Slashdot Mirror

Yannis B. writes "This week, a group of leading technology vendors that includes Cisco, Sun, Ericsson, Atmel, Freescale, and embedded open source developers, founded the Internet Protocol for Smart Objects Alliance to promote the 'Internet of Things,' in which everyday objects such as thermometers, radiators, and light switches are given IP addresses and are connected to the Internet. Such IP-enabled 'smart objects' give rise to a wide range of applications, from energy-efficient homes and offices to factory equipment maintenance and hospital patient monitoring. For Slashdot readers who are interested in the underlying technology, a white paper written by well-known embedded open source developer Adam Dunkels and IETF ROLL working group chair JP Vasseur establishes the technical basis of the alliance (PDF)."

Danny Rathjens writes "In the continuing trend of big companies buying out small companies with open source products, Cisco has announced that they are buying Jabber. The press release doesn't really talk about the open source aspect of Jabber, and Jabber's website doesn't mention the news yet. I'm sure the question many of us have is whether Jabber's open source status will be changed in any way due to the purchase." Reader Eddytorial had this to contribute: "eWEEK offers a good look into how Jabber's messaging client will fit into Cisco Systems' overall 'presence' strategy in its market wars with Avaya, Microsoft, Nortel, and others. Cisco, which already had a basic instant messaging option, but one that didn't scale for an enterprise nearly as well as Jabber's, has just about everything else in place." It's also worth noting that Cisco open-sourced Etch in recent months.

symbolset writes "InternetNews is reporting that Cisco's new Application eXtension Platform turns several models of Cisco switches into Linux application servers. With certified libraries in C, Java and Perl, developers will be able to use a downloadable SDK to build their apps. The AXP server is just another module in a Cisco switch running Cisco's own derivation of a modern Linux distro (Kernel 2.6.x) specifically hardened to run on that particular hardware. Modules will include up to 1.4-GHz Intel Pentiums with 2 GB RAM and a 160 GB hard drive."

symbolset writes "InternetNews is reporting that Cisco's new Application eXtension Platform turns several models of Cisco switches into Linux application servers. With certified libraries in C, Java and Perl, developers will be able to use a downloadable SDK to build their apps. The AXP server is just another module in a Cisco switch running Cisco's own derivation of a modern Linux distro (Kernel 2.6.x) specifically hardened to run on that particular hardware. Modules will include up to 1.4-GHz Intel Pentiums with 2 GB RAM and a 160 GB hard drive."

Joe Mullin writes "We've discussed Troll Tracker here before — the anonymous blogger who was outed last month as Rick Frenkel, a Cisco lawyer. Since then, two lawyers from the notoriously patent-friendly Eastern District of Texas have filed defamation suits against Frenkel and Cisco, and Frenkel's blog has been shuttered. One of the plaintiffs, a renowned patent judge's son, may have been hunting the anonymous blogger for months. This week Cisco announced new blogging guidelines in response to the Troll Tracker fiasco. The company acknowledged that 'a few Cisco employees used poor judgment' during secret-blog-time, but they're largely standing by their man. Cisco's new rules will prohibit only anonymous blogging by employees about issues for which 'they have responsibilities at Cisco.'"

gattaca writes "Cisco has announced a confirmation of an unpatched denial of service vulnerability in Cisco IOS. From the NetPro Forum post: 'I have just discovered a regular expression that crashes the router. I suspect the error is because of division by zero. Since I work for the Enterprise, I do not have direct access to TAC. Please somebody report this to Cisco. I have tested it on ranges of routers (2611, 2821, 2851, 7206) and IOSes (12.0-12.4). All routers crashed with some type of BUS ERROR. Command can be issued in user mode, therefore I think it can be considered as vulnerability to potentially cause DOS.'" Of course, the command has to be entered in user mode, so while potentially a vulnerability, chances are your local IOS-based router won't be DoSed via the bug any time soon.

gattaca writes "Cisco has announced a confirmation of an unpatched denial of service vulnerability in Cisco IOS. From the NetPro Forum post: 'I have just discovered a regular expression that crashes the router. I suspect the error is because of division by zero. Since I work for the Enterprise, I do not have direct access to TAC. Please somebody report this to Cisco. I have tested it on ranges of routers (2611, 2821, 2851, 7206) and IOSes (12.0-12.4). All routers crashed with some type of BUS ERROR. Command can be issued in user mode, therefore I think it can be considered as vulnerability to potentially cause DOS.'" Of course, the command has to be entered in user mode, so while potentially a vulnerability, chances are your local IOS-based router won't be DoSed via the bug any time soon.

LordNikon writes "According to this CERT advisory: 'Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.' A proof of concept affecting IIS is already being posted to security mailing lists. Cisco IPS and other IDS products are also affected." The CERT advisory lists 93 systems, with 6 reported as vulnerable (including 3com, Cisco, and Snort), 5 known not vulnerable (including Apple and HP), and the rest unknown.

