Slashdot Mirror

William P. Barr, President Trump's pick to become the nation's next Attorney General, is a former chief lawyer for Verizon who has opposed net neutrality rules for more than a decade. "Barr, who served as attorney general under former President George H.W. Bush from 1991-93, warned in 2006 that 'network neutrality regulations would discourage construction of high-speed internet lines that telephone and cable giants are spending tens of billions of dollars to deploy,'" reports Fast Company. From the report: Barr's appointment would be welcome news for at least three major internet service providers and a trade organization -- including Verizon, AT&T, Comcast, and the National Cable & Telecommunications Association -- that have spent more than $600 million lobbying on Capitol Hill since 2008, according to a MapLight analysis. Their lobbying on a key issue was rewarded last December, when the Federal Communications Commission, led by another former Verizon lawyer-turned-Trump appointee, overruled popular opinion by voting to scrap rules that banned internet companies from giving preferential treatment to particular websites or charging consumers more for different types of content.

Barr's previous employment with Verizon foreshadows credibility problems similar to those faced by FCC Chairman Ajit Pai, also a former Verizon lawyer. Barr, however, is likely to face even more scrutiny stemming from his role as a member of WarnerMedia's board of directors. The entertainment conglomerate, which includes HBO, Turner Broadcasting, and Warner Bros. Entertainment Group, was created in the aftermath of AT&T's 2016 purchase of Time Warner Inc. [...] Barr has argued that net neutrality rules will discourage internet service providers from investing in high-end delivery systems, such as fiber-optic networks. "Companies are going to make these kinds of investments only if they see an opportunity to earn a return that is commensurate with the risk, and only if they have the freedom to innovate, differentiate, and make commercially sensible decisions that they need to compete and win in the market," he said at a 2006 Federalist Society convention. Barr also claimed that 81 percent of the nation's roughly 40,000 zip codes have three or more choices of broadband providers. A PC Magazine study last year found that to be untrue, with only 30 percent of 20,000 zip codes having three or more broadband options.

Household bandwidth consumption is soaring thanks to video streaming, new data suggests, and American consumers are about to run face-first into broadband usage limits and overage fees that critics say are unnecessary and anti-competitive. Motherboard reports: Cisco's 2018 Visual Networking Index (VNI) -- an annual study that tracks overall internet bandwidth consumption to identify future trends -- predicts that global IP traffic is expected to reach 396 exabytes per month by 2022. Cisco's report claims that's more traffic than has crossed global networks throughout the entire history of the internet thus far. The majority of this data growth is video; Cisco found that 75 percent of global internet traffic was video last year, up from 63 percent just two years earlier. Cisco says this number could climb to 82 percent in 2022, with 22 percent of overall video consumption coming from bandwidth-intensive 4K streaming. The problem: As monthly household bandwidth consumption soars courtesy of 4K Netflix streaming and other new services, many broadband users are likely to run into usage caps and overage fees that jack up their monthly rates. The report mentions Comcast imposes a terabyte usage cap on all of its service areas except the Northeast, but users can pay an additional $50 per month to avoid such limits.

An anonymous reader quotes a report from ZDNet: Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account. This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products. Five of the seven backdoor accounts were discovered by Cisco's internal testers, with only CVE-2018-0329 and this month's CVE-2018-15439 being found by external security researchers. The company has been intentionally and regularly combing the source code of all of its software since December 2015, when it started a massive internal audit. Cisco started that process after security researchers found what looked to be an intentional backdoor in the source code of ScreenOS, the operating system of Juniper, one of Cisco's rivals.

Juniper suffered a massive reputational damage following the 2015 revelation, and this may secretly be the reason why Cisco has avoided using the term "backdoor account" all year for the seven "backdoor account" issues. Instead, Cisco opted for more complex wordings such as "undocumented, static user credentials for the default administrative account," or "the affected software enables a privileged user account without notifying administrators of the system." It is true that using such phrasings might make Cisco look disingenuous, but let's not forget that Cisco has been ferreting these backdoor accounts mainly on its own, and has been trying to fix them without scaring customers or impacting its own stock price along the way.

