Articles about Firewall

Microsoft goes all Tiananmen Square on its Chinese AI assistant

Microsoft has confirmed that it censors its Chinese language digital assistant. Last week, China Digital Times reported how the Xiaoice chatbot was avoiding certain topics that are known to be sensitive to the Chinese government, including the 1989 Tiananmen Square massacre, nicknames for president Xi Jinping, and even Donald …
Kieren McCarthy, 28 Nov 2016

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking

Eir, Ireland's largest ISP, has tens of thousands of customers with insecure ADSL2+ modems that appear to be vulnerable to remote takeover. Earlier this month, a security researcher writing under the name "kenzo" has posted a proof-of-concept exploit that demonstrates how an attacker might take control of an Eir D1000 modem. …
Thomas Claburn, 22 Nov 2016
zombie_648

Surveillance camera compromised in 98 seconds

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network. According to Graham's series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Mirai …
Thomas Claburn, 18 Nov 2016
Image by LuckyN http://www.shutterstock.com/gallery-1795121p1.html

$10m of Bangladeshi SWIFT heist ended up in Filipino Casino

At least some of the US$81 million lifted from Bangladeshi banks in recent hacks on the Society for Worldwide Interbank Telecommunication (SWIFT) inter-bank transfer network has been tracked down to a casino in the Philippines. The February heist relied on malware dropped on a SWIFT terminal used by Bangladesh's central bank. …

Cisco emits new branch box

Switchzilla has expanded its range of SME edge boxes, adding the all-in-one ISR 4221 to its flagship range of branch networking systems. Offering throughput between 35 Mbps and 75 Mbps on two WAN ports, the box pushes software-defined WAN (SD WAN) into the branch office, with an APIC Enterprise Module (APIC-EM) controller, …
London financial centre gherkin etc. photo by shutterstock

Losses and sales up, shares down at Sophos

Losses at London Stock Exchange-listed Sophos have gone up despite increasing sales. For the six months up to 30 September, revenues were $256.9m (£207.4m) compared to $234.2m in the same period a year ago. Losses, however, widened from $13.4m to $24.6m on rising R&D costs and more recurring business. Unified Threat …
John Leyden, 09 Nov 2016
Ice, image via Shutterstock

Finns chilling as DDoS knocks out building control system

Residents in two apartment buildings in the Finnish town of Lappeenranta had a chill-out lasting more than a week after a DDoS attack battered unprotected building management systems. The apartments are managed by a company called Valtia. The attack blocked the building management systems' Internet connections, according to …

Anti-ultrasound tech aims to foil the dog-whistle marketeers

Black Hat EU Marketeers are coming up with ways to invade our privacy in the interests of serving us ads in a way that goes far beyond the dire predictions of films such as Minority Report. Security researchers are already thinking about countermeasures. Cross-device tracking (XDT) technologies allow marketeers to track the user's visited …
John Leyden, 04 Nov 2016
child

Leaks password, check. Leaks Wi-Fi password, check. Can be spoofed, check. Ding! We have an Internet of S**t winner

Updated Here we have yet another example of an internet-facing home security camera with chocolate-padlock-grade security. The surveillance cam, examined by security firm Bitdefender, comes with motion and sound detectors, two-way audio, built-in lullabies to send children to sleep, temperature and humidity sensors and a microSD/SDHC …
Iain Thomson, 03 Nov 2016
He 'ain't heavy, Miller TV ad

He ain't heavy: OpenStack 16 cloud bros share LAMP interoperability load

Openstack Summit OpenStackers have sought to alleviate concerns that applications on rival clouds are locked in and not portable. Sixteen companies have demonstrated a model LAMP enterprise application running uniformly and without a hitch across OpenStack distributions and public clouds. It was deployed using Ansible and Shade with a second …
Gavin Clarke, 26 Oct 2016
Traditional lattice pylons in the UK countryside

Existing security standards are fine for IoT gizmos in electrical grids

IoT World Congress Putting Internet of Things sensors into electricity distribution grids works just fine - and security is catered for by existing broad standards, Luc Hossenlopp, CTO of Schneider Electric’s energy division, told the Internet of Things World Congress today. Addressing a packed auditorium at the Fira de Barcelona conference …
Gareth Corfield, 25 Oct 2016
Venomous snake

Cisco patches NetBIOS vuln

It's 2016, and Cisco's ASA software can be owned by a malicious NetBIOS packet. A remote attacker can watch for the NetBIOS probes sent out by ASA's identity firewall feature, send back a crafted packet in response, and either crash the system or execute arbitrary code. Appliances in the ASA 5500 series are affected, along …

Donald Trump running insecure email servers

US presidential candidate Donald Trump’s criticism of rival Hillary Clinton's use of a private email server while Secretary of State appeared to have rebounded on him. Security researcher Kevin Beaumont discovered the Trump organisation uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization' …
John Leyden, 19 Oct 2016

The answer to Internet of Things madness? Open source, of course!

