Articles about Endpoints

NSA

Cisco plugs another 'Shadow Brokers' hole

Cisco's post-Shadow Brokers security review has uncovered an IKEv1 vulnerability that can leak memory contents of its (deprecated) PIX firewalls and various IOS environments. Don't delay the patch, because the investigation found the bug was exploited in “some Cisco customers”. It attributes the bug to “insufficient condition …
Robot AI Woman

Chip giants pelt embedded AI platforms with wads of cash

Analysis Artificial intelligence and machine learning engines are underpinning many emerging applications and services, from making sense of big data for enterprises, to supporting hyper-personalized consumer content, or virtual reality gaming. The current challenge is to move AI from the supercomputer to the mobile device, supporting …
Wireless Watch, 17 Aug 2016
Amazon Web Services

IPv6 comes to AWS S3

Amazon Web Services' simple storage service (S3) can how handle IPv6. Amazon's Jeff Barr says S3 buckets “are now accessible via IPv6 addresses via new 'dual-stack' endpoints.” “When a DNS lookup is performed on an endpoint of this type, it returns an 'A' record with an IPv4 address and an 'AAAA' record with an IPv6 address. …
Simon Sharwood, 12 Aug 2016

Hybrid Cloud: The new IT service platform?

So. Hybrid cloud. Let's start with a quick definition, courtesy in this case of TechTarget which describes it as: “a cloud computing environment which uses a mixture of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms”. I like this particular definition as it sums it …
Dave Cartwright, 28 Jul 2016

European privacy body slams shut backdoors everywhere

Europe's privacy body has reiterated its pro-privacy, anti-backdoor stance. The European Data Protection Supervisor (EDPS) Giovanni Buttarelli has long expressed the view that “privacy versus security” is a false dichotomy. In 2015, he told a conference in Brussels that “the objective of cyber-security may be misused to …
Docker logo

Docker Cloud under fire after DDoS attacks slam DNS, knacker websites

Updated Websites running on the Docker Cloud hosted container management and deployment service were taken down by an apparent DNS outage on Monday. Reg readers and Docker Cloud support forum members complained today that their services were down or suffering intermittent outages with little explanation from Docker. One angry user …
Gavin Clarke, 19 Jul 2016

Guilt by ASN: Compiler's bad memory bug could sting mobes, cell towers

A vulnerability in a widely used ASN.1 compiler isn't a good thing: it means a bunch of downstream systems – potentially mobile phones and cell towers – will inherit the bug. And an ASN.1 bug is what the Sadosky Foundation in Argentina has turned up, in Objective Systems' software. The research group's Lucas Molas says …

ANZ Bank staffers drop slick incident response tool for Mandiant mobs

Security boffins at ANZ, one of Australia's largest banks, have offered their nightHawk incident response tools for organisations running free Mandiant tools. Mandiant's open source platform is fit for enterprises requiring incident response at scale, and can run off a laptop for many investigations. ANZ bank security …
Darren Pauli, 15 Jul 2016

Avast woos AVG shareholders with $1.3bn buyout offer

Avast is offering to buy anti-virus rival AVG for $1.3bn. AVG shareholders are being offered $25.00 per share in cash, a 33 per cent mark-up on the closing share price on Wednesday. AVG, Avast and rival Avira are the three main players in the market for freebie anti-virus scanners for Windows. All make their money by offering …
John Leyden, 07 Jul 2016

Hackers: Ditch the malware, we're in... Just act like a normal network admin. *Whistles*

Hackers almost exclusively use standard network admin tools to move around a compromised network once they’ve broken in using malware or other hacking techniques. Researchers at security startup LightCyber found that 99 per cent of post-intrusion cyberattack activities did not employ malware, but rather employed standard …
John Leyden, 30 Jun 2016
Magic act, image via Shutterstock

Look into our network, not around our network... you're under

Tactics successfully deployed by Field Marshal Bernard Law Montgomery against German Army officer Erwin Rommel in the battle of El Alamein have been applied in a cyber-technology that aims to outfox hackers. During the important WWII battle, allied forces deployed dummy tanks consisting of plywood frames placed over jeeps as a …
John Leyden, 24 Jun 2016

'Nobody cares about your heart-rate'

With CrowdStrike kicking off its Australian office, the company's freshly-minted VP of technology strategy, Michael Sentonas, took time out for a chat to Vulture South. We started the discussion looking at security in the Internet of Things market, where Sentonas says “I look at it and say 'what a disaster'.” The industry, he …

VMware aims high with a little help from its friends

VMware's extensive ecosystem has been a massive part of its success, as demonstrated by the fact that even when server virtualisation looked like a reason to stop buying servers it created an opportunity for Intel to make virtualisation sing and arguably left Chipzilla making more coin from virtualisation than VMware itself. …
Simon Sharwood, 14 Jun 2016
MagMac83 http://www.shutterstock.com/gallery-2897194p1.html