An anonymous reader quotes a report from ZDNet: Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account. This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products. Five of the seven backdoor accounts were discovered by Cisco's internal testers, with only CVE-2018-0329 and this month's CVE-2018-15439 being found by external security researchers. The company has been intentionally and regularly combing the source code of all of its software since December 2015, when it started a massive internal audit. Cisco started that process after security researchers found what looked to be an intentional backdoor in the source code of ScreenOS, the operating system of Juniper, one of Cisco's rivals.

Juniper suffered a massive reputational damage following the 2015 revelation, and this may secretly be the reason why Cisco has avoided using the term "backdoor account" all year for the seven "backdoor account" issues. Instead, Cisco opted for more complex wordings such as "undocumented, static user credentials for the default administrative account," or "the affected software enables a privileged user account without notifying administrators of the system." It is true that using such phrasings might make Cisco look disingenuous, but let's not forget that Cisco has been ferreting these backdoor accounts mainly on its own, and has been trying to fix them without scaring customers or impacting its own stock price along the way.

"Vulnerability due to always-on SSH Tunnel -- RESOLVED" reads a Cisco service update. An anonymous reader writes: Described by a recent security blog post, Cisco hid a SSH backdoor in its Cisco Umbrella product, which they were using for support. Affected organizations can install version 2.1.0 of their virtual appliance which has the backdoor removed.
Cisco has described Umbrella as "the first Secure Internet Gateway in the cloud," though the now-closed tunnel "auto-initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters." Cisco adds that it "did not require explicit customer approval before establishment." Access to the terminating server required valid keys and was provided only to privileged support personnel within the Cisco Umbrella network space. Customers could prevent this tunnel from getting established by blocking the relevant firewall ports. However, in the case of customers who allowed establishment of the tunnel, an attacker who obtained access to the internal Cisco terminating server could use the SSH tunnel as a backdoor to obtain full control of the VA device at the customer's premises...

It is our policy that any undocumented methods of entry into your network devices be considered a vulnerability due to the potential risk of an attacker leveraging this tunnel to gain access to your network. While Cisco has NO indications that our remote support SSH hubs have ever been compromised, Cisco has made significant changes to the behavior of the remote support tunnel capability to further secure the feature...

To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established... . For additional security, customer is required to provide tunnel configuration parameters out-of-band to the Cisco support personnel before tunnel establishment.

An anonymous reader quotes The Hill: Oracle voiced support on Friday for FCC Chairman Ajit Pai's controversial plan to roll back the agency's net neutrality rules. In a letter addressed to the FCC, the company played up its "perspective as a Silicon Valley technology company," hammering the debate over the rules as a "highly political hyperbolic battle," that is "removed from technical, economic, and consumer reality"... Oracle wrote in their letter [PDF] that they believe Pai's plan to remove broadband providers from the FCC's regulatory jurisdiction "will eliminate unnecessary burdens on, and competitive imbalances for, ISPs [internet service providers] while enhancing the consumer experience and driving investment"... Other companies in support of Pai's plan, like AT&T and Verizon, have made the argument that the rules stifled investment in the telecommunications sector, specifically in broadband infrastructure.
Cisco has also argued that strict net neutrality laws on ISPs "restrict their ability to use innovative network management technology, provide appropriate levels of quality of service, and deliver new features and services to meet evolving consumer needs. Cisco believes that allowing the development of differentiated broadband products, with different service and content offerings, will enhance the broadband market for consumers."

Orome1 quotes a report from Help Net Security: Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers' home network and devices. The vulnerability (CVE-2017-3791), found internally by Cisco security testers, affects the platform's web-based GUI, and can be exploited by remote attackers to bypass authentication and execute any action in Cisco Prime Home with administrator privileges. No user interaction is needed for the exploit to work, and exploitation couldn't be simpler: an attacker just needs to send API commands via HTTP to a particular URL. The bug exists in versions 6.4 and later of Cisco Prime Home, but does not affect versions 5.2 and earlier. "Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text," Cisco instructed in the security advisory.

