Cisco backdoor still open, and other Black Hat news #BlackHat
In another memorable Black Hat security conference this week, vulnerabilities were found in products ranging from Cisco to Microsoft to Wi-Fi, and beyond.
Cisco backdoor still open
The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference.
More from Black Hat: Read more
Resources for helping Haiti
In the horrible aftermath of the earthquake that devastated Haiti, many people in IT and elsewhere want to do what they can to lend a hand without getting scammed. Our sister sites at IDG passed along this list of donation Web sites that are legit, and I am passing it along to you.
Haiti relief donation Web sites Read more
Tell us about your favorite IT gear
Do you have a favorite enterprise IT product you can't live without? Tell us about it and we'll share your raves with our readers.
Please send your submissions to Ann Bednarz at Network World by Feb. 1.
Items to address:
1. Please provide your name, title and employer.
2. What's your favorite product?
3. Why do you like it?
4. How has it helped you and/or your company?
5. How many years have you worked in IT?
6. What upcoming IT projects are you most excited about and why? Read more
$3.4B is Cisco's final offer
Cisco has raised its offer for videoconferencing company Tandberg to $3.4 billion, IDG News Service reports.
The previous offer was $3.0 billion, and Cisco had struggled to convince the shareholders that it was a fair price.
Obviously, Cisco's raise indicates that the company takes videoconfernecing pretty seriously, and that TelePresence is not enough.
Halloween treats at Network World
It's a full moon here at Network World, with Halloween stuff bursting forth from every page. Michael Cooney collected a dozen projects that seem to have been inspired by mad scientists. Keith Shaw pulls out the spooky sound effects for the annual podcast, "True Tales of Terrifying Security." Read more
Where to start Patch Tuesday cleanup?
I'm not sure there's any such thing as a small Patch Tuesday. Microsoft this week released 13 patches, many of them critical and many of them getting strong reactions among experts. Read more
Lotus says Microsoft's numbers are 'ridiculous and fabricated'
Network World's John Fontana writes:
Lotus Software GM Bob Picciano has grown tired of the "hot wind" blowing out of Redmond carrying claims that Exchange is displacing Notes and is singling out CEO Steve Ballmer and COO Kevin Turner as the main culprits spreading "ridiculous and fabricated" information.
Verizon speaks out against Nortel sale
Jim Duffy reports that Verizon has filed court documents opposing the sale of Nortel's enterprise business to Avaya.
Verizon fears that support contracts will end and cut off key customers, he writes. More importantly, Verizon says, "Communications networks critical to the operation of the federal government, and the defense, safety, health and security of the American public are at risk."
Read the full article.
Cisco fixes DoS vulnerability in routers and switches
Network World's Jim Duffy writes that Cisco has patched a software hole that could lead to a denial-of-service attack on routers and switches.
From the article:
The vulnerability allows attackers to manipulate the state of TCP connections, according to a Cisco security advisory released this week. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely.
Qwest second U.S. carrier to announce move to 100G
Verizon Business is testing 100 Gbps links, with the intent of deploying the technology in its backbone next year. Now, Brad Reed reports that Qwest is also upgrading its backbone to 100G. The company says the project will continue throughout 2010.
Analysts recently noted that 100G Ethernet equipment could go to market faster than 40G.
Wi-Fi's WPA encryption cracked in 60 seconds
You may remember that researchers last year cracked Wi-Fi's WPA encryption - which was supposed to be vastly improved over the previous standard, WEP.
But Japanese researchers "have taken the attack to a new level," cracking the code in a minute.
Good news / bad news on phishing
The good news, according to IBM, is that spam-based phishing attacks are down noticeably. The bad news is that this probably means attackers are just shifting to other methods for stealing personal data that are more effective.
Russian criminals are apparently the biggest believers in phishing, as Russia is the top country of origin for that type of attack.
Ellen Messmer has details.
Microsoft's newest virtualization software won't be at VMworld - why not?
Network World's John Fontana notes that Microsoft's newly updated System Center Virtual Machine Manager won't be in the company's booth at the VMworld show next week.
Why not? Microsoft is saying that it's VMware's show, and VMware has set rules that forbid Microsoft from showing the software. VMware, however, says it has no plans to enforce the restriction.
So what's Microsoft doing?
Windows WINS attacks coming from China
Yesterday, John Fontana reported that the vulnerability in the WINS service on Windows server was being exploited, and now researchers have found that the attacks are coming from China, despite some troubles with the undersea cables linking China to other parts of the world.
Poor password protection just makes it easier for the hackers
This week, blogger Jamey Heary marvels at just how easy it is for him to get his passwords reset. With information that could be found on an airline boarding pass, the gates can be opened.
More details here.
Black Hat roundup
In one of the more exciting Black Hat conferences in recent memory, researchers revealed holes in everything from SSL to Microsoft software to the iPhone's SMS. Here are some of the best stories from the conference: Read more
More holes found in SSL
The truth about new SSL attacks
New features can open up Cisco IOS to hackers
Targeted spam makes you feel important and knowledgeable. Not that you aren't
One of the editors here recently started receiving spam that doesn't really look like spam. It looks like a simple request for information, and there's no link to click. Here's a sample:
Do you have to dial a 1 on a wireless phone?
Since you have experience, I was hoping you could give me some clues as to what you look out for.
Any help would be appreciated.
Thanks.
Thankyou,
Tony
Seems harmless enough, right? And on its own, you might even be tempted to respond in a helpful way. Until you get this one a couple of hours later: Read more
PDF exploit in the wild, drops Trojan on users' systems
UPDATE: Ellen Messmer has a full story here.
Symantec issued this warning regarding Adobe Acrobat PDF files:
Symantec Security Response recently came into possession of an Adobe Acrobat PDF file that is exploiting a vulnerability and, when opening, drops and executes a malicious binary onto a user’s system. The malicious PDF files are detected as Trojan.Pidief.G and the dropped files as Trojan Horse.
Read more
America's 10 most wanted botnets
Botnets are emerging as the shadow network infrastructure of the Internet - the "botsphere," perhaps - one that is available for hire by spammers and others who would like to use a massive cloud-computing infrastructure for denial-of-service attacks and other shady dealings. Read more
5 technologies Iran uses to censor the Web #iranelection
We've heard a lot about the technologies - mainly Twitter - that Iranians have been using to communicate with each other and the rest of the world.
Now, Brad Reed looks at five of the technologies and techniques that the Iranian government uses to censor the Internet.
- About NetFlash
- Jeff Caruso is Executive Online Editor at Network World.
- Archives
- February 2010
- January 2010
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- January 2008
- November 2007
- October 2007
- September 2007
- On The Web
Sponsored Links
- Linux and Unix in Your Environment? Don’t Leave Security to Chance- Quest Software
- Securing Virtualized Data Centers - eBook - Trend Micro
- Efficiency goes up. Costs come down.- Microsoft
- SQL Server Experts: Virtually unstoppable- Microsoft
- Stay informed with custom newsletters from Tech Dispenser- Tech Dispenser
- Drive down operating expenses and mitigate risk with app centralization - Live May 12.- Juniper Networks
- The Next Generation of Content Security Has Arrived! Learn More!- Websense, Inc.
- Reduce costs by 49%, Increase capacity utilization by 33%. Make the HP LeftHand SAN work for you.- HP LeftHand SAN
- Connexion saves costs with Microsoft & Novell- Novell Microsoft
- Masters of Virtualization and Cloud Computing- Trend Micro
-
Network World, Inc
The Leader in Network Knowledge