Microsoft pushes emergency update for Internet Explorer vulnerability

Windows users are encouraged to update their computers as soon as possible, after Microsoft pushed out a patch for an issue in Internet Explorer that lets attackers remotely run malicious code with whatever privileges the current user has.  The "Critical" vulnerability affects Internet Explorer versions 7 through 11 on Windows 7, 8, 8.1, 10 and Vista. Windows Server 2008, 2012, 2012 R2 and the Windows Server Technical Preview are all effected, but Internet Explorer runs in a "Enhanced Security Configuration" that should mitigate the effects of this problem. The "out-of-band" patch was released outside Microsoft's typical Patch Tuesday release cycle and allows users and administrators to update their computers quickly. To read this article in full or to leave a comment, please click here

DARPA wants low-power chips that handle high-impact applications

DARPA DARPA’s  Circuit Realization At Faster Timescales (CRAFT) program aims to make it easier, faster and cheaper to design custom circuits akin to this one, which was specially designed to provide a range of voltages and currents for testing an infrared sensor device that had been a candidate for an orbiting telescope. Heavyweight 3D imagery and complex unmanned aircraft systems are just two applications that beg for the low power, high performance custom integrated circuits the researchers at the Defense Advanced Research Projects Agency are looking to build.To read this article in full or to leave a comment, please click here

DARPA wants low-power chips that handle high-impact applications

DARPA DARPA’s  Circuit Realization At Faster Timescales (CRAFT) program aims to make it easier, faster and cheaper to design custom circuits akin to this one, which was specially designed to provide a range of voltages and currents for testing an infrared sensor device that had been a candidate for an orbiting telescope. Heavyweight 3D imagery and complex unmanned aircraft systems are just two applications that beg for the low power, high performance custom integrated circuits the researchers at the Defense Advanced Research Projects Agency are looking to build.To read this article in full or to leave a comment, please click here

Anti-privacy award for most monitoring across the web goes to U.S. wireless carriers

Wireless carriers worldwide are still tracking users via "supercookies" or "perma-cookies," yet Americans are tracked by U.S. wireless carriers more than any other carrier in any other country, according to a new report by the digital rights group Access. "Injecting tracking headers out of the control of users, without their informed consent, may abuse the privileged position that telcos occupy." Those tracking headers "leak private information about users and make them vulnerable to criminal attacks or even government surveillance."It came to light in 2014 that Verizon Wireless and AT&T were injecting special tracking headers, aka "supercookies," to secretly monitor users' web browsing habits. So Access setup the "Am I being tracked?" website for users to find out if their mobile carriers were tracking the websites they visited on their phone. More than 200,000 people from 164 different countries tried out the Amibeingtracked tool; 15.3% were being tracked by tracking headers deployed by their wireless carriers. Of those, the most monitoring occurred in the U.S.To read this article in full or to leave a comment, please click here

Sponsored Post: Surge, Redis Labs, Jut.io, VoltDB, Datadog, MongoDB, SignalFx, InMemory.Net, Couchbase, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • VoltDB's in-memory SQL database combines streaming analytics with transaction processing in a single, horizontal scale-out platform. Customers use VoltDB to build applications that process streaming data the instant it arrives to make immediate, per-event, context-aware decisions. If you want to join our ground-breaking engineering team and make a real impact, apply here.  

  • At Scalyr, we're analyzing multi-gigabyte server logs in a fraction of a second. That requires serious innovation in every part of the technology stack, from frontend to backend. Help us push the envelope on low-latency browser applications, high-speed data processing, and reliable distributed systems. Help extract meaningful data from live servers and present it to users in meaningful ways. At Scalyr, you’ll learn new things, and invent a few of your own. Learn more and apply.

  • UI EngineerAppDynamics, founded in 2008 and lead by proven innovators, is looking for a passionate UI Engineer to design, architect, and develop our their user interface using the latest web and mobile technologies. Make the impossible possible and the hard easy. Apply here.