Dekortage writes "The day after Apple announced its iPhone, Cisco sued over the name. Mark Chandler, Cisco's SVP and General Counsel, has posted an explanation of the suit on his blog: 'For the last few weeks, we have been in serious discussions with Apple over how the two companies could work together and share the iPhone trademark. ...I was surprised and disappointed when Apple decided to go ahead and announce their new product with our trademarked name without reaching an agreement. It was essentially the equivalent of "we're too busy."' What did Cisco want? '[We] wanted an open approach. We hoped our products could interoperate in the future.'" Another reader wrote to mention that already, Cisco's trademark might be in trouble in Europe.

Slashback tonight brings some correction, clarifications, and updates to previous Slashdot stories, including more news from the BlackBerry case, a follow up on the South Korean Cloning pioneer, China promising a strong continuation in space exploration, a behined the scenes look at Smart Hotel technology, a change in direction for the Massachusetts OpenDocument war, and a slightly different approach to the intelligent design in schools question. Read on for the details.

BlackBerry closer to a shutdown. WebHostingGuy writes to tell us MSNBC is reporting that Research in Motion Ltd, the company who makes the BlackBerry is nearer now to a shutdown of their US mobile email service than ever due to the recent ruling handed down. From the article: "U.S. District Judge James Spencer Wednesday ruled invalid a $450 million settlement between RIM and NTP Inc., a small patent holding firm of McLean, Va., that maintains the technology behind the popular BlackBerry infringes on its patents."

Cloning pioneer admits to wrongdoing and resigns. moraes writes "The first research group to clone human embryos ran into some ethical difficulties concerning the source of the eggs - allegations were made indicating that the eggs were taken from junior research assistants. The South Korean pioneer, Hwang Woo Suk, has since resigned his official posts and apologized for lying about the sources of eggs used.."

China on the moon by 2020. IZ Reloaded writes "China will send its astronauts to the moon by 2020 according to the Deputy Commander in Chief of China's manned space flight program. Hu Shixiang said that the goal is subject to the government's funding and their ability to build a rocket with 25 tons capacity."

Behined the scenes with Cisco. molotov writes "Cisco installed the system described in the recent Slashdot article about Smart Hotel Rooms in New York City and has a great video about the technology used in a similar project for the Mandarin Oriental Hotel."

Massachusetts gives Microsoft a second chance. An anonymous reader writes "CNet is reporting that Massachusetts is considering adopting the MS Office XML format as a standard to be used to store the state's documents now that it is under review as an ECMA standard. From the article: 'The commonwealth is very pleased with Microsoft's progress in creating an open document format. If Microsoft follows through as planned, we are optimistic that Office Open XML will meet our new standards for acceptable open formats.' Microsoft still does not intend to support the OpenOffice standard." IBM also took the time to weigh in on the issue with a recent letter to Thomas Trimarco.

University sued for supporting evolution. Hikaru79 writes to tell us that two parents are suing the University of California-Berkeley based on the contents of a website aimed at educating teachers. From the article: "Jeanne and Larry Caldwell, the couple bringing the suit against the site, claim that the site delves improperly into religion. While most debates center around whether or not Intelligent Design is "religion in the classroom," the Caldwells are looking to spin it the other way."

lukOh asks: "in the US, 802.11b/g (2.4Ghz) devices use an 83Mhz-wide frequency range; in-use channels spanning 22Mhz and centered on one of 11 5Mhz steps (badly named as "channels"). This means there should be no more that 3 networks in close proximity, 5 'channels' far from each other, to avoid harmful interference. Now, in the middle of the mixed area where I am, the number of usable WLANs (SNR>20dBm) has gone from 10 to an unworkable number of 20, in just one month. Has the community/the market overestimated the practicality of wireless networks? Are we generally relying too much on such a young, IMHO immature technology made on 'startups hope' and broken firmwares? How can this mess possibly be handled in a working environment, especially the moment your boss asks you to give him access to 'the wireless'?" "Access points can be easily detected, but the same isn't always true for every single client (or Bluetooth device) searching or using a network. Bluetooth itself employs the same 2.4Ghz range with 1Mhz-wide channels and much less power. To avoid interference a device jumps channel-to-channel, when the currently selected one is busy.