Orome1 quotes a report from Help Net Security: Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers' home network and devices. The vulnerability (CVE-2017-3791), found internally by Cisco security testers, affects the platform's web-based GUI, and can be exploited by remote attackers to bypass authentication and execute any action in Cisco Prime Home with administrator privileges. No user interaction is needed for the exploit to work, and exploitation couldn't be simpler: an attacker just needs to send API commands via HTTP to a particular URL. The bug exists in versions 6.4 and later of Cisco Prime Home, but does not affect versions 5.2 and earlier. "Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text," Cisco instructed in the security advisory.

An anonymous reader quotes a report from TorrentFreak: Pirate services obtain content by capturing and restreaming feeds obtained from official sources, often from something as humble as a regular subscriber account. These streams can then be redistributed by thousands of other sites and services, many of which are easily found using a simple search. Dedicated anti-piracy companies track down these streams and send takedown notices to the hosts carrying them. Sometimes this means that streams go down quickly but in other cases hosts can take a while to respond or may not comply at all. Networking company Cisco thinks it has found a solution to these problems. The company's claims center around its Streaming Piracy Prevention (SPP) platform, a system that aims to take down illicit streams in real-time. Perhaps most interestingly, Cisco says SPP functions without needing to send takedown notices to companies hosting illicit streams. "Traditional takedown mechanisms such as sending legal notices (commonly referred to as 'DMCA notices') are ineffective where pirate services have put in place infrastructure capable of delivering video at tens and even hundreds of gigabits per second, as in essence there is nobody to send a notice to," the company explains. "Escalation to infrastructure providers works to an extent, but the process is often slow as the pirate services will likely provide the largest revenue source for many of the platform providers in question." To overcome these problems Cisco says it has partnered with Friend MTS (FMTS), a UK-based company specializing in content-protection. Among its services, FMTS offers Distribution iD, which allows content providers to pinpoint which of their downstream distributors' platforms are a current source of content leaks. "Robust and unique watermarks are embedded into each distributor feed for identification. The code is invisible to the viewer but can be recovered by our specialist detector software," FMTS explains. "Once infringing content has been located, the service automatically extracts the watermark for accurate distributor identification." According to Cisco, FMTS feeds the SPP service with pirate video streams it finds online. These are tracked back to the source of the leak (such as a particular distributor or specific pay TV subscriber account) which can then be shut-down in real time.

Network World's news editor contacted Slashdot with this report: A Cisco bug report addressing "partial data traffic loss" on the company's ASR 9000 Series routers contended that a "possible trigger is cosmic radiation causing SEU [single-event upset] soft errors." Not everyone is buying: "It IS possible for bits to be flipped in memory by stray background radiation. However it's mostly impossible to detect the reason as to WHERE or WHEN this happens," writes a Redditor identifying himself as a former [technical assistance center] engineer...
"While we can't speak to this particular case," Cisco wrote in a follow-up, "Cisco has conducted extensive research, dating back to 2001, on the effects cosmic radiation can have on our service provider networking hardware, system architectures and software designs. Despite being rare, as electronics operate at faster speeds and the density of silicon chips increases, it becomes more likely that a stray bit of energy could cause problems that affect the performance of a router or switch."

Friday a commenter claiming to be Xander Thuijs, Cisco's principal engineer on the ASR 9000 router, posted below the article, "apologies for the detail provided and the 'concept' of cosmic radiation. This is not the type of explanation I would like to see presented to the respected users of our products. We have made some updates to the DDTS [defect-tracking report] in question with a more substantial data and explanation. The issue is something that we can likely address with an FPD update on the 2x100 or 1x100G Typhoon-based linecard."

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.

