Articles about Firewall

shutterstock_197375177-doctor

Netflix treats security ills with Stethoscope: Open-source self-probing tool

Netflix has released the source code of a web application called Stethoscope for evaluating the security of mobile and desktop computing devices. The software, covered by the Apache 2.0 license, intended for employees of organizations that use a device management service. Netflix hopes that employees using the toolkit will …
Thomas Claburn, 22 Feb 2017
China keyboard, image via Shutterstock

Lenovo to build and run SAP's cloud in China

What China wants, China gets – in this case an exception to SAP's usual practice of running its own cloud. Behind the great firewall that job's just gone to Lenovo, which “will deliver a new enterprise cloud solution created exclusively for customers holding licenses for the SAP HANA platform in China.” Lenovo will also run …
Simon Sharwood, 22 Feb 2017

Cisco edits DNA for even softer switches

Hard on the heels of a second-quarter result in which software subscriptions provided one of the few bright spots, Cisco's revealed a slew of new software-based systems. Today's announcements are for a bunch of software-based routing and security offerings at the branch, colocation, and cloud level. Network Function …
Shutterstock - Giant bug destroys ciy

Java and Python have unpatched firewall-crossing FTP SNAFU

Stop us if you've heard this one: Java and Python have a bug you can exploit to cross firewalls. Since neither are yet patched, it might be a good day to nag your developers for a bit. The Java vulnerability means protocol injection through its FTP implementation can fool a firewall into allowing TCP connections from the …
Arm wrestling photo via Shutterstock

Ditching your call centre for an app? Be careful not to get SAP-slapped

SAP has scored what threatens to be a pyrrhic victory in court against one of its own customers. A British court sided with the software giant in a case that threatens to drastically increase the amount of money customers must pay it. A judge ruled that SAP's named-user licensing fees must cover any and all software that …
Gavin Clarke, 20 Feb 2017

Installing disks is basically LEGO, right? This admin failed LEGO

On-Call Welcome to another Friday (!) and therefore to another edition of On-Call, The Register's column in which we let readers vent about jobs gone bad. This week, meet “Ian”, who once worked in a data-centre-for-hire, doing all the stuff that tenants needed done. Of course he's had some mirth-making moments along the way. “In my …
Simon Sharwood, 17 Feb 2017
Robert Wood

IT bosses: Get budgets for better security by rating threats on a scale of zero to Yahoo!

BSides SF What do you reckon US government regulations on computer security look like? If you selected outdated, contradictory and avoidable, congrats, you're an industry veteran – or you were paying attention to a talk this morning at the BSidesSF 2017 infosec conference. In a presentation titled "Swimming upstream: regulation vs …
Iain Thomson, 13 Feb 2017

Lovely. Now someone's ported IoT-menacing Mirai to Windows boxes

The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems. The software nasty, discovered in August 2016, broke into heaps of insecure Linux-powered gizmos worldwide before running distributed denial of service attacks, most notably against DNS …
John Leyden, 10 Feb 2017
malware_security_648

Life after antivirus: Reinventing endpoint security

Promo Security professionals still talk about “antivirus defences,” but in the space of a handful of years what is meant by this term has undergone a dramatic shift. On the surface, things look much as they have always done. Businesses still run what used to be called “AV protection,” reinvented some time ago as the all-purpose “ …
John E Dunn, 09 Feb 2017
Image by Bel Ka https://www.shutterstock.com/it/g/bel_ka

Honeypots: Free psy-ops weapons that can protect your network before defences fail

Feature The hackers breached the transport operator's systems and before they knew it had sent a passenger train hurtling into a wall. And the only reason you didn't read about it in the papers was that the systems were an entirely fictitious network created in 2015 to test just how far snoopers or crims would go in attacking vulnerable …
Darren Pauli, 08 Feb 2017
Intel Atom C2000 family

Intel Atom chips have been dying for at least 18 months – only now is truth coming to light

Exclusive The flaw in Intel's Atom C2000 family of chips has been vexing Intel's hardware customers for at least a year and a half, according to a source at one affected supplier, but it wasn't immediately obvious that Intel's silicon was to blame. The well-placed insider, who spoke to The Register on condition of anonymity, said the …
Thomas Claburn, 07 Feb 2017
printer

Hacker: I made 160,000 printers spew out ASCII art around the world

Printers around the world have been hacked and instructed to churn out pages and even sales receipts of alarming ASCII art. The messages, which began spewing from internet-connected printers on Thursday, read: "Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your …
Iain Thomson, 06 Feb 2017
witch

GCHQ cyber-chief slams security outfits peddling 'medieval witchcraft'

