Network Break 45

Network Break 45 talks Plexxi switches, Cisco moves, Intel revenue, the latest open networking news from CloudRouter and OpenStack, a prediction of rising cloud prices, and why Flash should die.

Author information

Drew Conry-Murray

I'm a tech journalist, editor, and content director with 17 years' experience covering the IT industry. I'm author of the book "The Symantec Guide To Home Internet Security" and co-author of the post-apocalyptic novel "Wasteland Blues," available at Amazon.

TwitterLinkedIn

The post Network Break 45 appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.

10 (harrowing) tales of outdated tech used way past its prime

Old but unable to be forgottenImage by U.S. Census Bureau/WikipediaIn May, Rhode Island politics was roiled by the revelation that the state Department of Human Services's attempt to move away from its outdated InRhodes computer system wasn't going to happen. If you know anything about major government computer rollouts, you know this wasn't the first time this had happened, either; a state legislator compared it to "a similar situation as we have with the DMV where we had to practically get people out of nursing homes to come keep our old programs working."To read this article in full or to leave a comment, please click here

There’s more to municipal broadband than public funding, says report

U.S. communities looking for faster broadband service than incumbent ISPs provide have alternatives to the increasingly controversial choice of seeking to publicly fund a network, according to a new handbook for city officials. Public funding of broadband is just one of several possibilities, according to "The Next Generation Connectivity Handbook: a Guide for Community Leaders Seeking Affordable Abundant Bandwidth," released Tuesday by Gig.U, a coalition of universities focused on building high-speed broadband networks, and the Benton Foundation, an advocacy group focused on media and telecom issues. Most city officials say that their local broadband networks aren't good enough in the long term, according to the report, which advises that "the time to begin thinking about faster speeds, more competition and better service is now. Network upgrades do not happen overnight."To read this article in full or to leave a comment, please click here

Verizon nabs another speed crown as low-cost carriers lag far behind

Despite ads that suggest, "Yes, you can have it all," wireless service really doesn't work that way. You can go for speed, or you can go for a low price, but you can't have both. A new series of speed tests from respected tech website Tom's Guide reiterates this fact. The tests also confirm that Verizon, AT&T and T-Mobile are much faster, and more expensive, than Sprint. When it comes to discount, prepaid carriers, download and upload speeds are so slow in some cases that customers may have problems watching videos or using other data-intensive applications.To read this article in full or to leave a comment, please click here

Featured: Partners NEC & Dell Discuss Customers, ProgrammableFlow, SDN Switches

Dell partners with NEC to deliver mature and robust SDN solutions to Dell customers.

Invalidating Identity Interdiction

It used to be that a data breach was a singular event that caused massive shock and concern. Today, data breaches happen regularly and, while still shocking in scope, are starting to dull the senses. Credit card numbers, security clearances, and even illicit dating profiles have been harvested, coallated, and provided for everyone to expose. It seems to be an insurmountable problem. But why?

Data Cake

Data is a tantalizing thing. Collecting it makes life easier for customers and providers as well. Having your ordering history allows Amazon to suggest products you might like to buy. Having your address on file allows the pizza place to pull it up without you needing to read your address again. Creating a user account on a site lets you set preferences. All of this leads to a custom experience and lets us feel special and unique.

But, data is just like that slice of cheesecake you think you want for dessert. It looks so delicious and tempting. But you know it’s bad for you. It has calories and sugar and very little nutritional value. In the same manner, all that data you collect is a time bomb waiting to be exposed. The more Continue reading

Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep

A hacker duo pretty much just made the case for going old school and steering clear of “smart” and “connected” vehicles as they remotely attacked one. Charlie Miller and Chris Valasek revealed 20 of the “most hackable” vehicles last year, but this year at Black Hat they will blow people’s mind when they present “Remote Exploitation of an Unaltered Passenger Vehicle.”It’s not the first remote hack; when DARPA’s Dan Kaufman remotely hacked a car for 60 Minutes, he triggered the windshield wipers, blasted the car’s horn and then disabled the brakes. That and a report (pdf) claiming that nearly all new cars can be hacked led to a lawsuit against GM, Ford and Toyota for "dangerous defects in their hackable cars."To read this article in full or to leave a comment, please click here

Watch hackers remotely immobilize a car while it’s traveling on a highway

One brave Wired journalist agreed to drive a Jeep on a St. Louis highway while two hackers hacked it remotely, taking control of everything from the air conditioning to the transmission. The entire ordeal was captured on video, which you can view with the article at Wired.  The hackers, Charlie Miller and Chris Valasek, had just two years earlier performed a similar hack while the same journalist drove a car slowly in a parking lot. The bigger difference that time was that the hack was performed through a laptop that was hardwired to the car's onboard diagnostic port, and which the hackers controlled from the backseat. In that case, they limited their exploits to toying with the seatbelt and honking the horn.To read this article in full or to leave a comment, please click here

Watch hackers immobilize a car while it’s traveling on a highway

One brave Wired journalist agreed to drive a Jeep on a St. Louis highway while two hackers hacked it remotely, taking control of everything from the air conditioning to the transmission.The entire ordeal was captured on video, which you can view with the article at Wired. The hackers, Charlie Miller and Chris Valasek, had just two years earlier performed a similar hack while the same journalist drove a car slowly in a parking lot. The bigger difference that time was that the hack was performed through a laptop that was hardwired to the car's onboard diagnostic port, and which the hackers controlled from the backseat. In that case, they limited their exploits to toying with the seatbelt and honking the horn.To read this article in full or to leave a comment, please click here

Worth Listening: Data Center Migration

Moving a data center from one place to another is one of the most complex challenges a network engineer is likely to face. In this Packet Pushers Weekly Show, Ethan Banks is joined by Chris Church and Richard Alexander to discuss just such a project from the viewpoint of having done one or more data center moves in our careers.

