Researchers show that IoT devices are not designed with security in mind

In the latest blow to Internet of Things (IoT) security, an analysis of smart home devices has found flaws that could give attackers access to sensitive data or allow them to control door locks and sensors.The research was performed by a team from application security firm Veracode for six up-to-date devices acquired in December and found serious issues in five of them. The tested devices were the Chamberlain MyQ Garage, the Chamberlain MyQ Internet Gateway, the SmartThings Hub, the Ubi from Unified Computer Intelligence Corporation, the Wink Hub and the Wink Relay.All of these devices enable remote control and monitoring over the Internet of various home automation devices and sensors, including door locks, interior switches and power outlets. Most of them connect to cloud-based services and users can interact with them through Web portals or smartphone applications.To read this article in full or to leave a comment, please click here

The Zen of Sailing Through IT Projects

For those of you who have worked in large companies, it’s common territory to be stuck riding waves on a ship without a sail. Said ship also has its anchor out, but the deck hands have forgot about that and the captain never logged it. The anchor is being dragged around due to the ship bobbing up and down on the waves, dragging a number of artifacts along at the same time and giving some image of movement. Sometimes the ship and crew head in the right direction but no one really knows what that is due to the ever whirring compass from a dodgy purchase and blocked views of the stars due to persistent clouds.

Fear not, this isn’t a terribly written nautical blog or a write up of a lost ship; it’s a description of a large-scale enterprise IT project.

This one particularly made me laugh. A lot of projects feel like this!

Waterfalls

In software development, there are numerous approaches to projects. A well known one is the waterfall method. It starts at the top follows a sequential path through the various phases. This methodology is unconsciously followed in enterprise projects through initiation, discovery, design, deployment and Continue reading

Wireshark tid-bit: Use the command line

Soha Launches Cloud Security Service Backed By Andreessen Horowitz

A Tor for enterprise applications?

Review: Logitech MX Master wireless mouse

The scoop: MX Master wireless mouse, by Logitech, about $100What is it? Logitech calls the MX Master “The Precision Instrument for Masters of Their Craft,” implying that this is for workers or users who need specific, precise mousing movements, as well as a large number of buttons for customized computer actions. The wireless mouse also includes two options for connectivity - you can connect up to three computers via Bluetooth or you can use the traditional USB dongle, which Logitech calls the “Logitech Unifying Receiver.”MORE: 10 mobile startups to watch Why it’s cool: In addition to the standard left, right and middle buttons (the middle button is activated by pushing down on the middle scroll wheel), the MX Master includes a thumb scroll wheel on the side (for scrolling horizontally), two other buttons on the thumb area (for back-and-forward web browsing actions) and a new “gesture button” located in the area where your thumb would rest. Actions for these buttons are enabled through Logitech’s “Options” software, which you can download from the company’s web site. The software offers a range of customization options, everything from changing the direction of the scroll, speed of the mouse, sensitivity and Continue reading

EIGRP “FD is Infinity”

Let’s take a look at EIGRP and the state a route can get into where EIGRP tells you “FD is Infinity”.

First of all, every EIGRP speaker maintains a local database called the EIGRP topology table which holds a copy of every route received from every neighbor and every route being advertised by the local system. EIGRP performs its best-path decision process on the entries in this table in order to determine which routes are the best and then hands those best routes to the Routing Information Base (the RIB). By inspecting the entries in this table, you can see things like:

1. Bandwidth, Load, Delay, Reliability – the values to go into computing the composite metric
2. The actual composite metric that the local system has calculated
3. The composite metric that the neighbor calculated
4. Whether the route is internal or external
5. A list of all neighbors that advertised the route (neighbor’s router ID)
6. The feasible distance (FD) for the route
7. The metric for the route as seen in the RIB

I’ve used superscript numbers (^x) in the output below to indicate where each item in the list above is found.

