Articles about Firewall

zombie_648

Linux is part of the IoT security problem, dev tells Linux conference

The Mirai botnet? Just the “tip of the iceberg” is how security bods at this week's linux.conf.au see the Internet of Things. Presenting to the Security and Privacy miniconf at linux.conf.au, embedded systems developer and consultant Christopher Biggs pointed out that Mirai's focus on building a big DDoS cannon drew attention …
Image by Sergey Nivens http://www.shutterstock.com/gallery-461077p1.html

Kill it with fire: US-CERT urges admins to firewall off Windows SMB

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group. The call from the US security clearing house does not name the Shadow Brokers as …
Darren Pauli, 18 Jan 2017

Smart fingerprint padlock startup to $320k backers: Sorry for the radio silence

TappLock, a startup promising the "world's first smart fingerprint padlock" has claimed that issues with manufacturing in China were behind the months of silence which provoked aggrieved backers to contact The Register, fearing fraud. The padlock business had managed to raise over $320,000 on the crowd-funding site Indiegogo …
Karmera secured Pixel phone photo2 by Kaymera

Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert. Kaymera Secured Pixel is outfitted with Kaymera’s own hardened version of the Android operating system and its security architecture. This architecture is made up of four …
John Leyden, 12 Jan 2017

Wi-Fi for audiophiles: Alliance preps TimeSync certification program

At CES last week, the Wi-Fi Alliance announced a certification program for devices supporting the TimeSync feature. The aim is to provide plumbing-layer tools to help deliver high-quality audio and video across a multi-station Wi-Fi network without the final result looking like a bad lip-sych. And, naturally enough, Wi-Fi …
ransomware

Kerching! That's the sound of Barracuda customers feeling the ransomware fear

Barracuda's business grew a little faster as customers continued moving to the public cloud and ransomware scared them into securing their emails. Third quarter fiscal 2017 revenues were $88.8m, a good 10.9 per cent uptick on last year, and a 1 per cent increase sequentially. Net income was $1.8m, 2 per cent of its revenues, …
Chris Mellor, 11 Jan 2017

How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked

The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized. As of Sunday, security researcher and Microsoft developer Niall Merrigan identified more than 27,000 MongoDB databases seized by ransomware. By Tuesday afternoon Pacific Time, an …
Thomas Claburn, 11 Jan 2017
Man flexing for webcam

Did webcam 'performer' offer support chap payment in kind?

On-call Welcome again to a festive edition of On-Call, the column in which readers send stories of jobs gone bad and we sanitise them for general consumption. We usually appear on Fridays, but the On-Call inbox is bulging, there's sod-all news to write this week and so we're doing it daily this week to spread some Christmas cheer. …
Simon Sharwood, 21 Dec 2016

Name's BOND, JBOND: Igneous's ARM strap-on is for your drives only

Analysis You wait for a bus for ages, and then two come along at once. Two data-transfer buses. Something like that. Both OpenIO and Igneous have launched plug-on ARM server cards for storage drives: these single-board computers each snap onto a hard drive to form nano-servers that are organized into a grid of object storage nodes. …
Chris Mellor, 21 Dec 2016

Microsoft goes all Tiananmen Square on its Chinese AI assistant

Microsoft has confirmed that it censors its Chinese language digital assistant. Last week, China Digital Times reported how the Xiaoice chatbot was avoiding certain topics that are known to be sensitive to the Chinese government, including the 1989 Tiananmen Square massacre, nicknames for president Xi Jinping, and even Donald …
Kieren McCarthy, 28 Nov 2016

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking

Eir, Ireland's largest ISP, has tens of thousands of customers with insecure ADSL2+ modems that appear to be vulnerable to remote takeover. Earlier this month, a security researcher writing under the name "kenzo" has posted a proof-of-concept exploit that demonstrates how an attacker might take control of an Eir D1000 modem. …
Thomas Claburn, 22 Nov 2016
zombie_648

Surveillance camera compromised in 98 seconds

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network. According to Graham's series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Mirai …
Thomas Claburn, 18 Nov 2016
Image by LuckyN http://www.shutterstock.com/gallery-1795121p1.html

$10m of Bangladeshi SWIFT heist ended up in Filipino Casino

At least some of the US$81 million lifted from Bangladeshi banks in recent hacks on the Society for Worldwide Interbank Telecommunication (SWIFT) inter-bank transfer network has been tracked down to a casino in the Philippines. The February heist relied on malware dropped on a SWIFT terminal used by Bangladesh's central bank. …