An anonymous reader writes: As internet users continue to consume more videos than ever before, Facebook has decided to further add to the trend and officially launch video comments. Users are watching so many videos that the Cisco Visual Networking Index forecasts internet video traffic will represent 82% of all consumer internet traffic by 2020. Facebook said via a blog post that the new feature was developed at Facebook's 50th Hackathon. The team that built the feature included: Bob Baldwin who lead the initiative with Hermes Pique and Sameer Madan working on iOS, Muhammed Ibrahim worked on the web, and Billy Ng worked on Android. Baldwin's past projects consisted of features that let Facebook users include photos or stickers in the comments. The new video comments feature may help Facebook catch up to Snapchat in terms of daily videos viewed on the social media platform.

mask.of.sanity quotes a report from The Register: Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-Zip compression tool to stop attackers gaining full control of customer machines. Marcin Noga, Cisco security researcher, found and reported the holes to the platform, which could allow attackers to compromise updated machines, giving attackers the same access rights as logged-in users. FireEye and MalwareBytes are two of many products that use 7-Zip. "An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format files ... [which] can be triggered by any entry that contains a malformed Long Allocation Descriptor," Colleague of The Register Jaeson Schultz said. The flaws were fixed in 7-Zip 16.00, which was released Tuesday.

itwbennett writes: Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers, and said in an advisory that customers should contact their service providers to ensure they have the patches. The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication. And the Web-based administration interfaces of the Cisco DPC3941 Wireless Residential Gateway with Digital Voice and Cisco DPC3939B Wireless Residential Voice Gateway are affected by a vulnerability that could lead to information disclosure. In addition, the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA is affected by a separate vulnerability, also triggered by malicious HTTP requests, that could lead to a denial-of-service condition.

itwbennett writes: Cisco Systems has released critical software updates for its Nexus 3000 and 3500 switches to remove a default administrative account with static credentials that could allow remote attackers access to a bash shell with root privileges, meaning that they can fully control the device. The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory. The affected devices are: Cisco Nexus 3000 Series switches running NX-OS 6.0(2)U6(1), 6.0(2)U6(2), 6.0(2)U6(3), 6.0(2)U6(4) and 6.0(2)U6(5) and Cisco Nexus 3500 Platform switches running NX-OS 6.0(2)A6(2), 6.0(2)A6(3), 6.0(2)A6(4), 6.0(2)A6(5) and 6.0(2)A7(1).

itwbennett writes: Cisco has published an advisory for a vulnerability with a CVSS (Common Vulnerability Scoring System) score of 10 that was discovered by researchers from Exodus Intelligence. According to the advisory, 'a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.' As CSO's Dave Lewis points out, 'the part of this that is most pressing is that Cisco claims that there are over a million of these deployed.'
And attackers have not been sitting on their thumbs.

itwbennett writes: Cisco Systems has released a new batch of security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

An anonymous reader writes: In the wake of the discovery of two backdoors on Juniper's NetScreen firewall devices, Cisco Systems has announced that they will be reviewing the software running on their devices, just in case. Anthony Grieco, a Senior Director of the Security and Trust Organization at Cisco, made sure to first point out that the popular networking equipment manufacturer has a "no backdoor" policy. According to Grieco, Although our normal practices should detect unauthorized software, we recognize that no process can eliminate all risk. Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience. The reviewers will be looking for backdoors, hardcoded or undocumented account credentials, covert communication channels and undocumented traffic diversions.

derekmead writes: A coalition of 260 cybersecurity experts is taking advantage of a Federal Communications Commission (FCC) public comment period to push for open source Wi-Fi router firmware.

The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."

An anonymous reader writes: Apple and Cisco announced a partnership aimed at helping Apple's devices work better for businesses. Cisco will provide services specially optimized for iOS devices across mobile, cloud, and on premises-based collaboration tools such as Cisco Spark, Cisco Telepresence and Cisco WebEx, the companies said in a statement. "What makes this new partnership unique is that our engineering teams are innovating together to build joint solutions that our sales teams and partners will take jointly to our customers," Cisco Chief Executive Chuck Robbins said in a blog post.

