s  Circuit Realization At Faster Timescales (CRAFT) program aims to make it easier, faster and cheaper to design custom circuits akin to this one, which was specially designed to provide a range of voltages and currents for testing an infrared sensor device that had been a candidate for an orbiting telescope. Heavyweight 3D imagery and complex unmanned aircraft systems are just two applications that beg for the low power, high performance custom integrated circuits the researchers at the Defense Advanced Research Projects Agency are looking to build.To read this article in full or to leave a comment, please click here

DARPA wants low-power chips that handle high-impact applications

DARPA DARPA’s  Circuit Realization At Faster Timescales (CRAFT) program aims to make it easier, faster and cheaper to design custom circuits akin to this one, which was specially designed to provide a range of voltages and currents for testing an infrared sensor device that had been a candidate for an orbiting telescope. Heavyweight 3D imagery and complex unmanned aircraft systems are just two applications that beg for the low power, high performance custom integrated circuits the researchers at the Defense Advanced Research Projects Agency are looking to build.To read this article in full or to leave a comment, please click here

Anti-privacy award for most monitoring across the web goes to U.S. wireless carriers

Wireless carriers worldwide are still tracking users via "supercookies" or "perma-cookies," yet Americans are tracked by U.S. wireless carriers more than any other carrier in any other country, according to a new report by the digital rights group Access. "Injecting tracking headers out of the control of users, without their informed consent, may abuse the privileged position that telcos occupy." Those tracking headers "leak private information about users and make them vulnerable to criminal attacks or even government surveillance."It came to light in 2014 that Verizon Wireless and AT&T were injecting special tracking headers, aka "supercookies," to secretly monitor users' web browsing habits. So Access setup the "Am I being tracked?" website for users to find out if their mobile carriers were tracking the websites they visited on their phone. More than 200,000 people from 164 different countries tried out the Amibeingtracked tool; 15.3% were being tracked by tracking headers deployed by their wireless carriers. Of those, the most monitoring occurred in the U.S.To read this article in full or to leave a comment, please click here

Sponsored Post: Surge, Redis Labs, Jut.io, VoltDB, Datadog, MongoDB, SignalFx, InMemory.Net, Couchbase, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • VoltDB's in-memory SQL database combines streaming analytics with transaction processing in a single, horizontal scale-out platform. Customers use VoltDB to build applications that process streaming data the instant it arrives to make immediate, per-event, context-aware decisions. If you want to join our ground-breaking engineering team and make a real impact, apply here.  

  • At Scalyr, we're analyzing multi-gigabyte server logs in a fraction of a second. That requires serious innovation in every part of the technology stack, from frontend to backend. Help us push the envelope on low-latency browser applications, high-speed data processing, and reliable distributed systems. Help extract meaningful data from live servers and present it to users in meaningful ways. At Scalyr, you’ll learn new things, and invent a few of your own. Learn more and apply.

  • UI EngineerAppDynamics, founded in 2008 and lead by proven innovators, is looking for a passionate UI Engineer to design, architect, and develop our their user interface using the latest web and mobile technologies. Make the impossible possible and the hard easy. Apply here.

  • Software Engineer - Infrastructure & Big DataAppDynamics, leader in next generation solutions for managing modern, distributed, and Continue reading

CUCM Dirsync Troubleshooting

One of my customer told me that one of its end user was not appearing in its CUCM database. I think it is worth to make a blogpost about it. There are already plenty of resources on the subject (Example) but I will mainly focus on the troubleshooting section here. There are 2 ways to configure your […]

Another serious vulnerability found in Android’s media processing service

Pixabay Android The Android service that processes multimedia files has been the source of several vulnerabilities recently, including a new one that could give rogue applications access to sensitive permissions.The latest vulnerability in Android's mediaserver component was discovered by security researchers from antivirus firm Trend Micro and stems from a feature called AudioEffect.The implementation of this feature does not properly check some buffer sizes that are supplied by clients, like media player applications. Therefore it is possible to craft a rogue application without any special permissions that could exploit the flaw to trigger a heap overflow, the Trend Micro researchers said Monday in a blog post.To read this article in full or to leave a comment, please click here

Car hacking news: Ransomware threat could reach auto dealerships

It would be a heck of time to be shopping for a new set of wheels. The theme of digitally beating up cars continued with two teams of security researchers at the 24th USENIX Security Symposium.After two years of having their research suppressed by Volkswagen and a UK court, Flavio Garcia, Roel Verdult, and Baris Ege were finally able to present their research (pdf) at USENIX. The researcher paper details "how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by malicious hackers looking to steal luxury vehicles."To read this article in full or to leave a comment, please click here

When a Port Channel Member Link Goes Down

Mohamed Anwar asked the following question on my post “4 Types of Port Channels and When They’re Used“.

“I need a clarification, where if a member link fails, what will happen to the traffic already sent over that link ? Is there any mechanism to notify the upper layer about the loss and ask it to resend ? How this link failure will be handled for data traffic and control traffic ?”
–Mohamed Anwar

I think his questions are really important because he hits on two really key aspects of a failure event: what happens in the data plane and what happens in the control plane.

A network designer needs to bear both of these aspects in mind as part of their design. Overlooking either aspect will almost always open the network up to additional risk.

I think it’s well understood that port channels add resiliency in the data plane (I cover some of that in the previous article). What may not be well understood is that port channels also contribute to a stable control plane! I’ll talk about that below. I’ll also address Mohamed’s question about what happens to traffic on the failed link.

Control Plane

The control Continue reading

1 3,355 3,356 3,357 3,358 3,359 3,844