Cisco emits new branch box

Switchzilla has expanded its range of SME edge boxes, adding the all-in-one ISR 4221 to its flagship range of branch networking systems. Offering throughput between 35 Mbps and 75 Mbps on two WAN ports, the box pushes software-defined WAN (SD WAN) into the branch office, with an APIC Enterprise Module (APIC-EM) controller, …
London financial centre gherkin etc. photo by shutterstock

Losses and sales up, shares down at Sophos

Losses at London Stock Exchange-listed Sophos have gone up despite increasing sales. For the six months up to 30 September, revenues were $256.9m (£207.4m) compared to $234.2m in the same period a year ago. Losses, however, widened from $13.4m to $24.6m on rising R&D costs and more recurring business. Unified Threat …
John Leyden, 09 Nov 2016
Ice, image via Shutterstock

Finns chilling as DDoS knocks out building control system

Residents in two apartment buildings in the Finnish town of Lappeenranta had a chill-out lasting more than a week after a DDoS attack battered unprotected building management systems. The apartments are managed by a company called Valtia. The attack blocked the building management systems' Internet connections, according to …

Anti-ultrasound tech aims to foil the dog-whistle marketeers

Black Hat EU Marketeers are coming up with ways to invade our privacy in the interests of serving us ads in a way that goes far beyond the dire predictions of films such as Minority Report. Security researchers are already thinking about countermeasures. Cross-device tracking (XDT) technologies allow marketeers to track the user's visited …
John Leyden, 04 Nov 2016
child

Leaks password, check. Leaks Wi-Fi password, check. Can be spoofed, check. Ding! We have an Internet of S**t winner

Updated Here we have yet another example of an internet-facing home security camera with chocolate-padlock-grade security. The surveillance cam, examined by security firm Bitdefender, comes with motion and sound detectors, two-way audio, built-in lullabies to send children to sleep, temperature and humidity sensors and a microSD/SDHC …
Iain Thomson, 03 Nov 2016
He 'ain't heavy, Miller TV ad

He ain't heavy: OpenStack 16 cloud bros share LAMP interoperability load

Openstack Summit OpenStackers have sought to alleviate concerns that applications on rival clouds are locked in and not portable. Sixteen companies have demonstrated a model LAMP enterprise application running uniformly and without a hitch across OpenStack distributions and public clouds. It was deployed using Ansible and Shade with a second …
Gavin Clarke, 26 Oct 2016
Traditional lattice pylons in the UK countryside

Existing security standards are fine for IoT gizmos in electrical grids

IoT World Congress Putting Internet of Things sensors into electricity distribution grids works just fine - and security is catered for by existing broad standards, Luc Hossenlopp, CTO of Schneider Electric’s energy division, told the Internet of Things World Congress today. Addressing a packed auditorium at the Fira de Barcelona conference …
Gareth Corfield, 25 Oct 2016
Venomous snake

Cisco patches NetBIOS vuln

It's 2016, and Cisco's ASA software can be owned by a malicious NetBIOS packet. A remote attacker can watch for the NetBIOS probes sent out by ASA's identity firewall feature, send back a crafted packet in response, and either crash the system or execute arbitrary code. Appliances in the ASA 5500 series are affected, along …

Donald Trump running insecure email servers

US presidential candidate Donald Trump’s criticism of rival Hillary Clinton's use of a private email server while Secretary of State appeared to have rebounded on him. Security researcher Kevin Beaumont discovered the Trump organisation uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization' …
John Leyden, 19 Oct 2016

The answer to Internet of Things madness? Open source, of course!

"Open is always going to win," states Ed Hemphill, CEO of WigWag, a company that hopes to make sense of the ever-expanding and ever-more-complex Internet of Things market. WigWag is named after the traditional flags used by the US military's Signal Corps to communicate messages. Hemphill and his cofounder Travis McCollum both …
Kieren McCarthy, 17 Oct 2016
DDOS

Sweet, vulnerable IoT devices compromised 6 min after going online

The unpatched Windows XP problem that spawned the Blaster and Sasser worm a decade ago is being replicated on a different platform by hackers exploiting IoT devices to launch denial of service attacks. Two Internet of Things-powered packet floods took down the websites of cybersecurity journalist Brian Krebs and French hosting …
John Leyden, 17 Oct 2016
Qualcomm's AllJoyn underpins the range of connectedness that the AllSeen Alliance taps into

Decade-old SSH vuln exploited by IoT botnet armies to hose servers

Hackers are exploiting a 12-year-old vulnerability in OpenSSH to funnel malicious network traffic through Internet of Things (IoT) gizmos, Akamai warns. The SSHowDowN Proxy attack [PDF] exploits a lingering weakness in many default configurations of internet-connected embedded devices. Compromised gadgets are being abused to …
John Leyden, 13 Oct 2016
Grain silos by Scott Davis