Usenix Enigma 2017 The chief technical director of GCHQ's National Cyber Security Centre has rebuked infosec companies for spreading fear, uncertainty and doubt about hackers to sell products. At the Enigma 2017 conference this week, Dr Ian Levy said world-plus-dog were trying to flog security defenses to tackle "advanced persistent threats," …
Iain Thomson, 03 Feb 2017
PWX_image

Fused box: Look who's containerizing storage, security and apps

Comment Containerized apps will gravitate to using containerized system services such as storage and security. In the DevOps world, containerized apps run inside hosts, and system services such as security and storage are containerized as well. Outside that ideal world, these services are often linked to containers by some interface …
Chris Mellor, 03 Feb 2017
Secret service

Wanna protect your data center? Take tips from the US Secret Service

Usenix Enigma 2017 Data center managers should take some tips from the US Secret Service when protecting vital servers from hackers, says someone who has been through a White House lockdown. In a presentation at Enigma 2017, Nathaniel Gleicher – a former director for cybersecurity policy at the National Security Council and now head of …
Iain Thomson, 02 Feb 2017
Failure

Happy Friday: Busted Barracuda update borks corporate firewalls

Updated A firmware update pushed to Barracuda firewalls has knocked out boxes in large firms and crippled networks, we're told. The change was sent out to customer gear by Barracuda on Friday morning Pacific Time, according to a source familiar with the matter. The update is automatically installed, and promptly caused the devices to …
Iain Thomson, 27 Jan 2017
china

China's Great Firewall to crack down on unofficial VPNs – state-approved net connections only

The Chinese government has started an 18-month crackdown that will require all VPN providers to seek government approval for their activities if they want to stay in business. The news, announced by the Ministry of Industry and Information Technology on Sunday, says that the market for services that bypass the content filters …
Iain Thomson, 23 Jan 2017
zombie_648

Linux is part of the IoT security problem, dev tells Linux conference

The Mirai botnet? Just the “tip of the iceberg” is how security bods at this week's linux.conf.au see the Internet of Things. Presenting to the Security and Privacy miniconf at linux.conf.au, embedded systems developer and consultant Christopher Biggs pointed out that Mirai's focus on building a big DDoS cannon drew attention …
Image by Sergey Nivens http://www.shutterstock.com/gallery-461077p1.html

Kill it with fire: US-CERT urges admins to firewall off Windows SMB

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group. The call from the US security clearing house does not name the Shadow Brokers as …
Darren Pauli, 18 Jan 2017

Smart fingerprint padlock startup to $320k backers: Sorry for the radio silence

TappLock, a startup promising the "world's first smart fingerprint padlock" has claimed that issues with manufacturing in China were behind the months of silence which provoked aggrieved backers to contact The Register, fearing fraud. The padlock business had managed to raise over $320,000 on the crowd-funding site Indiegogo …
Karmera secured Pixel phone photo2 by Kaymera

Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert. Kaymera Secured Pixel is outfitted with Kaymera’s own hardened version of the Android operating system and its security architecture. This architecture is made up of four …
John Leyden, 12 Jan 2017

Wi-Fi for audiophiles: Alliance preps TimeSync certification program

At CES last week, the Wi-Fi Alliance announced a certification program for devices supporting the TimeSync feature. The aim is to provide plumbing-layer tools to help deliver high-quality audio and video across a multi-station Wi-Fi network without the final result looking like a bad lip-sych. And, naturally enough, Wi-Fi …
ransomware

Kerching! That's the sound of Barracuda customers feeling the ransomware fear

Barracuda's business grew a little faster as customers continued moving to the public cloud and ransomware scared them into securing their emails. Third quarter fiscal 2017 revenues were $88.8m, a good 10.9 per cent uptick on last year, and a 1 per cent increase sequentially. Net income was $1.8m, 2 per cent of its revenues, …
Chris Mellor, 11 Jan 2017

How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked

The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized. As of Sunday, security researcher and Microsoft developer Niall Merrigan identified more than 27,000 MongoDB databases seized by ransomware. By Tuesday afternoon Pacific Time, an …
Thomas Claburn, 11 Jan 2017
Man flexing for webcam

Did webcam 'performer' offer support chap payment in kind?