Most WLANs are managed by less-than-perfect SOHO access points. Connecting to an AP in such an environment is a gamble (even from 1ft away), especially when: WPA/WPA2 must be used; 802.11g stability is a dream; anywhere up to 7 networks are on the same 'channel' (1 and 11, being the most used, are standard on many devices); and now 'channel wars' are very common (i.e. 2 or more users concurrently hunting to set a free channel for their network, making the entire range unusable for hours)."

nevermindme writes "Cisco has agreed to plunk down a whopping $6.9bn for Scientific-Atlanta, hoping to take a major share of the set-top-box market and push video efforts. The networking giant will pay $43 per share in cash for Scientific-Atlanta ($5.3bn) and swallow $1.6bn in debt. With the buy, Cisco acquires one of the more dominant set-top-box makers. In addition, it pushes well beyond the data center to touch consumers where they live."

thursnick writes "eWeek is reporting that Cisco has finally issued a comprehensive fix for a critical IOS vulnerability that set off a firestorm of controversy at the Black Hat Briefings earlier this year. The patches come more than three months after former ISS researcher Michael Lynn quit his job to present the first-ever example of exploit shellcode in Cisco IOS (Internetwork Operating System), a presentation that landed him in legal hot water. Cisco's advisory effectively confirmed Lynn's summer warning that the flaw could be exploited by remote attackers to execute arbitrary commands or cause a denial-of-service on compromised routers."

FireFury03 writes "Cisco has an interesting article talking about estimates for the exhaustion of the IPv4 address space, and the inevitable move to IPv6. It predicts that the IPv4 address space will be exhausted in 2 - 10 years and suggests that it isn't worth trying to reclaim old allocations. With the mainstream use of IPv6 now potentially within the ROI period of many products the manufacturers need to start including support, but will the ISPs roll out native IPv6 networks before they absolutely have to? IMHO, ISPs providing native IPv6 support would be a Good Thing since it opens up the door for peer-to-peer technologies such as SIP without needing nasty NAT traversal hacks, but a major stumbling block seems to be a complete lack of IPv6 support on current consumer-grade DSL routers (tunneling over IPv4 is an option but requires more technical know-how from the end user)." Of course, Cisco may have some vested interest in driving up the IPv6-compatible router sales *cough*, but the bottom line is that the transition will have to happen at some point in the near future.

A reader writes: "While Cisco is still runs the world of routers, apparently they have ended up on the short end of the stick when it comes to WiFi. Aruba Wireless Networks announced today that Microsoft has selected them over Cisco and would be "integrating Windows wireless clients" software with the Aruba gear. This could impact everyone that uses wireless with Windows. Aruba's Access Points aren't your traditional AP since they offload most of the functionality to a back end controller thus making for very low cost APs. They have even released their AP boot code on Source Forge so that anyone with a controller can convert their APs to Aruba APs. It also should be noted that Cisco, after realizing their wireless equipment wasn't up to par, tried to buy the deal by first by first approaching Aruba and then after being rebuffed bought their competitor Airespace for $450M in desperation and still lost."

papaia asks: "As the network geek in my company, I have been tasked with defining a high-end, fully connected and extremely easy to use conference room, for our CEO, who is your classic non-computer-using person. The requirements are to accommodate 'local' (to the conference room) meetings, as well as interactive sessions with people in other locations, allowing him to discuss/debate various product solutions, on files being opened and available to him to pinpoint issues, without the knowledge of the underlying software used to create them (e.g. CAD drawings where he could make annotations, etc). Do any of you have recommendations for building the 'meeting room of the 21st century'?" "The solutions I have been looking into, so far, range from various types of whiteboards (Panasonic's interactive whiteboard, or SMART board one), to interactive displays, and software such as Netmeeting, or Cisco's meeting place.

I obviously need to combine any or all of the above with some capability of video (of course), thus I am looking into various webcams, and conferencing capabilities in some equipment - the latter is yet another challenge (VoIP or not?!?). I have also looked at meeting room suggestions, and I cannot really make up my mind."

sp3298622 writes "The CertMag Salary Survey is now available, seems like the Cisco CCIE's get the top salaries and the Apple Helpdesk portable technicians are left with peanuts. According to the survey, it's financially more lucrative to study Linux fundamentals and be LPIC Certified rather than MCSE."

antdude writes "A forum user at Broadbandreports.com found Peter Packet, Cisco's Security Game. Peter can dodge viruses, evade hackers, the whole nine yards. That is the real reason why the Internet is safe! There is a cool introduction, music, games, informative stuff (educational), etc. Quite amusing. You need Flash to view it."

MisterFuRR writes "Looks like Cisco is going to acquire Perfigo. Perfigo is a developer of packaged network access control solutions that provide endpoint policy analysis, compliance, and access enforcement capabilities. I can just see it now: Linksys routers with stickers that say 'Perfigo Ready.'"

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

MoreBeer writes "Patch 'em if you've got 'em... Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload states that a malformed OSPF packet can cause a router 'reload' (reboot). Vulnerable IOS versions include 12.0S, 12.2, and 12.3 ... If you're not screening OSPF at your perimeter and using OSPF Authentication, now would be a GREAT time to start."