Data-updater CTERA gets IBM reselling approval stamp

IBM is becoming a CTERA reseller to ship enterprise file services integrated with its SoftLayer, Cleversafe-based, object storage, and fully support it. CTERA provides a cloud storage gateway for file sync and share, and data protection, plus a NAS appliance. It has just gained $25m in a funding round; no doubt the VCs were …
Chris Mellor, 13 Oct 2016
Windows Server 2016, now with Windows 10 desktop

First look at Windows Server 2016: 'Cloud for the masses'? We'll be the judge of that

Review Microsoft has released Windows Server 2016, complete with container support and a brand new Nano Server edition. What is the essence of Windows Server 2016? First, a quick look at the context. Server 2016 follows the same pattern as previous releases, in that it follows a new release of the Windows desktop operating system, in …
Tim Anderson, 12 Oct 2016

Security bod to MSFT: PowerShell's admin-lite scheme is an open door

Updated Microsoft's PowerShell feature “Just Enough Administration” (JEA) is, apparently, “way too much administration” according to researcher Matt Weeks. In this write-up of JEA, root9B and Metasploit module developer Weeks says JEA profiles aren't much of a barrier, since people with JEA profiles can escalate themselves to sysadmin …
Microsoft monopoly

Windows updates? Just trust us, says Microsoft executive

Interview At Microsoft's recent Ignite event in Atlanta, The Reg sat down with Brad Anderson, Corporate Vice President of Enterprise Client and Mobility. Brad Anderson is a Microsoft veteran who oversees how Windows and mobile devices are managed in business. A decade ago it was simple: firewall-protected network, Windows PCs, and …
Tim Anderson, 07 Oct 2016

AWS CloudFront goes IPv6

Amazon Web Services's CloudFront content distribution network is now IPv6-enabled. The cloudy concern says it's also flicked the switch to support IPv6 for its S3 Transfer Acceleration and Web Application Firewall services. Existing IPv4 connections will keep working and AWS urges users to test IPv6 before using it in …
Simon Sharwood, 07 Oct 2016

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016

What's not to love about IoT – you can spy on customers as they arrive

IPExpo Siloed databases will be the downfall of your Internet of Things venture, warned Avaya’s chief technologist Jean Turgeon on stage at IPExpo Europe today. Turgeon’s talk, titled IoT: Forget the hype, this is reality, didn’t really live up to the promise of its name, though he did make a few good points in amongst the subtle …
Gareth Corfield, 05 Oct 2016

BlackBerry: You can't just roll up and make one

Interview BlackBerry says it won’t license its brand and security hardened Android “to any Tom Dick and Harry” as it tries to maintain the value of its brand. The BlackBerry senior VP for sales for its Mobility division Alex Thurber - stopping to talk to El Reg as he sailed through London on his honeymoon - also told us BlackBerry had …
Andrew Orlowski, 05 Oct 2016

How to build a storage startup

Part One You read The Register about people getting ahead with the most ridiculous startup ideas and ask: "Why that can't be you?" How is the game played? Well, let's design a storage startup from scratch and find out. I'm picking storage as the market for my hypothetical startup in part because I have worked closely with a number of …
Trevor Pott, 29 Sep 2016
Man sloppily eats a hamburger... chips and pickle fall out. Photo by Shutterstock

WAN, bam, thank you... oh @£$%. We've gone dead. Drop the burger. RUUUUUN!

This Damn War This Damn War image via Shutterstock Big, global WAN roll-outs have their hazards. Size is one of them, but you can deal with this with effective project planning and management. Complexity is another, but combining design and a team of highly effective and competent engineers can address that one too. And of course there …
Dave Cartwright, 28 Sep 2016

Startup iguazio launches NVMe-propelled missile at enterprise analytics

iguazio’s Data-as-a-Service Enterprise Data Cloud converges different storage access protocols and use cases behind an access abstraction layer and claims to out-perform Amazon and all-flash filers at lower costs. The startup’s pitch is that Big Data analytics data, input, extraction, loading and storing is grossly complex and …
Chris Mellor, 27 Sep 2016

Avaya explains its 'hyper-segmentation' approach to security

Interview It's way too easy to get past a firewall, map out an enterprise's network, and start tapping IP addresses looking for vulnerable machines – so why are we using Layer 3 addressing as the basis of the enterprise network? Avaya's new software-defined-networking-based architecture proposes to stop TCP/IP-based attack traffic at …
Larry Ellison photo by drserg via Shutterstock

Oracle's cloud strategy is simple – woo and win the latecomers

OpenWorld Throughout this year's Oracle OpenWorld conference, the company's message has been fairly simple – the database firm is moving to cloud but can offer buyers either on-prem kit, full public cloud, or anything in-between. It's a tempting pitch for those who are somewhat nervous about diving into the cloud with their systems, and …
Iain Thomson, 22 Sep 2016

The perimeterless, ever-shifting enterprise: What would a real, red-blooded IT team do?

