NetworkingNexus.net

HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users

Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web services. The bug disabled the validation of digital certificates presented by servers when establishing secure HTTPS (HTTP over SSL/TLS) connections.This means that attackers in a position to intercept encrypted traffic between affected applications and HTTPS servers could decrypt and modify the data by presenting the app with a fake certificate. This is known as a man-in-the-middle attack and can be launched over insecure wireless networks, by hacking into routers and through other methods.To read this article in full or to leave a comment, please click here

HOL Head-of-line blocking

How does Internet work - We know what is networking

Head-of-line blocking (HOL blocking) in networking is a performance issue that occurs when a bunch of packets is blocked by the first packet in line. It can happen specially in input buffered network switches where out-of-order delivery of packets can occur. A switch can be composed of input buffered ports, output buffered ports and switch fabric. When first-in first-out input buffers are used, only the first received packet is prepared to be forwarded. All packets received afterwards are not forwarded if the first one cannot be forwarded. That is basically what HOL blocking really is.If there’s no HOL blocking happening,

HOL Head-of-line blocking

The Upload: Your tech news briefing for Tuesday, April 21

New mainframe can’t keep IBM sales from slidingIBM reported a 12 percent drop in revenue for the last quarter despite a big boost from its new z13 mainframe. Profit was down 5 percent to $2.4 billion on revenue of $19.6 billion. IBM said Monday that its cloud, analytics and mobile business increased more than 20 percent from a year earlier, but wasn’t enough to offset declines elsewhere.Google’s Mobilegeddon hits TuesdayIt’s here: the day that webmasters have called Mobilegeddon for its potentially cataclysmic effect on those who did not heed the warnings has arrived. On Tuesday, websites that aren’t sufficiently mobile-friendly will find themselves tumbling far down in Google’s search rankings.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, April 21

Mobile worker guilt hits most young workers

Most younger mobile workers feel guilty about using smartphones and smartwatches to do personal tasks while at work and for performing work at home when they should be taking care of their families or other duties.A new survey of 3,500 professionals -- mostly under age 34 -- conducted in the U.S. and five other countries found at least 58% said they have feelings of guilt in this hyper-connected world.ALSO ON NETWORK WORLD: How to lure tech talent with employee benefits, perks The survey, conducted by the Harris Poll for MobileIron, also found that 60% said they would leave their job if their boss didn't allow any remote work or restricted their ability to do personal tasks at work. The survey involved workers in the U.S. as well as France, Germany, Japan, Spain and the UK between December 2014 and January 2015.To read this article in full or to leave a comment, please click here

Tech’s ticking time bombs: The components you might (and might not) expect to wear out

Frequent failureImage by ENIAC used over 17,000 vacuum tubes. TexasDex/Wikipedia.The early computers of the vacuum-tube age were marvels of engineering for their time. Today, we can simultaneously appreciate the advances these computers represented, making previously unthinkable computational work possible, and chuckle at what to us seems like their ludicrous size and painfully slow processing speeds.To read this article in full or to leave a comment, please click here

Rearchitecting L3-Only Networks

One of the responses I got on my “What is Layer-2” post was

Ivan, are you saying to use L3 switches everywhere with /31 on the switch ports and the servers/workstation?

While that solution would work (and I know a few people who are using it with reasonable success), it’s nothing more than creative use of existing routing paradigms; we need something better.

Update 2015-04-22 14:30Z - Added a link to Cumulus Linux Redistribute Neighbor feature.

Google makes mobile websites more app-like with Chrome push notifications

Google has taken a big step in its efforts to make mobile websites act more like native applications on Android smartphones, by adding notifications to its browser.One of the most convincing arguments for building an application instead of a website has been the ability to send notifications to users. Google is hoping to narrow that advantage by adding the feature to version 42 of its Chrome browser for Android.As a result, Android developers no longer have to decide between the engagement potential of a native app and the reach of a mobile website, Google said in a blog post on Monday.To read this article in full or to leave a comment, please click here

Pica8 Digs Up Labeled BGP for Network Virtualization

As if VXLAN needed another rival. But labeled BGP, ancient by SDN standards, has carrier appeal, Pica8 claims.

To control your phone, just keep tapping it

If you’re tired of touching that touchscreen, try hitting your phone and making some noise.Researchers in South Korea have developed a sound-based method of controlling smartphones, and connected appliances, by tapping them.Graduate students from Seoul National University of Science and Technology are demonstrating an Android app called Sound Tap at the 2015 Computer-Human Interaction Conference (CHI) in Seoul this week.Sound Tap can be used to control a smartphone by tapping its rear surface with a finger once or twice, or by lightly striking the phone itself against various surfaces in the environment. Since the taps create unique frequencies, they can be used to trigger different functions on the phone, such as calling up browsers, photo galleries or music players.To read this article in full or to leave a comment, please click here

HOL Head-of-line blocking

How does Internet work - We know what is networking

HOL Head-of-line blocking

Huawei plans to offer public cloud service in China

Telecommunications equipment maker Huawei Technologies plans to launch a public cloud service in China in July, amid growing competition from local and foreign players.“We hope that once it launches, we can bring some surprises to all our enterprise customers,” said Eric Xu, Huawei’s acting CEO, on Tuesday at a company event for analysts.Xu provided few details, but said Huawei aimed to offer a unique service. In China, other large tech players have already entered the public cloud space, including Microsoft and Amazon.com.Chinese e-commerce giant Alibaba Group is currently the leading player, according to Forrester Research. And in March, it announced it would enter the U.S. cloud computing market.To read this article in full or to leave a comment, please click here