"Open is always going to win," states Ed Hemphill, CEO of WigWag, a company that hopes to make sense of the ever-expanding and ever-more-complex Internet of Things market. WigWag is named after the traditional flags used by the US military's Signal Corps to communicate messages. Hemphill and his cofounder Travis McCollum both …
Kieren McCarthy, 17 Oct 2016
DDOS

Sweet, vulnerable IoT devices compromised 6 min after going online

The unpatched Windows XP problem that spawned the Blaster and Sasser worm a decade ago is being replicated on a different platform by hackers exploiting IoT devices to launch denial of service attacks. Two Internet of Things-powered packet floods took down the websites of cybersecurity journalist Brian Krebs and French hosting …
John Leyden, 17 Oct 2016
Qualcomm's AllJoyn underpins the range of connectedness that the AllSeen Alliance taps into

Decade-old SSH vuln exploited by IoT botnet armies to hose servers

Hackers are exploiting a 12-year-old vulnerability in OpenSSH to funnel malicious network traffic through Internet of Things (IoT) gizmos, Akamai warns. The SSHowDowN Proxy attack [PDF] exploits a lingering weakness in many default configurations of internet-connected embedded devices. Compromised gadgets are being abused to …
John Leyden, 13 Oct 2016
Grain silos by Scott Davis

Data-updater CTERA gets IBM reselling approval stamp

IBM is becoming a CTERA reseller to ship enterprise file services integrated with its SoftLayer, Cleversafe-based, object storage, and fully support it. CTERA provides a cloud storage gateway for file sync and share, and data protection, plus a NAS appliance. It has just gained $25m in a funding round; no doubt the VCs were …
Chris Mellor, 13 Oct 2016
Windows Server 2016, now with Windows 10 desktop

First look at Windows Server 2016: 'Cloud for the masses'? We'll be the judge of that

Review Microsoft has released Windows Server 2016, complete with container support and a brand new Nano Server edition. What is the essence of Windows Server 2016? First, a quick look at the context. Server 2016 follows the same pattern as previous releases, in that it follows a new release of the Windows desktop operating system, in …
Tim Anderson, 12 Oct 2016

Security bod to MSFT: PowerShell's admin-lite scheme is an open door

Updated Microsoft's PowerShell feature “Just Enough Administration” (JEA) is, apparently, “way too much administration” according to researcher Matt Weeks. In this write-up of JEA, root9B and Metasploit module developer Weeks says JEA profiles aren't much of a barrier, since people with JEA profiles can escalate themselves to sysadmin …
Microsoft monopoly

Windows updates? Just trust us, says Microsoft executive

Interview At Microsoft's recent Ignite event in Atlanta, The Reg sat down with Brad Anderson, Corporate Vice President of Enterprise Client and Mobility. Brad Anderson is a Microsoft veteran who oversees how Windows and mobile devices are managed in business. A decade ago it was simple: firewall-protected network, Windows PCs, and …
Tim Anderson, 07 Oct 2016

AWS CloudFront goes IPv6

Amazon Web Services's CloudFront content distribution network is now IPv6-enabled. The cloudy concern says it's also flicked the switch to support IPv6 for its S3 Transfer Acceleration and Web Application Firewall services. Existing IPv4 connections will keep working and AWS urges users to test IPv6 before using it in …
Simon Sharwood, 07 Oct 2016

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016

What's not to love about IoT – you can spy on customers as they arrive

IPExpo Siloed databases will be the downfall of your Internet of Things venture, warned Avaya’s chief technologist Jean Turgeon on stage at IPExpo Europe today. Turgeon’s talk, titled IoT: Forget the hype, this is reality, didn’t really live up to the promise of its name, though he did make a few good points in amongst the subtle …
Gareth Corfield, 05 Oct 2016

BlackBerry: You can't just roll up and make one

Interview BlackBerry says it won’t license its brand and security hardened Android “to any Tom Dick and Harry” as it tries to maintain the value of its brand. The BlackBerry senior VP for sales for its Mobility division Alex Thurber - stopping to talk to El Reg as he sailed through London on his honeymoon - also told us BlackBerry had …
Andrew Orlowski, 05 Oct 2016

Ever seen a storage startup and thought: 'Pshaw. I could do that?'

Part One You read The Register about people getting ahead with the most ridiculous startup ideas and ask: "Why that can't be you?" How is the game played? Well, let's design a storage startup from scratch and find out. I'm picking storage as the market for my hypothetical startup in part because I have worked closely with a number of …
Trevor Pott, 29 Sep 2016
Man sloppily eats a hamburger... chips and pickle fall out. Photo by Shutterstock

WAN, bam, thank you... oh @£$%. We've gone dead. Drop the burger. RUUUUUN!