If you work in a manufacturing, plant measuring productivity is simple: you measure the number of widgets produced in a given time frame. A person in this environment must not be the one holding up the production line. Nothing more, nothing less. But what does productivity mean for less tangible "knowledge work" occupations such …
Trevor Pott, 19 Sep 2016

Trump website server config snafu left interns' CVs exposed

Misconfiguration of Donald Trump's campaign website left the personal information of interns – and perhaps more – accessible to casual snooping. Staffers of the real estate mogul-turned-US presidential candidate “bungled the settings on their Amazon S3 server”, according to MacKeeper security researcher Chris Vickery, the …
John Leyden, 15 Sep 2016

Great British Block-Off: GCHQ floats plan to share its DNS filters

Officials with GCHQ are said to be mulling a plan that would extend the UK government's network security tools to private-sector ISPs. GCHQ director general for cyber security Ciaran Martin has been in Washington, DC, pitching the plan to arm the ISPs with firewall updates aimed at blocking off known bad actors. The project, …
Shaun Nichols, 14 Sep 2016
Fibre, image via Shutterstock

BT needs to ditch its legacy to be competitive, says chief architect

Interview In a world of new “agile” network players offering over-the-top services, BT is something of a dinosaur, having been privatised as far back as 1984 after previously running as a state monopoly. Certainly in terms of its systems, the business is weighed down by legacy in a way that newer network providers are unencumbered from …
Kat Hall, 08 Sep 2016
Bare knuckle fight, photo via Shutterstock

Hitsniffer customers hit by outage over former colleagues' ownership spat

Customers of analytics business Hitsniffer have been left in the lurch following its collapse after arguments over ownership of the service. Peter Laird, who runs the financial side of Hitsniffer, and Armin Nikdel Kourkah, its programmer, are engaged in a dispute over Hitsniffer's holding rights, leaving customers without any …
Katherine Archuleta

Read the damning dossier on the security stupidity that let China ransack OPM's systems

The congressional investigation into the hacking of the US Office of Personnel Management has shown how a cascade of stupidity that allowed not one but two hackers access to critical government secrets. The 227-page report [PDF] details how two hacking teams, both thought to be state-sponsored groups from China, managed to …
Iain Thomson, 08 Sep 2016
Nerd fail photo via Shutterstock

Census fail to get Oz Senate probe; NDIS fix promised this year

Australia's Senate has voted to establish a committee to look into the Australian Bureau of Statistics' August Census IT collapse. The news comes as the government promises to fix another slow-motion train wreck by the end of 2016 – the online portal for the country's National Disability Insurance Scheme (NDIS). The Senate …

OneLogin breached, hacker finds cleartext credential notepads

Password attic OneLogin has been breached, and it's bad, because the service that suffered the breach is one often used by people to store credentials like admin password and software keys. The online credential manager says its Secure Notes facility was breached, allowing the intruder to read in cleartext notes edited between …
Darren Pauli, 31 Aug 2016
Password

Windows passwords leak tip

Microsoft has published some guidelines for firewalling off traffic that could leak username and password information from corporate networks. As we reminded everyone last month, it is possible to trick Internet Explorer, Edge, Outlook and other Redmond software into coughing up your Windows computer's login name and an NTLM …
Iain Thomson, 30 Aug 2016

VMware fixes 'split brain' caused by 'stubbed toe' of botched NSX update

VMworld VMware CEO Pat Gelsinger has characterised the decision to pull a version of NSX as “a stubbed toe” while defending VMware's engineering culture. VMware releases updates to many of its products about once every four months, mixing bug fixes and small feature upgrades. NSX 6.2.3 was just such a release but it quickly proved to …
Simon Sharwood, 30 Aug 2016

A quarter of banks' data breaches are down to lost phones and laptops

One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study. Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking. More than 60 financial sector organisations …
John Leyden, 25 Aug 2016
Edward Snowden at Think. Image Darren Pauli / The Register

Snowden says Russia ‘probably responsible’ for NSA hack

NSA whistleblower Edward Snowden reckons Russia is the most likely suspect behind the leak of advanced hacking tools allegedly stolen from an elite NSA hacking unit. He postulates a complex motive for the leak involving gaining diplomatic leverage that wouldn’t look out of place in a modern retelling of a John le Carré novel. …
John Leyden, 18 Aug 2016