0

July 2015 Patch Tuesday: Microsoft closes holes being exploited in the wild

For July 2015, Microsoft released 14 security bulletins, with four patches rated as "critical" remote code execution (RCE) fixes. At least one of the fixes rated "critical" and some rated as "important" are currently being exploited in the wild.Patches rated CriticalMS15-065 resolves 28 flaws in Internet Explorer that could otherwise "modify how IE, VBScript and Jscript handle objects in memory." Qualys CTO Wolfgang Kandek pointed out that three of these were previously known (CVE-2051-2413, CVE-2015-2419 and CVE-2015-2421 ). "CVE-2015-2425 seems to come from the data dump at Hacking Team as well and I am impressed by the fix speed that Microsoft showed here. Of the other vulnerabilities a full 19 are of type RCE and allow the attacker to take over the targeted machine simply by browsing to a malicious, or infected site."To read this article in full or to leave a comment, please click here

0

Fake Bloomberg news story causes Twitter shares to spike

Twitter’s stock spiked in midday trading Tuesday after a fake Bloomberg news report said the company had received an offer to be acquired for US$31 billion.The story appeared convincing, with a Bloomberg Business logo, but Bloomberg quickly tweeted that it was fake. There were some telltale signs it wasn’t authentic: the URL was businessweek.market rather than businessweek.com, and CEO Dick Costolo’s name was misspelled.That didn’t stop Twitter investors from reacting. The company’s shares on the New York Stock Exchange spiked briefly just before noon Eastern Time, surging about 10 percent from Monday’s close to more than $38 before settling back down as news spread that the report was fake.To read this article in full or to leave a comment, please click here

0

Extracting Traffic from Rolling Capture Files

Every so often I need to extract a subset of traffic from a set of rolling timestamped pcap files. One common place I do this is with Security Onion; one of the great features of SO is its full-packet-capture feature: you can easily pivot from Snort, Suricata, or Bro logs to a full packet capture view, or download the associated pcap file.

But what if you don't have an associated alert or Bro log entry? Or if you're doing pcap on some system that's not as user-friendly as Security Onion, but nonetheless supports rolling captures?

The way I usually do this is with find and xargs. Here's an example of my most common workflow, using timestamps as the filtering criteria for find:

> find . -newerct "16:07" ! -newerct "16:10" | xargs -I {} tcpdump -r {} -w /tmp/{} host 8.8.8.8
> cd /tmp
> mergecap -w merged.pcap *.pcap

Translated:

1. Find all files in the current directory created after 16:07 but not created after 16:10. This requires GNU find 4.3.3 or later. It supports many different time and date formats.
2. Using xargs, filter each file with the "host 8.8.8. Continue reading

0

Extracting Traffic from Rolling Capture Files

Every so often I need to extract a subset of traffic from a set of rolling timestamped pcap files. One common place I do this is with Security Onion; one of the great features of SO is its full-packet-capture feature: you can easily pivot from Snort, Suricata, or Bro logs to a full packet capture view, or download the associated pcap file.

But what if you don't have an associated alert or Bro log entry? Or if you're doing pcap on some system that's not as user-friendly as Security Onion, but nonetheless supports rolling captures?

The way I usually do this is with find and xargs. Here's an example of my most common workflow, using timestamps as the filtering criteria for find:

> find . -newerct "16:07" ! -newerct "16:10" | xargs -I {} tcpdump -r {} -w /tmp/{} host 8.8.8.8
> cd /tmp
> mergecap -w merged.pcap *.pcap

Translated:

1. Find all files in the current directory created after 16:07 but not created after 16:10. This requires GNU find 4.3.3 or later. It supports many different time and date formats.
2. Using xargs, filter each file with the "host 8.8.8. Continue reading

0

Salesforce erects Shield for better enterprise-app security

Security has been an increasingly dominant theme in the enterprise software chorus in recent months, and on Tuesday Salesforce added a new voice to the mix with Shield, a set of platform services designed to help companies build secure apps.Designed as part of the Salesforce1 platform, Shield offers four security-minded components intended to make it easier for companies with regulatory, compliance or governance requirements to build cloud apps with built-in auditing, encryption, archiving and monitoring functions.A platform encryption feature, for instance, means that companies can easily designate sensitive data to be encrypted while preserving key business capabilities and workflow. A health insurance company, say, could manage personally identifiable information (PII) and protected health information (PHI) without compromising its agents’ ability to perform key functions using that data, such as searching claims, determining coverage eligibility and approving payments.To read this article in full or to leave a comment, please click here

0

LTE’s Move into the Unlicensed Spectrum Continues

A lot has been going on with the proposals for LTE Operation in Unlicensed Spectrum . The FCC recently requested industry input on LTE-U (LTE Unlicensed) and LAA (LTE Licensed-Assisted Access), 3GPP’s formal action to move both the LAA and...

0

SK Telecom Chooses Accedian for Performance Monitoring

SK Telecom looks to Accedian Networks for help with its mobile network.

0

Revisiting Apple and IPv6

A few weeks ago I wrote about Apple's IPv6 announcements at the Apple Developers Conference. While I thought that in IPv6 terms Apple gets it, the story was not complete and there were a number of aspects of Apple's systems that were not quite there with IPv6. So I gave them a 7/10 for their IPv6 efforts. Time to reassess that score in the light of a few recent posts from Apple.

0

SDN router using merchant silicon top of rack switch

The talk from David Barroso describes how Spotify optimizes hardware routing on a commodity switch by using sFlow analytics to identify the routes carrying the most traffic.  The full Internet routing table contains nearly 600,000 entries, too many for commodity switch hardware to handle. However, not all entries are active all the time. The Spotify solution uses traffic analytics to track the 30,000 most active routes (representing 6% of the full routing table) and push them into hardware. Based on Spotify's experience, offloading the active 30,000 routes to the switch provides hardware routing for 99% of their traffic.