Hacker finds flaw in teleconference tool used by US Army, NASA and CERN

Sydney security tester Jamieson O'Reilly has reported a since-patched vulnerability in video platform Vidyo – used by the likes of the US Army, NASA and CERN – that could see videos leaked and systems compromised. O'Reilly, director of intelligence for consultancy Content Protection, says he picked up the bug during a client …
Darren Pauli, 19 May 2016
Man hangs up desk phone after a clearly irritating call. Photo by Shutterstock

Sick of storage vendors? Me too. Let's build the darn stuff ourselves

StorageBod Any half-way competent storage administrator or systems administrator should be able to build a storage array themselves these days. It’s never really been easier and building yourself a dual-head filer that does block and network-attached storage should be a doddle for anyone with a bit of knowledge, a bit of time and some …
StorageBod, 16 May 2016
Garden_gate

Time to quadruple our cloud gateway capacity, CTERA etc etc

CTERA has upped the capacity of its storage appliance fourfold, stripped off the hardware to provide a bare-bones virtual edition, and re-engineered its central software to be more cloud-centric. CTERA launched its cloud storage gateway and NAS (network attached server) product in 2009, with the cloud part being back-end …
Chris Mellor, 25 Apr 2016
The Microsoft Graph API is a single endpoint for all things Office

Is Microsoft's Office dev platform ready to go mainstream?

"For the first time we are opening up Office 365 not just as an end-user and an enterprise tool and a service, but as a developer platform," said Microsoft CEO Satya Nadella during the earnings call following the company's latest financial results. Despite Nadella's comment the ability to develop for Office 365 is not new, …
Tim Anderson, 22 Apr 2016

Win XP, Flash, Java... healthcare makes easy pickings for hackers

The healthcare industry is a long way behind the financial sector in basic security practices, according to a study by two factor authentication firm Duo Security. Duo found that healthcare devices were significantly more out of date and less secure than ones from finance, after comparing its healthcare customers' devices to …
John Leyden, 22 Apr 2016

Bug hype haters gonna hate hate hate: Badlock flaw more like Sadlock

The Badlock flaw in Windows and Samba file servers has been revealed after weeks of hype and anticipation. It is not as critical as feared, but it's still an annoyance. Fixes and mitigations are available today. In late March, we were alerted to what was described as a "crucial security bug" in Windows and Unix-flavored SMB …
Chris Williams, 12 Apr 2016

Spies rejoice! Gmail, Facebook Messenger BREACHed once again

Black Hat Asia Research pair Dimitris Karakostas and Dionysis Zindros have upgraded their attack (codenamed BREACH) that pierces the web's most common ciphers, and released a framework to help well-heeled hackers and state-sponsored spies spy on the likes of Facebook and Gmail. At Black Hat Asia, the pair demonstrated once again how secure …
Darren Pauli, 04 Apr 2016
Poster for the movie Cable Guy. Copyright:  Columbia Pictures Corporation,

Call the Cable Guy: Wireless just won't cut it

Wireless networking is regarded by many as the way to go for corporate networking. No need for expensive structured cabling, no need to re-patch stuff when someone moves desk, and sufficiently secure to make it suitable for corporate use. I am inclined to agree with that last point: rank up the encryption to WPA2-AES and use …
Dave Cartwright, 01 Apr 2016

What are you doing to spot a breach?

Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …
Robin Birtstone, 08 Mar 2016

Going on a thin client diet

We may not be in the post-PC age, but we’re definitely in the ‘plus everything else’ era. A gaggle of new mobile devices has gathered to join the PC, and it’s making things more complex for IT administrators. Smart phones were already heavily in the enterprise, and now, tablets are gaining traction too. How can they cut through …
Robin Birtstone, 08 Mar 2016
Honey bee on flower

Dell offers sweet, sweet, free honeypot tool to trap hungry hackers

RSA 2016 Dell SecureWorks duo Joe Stewart and James Bettke have created a free honeypot loaded with fake domain credentials in a bid to help admins trap and block attackers. The researchers built the Domain Controller Enticing Password Tripwire (DCEPT) tool designed to help organisations unmask hackers and shore up defences ahead of …
Darren Pauli, 07 Mar 2016

Cisco to partners: We're all doing services now – resistance is futile

Cisco Partner Summit This week, Cisco gathered its partners in San Diego to make one thing abundantly clear: it's not just about network boxes any more. The company that made its name helping everyone move data from point A to point B has laid out a new vision for itself and its vendors, which will see Cisco put itself everywhere from security to …
Shaun Nichols, 02 Mar 2016