The post Worth Listening: Data Center Migration appeared first on 'net work.

Worth Reading: Inside the Social Network Data Center

The post Worth Reading: Inside the Social Network Data Center appeared first on 'net work.

Gigamon launches security delivery platform for visibility into malicious network traffic

If you're familiar with Gigamon, you likely know them as the market-leading vendor in the emerging "visibility fabric" space. The company's products provide businesses with pervasive and intelligent network data across physical and virtual environments. The GigaVUE portfolio delivers the appropriate network traffic to management tools and platforms. I've often said that "you can't manage what you can't see," and Gigamon provides the necessary visibility data so organizations can improve the management of their IT infrastructure.However, Gigamon's information can also be used to help businesses improve their security posture. If you can't manage what you can't see, then it stands to reason that you can't secure what you can't see. One of the challenges with traditional security approaches is that it primarily focuses on preventing breaches, but once the perimeter has been penetrated, there's no way to detect it or remediate against it.To read this article in full or to leave a comment, please click here

Gigamon’s GigaSecure Offers Visibility as Security

Gigamon tries its hand at the security market.

Worry

The first thing, when one is being worried as to whether one will have to have an operation or whether one is a literary failure, is to assume absolutely mercilessly that the worst is true, and to ask What Then? If it turns out in the end that the worst is not true, so much the better; but for the meantime the question must be resolutely put out of mind. Otherwise your thoughts merely go round and round a wearisome circle , now hopeful, now despondent, now hopeful again—that way madness lies.

The post Worry appeared first on 'net work.

The Upload: Your tech news briefing for Tuesday, July 21

New mainframe slows sales decline at IBMSales fell 13 percent in the second quarter at IBM, and profit dropped 16 percent—but things could have been worse if it weren’t for sales of the recently launched Z13 mainframe. IBM blamed much of the decline on a strong dollar and the sale to Lenovo of its low-end server business.Tech companies go on a spending spree in WashingtonIBM could have boosted its results by $1.8 million in the second quarter by eliminating its spending on lobbyists. Instead, it increased its spend by 7 percent. Other companies spent more, however: Amazon doubled its lobbying budget to $2.15 billion, while Facebook’s expenditure on lobbying rose by a quarter to $2.7 billion in the quarter. Apple and Intel each spent about $1.25 million, both up from the year-earlier quarter. Alone among the big tech companies, Google cut spending to $4.62 million—but at that level, it’s hard to tell whether peer pressure or thrifty new CFO Ruth Porat were behind the reduction.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, July 21

New mainframe slows sales decline at IBMSales fell 13 percent in the second quarter at IBM, and profit dropped 16 percent—but things could have been worse if it weren’t for sales of the recently launched Z13 mainframe. IBM blamed much of the decline on a strong dollar and the sale to Lenovo of its low-end server business.Tech companies go on a spending spree in WashingtonIBM could have boosted its results by $1.8 million in the second quarter by eliminating its spending on lobbyists. Instead, it increased its spend by 7 percent. Other companies spent more, however: Amazon doubled its lobbying budget to $2.15 billion, while Facebook’s expenditure on lobbying rose by a quarter to $2.7 billion in the quarter. Apple and Intel each spent about $1.25 million, both up from the year-earlier quarter. Alone among the big tech companies, Google cut spending to $4.62 million—but at that level, it’s hard to tell whether peer pressure or thrifty new CFO Ruth Porat were behind the reduction.To read this article in full or to leave a comment, please click here

InfoSec pros spend most time, money on self-inflicted problems

According to a new survey of Black Hat attendees released last week, InfoSec professionals are spending the biggest amount of their time and budgets on security problems created within the organization itself. Security vulnerabilities introduced by their own application development teams consumed the most amount of time for 35 percent of respondents. Purchased software and systems were in second place with 33 percent of respondents. Dealing with sophisticated targeted attacks was sixth on the list, with 20 percent of respondents choosing it as one of the three areas where they spent the most time. Meanwhile, 57 percent said that their biggest concerns were sophisticated attacks directed at their organization.To read this article in full or to leave a comment, please click here

802.11ac Wireless Upgrades: 7 Key Considerations

Reliability of SD-WAN and Hybrid WAN Solutions

My Business Case for SD-WAN blog post received numerous comments pointing out the potential pitfalls of hybrid WAN, including reduced security, unreliable Internet services and denial-of-service attacks.

While all those comments are perfectly valid, I still think hybrid WAN (whether implemented with traditional technologies or SD-WAN products) makes perfect sense.

An Update on the UrlZone Banker

UrlZone is a banking trojan that appeared in 2009. Searching its name or one of its aliases (Bebloh or Shiotob) reveals a good deal of press from that time period along with a few technical analyses in 2009 [1] [2], 2012 [3], and 2013 [4]. Despite having a reputation of evolution, there doesn’t seem to be very many recent updates on this malware family though. Is UrlZone still a threat and if so, how has it changed?

To explore that, this post takes a look at a recent UrlZone malware sample to see if it is still an active threat. It then gives an update on the command and control (C2) communications as they have changed since being previously documented. These are then put together in some proof of concept code that downloads and decrypts the webinject configuration file (the bread and butter of any banker malware) to see what financial institutions are being targeted.

Sample

The sample analyzed for this post has an MD5 of:

01fd0f1ad59ad5403c9507bfb625fe0c

For the “stop using md5 now” converts, it has the following SHA256:

39bbde33922cd6366d7c2a252c4aadd4dfd7405d5271e3652940a7494b885e88

The sample’s compilation date is 2015-06-12 12:01:03. This date seems legit as Continue reading