On-call Welcome again to a festive edition of On-Call, the column in which readers send stories of jobs gone bad and we sanitise them for general consumption. We usually appear on Fridays, but the On-Call inbox is bulging, there's sod-all news to write this week and so we're doing it daily this week to spread some Christmas cheer. …
Simon Sharwood, 21 Dec 2016

Name's BOND, JBOND: Igneous's ARM strap-on is for your drives only

Analysis You wait for a bus for ages, and then two come along at once. Two data-transfer buses. Something like that. Both OpenIO and Igneous have launched plug-on ARM server cards for storage drives: these single-board computers each snap onto a hard drive to form nano-servers that are organized into a grid of object storage nodes. …
Chris Mellor, 21 Dec 2016

Microsoft goes all Tiananmen Square on its Chinese AI assistant

Microsoft has confirmed that it censors its Chinese language digital assistant. Last week, China Digital Times reported how the Xiaoice chatbot was avoiding certain topics that are known to be sensitive to the Chinese government, including the 1989 Tiananmen Square massacre, nicknames for president Xi Jinping, and even Donald …
Kieren McCarthy, 28 Nov 2016

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking

Eir, Ireland's largest ISP, has tens of thousands of customers with insecure ADSL2+ modems that appear to be vulnerable to remote takeover. Earlier this month, a security researcher writing under the name "kenzo" has posted a proof-of-concept exploit that demonstrates how an attacker might take control of an Eir D1000 modem. …
Thomas Claburn, 22 Nov 2016
zombie_648

Surveillance camera compromised in 98 seconds

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network. According to Graham's series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Mirai …
Thomas Claburn, 18 Nov 2016
Image by LuckyN http://www.shutterstock.com/gallery-1795121p1.html

$10m of Bangladeshi SWIFT heist ended up in Filipino Casino

At least some of the US$81 million lifted from Bangladeshi banks in recent hacks on the Society for Worldwide Interbank Telecommunication (SWIFT) inter-bank transfer network has been tracked down to a casino in the Philippines. The February heist relied on malware dropped on a SWIFT terminal used by Bangladesh's central bank. …

Cisco emits new branch box

Switchzilla has expanded its range of SME edge boxes, adding the all-in-one ISR 4221 to its flagship range of branch networking systems. Offering throughput between 35 Mbps and 75 Mbps on two WAN ports, the box pushes software-defined WAN (SD WAN) into the branch office, with an APIC Enterprise Module (APIC-EM) controller, …
London financial centre gherkin etc. photo by shutterstock

Losses and sales up, shares down at Sophos

Losses at London Stock Exchange-listed Sophos have gone up despite increasing sales. For the six months up to 30 September, revenues were $256.9m (£207.4m) compared to $234.2m in the same period a year ago. Losses, however, widened from $13.4m to $24.6m on rising R&D costs and more recurring business. Unified Threat …
John Leyden, 09 Nov 2016
Ice, image via Shutterstock

Finns chilling as DDoS knocks out building control system

Residents in two apartment buildings in the Finnish town of Lappeenranta had a chill-out lasting more than a week after a DDoS attack battered unprotected building management systems. The apartments are managed by a company called Valtia. The attack blocked the building management systems' Internet connections, according to …

Anti-ultrasound tech aims to foil the dog-whistle marketeers

Black Hat EU Marketeers are coming up with ways to invade our privacy in the interests of serving us ads in a way that goes far beyond the dire predictions of films such as Minority Report. Security researchers are already thinking about countermeasures. Cross-device tracking (XDT) technologies allow marketeers to track the user's visited …
John Leyden, 04 Nov 2016
child

Leaks password, check. Leaks Wi-Fi password, check. Can be spoofed, check. Ding! We have an Internet of S**t winner

Updated Here we have yet another example of an internet-facing home security camera with chocolate-padlock-grade security. The surveillance cam, examined by security firm Bitdefender, comes with motion and sound detectors, two-way audio, built-in lullabies to send children to sleep, temperature and humidity sensors and a microSD/SDHC …
Iain Thomson, 03 Nov 2016
He 'ain't heavy, Miller TV ad

He ain't heavy: OpenStack 16 cloud bros share LAMP interoperability load

Openstack Summit OpenStackers have sought to alleviate concerns that applications on rival clouds are locked in and not portable. Sixteen companies have demonstrated a model LAMP enterprise application running uniformly and without a hitch across OpenStack distributions and public clouds. It was deployed using Ansible and Shade with a second …
Gavin Clarke, 26 Oct 2016
Traditional lattice pylons in the UK countryside

Existing security standards are fine for IoT gizmos in electrical grids

IoT World Congress Putting Internet of Things sensors into electricity distribution grids works just fine - and security is catered for by existing broad standards, Luc Hossenlopp, CTO of Schneider Electric’s energy division, told the Internet of Things World Congress today. Addressing a packed auditorium at the Fira de Barcelona conference …
Gareth Corfield, 25 Oct 2016
Venomous snake

Cisco patches NetBIOS vuln

It's 2016, and Cisco's ASA software can be owned by a malicious NetBIOS packet. A remote attacker can watch for the NetBIOS probes sent out by ASA's identity firewall feature, send back a crafted packet in response, and either crash the system or execute arbitrary code. Appliances in the ASA 5500 series are affected, along …

Donald Trump running insecure email servers

US presidential candidate Donald Trump’s criticism of rival Hillary Clinton's use of a private email server while Secretary of State appeared to have rebounded on him. Security researcher Kevin Beaumont discovered the Trump organisation uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization' …
John Leyden, 19 Oct 2016

The answer to Internet of Things madness? Open source, of course!