When Bruce Schneier says of a security problem "This is serious," it makes sense to pay attention to it. And that's how he refers to a recently disclosed Cisco vulnerability alert about "an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image." Schneier links to Ars Technica's short description of the attack, which notes The significance of the advisory isn't that the initial firmware can be replaced. As indicated, that's a standard feature not only with Cisco gear but just about any computing device. What's important is that attackers are somehow managing to obtain the administrative credentials required to make unauthorized changes that take control of the networking gear.

An anonymous reader writes: Video codec licensing has never been great, and it's gotten even more complicated and expensive in recent years. While H.264 had a single license pool and an upper bound on yearly licensing costs, successor H.265 has two pools (so far) and no limit. Cisco has decided that this precludes the use of H.265 in open source or other free-as-in-beer software, so they've struck out on their own to create a new, royalty-free codec called Thor. They've already open-sourced the code and invited contributions.

Cisco says, "The effort is being staffed by some of the world's most foremost codec experts, including the legendary Gisle Bjøntegaard and Arild Fuldseth, both of whom have been heavy contributors to prior video codecs. We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents."

New submitter unixisc writes: Over the last 2 years, June 6th had been observed as IPv6 day. The first time, IPv6 connections were turned on by participants just for a day, and last year, it was turned on for good. A year later, how successful is the global transition to IPv6? According to Cisco 6labs, adoption rates vary from 50% in Belgium to 6% in China, with the U.S. coming somewhere in the middle at 37%. A lot of issues around IPv6, such as the absence of NAT, have apparently been resolved (NAPT is now available and recognized by the IETF). So what are the remaining issues holding people up — be it ISPs, businesses, consumers or anybody else? When could we be near a year when we could turn off all IPv4 connectivity worldwide on an IPv6 only day and nobody would notice?

mpicpp sends word about particularly bad virus making the rounds, with this snippet from the BBC: "A computer virus that tries to avoid detection by making the machine it infects unusable has been found. If Rombertik's evasion techniques are triggered, it deletes key files on a computer, making it constantly restart. Analysts said Rombertik was 'unique' among malware samples for resisting capture so aggressively. On Windows machines where it goes unnoticed, the malware steals login data and other confidential information. Rombertik typically infected a vulnerable machine after a booby-trapped attachment on a phishing message had been opened, security researchers Ben Baker and Alex Chiu, from Cisco, said in a blogpost. Some of the messages Rombertik travels with pose as business inquiry letters from Microsoft. The malware 'indiscriminately' stole data entered by victims on any website, the researchers said. And it got even nastier when it spotted someone was trying to understand how it worked. 'Rombertik is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis,' the researchers said."

bledri writes: After 20 years as Cisco's CEO, John Chambers will step down this summer. The search for a replacement took a committee 16 months, and they selected Chuck Robbins, who was previously responsible for the company's global sales and partner team. From the article: "Wall Street analysts said a change was expected and could signal a refocusing of Cisco, which acquired dozens of companies under Chambers but has failed to make great headway outside its core networking business."

citpyrc writes: TeslaCrypt, the latest-and-greatest ransomware branch off of the CryptoWall family, claims to the unwitting user that his/her documents are encrypted with "a unique public key generated for this computer". This coudn't be farther from truth. In actuality, the developers of this malware appear to have been lazy and implemented encryption using symmetric AES256 with a decryption key generated on the user's machine. If any of your machines are afflicted, Talos has developed a tool that can be used to generate the user's machine's symmetric key and decrypt all of the ransomed files.

itwbennett writes: A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private. The privacy breach involves whois, a database that contains contact information for people who've bought domain names. For privacy reasons, people can elect to make information private, often by paying an extra fee. But Craig Williams, senior technical leader for Cisco's Talos research group, discovered that the privacy settings for domain names registered through the company eNom were being turned off right at the time when the domains were up for renewal, starting around mid-2013. Williams contacted Google, and in about six days the privacy settings had been restored. In a notice, Google blamed a "software defect." Cisco said in a blog post that some 282,867 domains were affected.