This Damn War This Damn War image via Shutterstock Big, global WAN roll-outs have their hazards. Size is one of them, but you can deal with this with effective project planning and management. Complexity is another, but combining design and a team of highly effective and competent engineers can address that one too. And of course there …
Dave Cartwright, 28 Sep 2016

Startup iguazio launches NVMe-propelled missile at enterprise analytics

iguazio’s Data-as-a-Service Enterprise Data Cloud converges different storage access protocols and use cases behind an access abstraction layer and claims to out-perform Amazon and all-flash filers at lower costs. The startup’s pitch is that Big Data analytics data, input, extraction, loading and storing is grossly complex and …
Chris Mellor, 27 Sep 2016

Avaya explains its 'hyper-segmentation' approach to security

Interview It's way too easy to get past a firewall, map out an enterprise's network, and start tapping IP addresses looking for vulnerable machines – so why are we using Layer 3 addressing as the basis of the enterprise network? Avaya's new software-defined-networking-based architecture proposes to stop TCP/IP-based attack traffic at …
Larry Ellison photo by drserg via Shutterstock

Oracle's cloud strategy is simple – woo and win the latecomers

OpenWorld Throughout this year's Oracle OpenWorld conference, the company's message has been fairly simple – the database firm is moving to cloud but can offer buyers either on-prem kit, full public cloud, or anything in-between. It's a tempting pitch for those who are somewhat nervous about diving into the cloud with their systems, and …
Iain Thomson, 22 Sep 2016

The perimeterless, ever-shifting enterprise: What would a real, red-blooded IT team do?

If you work in a manufacturing, plant measuring productivity is simple: you measure the number of widgets produced in a given time frame. A person in this environment must not be the one holding up the production line. Nothing more, nothing less. But what does productivity mean for less tangible "knowledge work" occupations such …
Trevor Pott, 19 Sep 2016

Trump website server config snafu left interns' CVs exposed

Misconfiguration of Donald Trump's campaign website left the personal information of interns – and perhaps more – accessible to casual snooping. Staffers of the real estate mogul-turned-US presidential candidate “bungled the settings on their Amazon S3 server”, according to MacKeeper security researcher Chris Vickery, the …
John Leyden, 15 Sep 2016

Great British Block-Off: GCHQ floats plan to share its DNS filters

Officials with GCHQ are said to be mulling a plan that would extend the UK government's network security tools to private-sector ISPs. GCHQ director general for cyber security Ciaran Martin has been in Washington, DC, pitching the plan to arm the ISPs with firewall updates aimed at blocking off known bad actors. The project, …
Shaun Nichols, 14 Sep 2016
Fibre, image via Shutterstock

BT needs to ditch its legacy to be competitive, says chief architect

Interview In a world of new “agile” network players offering over-the-top services, BT is something of a dinosaur, having been privatised as far back as 1984 after previously running as a state monopoly. Certainly in terms of its systems, the business is weighed down by legacy in a way that newer network providers are unencumbered from …
Kat Hall, 08 Sep 2016
Bare knuckle fight, photo via Shutterstock

Hitsniffer customers hit by outage over former colleagues' ownership spat

Customers of analytics business Hitsniffer have been left in the lurch following its collapse after arguments over ownership of the service. Peter Laird, who runs the financial side of Hitsniffer, and Armin Nikdel Kourkah, its programmer, are engaged in a dispute over Hitsniffer's holding rights, leaving customers without any …
Katherine Archuleta

Read the damning dossier on the security stupidity that let China ransack OPM's systems

The congressional investigation into the hacking of the US Office of Personnel Management has shown how a cascade of stupidity that allowed not one but two hackers access to critical government secrets. The 227-page report [PDF] details how two hacking teams, both thought to be state-sponsored groups from China, managed to …
Iain Thomson, 08 Sep 2016
Nerd fail photo via Shutterstock

Census fail to get Oz Senate probe; NDIS fix promised this year

Australia's Senate has voted to establish a committee to look into the Australian Bureau of Statistics' August Census IT collapse. The news comes as the government promises to fix another slow-motion train wreck by the end of 2016 – the online portal for the country's National Disability Insurance Scheme (NDIS). The Senate …

OneLogin breached, hacker finds cleartext credential notepads

Password attic OneLogin has been breached, and it's bad, because the service that suffered the breach is one often used by people to store credentials like admin password and software keys. The online credential manager says its Secure Notes facility was breached, allowing the intruder to read in cleartext notes edited between …
Darren Pauli, 31 Aug 2016
Password