Drydex malware busting bursting British business bank balances

IBM threat analyst Limor Kessem says the Dridex trojan has been revamped and for the last fortnight has targeted rich UK bank accounts in an expensive and well-resourced campaign. The gang behind the malware, dubbed Evil Corp, released the update to Dridex detected 6 January such that it would go after the richest British …
Darren Pauli, 21 Jan 2016

Citrix buys System Center control freak, sells CloudPlatform

Citrix has offloaded its CloudPlatform products to Accelerite, bought Comtrade's System Center Operations Manager management packs and tweaked some of its software. The sale first: Accelerite is a subsidiary of India's Persistent Systems, a software-developer-for-hire that created Accelerite to sell products instead of …
Simon Sharwood, 12 Jan 2016

Good news, OAuth is almost secure

German boffins believe there are protocol flaws in Facebook's ubiquitous OAuth protocol that render it vulnerable to attack. The trio, Daniel Fett, Ralf Küsters and Guido Schmitz of the University of Trier, conducted what's known in security circles as a “formal security analysis” on the protocol, and published it at Arxiv …
Example of tidy cabling

Cisco, HPE and Dell: Let's just say 'it's complicated' for now

Sysadmin's 2015 review part 2 With 2015 drawing to a close and 2016 about to begin it's time to reflect on the fact that the world never stops changing. The tech industry certainly changes constantly, and so here's one sysadmin's view of the industry's movers and shakers. In part one, I took a look at Amazon, Oracle and Microsoft. Here in part two I am …
Trevor Pott, 26 Dec 2015
management management

Bookstore sells some data centre capacity, becomes Microsoft, Oracle's nemesis

Sysadmin's 2015 review part 1 With 2015 drawing to a close and 2016 about to begin, it is time to reflect on the fact that the world never stops changing. The tech industry certainly changes, and so here's one sysadmin's view of the industry's movers and shakers. In part one we're going to look at Amazon, Oracle and Microsoft. As I see it, the strategy of …
Trevor Pott, 24 Dec 2015
Raspberry Pi Official Case

VDI comes to the Raspberry Pi

The Raspberry Pi is now a threat to thin clients. Citrix has been fooling around with the Pi as a desktop virtualisation (VDI) target for a while, even releasing a prototype Citrix Receiver for the little computers. That effort was in early 2014. Citrix has since decided it was inefficient to put a lot of effort into creating …
Simon Sharwood, 14 Dec 2015

Bare metal is not dead, so Borg goes for SDN assimilation

Cisco is continuing to walk the fine line between embracing software defined networking (SDN) and opening things all the way up, announcing the latest refresh of its Application Centric Infrastructure (ACI) environment. The biggest surprise of the latest announcement isn't the various support partnerships The Borg has added, …
Cortana

Hey Cortana, how about you hide my app from the user?

MS Ignite AU It's a way off yet, but one of the endpoints for Cortana, Microsoft's take on the digital assistant you can fall in love with, is to be a primary interface between multiple applications. The idea is that instead of opening an Excel spreadsheet to find a datum you need, copying it, switching to e-mail, and sending it to the …
symantec CEO mike brown

Symantec's salvation plan is more and better integration. No, really

Symantec divested Veritas because it never quite convinced anyone that an integrated security and data management company made sense, and its security business has struggled in part because it's not linked its protection products. But the company's new CEO Michael Brown nonetheless thinks that integrating the company's range is …
Simon Sharwood, 17 Nov 2015
Kids on wall. Pic: US Army/Capt Emily Skolozynski

Will the Ericsson/Cisco alliance work or simply break?

The reasons for an alliance between Cisco and Ericsson are just as good as the reasons against it. Both want to own ALL of the territory around carrier deployments, but Ericsson comes from dominance in the wireless sector and Cisco from the IP segment, both wired and wireless. And similarly both of them fear incursions from …
Faultline, 16 Nov 2015
ArcticBlue_butterfly

Endpoint protectors spread wings, Druva flies into Microsoft cloud

Endpoint data protector Druva is adding Microsoft's Azure to its public cloud target list, adding security and sharing features to its backup capabilities and trying to appeal more to enterprises – a link with Microsoft is good news in that department. "Druva has quickly grown to become the de facto standard for data …
Chris Mellor, 02 Nov 2015
Roundabout. Pic: Roundabout Fun, Flickr

How to get the fun stuff back in your data centre

The cloud is a fabulous concept. If you want to try something out, or prototype your latest idea, or give yourself a relatively inexpensive disaster recovery setup, get in there and run up a cloud-based installation. There's something that the cloud lacks, though: it's just not fun or cool. Lists of virtual machines in the …
Dave Cartwright, 29 Oct 2015
trolley_shopping_648

Cisco swallows security firm Lancope for $452m

Cisco has announced its intention to acquire netsec firm Lancope for more than $452m in cash. The company aims to supplement its security offerings with those of Lancope's StealthWatch suite, which protects networks with live monitoring and behaviour analytics of network data flows. Cisco is doubling down on its netsec …
DVD it in many colours

Our storage reporter has breaking news about Data Fabrics. Chris?