MoreBeer writes "Patch 'em if you've got 'em... Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload states that a malformed OSPF packet can cause a router 'reload' (reboot). Vulnerable IOS versions include 12.0S, 12.2, and 12.3 ... If you're not screening OSPF at your perimeter and using OSPF Authentication, now would be a GREAT time to start."

The Cisco router launched into orbit in September onboard a satellite built by SSTL (and on a Russian rocket) has now been successfully tested in space, and there's a video describing this and putting routers in space. A neat twenty-year coincidence here: an early Surrey satellite has been operating for twenty years, and Cisco launched its fastest router on its twentieth birthday. What do the next twenty years hold for fast routers in space?

The Cisco router launched into orbit in September onboard a satellite built by SSTL (and on a Russian rocket) has now been successfully tested in space, and there's a video describing this and putting routers in space. A neat twenty-year coincidence here: an early Surrey satellite has been operating for twenty years, and Cisco launched its fastest router on its twentieth birthday. What do the next twenty years hold for fast routers in space?

An Ominous Coward asks: "The University of Florida student chapter of ACM hosts a yearly programming competition for students throughout the state of Florida. It is based on the ACM International Collegiate Programming Contest, and for the past ten years has been very successful, currently drawing a crowd in the hundreds. However, this year was the first we had a problem with wireless networks. We doubt that cheating was the intention, as no one had SSID broadcasting turned off (as far as we know). Wireless networking gear is quite inexpensive now. And while we don't believe it affected the contest this year, we would like to take precautions for future contests. Is there any way to disable all wireless networking in an area about the size of a large lecture hall?"

enodev writes "Cisco announces today it's new 'Carrier routing system' For a price tag starting at $450,000 it's able to route up to 92 Tbps. It also features IOS-XR and the first optical OC-768c/STM-256c optical Interface." update changed TBps to Tbps and suddenly things seemed less cool ;)

OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."

Cbs228 writes "A Cisco Security Advisory released yesterday admits that "A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled." Can we really trust closed-source vendors, such as Cisco, to develop secure products that are free of backdoors?"

neomage86 asks: "I recently had to set up a router for a small company, only five users at any given time, and the needed VPN capabilities are built in. So, instead of using a Cisco or other embedded router, I decided to just install Linux and IPTables on an old 200 MHz PII I had lying around. It's been working fine, and I'm thinking about doing something like this for a much larger network (3000+ users). Does anyone have suggestions on how much I will have to beef up the hardware to provide IP Masquerading for about 1000 users on a T3; provide network-layer filtering of the transmission; and route between 4-5 internal subnets?"

Michael Bennett Cohn writes "Cisco Press' CCNA Self-Study Certification Library by Wendell Odom consists of two books: the ICND guide and the INTRO guide, corresponding to tests 640-811 and 641-821, respectively. Passing each of those tests will make you a CCNA; so will passing combined exam 640-801. I passed exam 640-801 in one try, with no real networking experience and having taken no classes. The ICND and INTRO books comprised my primary training materials." To sort out a bit of that alphabet soup, CCNA stands for "Cisco Certified Network Associate" and ICND for "Interconnecting Cisco Networking Devices," though if you're in the market for this book you probably already knew that. Read on for the rest of Michael Bennett Cohn's review. Self-Study Certification Library author Wendell Odom pages 1232 (combined) publisher Cisco Press rating 6 reviewer Michael Bennett Cohn ISBN 1587200953 summary Useful but annoying; Decent study materials for Cisco tests 640-811 and 641-821.

Although it is possible to enroll in official ICND and INTRO courses created by Cisco, the books that make up this "library," apparently, are not the books used in those courses. Within the ICND book, Odom refers to "the ICND course, on which the exam is partly based," suggesting that what you have in your hands is a reverse-engineered study guide: a study guide for an exam that is based on a course that does not use said book. Odom occasionally presents tables that he claims come from the ICND course. Clearly, some parts of the course are not fair game for the study guide.

In other words, don't think that just because you are reading the official Cisco press CCNA study guides, you are dealing with a set of information that is as close as possible to the set of information from which the test was drawn.

Studying these books will prepare you for the CCNA in the same way that reading the Encyclopedia Britannica from A to Z will prepare you to identify the capital of Nairobi. It goes without saying that a CCNA candidate should not be studying just to pass a test, she should be studying to qualify herself for a job. But in this case, the difference between the material presented and the material actually making up the test is excessive.