Windows passwords leak tip

Microsoft has published some guidelines for firewalling off traffic that could leak username and password information from corporate networks. As we reminded everyone last month, it is possible to trick Internet Explorer, Edge, Outlook and other Redmond software into coughing up your Windows computer's login name and an NTLM …
Iain Thomson, 30 Aug 2016

VMware fixes 'split brain' caused by 'stubbed toe' of botched NSX update

VMworld VMware CEO Pat Gelsinger has characterised the decision to pull a version of NSX as “a stubbed toe” while defending VMware's engineering culture. VMware releases updates to many of its products about once every four months, mixing bug fixes and small feature upgrades. NSX 6.2.3 was just such a release but it quickly proved to …
Simon Sharwood, 30 Aug 2016

A quarter of banks' data breaches are down to lost phones and laptops

One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study. Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking. More than 60 financial sector organisations …
John Leyden, 25 Aug 2016
Edward Snowden at Think. Image Darren Pauli / The Register

Snowden says Russia ‘probably responsible’ for NSA hack

NSA whistleblower Edward Snowden reckons Russia is the most likely suspect behind the leak of advanced hacking tools allegedly stolen from an elite NSA hacking unit. He postulates a complex motive for the leak involving gaining diplomatic leverage that wouldn’t look out of place in a modern retelling of a John le Carré novel. …
John Leyden, 18 Aug 2016
Smilin' Marv

Cisco confirms two of the Shadow Brokers' 'NSA' vulns are real

It's looking increasingly likely that the hacking tools put up for auction by the Shadow Brokers group are real – after Cisco confirmed two exploits in the leaked archive are legit. The two exploits, listed in the archive directory as EPICBANANA and EXTRABACON, can be used to achieve remote code execution on Cisco firewall …
Iain Thomson, 17 Aug 2016

FalseCONNECT sends vendors scrambling to patch proxy MITM bug

For the many people that dislike corporate proxies, this probably won't be much of a surprise: a bunch of environments are vulnerable to man-in-the-middle attacks. “FalseCONNECT” is a combination of protocol bug and implementation error – which means it affects end users via operating systems, as well as network devices. The …
Virtual servers

Reds are infiltrating VMs, says new x86 virt Supernatural Square

Gartner's annual Magic Quadrant for x86 Server Virtualization Infrastructure has escaped into the wild, with a suggestion the Reds are taking over. One Red, Red Hat, has moved from the “niche players” category of the quadrant into the visionaries square, on the strength of “a strong tie between KVM adoption and OpenStack, as …
Simon Sharwood, 12 Aug 2016
People fight in cartoon cloud. photo by Shutterstock

Hybrid cloud: Deciding the right mix for your workloads

Blog Anyone who's read much of what I write for The Reg will know that I'm a believer in hybrid cloud – using the cloud for some elements of your world whilst retaining components on-premises too. But precisely which elements? We'll look at how you might decide what belongs where: on-premises, in the private cloud, or in the public …
Dave Cartwright, 09 Aug 2016
fail

VMware pulls buggy NSX release from distribution

There's egg on face down VMware way: the buggy release of NSX we reported reported two weeks ago turns out to be so messy VMware's decided to erase it from history. Virtzilla on Monday (US time) issued a Field Advisory in which it announced “NSX for vSphere 6.2.3 release has been pulled from distribution.” If you're in the …
Simon Sharwood, 09 Aug 2016

AdBlock Plus blocked in China: 159m forbidden from stripping adverts

The makers of the AdBlock Plus (ABP) say their ad-blocking browser plugin has been effectively outlawed in China by the Chinese government. ABP communications boss Ben Williams said in a blog post that the ban was part of a larger effort by the state to crack down on technology tampering with ads. In the process, Williams …
Shaun Nichols, 05 Aug 2016

Snitches get stitches: Little Snitch bugs were a blessing for malware

DEF CON A vulnerability in popular OS X security tool Little Snitch potentially granted malicious applications extra powers, undermining the protection offered by the software. Little Snitch reports in real-time the network traffic entering and leaving your Apple computer, and can block unauthorized connections. It is a handy …
John Leyden, 03 Aug 2016
HTTP/2 flow diagram

Two first-gen flaws carried over to HTTP/2, warn security bods

Black Hat Security researchers have unearthed four high-profile vulnerabilities in HTTP/2, a new version of the protocol. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure, according to a study by researchers at data centre security vendor Imperva and released at the …
John Leyden, 03 Aug 2016
Microsoft's HoloLens Augmented Reality headset

Microsoft debuts VR management suite as it expands HoloLens sales

Microsoft has started selling its HoloLens virtual reality headsets to all of its business customers and developer partners in the United States of America and Canada. Redmond's still not offering the finished product – only a “Development Edition” is on sale for now. But at least the hardware is now being offered to anyone …
Simon Sharwood, 03 Aug 2016