"Open is always going to win," states Ed Hemphill, CEO of WigWag, a company that hopes to make sense of the ever-expanding and ever-more-complex Internet of Things market. WigWag is named after the traditional flags used by the US military's Signal Corps to communicate messages. Hemphill and his cofounder Travis McCollum both …
Kieren McCarthy, 17 Oct 2016
DDOS

Sweet, vulnerable IoT devices compromised 6 min after going online

The unpatched Windows XP problem that spawned the Blaster and Sasser worm a decade ago is being replicated on a different platform by hackers exploiting IoT devices to launch denial of service attacks. Two Internet of Things-powered packet floods took down the websites of cybersecurity journalist Brian Krebs and French hosting …
John Leyden, 17 Oct 2016
Qualcomm's AllJoyn underpins the range of connectedness that the AllSeen Alliance taps into

Decade-old SSH vuln exploited by IoT botnet armies to hose servers

Hackers are exploiting a 12-year-old vulnerability in OpenSSH to funnel malicious network traffic through Internet of Things (IoT) gizmos, Akamai warns. The SSHowDowN Proxy attack [PDF] exploits a lingering weakness in many default configurations of internet-connected embedded devices. Compromised gadgets are being abused to …
John Leyden, 13 Oct 2016
Grain silos by Scott Davis

Data-updater CTERA gets IBM reselling approval stamp

IBM is becoming a CTERA reseller to ship enterprise file services integrated with its SoftLayer, Cleversafe-based, object storage, and fully support it. CTERA provides a cloud storage gateway for file sync and share, and data protection, plus a NAS appliance. It has just gained $25m in a funding round; no doubt the VCs were …
Chris Mellor, 13 Oct 2016
Windows Server 2016, now with Windows 10 desktop

First look at Windows Server 2016: 'Cloud for the masses'? We'll be the judge of that

Review Microsoft has released Windows Server 2016, complete with container support and a brand new Nano Server edition. What is the essence of Windows Server 2016? First, a quick look at the context. Server 2016 follows the same pattern as previous releases, in that it follows a new release of the Windows desktop operating system, in …
Tim Anderson, 12 Oct 2016

Security bod to MSFT: PowerShell's admin-lite scheme is an open door

Updated Microsoft's PowerShell feature “Just Enough Administration” (JEA) is, apparently, “way too much administration” according to researcher Matt Weeks. In this write-up of JEA, root9B and Metasploit module developer Weeks says JEA profiles aren't much of a barrier, since people with JEA profiles can escalate themselves to sysadmin …
Microsoft monopoly

Windows updates? Just trust us, says Microsoft executive

Interview At Microsoft's recent Ignite event in Atlanta, The Reg sat down with Brad Anderson, Corporate Vice President of Enterprise Client and Mobility. Brad Anderson is a Microsoft veteran who oversees how Windows and mobile devices are managed in business. A decade ago it was simple: firewall-protected network, Windows PCs, and …
Tim Anderson, 07 Oct 2016

AWS CloudFront goes IPv6

Amazon Web Services's CloudFront content distribution network is now IPv6-enabled. The cloudy concern says it's also flicked the switch to support IPv6 for its S3 Transfer Acceleration and Web Application Firewall services. Existing IPv4 connections will keep working and AWS urges users to test IPv6 before using it in …
Simon Sharwood, 07 Oct 2016

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016

What's not to love about IoT – you can spy on customers as they arrive

IPExpo Siloed databases will be the downfall of your Internet of Things venture, warned Avaya’s chief technologist Jean Turgeon on stage at IPExpo Europe today. Turgeon’s talk, titled IoT: Forget the hype, this is reality, didn’t really live up to the promise of its name, though he did make a few good points in amongst the subtle …
Gareth Corfield, 05 Oct 2016

BlackBerry: You can't just roll up and make one

Interview BlackBerry says it won’t license its brand and security hardened Android “to any Tom Dick and Harry” as it tries to maintain the value of its brand. The BlackBerry senior VP for sales for its Mobility division Alex Thurber - stopping to talk to El Reg as he sailed through London on his honeymoon - also told us BlackBerry had …
Andrew Orlowski, 05 Oct 2016