R12#show ip eigrp topology 10.1.11.0/24
EIGRP-IPv4  Continue reading

Learning from Germanwings

On the 24th of March, the pilot of Germanwings flight 4U9525 into a field, killing everyone on board, including himself. This is a human tragedy — beyond what many of us will experience in our lifetimes. But it’s also an important object lesson to those of us who live in the world of engineering. Think through the entire realm of airline safety that has been put into place since the terrorist attacks on the 11th of September in 2001.

• Advanced scanning machines (which are not without their own share of controversy)
• Increased security inside the airplane, including locked cockpit doors
• Stricter regulations on liquids carried onto the airplane
• Removal of electronic items from bags so they can be independently assessed

The list feels almost endless to the person on the receiving end of all these new measures. The pilot, in this case, either bypassed the protection, or used it to his advantage. Advanced scanning machines, liquids restrictions, and laptop inspections can’t prevent someone intent on harming lots of people if they have control of the airplane itself. The locked cockpit door just created a “safe space” in which the co-pilot could work his plan out.

So what’s the point of Continue reading

Detecting empty files in awk

Getting Ansible to talk to your Cisco devices

As a listener to the podcast you’ve probably heard about Ansible once or twice already. In short Ansible is a simple IT automation tool. It’s often mentioned together with Puppet, however a big difference is that Ansible is agentless. Using Puppet assumes that you have a Puppet agent installed on the nodes that you want […]

Author information

Patrick Ogenstad

Sr. Network Engineer at Netsafe

I've been working as a consultant since 1998, and have had a lot of different roles throughout the years. My main interests have been around security and automation. I love developing things which help us in the industry and have released open source tools since 2004, the most popular one being SYDI. Currently I'm really enjoying the trend with SDN and tools such as Ansible and Puppet. I'm based i Stockholm, Sweden. More of my writings can be found at Networklore.

TwitterLinkedIn

The post Getting Ansible to talk to your Cisco devices appeared first on Packet Pushers Podcast and was written by Patrick Ogenstad.

Article: Is NFV Relevant for Enterprise Networks?

Network Computing recently published my “Yes, NFV Is Important For The Enterprise” article. Short summary: NFV is (like BGP and MPLS) yet another technology that is considered applicable only to service provider networks but makes great sense in some enterprise contexts.

I’ll talk about enterprise aspects of NFV at Interop Las Vegas, and describe some NFV technical details and typical use cases in an upcoming webinar.

HTIRW: Reality at the Mic (2)

Last time we talked about a few things that go wrong in the IETF — this time we’ll talk about a few more things that can go wrong. Boiling the Ocean. Engineers, as a rule, like to solve problems. The problem is we often seem to think the bigger the problem, the better the solution. […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

TwitterGoogle+LinkedIn

The post HTIRW: Reality at the Mic (2) appeared first on Packet Pushers Podcast and was written by Russ White.

All About That YANG at the 92nd IETF Meeting

I was at the 92nd IETF meeting in Dallas a few weeks ago. I attended 16 sessions, mostly in the routing area, and every single one had a discussion about the YANG data model (indeed most had several such discussions). 

YANG is the data modeling language for the NETCONF protocol. NETCONF/YANG was picked by the Interface to Routing System (I2RS) Working Group for an SDN controller to interact with IP/MPLS routers. It makes an IP/MPLS network programmable. There are other IETF protocols in play as well, such as Path Computation Element Protocol (PCEP). To make SDN management and orchestration (MANO) service aware, we need to bind these paths to the services they are intended for. This is where NETCONF/YANG data models come to the rescue. I was very pleased to see the attention NETCONF/YANG data models got at the IETF.  

One thing that can hinder quick adoption and implementation for some data models is competing proposals. Indeed, some camps have formed around competing proposals. This is not unusual in the IETF. Different Internet-drafts (documents intended to be adopted by Continue reading

Complaint alleges YouTube Kids pushes advertising content

The six-week-old YouTube Kids service is a “hyper-commercialized” environment that intermixes advertising and other programming in a way that deceives its target audience, a coalition of privacy and children’s advocacy groups said in a complaint to the U.S. Federal Trade Commission.Joining in giving YouTube Kids the big thumbs-down are the Center for Digital Democracy, the Campaign for a Commercial-Free Childhood and the American Academy of Child and Adolescent Psychiatry. They say the video app, targeted toward preschool children, blurs the lines between advertising and other programming using methods that are prohibited by federal regulations on commercial television.To read this article in full or to leave a comment, please click here