Bedep’s DGA: Trading Foreign Exchange for Malware Domains

As initially researched by Trend Micro [1] [2], Zscaler [1] [2], Cyphort, and Malware don’t need Coffee, the Bedep malware family focuses on ad / click fraud and the downloading of additional malware. ASERT’s first sample dates from September 22, 2014, which is in line with when Trend Micro started seeing it in their telemetry. In early 2015, the family got some more attention when it was being observed as the malware payload for some instances of the Angler exploit kit, leveraging the Adobe Flash Player exploit (CVE-2015-0311) which at the time was a 0day. It was also observed that this newer version was using a domain generation algorithm (DGA) to generate its command and control (C2) domain names.

This post provides some additional notes on the DGA including a proof of concept Python implementation, a look at the two most recent sets of DGA generated domains, and concludes with some sinkhole data.

Samples

The following Bedep samples were used for this research:

MD5 e5e72baff4fab6ea6a1fcac467dc4351
MD5 1b84a502034f7422e40944b1a3d71f29

The former was originally sourced from KernelMode.

Algorithm

I’ve posted a proof of concept (read: works for me) Python implementation of the DGA to ASERT’s Github.

At the time of Continue reading

Qualcomm looking to fast-track Snapdragon 820 with help from Samsung

A plan by Qualcomm to get Samsung Electronics to make its Snapdragon 820 chip could lead to faster smartphones, offering longer battery life by early next year.The chip company will get its top-line device manufactured in factories belonging to Samsung, according to a news report by Re/code. The South Korean company will make the Snapdragon 820 chip using the 14-nanometer process, which will also be used to make Apple’s next A9 chip.The Snapdragon 820 chip was announced last month at Mobile World Congress and is expected to start shipping later this year. Qualcomm hasn’t shared information about where it will be manufactured, but Samsung’s 14-nm process will provide big performance and power advantages over current Snapdragon chips.To read this article in full or to leave a comment, please click here

Qualcomm looking to fast-track Snapdragon 820 with help from Samsung

Intel and Ericsson Deepen Ties in Managed Security Services

Another partnership between the two giants, this time targeting telco-managed security.

Using the POX SDN controller

In this tutorial, we will demonstrate basic software-defined networking (SDN) concepts using the POX SDN controller, POX components, and the Mininet network simulator.

Pox-050b

We will show how to use the POX SDN controller to create software defined networks that can be used to forward packets from one host to another and create flows on the SDN switches in the network. We will use the Mininet network simulator to create the network of emulated SDN switches and hosts that will be controlled by the POX SDN controller.

About Mininet

Mininet is an open-source network simulator designed to support research and education in the topic of software defined networks. If you are not already familiar with Mininet, you should review the following posts before starting this tutorial:

More information about Mininet is available at the Mininet web site.

About POX

POX provides a framework for communicating with SDN switches using either the OpenFlow or OVSDB protocol. Developers can use POX to create an SDN controller using the Python programming language. It is a popular tool for teaching about and researching software defined networks and Continue reading

Pushdo spamming botnet gains strength again

Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down.At one time, Pushdo-infected computers sent as many as 7.7 billion spam messages per day. Security analysts have tried to kill it four times by commandeering its infrastructure, but a new version of the malware has emerged once again, with high concentrations of infections in countries such as India, Indonesia, Turkey and Vietnam.“Pushdo was very successful in what it did, so coming up with various revisions or versions of it makes a lot of sense for the bad guys,” said Mike Buratowski, vice president of cybersecurity services at Fidelis Cybersecurity, based in Austin, Texas.To read this article in full or to leave a comment, please click here

Great customer experience is an elusive goal

Every company says it wants to provide a top-notch customer experience; how many actually do is another matter.To wit: Although improving the customer experience is a strategic priority at a full 73 percent of businesses surveyed for a new Forrester Research report released Monday, only 1 percent of companies currently deliver an excellent experience, the study found.That’s a problem, Forrester says, because customer experience (sometimes called CX) has become a more strategic imperative than ever.“Growth is now the top priority for business leaders, and to achieve that you have to improve customer experience,” said Kyle McNabb, a vice president of research strategy with Forrester. “Traditionally we’ve all worked toward metrics like ROI, but now the metric is impact on experience.”To read this article in full or to leave a comment, please click here

IBM sales dip 12 percent despite lift from new mainframe

IBM reported a 12 percent drop in revenue for the last quarter despite a big boost from its new z13 mainframe, which went on sale last month.Revenue for the quarter ended March 31 was $19.6 billion, with profit down 5 percent to $2.4 billion, IBM announced Monday.Two-thirds of the company’s business comes from overseas, and the strong U.S. dollar weighed on its results. Without the currency impact, and adjusting for businesses that IBM recently sold off, revenue would have been flat from a year ago, CFO Martin Schroeter said on IBM’s earnings call.Like its rival Hewlett-Packard, IBM has been watching its business shrink for several quarters as customers spend less on expensive hardware and IT services and devote more to cloud computing and mobile.To read this article in full or to leave a comment, please click here

« Previous 1 … 3,524 3,525 3,526 3,527 3,528 … 3,835 Next »