Route Hijacking of Sensitive Network Traffic Highlights BGP Security Issues

Route Hijacking of Sensitive Network Traffic Highlights BGP Security Issues

by Cengiz Alaettinoglu, CTO - April 15, 2015

Last month web traffic designated for some highly sensitive UK entities – including the nuclear weapons agency that provides and maintains warheads for the Royal Navy – was routed through Ukrainian and Russian telecoms before arriving at its original destination. This route hijacking was the result of a bad route announced by Ukraine's Vega telecom. As Russell Brandom, describing the incident for The Verge, wrote: “It's still likely that the redirection was simply an innocent error, but it underscores the insecure nature of the global routing system.” 

I couldn’t agree more and is why I recently wrote an article for Network Computing describing the security vulnerabilities of BGP. In this piece, I outlined the types of BGP incidents (including route hijacking), described several malicious ones perpetrated in recent years, and explained two efforts by the IETF over the years to fix BGP, with limited success. I also discussed how SDN and route analytics can help.

Check out the article and the thoughtful comments from readers as well. As I state at the end of the article, to stop BGP security Continue reading

Intel sales sag under PC slowdown

The PC business enjoyed a bit of a revival last year as companies replaced older systems running Windows XP. Those upgrades are mostly done now, and the slower market has hit Intel’s financial results.The chip maker reported first-quarter revenue of $12.8 billion on Tuesday, flat from the same quarter last year and a bit lower than financial analysts had been expecting, according to a poll by Thomson Reuters.Intel blamed lower than expected sales of business PCs but said the decline was offset by strong sales of servers and other data center products. The company had already cut its forecast for the quarter last month.To read this article in full or to leave a comment, please click here

Percona expands into NoSQL turf with TokuDB purchase

Expanding from its roots as a MySQL software vendor, Percona has also added the MongoDB to the roster of open source databases it supports, thanks to its acquisition of open source database software specialist Tokutek.With the purchase, “we’re becoming more of a database performance business rather than one focusing on a particular type of technology like MySQL,” said Jim Doherty, Percona chief marketing officer. “We’re broadening the scope of our technologies to better serve our customers and the market.”Tokutek offered a commercially supported distribution of the open source MongoDB NoSQL database, TokuMX. Percona will continue to offer TokuMX alongside its own enterprise-grade edition of the open source MySQL database, called Percona Server, which is a competitor to Oracle’s own MySQL commercial distribution.To read this article in full or to leave a comment, please click here

We weren’t kidding about Microsoft’s startup shopping spree

As I wrote last week ("What's behind Microsoft's not-to-crazy startup spending spree?"), the Redmond company has been making acquisitions at an historic rate to start the calendar year. And today we hear that Microsoft has consumed yet another firm: Datazen, a Toronto maker of mobile business intelligence and data visualization technology for Windows, iOS and Android devices.  Datazen Datazen analytics for mobile devicesTo read this article in full or to leave a comment, please click here

Microsoft Patch Tuesday: The patches just keep coming

For Microsoft, the vulnerabilities just keep popping up, and appear to be surfacing more quickly than ever before.Like last month, Microsoft issued a fairly large number of security bulletins for April Patch Tuesday—11 bulletins addressing 26 vulnerabilities. Last month brought 14 bulletins from Microsoft, covering 43 vulnerabilities.A year ago, Microsoft’s monthly bulletins tended to be fewer in number, usually in the single digits, noted Wolfgang Kandek, chief technology officer for IT security firm Qualys.To read this article in full or to leave a comment, please click here

Microsoft scoops up Datazen to help mobilize BI

Microsoft has been nothing if not voracious this year when it comes to acquiring promising young companies, and on Tuesday it snatched up yet another: Datazen Software, which focuses on mobile business intelligence.Datazen’s technology will complement Microsoft’s cloud-based Power BI business-analytics service with mobile BI capabilities that are designed for on-premises implementation and optimized for SQL Server, Kamal Hathi, Microsoft’s partner director for cloud and enterprise, wrote in a blog post announcing the news.To read this article in full or to leave a comment, please click here

The future is now: You may already be using IPv6

You’ve probably heard about the looming shortage of Internet addresses, even if you’ve never gone looking for one. But depending on what websites you visit and how you get to them, you may be helping to solve it.If you go to Google or Facebook through a major carrier in the U.S., Germany or France, for example, there’s a decent chance you’re using IPv6 [Internet Protocol, Version 6], the next-generation system that has so many addresses that the world may never use them up. Though it’s pretty much invisible to end users, the new protocol is already making service providers’ networks run better and may be speeding up your connections, too.“I think a lot of people don’t realize how much IPv6 there is out there,” said Mat Ford, technical program manager of the Internet Society, the organizer of World IPv6 Launch.To read this article in full or to leave a comment, please click here

Apple’s ResearchKit is here, now open your iPhone and say ‘ah’

An Apple a day keeps the doctor away, unless that doctor is now gathering your health data through your Apple iPhone.Apple is embarking on its boldest push yet into health, with a new open source framework for letting medical researchers and software developers gather health data from iPhone owners and build health-related apps. Apple officially opened the framework, called ResearchKit, to all researchers and software developers on Tuesday, after announcing it at an event in March.The idea behind ResearchKit is that, given the iPhone’s prominence, it will allow for much more health data to be collected than through typical studies, helping researchers and clinicians to increase their understanding of diseases and health conditions. Researchers can tap into the framework to gather the data it has collected, while third-party app developers can build health-related apps on top of it.To read this article in full or to leave a comment, please click here