Odom goes to a lot of effort to make the reader feel like he is being spoken to by a friend. "Fun, isn't it?" he writes, after presenting an illustration of function groups and access points that I had to re-draw for myself several times in order to understand. Later, he describes Inverse ARP as "another case of learning by listening, a great lesson for real life!" Gee, thanks. The subtle condescension in the non-humorous asides, the gleeful overuse of exclamation points, and the fable in which Pebbles Flintstone invents networking is compounded by the persistent contextual encapsulation of every single topic in the book. Odom tells you what he's going to tell you, then he tells you, then he tells you what he's told you, much more than necessary.

A better way to put the flustered reader at ease might have been to proofread the books. The ICND guide, especially, is so full of typos that it is often embarrassing to read. In some cases, these are nothing more than obvious misspellings that can be passed over without much more than a little annoyance (e.g. ICND p. 472, "status enquiry messages"). In other cases, the meaning of the sentence is muddled. Worse, the configuration examples have obviously not been proofread either, resulting in, for example, the prompt "R1(config)#" when the appropriate prompt is "R1(config-if)." The difference may seem trivial, but understanding its significance is the kind of stuff the CCNA is all about.

Each book comes with a CD containing a practice test engine and a router simulator (both from Boson). The mistakes in the ICND book pale in comparison to those in the CD test engines. In fact, an argument could be made that studying with those practice tests will hinder more than help the CCNA candidate who has not read the books thoroughly enough to recognize the mistakes. Many multiple-choice questions count correct answers wrong and vice versa (and some of these are taken directly from the books, which usually give the correct answer). A configuration entered into the CLI on a simulator question will be graded as wrong, and the user will then be presented with an identical configuration as an example of the correct way to solve the problem.

None of these problems change the fact that these books will, if used correctly, absolutely help you pass the CCNA. But do it this way: Read the INTRO book. Take the exam right away. If you don't pass, flip through the ICND book and find the areas that you actually need to work on. You'll save months of study time that could be better spent working on your CCNP.

I give the library as a whole 3 out of 5 stars.

You can purchase the CCNA Certification Library from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Gnea writes submits this article "about the current state of IPv6, the Next Generation of Internet Protocol version 6, mostly according to Cisco. It's also an interesting roadmap about where and how IPv6 will proliferate around the world.. Apparently China has a grasp already with Korea and Japan, who leads the "Five key Chinese carriers, including China Telecom, China Unicom, China Netcom/CSTNET, China Mobile, China RailCom and CERNET (China Education and Research Network), are slated to join CNGI, building their own national IPv6 backbone independently, while interconnecting with at least two IPv6 IX." while Verio appears to have already tuned into some turnkey solutions recently that are publicly available." And SgtChaireBourne writes "ZDNet is reporting that the EU and South Korea will collaborate to develop IPv6 applications and services. The agreement was finalized at the Global IPv6 Service Launch Event in Belgium last week. There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few."

Gnea writes submits this article "about the current state of IPv6, the Next Generation of Internet Protocol version 6, mostly according to Cisco. It's also an interesting roadmap about where and how IPv6 will proliferate around the world.. Apparently China has a grasp already with Korea and Japan, who leads the "Five key Chinese carriers, including China Telecom, China Unicom, China Netcom/CSTNET, China Mobile, China RailCom and CERNET (China Education and Research Network), are slated to join CNGI, building their own national IPv6 backbone independently, while interconnecting with at least two IPv6 IX." while Verio appears to have already tuned into some turnkey solutions recently that are publicly available." And SgtChaireBourne writes "ZDNet is reporting that the EU and South Korea will collaborate to develop IPv6 applications and services. The agreement was finalized at the Global IPv6 Service Launch Event in Belgium last week. There are good reasons to move to IPv6, including security, multicasting, simplified header structures, and better routing to name a few."

guess-for-success asks: "In Lester Thurow's latest book, published by HarperBusiness Books (Fall 2003), Fortune Favors the Bold: What We Must Do to Build a New and Lasting Global Prosperity, there is a chapter which discusses the beginning of new industries. During this time, several business models are introduced and only a few will survive. Looking at the PC industry, Commodore was the industry leader in the 1980's, but ultimately failed and went bankrupt in 1994. Successful business models such as Dell were not introduced until years after the industry began. I now ask the Slashdot community: which internet business models they believe are going to succeed? Which companies will rise to the top? Will they be infrastructure related companies such as Cisco and even FedEx, or will they be true dot.com's such as eBay or Amazon?"

