Doug Vitale Tech Blog

July-August 2013 News Archive


Not fast or broad: The US Internet in 2013

ZDNet, 27 Aug 2013 – The good news is that more Americans than ever have broadband. The bad news is that it’s still not that fast and, according to Pew, 30 percent don’t have any landline broadband access. [More]

Password breaker successfully tackles 55 character sequences

ZDNet, 27 Aug 2013 – Password breaker ocl-Hashcat-plus has received a series of improvements which allow it to accommodate passwords of up to 55 characters. The new version is able to conduct eight billion guesses per second on a high number of hashes. [More]

Databases—Vulnerabilities, Costs of Data Breaches and Countermeasures

InfoSec Institute, 26 Aug 2013 – According to the latest security reports released by principal security firms, hackers consider database vulnerabilities as principal flaws to exploit in order to bypass defense of targets. [More]

Millions of Android users vulnerable to security threats, say feds

ZDnet, 26 Aug 2013 – Android remains the world’s most widely used operating system, based on market and usage share statistics, used by hundreds of millions of customers worldwide. But, according to a new document obtained by Public Intelligence, the DHS and FBI are increasingly aware of the threats its law enforcement users and officials face at a federal, state, and local level in using older versions of the mobile platform. [More]

Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched

Dark Reading, 23 Aug 2013 – One in five IT professionals say they either have not fully patched their organizations’ endpoint operating systems — or they aren’t sure whether the machines are up-to-date. [More]

Measuring the Practical Impact of DNSSEC Deployment

Internet Society Deploy360, 21 Aug 2013 – A paper written by several researchers from the University of California along with security researcher Eric Rescorla aims to explore the costs vs. benefits of deploying DNSSEC. [More]

The Legalities of Changing Your IP Address

Ars Technica, 19 Aug 2013 – Changing your IP address or using proxy servers to access public websites you’ve been forbidden to visit is a violation of the Computer Fraud and Abuse Act (CFAA), a judge ruled Friday in a case involving Craigslist and 3taps. [More]

Microsoft warns Windows XP users at perpetual risk of ‘zero day’ attacks

ZDnet, 16 Aug 2013 – As Microsoft execs have been cautioning for more than a year, after April 8, 2014, users running Windows XP SP 3 — the last service pack delivered for the 11-year-old operating system — won’t get any more updates. That includes both security and “non-security” hot fixes, free or paid support options and online technical content updates. [More]

Brazil intends to rebuild its Internet infrastructure in move against US spying

Foreign Policy, 16 Aug 2013 – Is the only way to escape the prying eyes of the National Security Agency to rebuild the Internet? That appears to be the question on the minds of politicians in Brazil, where plans have been announced to build from scratch key parts of the country’s web infrastructure that the country’s leaders fear have been deeply infiltrated by the NSA. [More]

Keyloggers: How They Work and More

InfoSec Institute, 15 Aug 2013 – According to Webroot’s SpyAudit, 15% of all corporate machines that were tested had a functioning keylogger installed. British security company Sophos asserted that the number of keyloggers has tripled in the period of 12 months. [More]

Review: Free DD-WRT network router firmware

Tech Republic, 15 Aug 2013 – Most network routers have fairly basic firmware that limits the hardware’s full potential. You can change that with DD-WRT. [More]

How important is password complexity vs. brute force?

Redmond Mag, 14 Aug 2013 – I created a simple .zip file and I asked my wife to password protect it. I wanted her to use a password that realistically represented one that might be used in a corporate environment today. Once she password protected the file, I set out trying to crack the password. First I tried a dictionary-based crack, and when that didn’t work, I resorted to brute force. [More]

10 cabling tips to keep your data center manageable

Tech Republic, 14 Aug 2013 – Your data center is the heart that pumps the lifeblood of your business. When it has problems, so does your business. And although most people don’t realize it, improper cabling can be one of those issues. [More]

IPv6 Adoption On The Rise

Network Computing, 14 Aug 2013 – Based on graphs from the RIPE, around 17% of the Internet is advertising IPv6 prefixes to the global routing table. Almost 70% of the IPv4 address space is being announced by networks that also announce IPv6. [More]

IT Security Industry To Expand Tenfold

Forbes, 14 Aug 2013 – Spending on IT security is poised to grow tenfold in ten years. Every organization from the largest oil and gas refiner, to the smallest bank has underspent on security. [More]

Fact sheet: Microsoft Windows 8.1

Tech Republic, 9 August 2013 – Microsoft is preparing to update Windows to version 8.1 and is offering us the chance to preview the changes before it is officially released. This fact sheet will be continually updated with the latest details as we learn more about Windows 8.1 Preview. [More]

Four IPv6 Security Fallacies

Network Computing, 9 August 2013 – It’s been a little more than a year since ISPs and Web companies organized World IPv6 Launch Day. The amount of IPv6 traffic on Akamai content delivery platform has increased 250%, to about 10 billion requests per day. At the same time, certain misconceptions about the communication protocol continue to live on and impact its implementation and the security of enterprise networks. [More]

Android antivirus products compared

ZDnet, 9 August 2013 – Independent test lab AV-Test compared 30 Android antivirus products. Seven of the products detected 100% of the samples. Sixteen more detected 98% or better. [More]

Freedom Hosting and ‘torsploit’: Troubles on the Onion router

Tech Republic, 8 August 2013 – The arrest of the Freedom Hosting CEO has set in motion a crisis for TOR and unleashed a java exploit designed to expose Freedom Hosting users. [More]

10 things you shouldn’t virtualize

Tech Republic, 8 August 2013 – Virtualization delivers a host of benefits — but that doesn’t mean that everything is a good fit for a virtual environment. [More]