angry tapir writes: Attempts to exploit Silverlight soared massively in late 2014 according to research from Cisco. However, the use of Silverlight in absolute terms is still low compared to the use of Java and Flash as an attack vector, according to Cisco's 2015 Annual Security Report. The report's assessment of the 2014 threat landscape also notes that researchers observed Flash-based malware that interacted with JavaScript. The Flash/JS malware was split between two files to make it easier to evade anti-malware protection. (The full report is available online, but registration is required.)

msm1267 writes: If you need more evidence that ransomware is here to stay, and could turn into cybercriminals' weapon of choice, look no further than Cryptowall. Researchers at Cisco's Talos group have published an analysis of a Cryptowall 2.0 sample, peeling back many layers of known commodities around this threat, such as its use of the Tor anonymity network to disguise command-and-control communication. But perhaps more telling about the commitment around ransomware is the investment attackers made in its capabilities to detect execution in virtual environments, building in many stages of decryption present before the ransomware activates, and its ability to detect 32- and 64-bit architectures and executing different versions for each.

New submitter pla writes: Due to a new set of routes published yesterday, the internet has effectively undergone a schism. All routers with a TCAM allocation of 512k (or less), in particular Cisco Catalyst 6500 and 7600's, have started randomly forgetting portions of the internet. 'Cisco also warned its customers in May that this BGP problem was coming and that, in particular, a number of routers and networking products would be affected. There are workarounds, and, of course the equipment could have been replaced. But, in all too many cases this was not done. ... Unfortunately, we can expect more hiccups on the Internet as ISPs continue to deal with the BGP problem." Is it time to switch to all IPv6 yet?

New submitter pla writes: Due to a new set of routes published yesterday, the internet has effectively undergone a schism. All routers with a TCAM allocation of 512k (or less), in particular Cisco Catalyst 6500 and 7600's, have started randomly forgetting portions of the internet. 'Cisco also warned its customers in May that this BGP problem was coming and that, in particular, a number of routers and networking products would be affected. There are workarounds, and, of course the equipment could have been replaced. But, in all too many cases this was not done. ... Unfortunately, we can expect more hiccups on the Internet as ISPs continue to deal with the BGP problem." Is it time to switch to all IPv6 yet?

alphadogg writes "Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, according to Cisco Systems. All the affected servers were running the 2.6 version, first released in December 2003. 'When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied,' Cisco said. After the Web server has been compromised, the attackers slip in a line of JavaScript to other JavaScript files within the website. That code bounces the website's visitors to a second compromised host. 'The two-stage process allows attackers to serve up a variety of malicious content to the visitor,' according to Cisco."

alphadogg writes "Cisco today kicked off a contest with $300,000 in prize money that challenges security experts around the world to put together ways to secure what's now called the 'Internet of Things,' the wide range of non-traditional computing devices used on the electric grid, in healthcare and many other industries. A Cisco SVP concluded his keynote at this week's RSA Conference by announcing what he called the 'Internet of Things Security Grand Challenge.' Christopher Young said the idea is 'a contest of experts around the world to submit blueprints' for how security issues created by the Internet of Things could be addressed. It's expected that up to six winning entries would be selected and the prize money awarded at the Internet of Things Forum in the fall."

SD-Arcadia writes "Mozilla Blog: 'Cisco has announced today that they are going to release a gratis, high quality, open source H.264 implementation — along with gratis binary modules compiled from that source and hosted by Cisco for download. This move enables any open source project to incorporate Cisco's H.264 module without paying MEPG LA license fees. Of course, this is not a not a complete solution. In a perfect world, codecs, like other basic Internet technologies such as TCP/IP, HTTP, and HTML, would be fully open and free for anyone to modify, recompile, and redistribute without license agreements or fees. Mozilla is fully committed to working towards that better future. To that end, we are developing Daala, a fully open next generation codec. Daala is still under development, but our goal is to leapfrog H.265 and VP9, building a codec that will be both higher-quality and free of encumbrances.'"

wiredmikey writes "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."

Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."

Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."

Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."

Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."

First time accepted submitter jez9999 writes "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"

alphadogg writes "Cisco is slowly killing off its Cius business tablet less than a year after it started shipping. The Android-based collaboration tool, which featured a 7-inch touchscreen and was not intended to challenge more consumer-oriented tablets such as the Apple iPad, fell victim to the BYOD trend and cloud computing, Cisco said in a blog post. Cisco will instead 'double down' on software offerings like its Jabber and WebEx products for more popular tablets and smartphones supporting a variety of operating systems."

theodp writes "Citing the widespread practice of sharing passwords for expediency's sake, Cisco's Chief Security Officer proclaimed in 2007 that people 'need to be held accountable for their risk-taking,' noting that CEO John Chambers drives home the point that 'information security is everybody's responsibility' at Cisco. But instead of accepting responsibility after a Cisco employee provided his ID and password to ex-Cisco engineer Peter Alfred-Adekeye, the networking giant sic'ed the Feds on Adekeye, who was slapped with a five-count indictment by a Federal grand jury last week. Adekeye's crime, according to the Court filing, was using the login credentials the Cisco employee provided him with 'in excess of the specific use granted by the Cisco employee.' For his five downloads of different versions of Cisco IOS — four of which were launched within a 15-minute period in 2006 — the government is seeking a penalty of 5 years imprisonment for Adekeye, a $250K fine, and 3 years supervised release. It's the latest salvo fired in the war Cisco and US prosecutors have waged against Adekeye since he filed an antitrust suit against Cisco in December 2008."

theodp writes "Citing the widespread practice of sharing passwords for expediency's sake, Cisco's Chief Security Officer proclaimed in 2007 that people 'need to be held accountable for their risk-taking,' noting that CEO John Chambers drives home the point that 'information security is everybody's responsibility' at Cisco. But instead of accepting responsibility after a Cisco employee provided his ID and password to ex-Cisco engineer Peter Alfred-Adekeye, the networking giant sic'ed the Feds on Adekeye, who was slapped with a five-count indictment by a Federal grand jury last week. Adekeye's crime, according to the Court filing, was using the login credentials the Cisco employee provided him with 'in excess of the specific use granted by the Cisco employee.' For his five downloads of different versions of Cisco IOS — four of which were launched within a 15-minute period in 2006 — the government is seeking a penalty of 5 years imprisonment for Adekeye, a $250K fine, and 3 years supervised release. It's the latest salvo fired in the war Cisco and US prosecutors have waged against Adekeye since he filed an antitrust suit against Cisco in December 2008."

Mark.JUK writes "Networking giant Cisco has released its latest annual Visual Networking Index (VNI) today, which forecasts that world internet traffic will quadruple by 2015 to reach 965.5 ExaBytes per year (up from 242.4 ExaBytes in 2010); when 40% of the world's population will be online (i.e. 3bn Internet users). Internet video will account for 61% of all consumer traffic in the same year, while P2P (File Sharing) will decline significantly to just 16%."

mask.of.sanity writes "Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements."

brothke writes "Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related." Read below for the rest of Ben's review. Network Security Auditing author Chris Jackson pages 528 publisher Cisco Press rating 9/10 reviewer Ben Rothke ISBN 1587053527 summary Excellent highly technical and detailed reference At almost 450 pages, the book covers all of the key areas around network security that is of relevance to those working in information security. As a Cisco Press title, written by a Cisco technical solutions architect, the book naturally has a heavy Cisco slant to it. Nonetheless, it is still an excellence reference even for those not working in a Cisco environment. While the first 3 chapters of the book provide an overview that is great even for a security newbie, the overall style of the book is highly technical and comprehensive.