"You can find out more about Lester Thurow here. He is a professor of economics and management at the Massachusetts Institute of Technology and has been the Dean of the Sloan School of Business at MIT. He has three New York Times best selling books to his credit and consults widely around the globe."

iiioxx writes "Cisco Systems announced on December 15, 2003 that new security holes have been found in the PIX firewall IOS. The vulnerabilities are in SNMP and VPNC functionality, and both allow for DOS attacks against an affected firewall. Vulnerable IOS versions are 6.3.1, 6.2.2 and earlier, 6.1.4 and earlier. 5.x.x and earlier. There are a couple of workarounds for the SNMP vulnerability, but the only way to correct the VPNC problem is to upgrade the IOS."

iiioxx writes "Cisco Systems announced on December 15, 2003 that new security holes have been found in the PIX firewall IOS. The vulnerabilities are in SNMP and VPNC functionality, and both allow for DOS attacks against an affected firewall. Vulnerable IOS versions are 6.3.1, 6.2.2 and earlier, 6.1.4 and earlier. 5.x.x and earlier. There are a couple of workarounds for the SNMP vulnerability, but the only way to correct the VPNC problem is to upgrade the IOS."

iiioxx writes "Cisco Systems announced on December 15, 2003 that new security holes have been found in the PIX firewall IOS. The vulnerabilities are in SNMP and VPNC functionality, and both allow for DOS attacks against an affected firewall. Vulnerable IOS versions are 6.3.1, 6.2.2 and earlier, 6.1.4 and earlier. 5.x.x and earlier. There are a couple of workarounds for the SNMP vulnerability, but the only way to correct the VPNC problem is to upgrade the IOS."

An anonymous reader writes "There is a nice presentation on the L.A.S. Linux site entitled "Managing Data Center Functions with Open Source Tools" which was presented at Comdex 2003. It covers everything from IPtables to OpenNMS. As well as covering some less known but nice tools like NeDi, which lets you easily manage Cisco routers and swiches from a web browser."

geoff313 writes " For all of you who might be worried about what financial consequences Linus Torvalds might have to endure as a result of being subpoenaed by SCO, fear not: the Open Source Development Lab (OSDL) will pay for its law firm to represent him. the OSDL, who are Torvalds' employer, will announce on Friday that the "OSDL has agreed to fund legal representation for Torvalds and any other employees of the lab who may become involved in the litigation." Just in case you didn't you didn't know, the OSDL is funded by a variety of corporations including (but not limitied to) IBM, Hewlett-Packard, Dell, Sun Microsystems, Red Hat, Cisco, Computer Associates, Fujitsu, Hitachi, and Nokia. "

Barkmullz asks: "Working closesly with a public safety department in my town, we have been thinking of implementing a mobile wireless network. This would, theoretically, allow public safety officers to send and received data (such as CAD) while in a moving or stationary vehicle. One of the requirements is to be able to move across multiple wireless networks. There are several vendors that offer such technology, like the Cisco 3200 Mobile Access Router. Even though we have a fairly good idea of what needs to be done, we are experiencing difficulty in finding good examples of other implementations of this kind. Sure, there is Seal Beach, Buffalo Grove, Lufthansa and others, but they are more sales-pitches than in-depth white papers. Security is, naturally, of great concern to us. However, due to funding constraints we are planning to use the publicly available 802.11x for the most part, use EAP or Cisco's LEAP and a RADIUS server for authentication, along with TKIP for encryption (aka WPA). Has anyone dealt with a wireless network of this type? If so what were some of your challenges and what are your recommendations for implementation?"

Barkmullz asks: "Working closesly with a public safety department in my town, we have been thinking of implementing a mobile wireless network. This would, theoretically, allow public safety officers to send and received data (such as CAD) while in a moving or stationary vehicle. One of the requirements is to be able to move across multiple wireless networks. There are several vendors that offer such technology, like the Cisco 3200 Mobile Access Router. Even though we have a fairly good idea of what needs to be done, we are experiencing difficulty in finding good examples of other implementations of this kind. Sure, there is Seal Beach, Buffalo Grove, Lufthansa and others, but they are more sales-pitches than in-depth white papers. Security is, naturally, of great concern to us. However, due to funding constraints we are planning to use the publicly available 802.11x for the most part, use EAP or Cisco's LEAP and a RADIUS server for authentication, along with TKIP for encryption (aka WPA). Has anyone dealt with a wireless network of this type? If so what were some of your challenges and what are your recommendations for implementation?"

Barkmullz asks: "Working closesly with a public safety department in my town, we have been thinking of implementing a mobile wireless network. This would, theoretically, allow public safety officers to send and received data (such as CAD) while in a moving or stationary vehicle. One of the requirements is to be able to move across multiple wireless networks. There are several vendors that offer such technology, like the Cisco 3200 Mobile Access Router. Even though we have a fairly good idea of what needs to be done, we are experiencing difficulty in finding good examples of other implementations of this kind. Sure, there is Seal Beach, Buffalo Grove, Lufthansa and others, but they are more sales-pitches than in-depth white papers. Security is, naturally, of great concern to us. However, due to funding constraints we are planning to use the publicly available 802.11x for the most part, use EAP or Cisco's LEAP and a RADIUS server for authentication, along with TKIP for encryption (aka WPA). Has anyone dealt with a wireless network of this type? If so what were some of your challenges and what are your recommendations for implementation?"