Lessons from Altoona: What Facebook’s newest data center can teach us

Over the past year, Facebook has thrown some interesting wrenches into the gears of the traditional networking industry. While mainstream thinking is to keep most details of your network operations under wraps, Facebook has been freely sharing its innovations. For a company whose business model is built on people sharing personal information, I suppose this makes perfect sense.What makes even more sense is the return Facebook gets on their openness. Infrastructure VP Jason Taylor estimates that over the past three years Facebook has saved some $2 billion by letting the members of its Open Compute Project have a go at its design specifications.To read this article in full or to leave a comment, please click here

Web app attacks, PoS intrusions and cyberespionage leading causes of data breaches

Web application attacks, point-of-sale intrusions, cyberespionage and crimeware were the leading causes of confirmed data breaches last year.The findings are based on data collected by Verizon Enterprise Solutions and 70 other organizations from almost 80,000 security incidents and over 2,000 confirmed data breaches in 61 countries.According to Verizon’s 2015 Data Breach Investigations Report, which analyzes security incidents that happened last year, the top five affected industries by number of confirmed data breaches were: public administration, financial services, manufacturing, accommodations and retail.Humans were again the weak link that led to many of the compromises. The data shows that phishing—whether used to trick users into opening infected email attachments, click on malicious links, or input their credentials on rogue websites—remains the weapon of choice for many criminals and spies.To read this article in full or to leave a comment, please click here

U.S. business group urges China to loosen data-storage policies

Chinese security policies are threatening to push foreign businesses out of the country’s IT sector by restricting the way data is stored, according to a U.S. lobbying group.On Tuesday, the American Chamber of Commerce in China issued a report urging the country to change the policies. Increasingly, the Chinese government is enacting regulations to address national security concerns at the cost of hampering its own economy, the lobbying group warned.China has been recently reviewing an antiterror law that could require tech companies to give up encryption keys to the authorities.To read this article in full or to leave a comment, please click here

US Navy researchers get drones to swarm on target

The Office of Naval Research today said it had successfully demonstrated a system that lets small-unmanned aircraft swarm and act together over a particular target.The system, called Low-Cost UAV Swarming Technology (LOCUST) features a tube-based launcher that can send multiple drones into the air in rapid succession. The systems then use information sharing between the drones, allowing autonomous collaborative behavior in either defensive or offensive missions, the Navy said.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2014+To read this article in full or to leave a comment, please click here

Three new lawsuits challenge FCC’s net neutrality rules

The rush is on to sue the U.S. Federal Communications Commission over its net neutrality rules, with three trade groups filing legal challenges Tuesday.The agency now faces five lawsuits related to the regulations.Mobile trade group CTIA, cable trade group the National Cable and Telecommunications Association [NCTA] and the American Cable Association, which represents small cable operators, all filed lawsuits Tuesday.The three new lawsuits all challenge the FCC’s decision to reclassify broadband as a regulated, common-carrier service, reversing a long-standing agency position that it is a lightly regulated information service. The CTIA lawsuit also focuses on the reclassification of mobile broadband.To read this article in full or to leave a comment, please click here

Three new lawsuits challenge FCC’s net neutrality rules

The rush is on to sue the U.S. Federal Communications Commission over its net neutrality rules, with three trade groups filing legal challenges Tuesday.The agency now faces five lawsuits related to the regulations.Mobile trade group CTIA, cable trade group the National Cable and Telecommunications Association [NCTA] and the American Cable Association, which represents small cable operators, all filed lawsuits Tuesday.The three new lawsuits all challenge the FCC’s decision to reclassify broadband as a regulated, common-carrier service, reversing a long-standing agency position that it is a lightly regulated information service. The CTIA lawsuit also focuses on the reclassification of mobile broadband.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Google running late to the enterprise mobility party

Android has a bad reputation when it comes to security, which is unfortunate because it's the biggest mobile platform around in terms of market share. Gartner says Android claimed 80.7% of the worldwide smartphone market in 2014. We know that the BYOD trend has sparked a dramatic rise in personal mobile devices being used for work, and the bulk of those devices are running Android. As the most popular mobile platform around, it's inevitable that Android is going to be targeted by cybercriminals. Cisco's 2014 Annual Security Report found that 99% of mobile malware in 2013 targeted Android devices.To read this article in full or to leave a comment, please click here

Update: That shocking video about ESD

Yesterday we posted a collection of anecdotes from IT pros telling of the times they have witnessed – or have claimed to have witnessed – damage done by electrostatic discharge (ESD).Only this morning did I remember this semi-famous YouTube video – seen 2 million-plus times – and that I did a post about it a few years back: There was considerable debate in 2013 about whether the guy in the video was shocking himself on purpose or for the laughs. So I emailed him and asked. He insisted it was legit.To read this article in full or to leave a comment, please click here

Going Out With Style

720367_54066174

Watching the HP public cloud discussion has been an interesting lesson in technology and how it is supported and marketed. HP isn’t the first company to publish a bold statement ending support for a specific technology or product line only to go back and rescind it a few days later. Some think that a problem like that shows that a company has some inner turmoil with regards to product strategy. More often than not, the real issue doesn’t lie with the company. It’s the customers fault.

No Lemonade From Lemons

It’s no secret that products have a lifespan. No matter how popular something might be with customers there is always a date when it must come to an end. This could be for a number of reasons. Technology marches on each and every day. Software may not run on newer hardware. Drivers may not be able to be written for new devices. CPUs grow more powerful and require new functions to unlock their potential.

Customers hate the idea of obsolescence. If you tell them the thing they just bought will be out-of-date in six years they will sneer at you. No matter how fresh the technology might be, the idea Continue reading

1 3,545 3,546 3,547 3,548 3,549 3,848