Chapters 1-3 provide an introduction to the principles of auditing, information security and the law, and governance, frameworks and standards. Each chapter is backed with a significant amount of information and the reader is presented with a thorough overview of the concepts.

Chapter 3 does a good job of providing the reader with the details of current frameworks and standards, including PCI DSS, ITIL, ISO 17799/27001 and others. Author Chris Jackson does a good job of explaining the differences between them and where they are best used. Given this is a Cisco-centric book, he also shows how the various Cisco security products can be integrated for such regulatory and standards support.

Throughout the book, the author makes excellent use of many auditing checklists for each area that can be used to quickly ascertain the level of security audit compliance.

Chapter 6 is perhaps the best chapter in the book on the topic of Policy, Compliance and Management, and the author provides an exceptionally good overview of the need for auditing security policies. This is a critical area as far too many organizations create an initial set of information security policies, but subsequently never take the time to go back and see if they are indeed effective and providing the necessary levels of data protection.

Jackson notes that accessing the effectiveness of a policy requires the auditor to look at the policy from the viewpoint of those who will interpreting its meaning. A well intentioned policy might recommend a particular course of action, but unless specific actions are required, there is little an organization can expect the policy to actually accomplish to help the organization protect its data assets if it is misinterpreted.

The chapter suggests that the auditor ask questions such as: is the policy implementable, enforceable, easy to understand, based on risk, in line with business objectives, cost effective, effectively communicated and more. If these criteria are not well-defined and delineated, then the policies will exist in text only, offering little information security protection to the organization.

Jackson also writes of the need to measure how well policies are implemented as part of a security assessment. He suggested using a maturity model as a way to gauge if the organization is in its evolution towards fully integrating security into its business process or if it already has a formal integration process in place.

In chapter 8 on Perimeter Intrusion Prevention, Jackson writes that protecting a network perimeter used to be a relatively easy task. All an organization would have to do is stick a firewall on its Internet connection, lock down the unused ports and monitor activity. But in most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and more; and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network.

Chapter 8 provides detailed framework on how to perform a perimeter design review and assessment. As part of the overall review, the chapter details other aspects of the assessment including the need for reviews of the logical and physical architectures, in addition to a review of the firewall. Jackson also lists a large number of security tools that can be used to during an audit.

Chapter 11 covers endpoint protection with a focus on the end-user. Jackson notes that users never cease to amaze with their abilities to disappoint by opening suspicious file attachments, running untrusted Facebook applications, and much more. The book notes that organizations today face significantly higher levels of risk from endpoint security breaches than ever before due to our highly mobile and connected workforce.

The chapter details an endpoint protection operational control review that can be used to assess the organizations processes for identifying threats and performing proactive management of endpoint devices. While the chapter is quite Cisco-centric, with references to the Cisco SIO (Security Intelligence Operations) and a number of other Cisco products, the chapter does provide a good overview of the fundamentals of endpoint protection and how to do it the right way.

Overall, Network Security Auditing is highly technical and detailed reference that makes for an excellent primary reference on the fundamental of information security. With ample amounts of checklist, coding references, detailed diagrams and just the right amount of screen shots, it makes an excellent guide that any member of an IT or security group should find quite informative.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Network Security Auditing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

schliz writes "So-called 'serious games' are gaining traction in military, business, education, and medical applications as Gen X and Y come into power, iTnews reports. While game developers acknowledge the risk of trivializing real-world issues (as in the Six Days in Fallujah controversy), intelligently designed 'serious games' could allow complex situations to be presented in a simple way. Cisco, for example, has an amusing online games arcade that prepares networking professionals for a variety of certifications."

theodp writes "Barack Obama apparently didn't return CmdrTaco's call. BusinessWeek reports that the choices for the first US CTO have narrowed, and it's now a two-horse race between Padmasree Warrior, Cisco's CTO, and Vivek Kundra, who holds the same title for the Government of the District of Columbia. Two very different resumes — which would you advise Obama to pick?" I just know I was #3 on the list.