Cisco VIRL Exclude From Launch

Linux Australia breached, personal details leaked

The open-source and free software user group Linux Australia said personal information for attendees of two conferences it hosts may have been leaked after malware was found on one of its servers.The information may have included first and last names, postal and email addresses, phone numbers and hashed passwords, wrote Joshua Hesketh, Linux Australia’s president, on a message board. Financial data was not affected, he wrote.The breach affects those who registered for the group’s Linux conference over the last three years and for python programming conference Pycon Australia in 2013 and 2014, he wrote. Attendee data for those conferences was held on the compromised server.To read this article in full or to leave a comment, please click here

Samsung expects big drop in first-quarter profits

Samsung Electronics expects first quarter profits to drop by more than 30 percent, marking the sixth straight quarterly decline at the company, which is struggling to compete with Apple at the top of the smartphone market.Operating profit for the quarter, which included the key year-end sales period, will be around 5.9 trillion won (US$5.4 billion), a drop of just over 30 percent versus the last three months of 2013, while revenue is expected to be 47 trillion won, down 12 percent, the company said in its earnings guidance. It will report its full quarterly results at the end of the month.The profits outlook isn’t as bad as analysts had feared.To read this article in full or to leave a comment, please click here

Samsung expects big drop in first-quarter profits

Samsung Electronics expects first quarter profits to drop by more than 30 percent, marking the sixth straight quarterly decline at the company, which is struggling to compete with Apple at the top of the smartphone market.Operating profit for the quarter, which included the key year-end sales period, will be around 5.9 trillion won (US$5.4 billion), a drop of just over 30 percent versus the last three months of 2013, while revenue is expected to be 47 trillion won, down 12 percent, the company said in its earnings guidance. It will report its full quarterly results at the end of the month.The profits outlook isn’t as bad as analysts had feared.To read this article in full or to leave a comment, please click here

Samsung expects big drop in first-quarter profits

Samsung Electronics expects first quarter profits to drop by more than 30 percent, marking the sixth straight quarterly decline at the company, which is struggling to compete with Apple at the top of the smartphone market.Operating profit for the quarter will be around 5.9 trillion won (US$5.4  billion), a drop of just over 30 percent versus the first three months of 2014,  while revenue is expected to be 47 trillion won, down 12 percent, the company  said in its earnings guidance. It will report its full quarterly results at the  end of the month.The profits outlook isn’t as bad as analysts had feared.To read this article in full or to leave a comment, please click here

Samsung expects big drop in first-quarter profits

Samsung Electronics expects first quarter profits to drop by more than 30 percent, marking the sixth straight quarterly decline at the company, which is struggling to compete with Apple at the top of the smartphone market.Operating profit for the quarter will be around 5.9 trillion won (US$5.4  billion), a drop of just over 30 percent versus the first three months of 2014,  while revenue is expected to be 47 trillion won, down 12 percent, the company  said in its earnings guidance. It will report its full quarterly results at the  end of the month.The profits outlook isn’t as bad as analysts had feared.To read this article in full or to leave a comment, please click here

The Pentagon’s groundbreaking IPv6 project hasn’t broken much ground

The U.S. Department of Defense hasn’t followed through on its commitment to convert to IPv6, the new Internet standard designed to make room for an explosion of new connected devices.The DoD demonstrated IPv6 in 2008 but then disabled the technology because it didn’t have enough people trained to use it and was worried about potential security risks, according to a report by the Inspector General of the department. The Inspector General issued the report internally in December and on Monday released a redacted version to the public.The current Internet Protocol, IPv4, doesn’t meet battlefield needs, according to the report. Among other things, IPv6 would let troops quickly set up mobile, ad-hoc networks in the field. In addition, the slow transition to IPv6 has left the military without the expertise to identify malicious activity that uses the new protocol, the report said.To read this article in full or to leave a comment, please click here