David is interviewed by Ivan Pepelnjak,  SDN ROUTER @ SPOTIFY ON SOFTWARE GONE WILD. The SDN Internet Router (SIR) source code and documentation is available on GitHub.
The diagram from David's talk shows the overall architecture of the solution. Initially the Internet Router (commodity switch hardware) uses a default route to direct outbound traffic to a Transit Provider (capable of handling all the outbound traffic). The BGP Controller learns routes via BGP and observes traffic using the standard sFlow measurement technology embedded with most commodity switch silicon.
After a period (1 hour) the BGP Controller identifies the most active 30,000 prefixes and Continue reading

0

Highlight: Inside Cisco IOS Software Architecture

The post Highlight: Inside Cisco IOS Software Architecture appeared first on 'net work.

0

Mozilla blocks all Flash in Firefox after third zero-day

Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.Computerworld confirmed that the current production versions of Firefox -- dubbed v. 39 -- on both Windows and OS X now block Flash.MORE ON NETWORK WORLD: Free security tools you should try Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.To read this article in full or to leave a comment, please click here

0

Hacking Team’s malware uses UEFI rootkit to survive OS reinstalls

Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on.The company developed a tool that can be used to modify a computer’s UEFI (Unified Extensible Firmware Interface) so that it silently reinstalls its surveillance tool even if the hard drive is wiped clean or replaced.UEFI is a replacement for the traditional BIOS (Basic Input/Output System) and is meant to standardize modern computer firmware through a reference specification. But there are multiple companies that develop UEFI firmware, and there can be significant differences between the implementations used by PC manufactures.To read this article in full or to leave a comment, please click here

0

Plexxi Announces New Network Switch Series to Power the Next Era of IT

Its not very often that something comes along that has the potential to be transformative through a new and truly differentiated approach. With Plexxi’s announcement this morning of our new Switch 2 Series , coupled with Plexxi Control and Plexxi Connect, we’re making strides to change the way networks function to support the business. Based on the needs of individual data and application workloads, the Switch 2 Series uses the innovation of Plexxi Control to dynamically change fabric topology in real time, intelligently forwarding traffic and delivering needed network capacity.

The next era of IT is being forged by the evolution of virtualization, hyperconvergence, Big Data and scale-out applications. Storage and compute have rapidly evolved over the last decade to keep pace but networking architectures have remained relatively unchanged.

Here is the evolution of networking, as we see it:

Platform One:

The network has, for decades, been built in the same multi-tier (core, leaf/spine) approach making it static and defined by it’s physical cabling.  This architecture was perfectly suited for stationary users and non-mobile applications, which created predictable north/south traffic. The traditional approach for introducing new applications in platform 1 was to “pour” them into the static network, and then Continue reading

0

‘Morpho’ group goes after corporate IP

Symantec has identified a group of cybercriminals, whom they've named "Morpho," as targeting corporate intellectual property for financial gains, with Twitter, Facebook, Apple and Microsoft among those hit."Attackers going after intellectual property is not that usual," said Vikram Thakur, senior manager at Symantec.However, those attackers tend to be state-sponsored and target information or military or other strategic importance.MORE ON CSO: How to spot a phishing email "That kind of intellectual property is of high value to nations across the board," he said.To read this article in full or to leave a comment, please click here

0

Barcelona

The post Barcelona appeared first on 'net work.

0

Plexxi ‘Switch 2’ Adds a Layer-1 Wormhole

Plexxi tries to cut latency to the bone.

0

Workday bets on machine learning with new venture fund

There’s no shortage of software vendors paying lip service to data science in this analytics-infused era, but Workday is putting its money where its mouth is.On Tuesday, the company is announcing the launch of Workday Ventures, a new fund it will use to identify, invest in and partner with young startups that apply data-science and machine-learning in the areas of analytics, applications, security and platform technologies.“We believe the last 10 years of enterprise software have been about migration to the cloud,” said Dan Beck, senior vice president of technology products at Workday. “We think the next 10 years is going to be about machine learning and companies making sense of data.”To read this article in full or to leave a comment, please click here

0

Can You Avoid Networking Software Bugs?

One of my readers sent me an interesting reliability design question. It all started with a catastrophic WAN failure:

Once a particular volume of encrypted traffic was reached the data center WAN edge router crashed, and then the backup router took over, which also crashed. The traffic then failed over to the second DC, and you can guess what happened then...

Obviously they’re now trying to redesign the network to avoid such failures.

Read more ...

0

HP Adds NEC As an OpenNFV Partner

Bit by bit, an NFV ecosystem takes shape.

0

Checking Faulty Cables

I recently had to work with a 3rd part to diagnose a link between our devices and came across this handy command. The link in question was a pretty hefty (75m-ish) UTP cable run between a Cisco and HP switch. I have visibility of the Cisco switch, into the structured cabling into the patch panel, and the 3rd parties cable. Unfortunately I didn’t have a DC Operations tech with access to a Fluke, or the ability to interpret the output of a Fluke, but they did have a laptop with a 100Mbps NIC (this becomes important later on).

So I started by running the diagnostic on the production connection. It’s not working, so I don’t have to worry about taking stuff down. This gives me the following:

test cable-diagnostics tdr interface gi7/21
TDR test started on interface Gi7/21
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.

switchA#show cable-diagnostics tdr interface gi7/21

TDR test last run on: July 09 10:30:20
Interface Speed Pair Cable length Distance to fault Channel Pair status
——— —– —- ——————- ——————- ——- ————
Gi7/21 auto 1-2 77 +/- 6 m N/A Invalid Continue reading