Barkmullz asks: "Working closesly with a public safety department in my town, we have been thinking of implementing a mobile wireless network. This would, theoretically, allow public safety officers to send and received data (such as CAD) while in a moving or stationary vehicle. One of the requirements is to be able to move across multiple wireless networks. There are several vendors that offer such technology, like the Cisco 3200 Mobile Access Router. Even though we have a fairly good idea of what needs to be done, we are experiencing difficulty in finding good examples of other implementations of this kind. Sure, there is Seal Beach, Buffalo Grove, Lufthansa and others, but they are more sales-pitches than in-depth white papers. Security is, naturally, of great concern to us. However, due to funding constraints we are planning to use the publicly available 802.11x for the most part, use EAP or Cisco's LEAP and a RADIUS server for authentication, along with TKIP for encryption (aka WPA). Has anyone dealt with a wireless network of this type? If so what were some of your challenges and what are your recommendations for implementation?"

Barkmullz asks: "Working closesly with a public safety department in my town, we have been thinking of implementing a mobile wireless network. This would, theoretically, allow public safety officers to send and received data (such as CAD) while in a moving or stationary vehicle. One of the requirements is to be able to move across multiple wireless networks. There are several vendors that offer such technology, like the Cisco 3200 Mobile Access Router. Even though we have a fairly good idea of what needs to be done, we are experiencing difficulty in finding good examples of other implementations of this kind. Sure, there is Seal Beach, Buffalo Grove, Lufthansa and others, but they are more sales-pitches than in-depth white papers. Security is, naturally, of great concern to us. However, due to funding constraints we are planning to use the publicly available 802.11x for the most part, use EAP or Cisco's LEAP and a RADIUS server for authentication, along with TKIP for encryption (aka WPA). Has anyone dealt with a wireless network of this type? If so what were some of your challenges and what are your recommendations for implementation?"

RanmaPlex asks: "I've been asked by a university professor to design a network security lab for use by about 15 students. Designing a course was asked earlier, but little info was discussed on equipment. It needs to be vendor independent if possible. I've got ideas on using virtual machines, patches, IDS, firewalls/vpn and sniffers but would like to know what the Slashdot community can come up with."

Slashback tonight brings you more on the recent cracking of GSM encryption,the odds of file sharers escaping industry scrutiny in Canada, the recently found (and stomped) OpenSSH bug, installation-time ads in Mandrake, and more. Read on below for the details.

Art of the Saber Jagaast writes "As a counterpoint to all the hype about the Star Wars kid, here's a Star Wars fan film that's actually very well done. Art of the Saber is 'a light saber fight sequence with the flavor of a Hong Kong martial arts action movie.' Well worth watching." Update by J : I've made torrents available.

Vote early, often, and reversably. An anonymous reader writes "As a follow up to a previous story here on Slashdot on electronic voting, Excite has a story on the same subject with a bit more information including this amazing quote from Deborah Seiler, Diebold's West Coast sales representative: '"These activists don't understand what they're looking at," Seiler said.'"

GSM-crack paper online morcheeba writes "Copies of the GSM-crack paper described in last week's Slashdot article are now available online (PDF) thanks to John Young's Cryptome"

Mandrake ads...take 2 *no comment* writes "Apparently there has been some controversy over the ads in the upcoming Mandrake 9.2. I thought it was pretty cut & dried, but apparently Mandrake thought it was enough of a controversy to to release a written statement about it. I wonder how many flames were posted in the slashdot forum using the download version of Opera."

Blaster Worm still alive and well on MIT campus fwc writes "MIT still has 900 network drops disabled due to the Blaster worm infection. Of particular interest is that MIT network security requires users to reformat their hard drive and re-install their operating system before they get back on the network. Sounds like a good excuse to reinstall something other than a Microsoft operating system."

A big AWOOOGAH for Canadian file sharers. Rumor writes in response to a recent story suggesting that Canadian users could swap files scot-free: "Listen, Canadians, don't go using your p2p apps and thinking you are immune from lawsuit, you are liable for copyright infringement if you share files on p2p apps.

To wit: a fellow law student and I have written an analysis of s. 80 of the Copyright Act and we've concluded that one can download music safely under the Private Copying provision, but no one can share or upload files without infringing on copyright.

In a nutshell, Private Copying allows anyone to make a copy of a song purely for their own use. As you probably know, when you share files and someone downloads from you, what actually happens is that their computer makes a request and your computer actually sends the file to them. Thus, you're copying for someone else's use and infringing. It doesn't matter if you didn't realize that's what happens, either... intent is not required for infringement.