Recent NetApp Data Fabric literature presages a return of FlashRay and an apparently semi-detached integration of its StorageGRID product. Data Fabric is NetApp's over-arching concept of a virtual fabric with which data in different clouds (stores) can be seamlessly connected across different data management (product) …
Chris Mellor, 23 Oct 2015

Trend Micro stumps up $300m to buy HP TippingPoint

Trend Micro has agreed to pay $300m to acquire HP TippingPoint, a provider of intrusion prevention systems and related network security kit. The acquisition is both technology and market driven since it gives Trend, best known for its security software, access to HP TippingPoint’s customer base. Trend says the deal positions …
John Leyden, 21 Oct 2015

Inside Mandiant's biggest forensics breach battle: Is this Anthem?

Cyber Defence Summit Four researchers from American cybersecurity firm Mandiant have engaged in an eight-month epic battle against hackers behind one of the biggest breaches of this year. The quartet is not saying who the victim is, nor identifying the attackers. However, it is at the level of, and very-well could be, health insurers Anthem or …
Darren Pauli, 15 Oct 2015

Hackers can steal your BRAIN WAVES

BruCon: Behold the future: attackers can already get between brain-waves and hospital kit, and it's just going to get worse according to IOActive senior consultant Alejandro Hernández. Hernández says the ability to steal, manipulate, and replay brain waves used in electroencephalography (EEG) is already emerging, with consumer …
Darren Pauli, 13 Oct 2015
Huge Clouds Ocean

The do-it-all storage giant is dying: Clouds loom over on-prem IT

Comment The days of the massive standalone storage company are coming to a close, as the public cloud and myriad storage startups drive cumulatively fatal wounds deep into the heart of the one-supplier-does-all-your-storage business model. The all-you-need, best-of-breed storage supplier days are ending as enterprises realize they can …
Chris Mellor, 08 Oct 2015
Example of tidy cabling

Bigger – and better? How your IT infrastructure budget will change

I was reading in a report recently that the majority of firms intend to increase their overall investment in IT infrastructure over the next two years. Which got me wondering: will this be in-house infrastructure? And if not, where will the money go outside the organisation? Bill will get richer Office 365 – specifically the …
Dave Cartwright, 16 Sep 2015
PMC_SWitchtec.

We asked a maker of PCIe storage switches to prove the tech is more interesting than soggy cardboard

Q&A PCIe switching sounds like a mundane topic, but it’s actually a key part of the revolution that’s blurring the boundaries between servers and storage arrays, with vastly faster data access the result. Vancouver's PMC-Sierra has launched its Switchtec switches, and we asked product marketing manager Ray Jang some questions …
Chris Mellor, 07 Sep 2015
rise_of_the_idiots_nathan_barley_648

Australia the idiot in the global village, says Geoff Huston

One of the individuals who first brought the Internet to Australia, Geoff Huston, has unloaded on the federal government's chaotic attempt to introduce its data retention regime. Now chief scientist at APNIC, Huston has written in his Potaroo blog that one of the key assumptions behind the data retention regime, a stable …

Mashed together malware threatens Japanese online banking users

Customers of Japanese banks are on the front line of attacks based on a new and sophisticated banking trojan, mashed together from leaked bits of malware code. Shifu (named after the Japanese word for thief) is targeting 14 Japanese banks as well as electronic banking platforms used across Europe, according to security …
John Leyden, 01 Sep 2015

Boffins sting spooks with 'HORNET' onion router

Five academics have developed a Tor alternative network that can handle up to 93Gb/s of traffic while maintaining privacy. The HORNET system is more resistant to passive attacks than existing anonymity networks like Tor and delivers faster node speeds for a "practically unlimited" number of sources. It is the brainchild of …
Darren Pauli, 24 Jul 2015

Catch 'em while you can! Presenting Druva's virtual open door detector

Think checking doors and windows every night so as to stop burglars scrambling through to rob you. Well, now your personal data can be handled in the same way, with Druva's end-point protection services identifying risky exposure to sensitive information loss by scanning backed-up data and alerting compliance teams. Its inSync …
Chris Mellor, 22 Jul 2015
yellow measuring tape - black writing

Make sure your storage can grow with your business

The average SME has a modest infrastructure which has grown organically: a file server of some sort, probably an email server, then a handful of application servers hosting things like finance systems or the database back-ends to business applications. In most cases server A is pushing the limits of its storage capacity while …
Dave Cartwright, 16 Jul 2015