  • Software Engineer - Infrastructure & Big DataAppDynamics, leader in next generation solutions for managing modern, distributed, and Continue reading

CUCM Dirsync Troubleshooting

One of my customer told me that one of its end user was not appearing in its CUCM database. I think it is worth to make a blogpost about it. There are already plenty of resources on the subject (Example) but I will mainly focus on the troubleshooting section here. There are 2 ways to configure your […]

Another serious vulnerability found in Android’s media processing service

Pixabay Android The Android service that processes multimedia files has been the source of several vulnerabilities recently, including a new one that could give rogue applications access to sensitive permissions.The latest vulnerability in Android's mediaserver component was discovered by security researchers from antivirus firm Trend Micro and stems from a feature called AudioEffect.The implementation of this feature does not properly check some buffer sizes that are supplied by clients, like media player applications. Therefore it is possible to craft a rogue application without any special permissions that could exploit the flaw to trigger a heap overflow, the Trend Micro researchers said Monday in a blog post.To read this article in full or to leave a comment, please click here

Car hacking news: Ransomware threat could reach auto dealerships

It would be a heck of time to be shopping for a new set of wheels. The theme of digitally beating up cars continued with two teams of security researchers at the 24th USENIX Security Symposium.After two years of having their research suppressed by Volkswagen and a UK court, Flavio Garcia, Roel Verdult, and Baris Ege were finally able to present their research (pdf) at USENIX. The researcher paper details "how the cryptography and authentication protocol used in the Megamos Crypto transponder can be targeted by malicious hackers looking to steal luxury vehicles."To read this article in full or to leave a comment, please click here

When a Port Channel Member Link Goes Down

Mohamed Anwar asked the following question on my post “4 Types of Port Channels and When They’re Used“.

“I need a clarification, where if a member link fails, what will happen to the traffic already sent over that link ? Is there any mechanism to notify the upper layer about the loss and ask it to resend ? How this link failure will be handled for data traffic and control traffic ?”
–Mohamed Anwar

I think his questions are really important because he hits on two really key aspects of a failure event: what happens in the data plane and what happens in the control plane.

A network designer needs to bear both of these aspects in mind as part of their design. Overlooking either aspect will almost always open the network up to additional risk.

I think it’s well understood that port channels add resiliency in the data plane (I cover some of that in the previous article). What may not be well understood is that port channels also contribute to a stable control plane! I’ll talk about that below. I’ll also address Mohamed’s question about what happens to traffic on the failed link.

Control Plane

The control Continue reading

Why Are These Slides Marked Confidential?

top-secret

Imagine you’re sitting in a presentation. You’re hearing some great information from the presenter and you can’t wait to share it with your colleagues or with the wider community. You are just about to say something when you look in the corner of the slide and you see…

Confidential Information

You pause for a moment and ask the presenter if this slide is a secret or if you should consider it under NDA. They respond that this slide can be shared with no restrictions and the information is publicly available. Which raises the question: Why is a public slide marked “confidential”?

I Fought The Law

The laws that govern confidential information are legion. Confidential information is a bit different than copyrighted information or intellectual property that has been patented. In most cases, confidential information is treated as a trade secret. Trade secrets can be harmful if they are divulged, since a trade secret can’t be patented.

A great example is the formula for Coca-Cola. If they tried to patent it they would have to write down all the ingredients. While that would protect the very specific formulation of their drink it would also allow their competitors to create something extremely Continue reading

IRS: Tax breach much worse than originally thought

The cyberattack on U.S. taxpayer data reported by the Internal Revenue Service earlier this year now appears to be much worse than originally thought, the agency announced Monday, with as many as 300,000 citizens now believed to be potential victims.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords Whereas in May the IRS reported that sensitive information of about roughly 100,000 taxpayers had been stolen by thieves through its "Get Transcript" online application, its latest estimates more than double that number. It's now believed that the thieves potentially gained access to more than 300,000 taxpayer accounts after attempting to breach more than 600,000.To read this article in full or to leave a comment, please click here

1 3,368 3,369 3,370 3,371 3,372 3,857