The upside is that you can accept copies from other people (ie. download) all you want. Although there might be an issue of contributory infringement to worry about... I won't go into analyzing that, since so far the record companies are only suing uploaders.

The article can be found on greplaw.

I've recently confirmed this analysis with an IP law professor at my university, so I'm pretty damn sure of it. So, please, be aware of this danger. Downloading cool, uploading/sharing not. I guess the situation still better than nothing."

Why not ask for your money back? zaaj writes "There are several articles out about a newly found/fixed(openssh.org) buffer management bug in OpenSSH and some derivatives. Cisco's Advisory only mentions DoS attacks against certain of their SSH-enabled devices, but ZDNet's article hints at rumors of long-existing root exploits. Regardless, RedHat's got their typical list of updated packages with the patch back-ported. A few other distro's have info in the vendor section of Cert's advisory CA-2003-24"

Bingo Foo asks: "My company is in the process of reviewing replacements to our existing multi-platform VPN, which has now been discontinued. I was under the impression that every major vendor's OS ships with a VPN configuration solution. What gives? Are these not standard enough? Are they not secure enough? not flexible enough? Regardless, our IT department is leaning toward a clientless, web-based solution, which frankly sounds too good to be true. Can simply directing your browser at the portal allow X11, NFS, SMB, AFP, ssh, etc. transparently through the firewall? Anyone have experience with Neoteris and their VPN?"

darrelld2 asks: "I'm having problems finding a low cost access point that is reliable. I started searching the web; however, I can't find anyone who has done independent research on access points to find which one is the most dependable. I have had several different brands; Cisco, 3Com, and Netgear. The only one that has lasted more than 6 months was the Cisco. What are other Slashdot users seeing?" Just as an added datapoint, I've been using my Cabletron Wireless AP for well over 2 years, and aside with a (repairable) problem with the power supply, it is still going strong. What have your experiences been with wireless APs?

Joff_NZ writes "CERT has released an advisory regarding a serious flaw in all Cisco routers and switches which run IOS and process IPv4 packets (i.e. pretty much everything), which causes the device to stop processing inbound packets, and so: 'The device must be rebooted to clear the input queue on the interface, and will not reload without user intervention.' There are apparently no known exploits (yet), and Cisco have this advisory with a workaround and available fixes."

Blaine Hilton writes "Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks." Read on for his overview of the book. Stealing the Network: How to Own the Box author Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig pages 328 publisher Syngress rating 8 reviewer Blaine Hilton ISBN 1931836876 summary An interesting fictionalized approach to hacking and other aspects of information security.

I'm leery of books that are written by multiple authors because the writing style always seems to keep me off beat from jumping around, however in this book it works out well since the book is organized as a series of short stories. Each story describes somebody involved in information security -- either somebody trying to access a system, or a person trying to keep the bad guys out.

If you are looking for a step-by-step guide to locking down your computer and network, this is not the book for you. Instead, this book is more to help people who already have at least a basic understanding of information security to see from another perspective. Stealing the Network looks at other reasons why people can break in: everything from being told to go to industry conferences to not collecting access cards when an employee leaves the company. What this book left deepest in my mind is to trust nothing, and assume even less.

After the ten short stories of how hacking is really done, there is a nicely done appendix along with Ryan Russel's "Laws of Security," which finishes this fictionalized book in a very non-fictional way. The laws cover most of the problems with current IT infrastructure, but do not go in-depth with what I believe is the biggest security hole, the user. Many of the stories touch on this fact but that's about the extent of it. I believe this may be because there are not any easy solutions to human behavior. This book says it best with "people are lazy."

At 328 pages (in pretty large text), this is a great easy read, though the book would be better with a lower price tag. However if you work with or around computers and the Internet, this book is very enlightening, if not completely informative.

Table of Contents

• Acknowledgements
• Contributors
• Forward
• Chapters:
  1. Hide and Sneak
  2. The Worm Turns
  3. Just Another Day at the Office
  4. h3X's Adventures in Networkland
  5. The Thief No One Saw
  6. Flying the Friendly Skies
  7. dis-card
  8. Social (In)Security
  9. BabelNet
  10. The Art of Tracking
• Appendix - The Laws of Security

Most of the book's authors have websites you can hit for more information; follow these links to find more from Ryan Russell, Tim Mullen (Thor), FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky and Mark Burnett, as well as Jeff Moss (who wrote the forward).

You can purchase Stealing the Network from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

TheMatt writes "An article at the IHT describes an effort to make Paris one big Wi-Fi hotspot. The project, with partners like RATP and Cisco, if approved, will place two or three antennae outside each of the 372 Metro stations in Paris and link them through an existing fiber network that runs through the subway tunnels. The current pilot project is centered along the route of Bus No. 38. You can sign up for access to the pilot which is free until June 30."