Stop using Windows, Tor Project advises

We Live Security, 7 August 2013 – The Tor Project has advised users of the anonymous browser to stop using Windows, in the wake of a malware attack which exploited a Firefox vulnerability in the Tor Browser Bundle. It also warned users that it is “reasonable to conclude” that the unknown attacker has a list of vulnerable Tor users. [More]

Corporate espionage or fear mongering? The facts about hardware-level backdoors

Tech Republic, 7 August 2013 – Over the last few years, accusations of unlawful spying have been made against some of China’s largest technology firms. Accordingly, various government agencies in the United States, Canada, Australia, the United Kingdom, India, and New Zealand have banned the use of equipment made by various Chinese manufacturers under fears that hardware-level backdoors could exist in these products. [More]

Android app malware rates jump 40 percent

ZDnet, 7 August 2013 – Mobile malware in the Android ecosystem has grown by over 40 percent in the past few months, according to a new report issued by Trend Micro which says that high-risk, malicious app rates on the Google Android operating system rose to 718,000 at the end of the second quarter in comparison to 509,000 in the first quarter of this year. [More]
Single Android flaw can be used to target entire enterprise

White House considers incentives for cybersecurity

CSO, 7 August 2013 – The White House is considering incentives, including cybersecurity insurance, grants, and liability limits, in order to get organizations in the private sector onboard with investing in cybersecurity. The cybersecurity framework is part of a larger program, aimed at critical infrastructure, stems from a cybersecurity initiative launched by the Obama Administration in 2009, and continues the plans outlined in an Executive Order issued earlier this year. [More]
Cybersecurity incentive proposals from White House underwhelm

Almost Half of TOR sites compromised by FBI

E Hacking News, 5 August 2013 – I have a fair idea on how the FBI did the “impossible”, tracing a person who is using TOR. And they further might have found details on all the people visiting sites hosted by Freedom Hosting. [More]
Further reference:
Tor anonymity: how it works and how to use it

Black Hat USA 2013 Uncovers a Bevy of Exploits

IEEE Spectrum, 4 August 2013 – The top story was the appearance of Gen. Keith Alexander, director of the National Security Agency and chief of U.S. Cyber Command. Alexander was booked to deliver the gathering’s opening keynote address well before Edward Snowden’s revelation’s about the NSA’s PRISM program for collecting phone call metadata. So there was much speculation about whether Alexander would show up, whether he should, and what type of reception he would receive. [More]

Attackers are in the network, now what?

Computer Weekly, 2 August 2013 – A growing number of security experts say the traditional model of a secure network perimeter is no longer meaningful and that companies should assume outsiders are already on the corporate network. But what does this mean in terms of a defense strategy? How can organizations defend against malicious insiders and outsiders who have wormed their way inside the corporate network? [More]
Further reference:
Keep spoofed packets and DDoS attacks out of your network by listing bogon IP addresses in access control lists

ARIN enters Phase 3 of the IPv4 Countdown Plan

ARIN, 1 August 2013 – ARIN now has two /8s of available space in its inventory and has moved into Phase Three of its IPv4 Countdown Plan. This phase was designated to allow for process refinements identified during Phase Two. [More]
Further reference:
Important tech organizations IT pros should know
IPv6 Internet evolution

XKeyscore: NSA tool collects ‘nearly everything a user does on the Internet’

The Guardian, 31 July 2013 – A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. [More]

Alcatel-Lucent demonstrates fiber-like data-transfer speeds over telephone wiring

The Guardian, 30 July 2013 -New technology can blast gigabit-per-second data speeds across age-old twisted-pair copper telephone cables – at least at distances from a telephone pole to a house, says Alcatel-Lucent. [More]

Iran a cyber threat to US, says think tank

Atlantic Council, 29 July 2013 – The Atlantic Council evaluates Iran’s cyber warfare capabilities and the United States’ vulnerability to cyber attacks within the context of already tense relations between the two nations. [More]

OSI: The Internet That Wasn’t

IEEE Spectrum, 29 July 2013 – If everything had gone according to plan, the Internet as we know it would never have sprung up. That plan, devised 35 years ago, instead would have created a comprehensive set of standards for computer networks called Open Systems Interconnection, or OSI. [More]

Spy agencies ban Lenovo PCs on security concerns

Financial Review, 27 July 2013 – Computers manufactured by the world’s biggest personal computer maker, Lenovo, have been banned from the “secret” and ‘‘top secret” ­networks of the intelligence and defence services of Australia, the US, Britain, Canada, and New Zealand, because of concerns they are vulnerable to being hacked. [More]

Worst IT fail ever? US agency spends millions in useless security

TechRepublic, 26 July 2013 – A branch of the U.S. Commerce Department recently trashed perfectly good computers and wasted millions on a bogus malware infection. How did this happen? [More]

Exploiting SOHO Router Services

Independent Security Evaluators, 26 July 2013 – We found that of the 10 routers reviewed, all 10 could be compromised from the (wireless) LAN once a router had USB attached storage connected. Our research indicates that a moderately skilled adversary with LAN or WLAN access can exploit all ten routers through their non-essential features and services. [More]

NIST cybersecurity framework rolls on amid murmurs of regulation

We Live Security, 16 July 2013 – NIST workshops are being held to meet the requirements of the Executive Order titled “Improving Critical Infrastructure Cybersecurity” in which the President directed NIST to “work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure.” [More]

The future of Linux: Evolving everywhere

Info World, 15 July 2013 – Cemented as a cornerstone of IT, the open source OS presses on in the face of challenges to its ethos and technical prowess. But where from here? If Linux acceptance and development are peaking, where does Linux go from up? [More]

Disruptive IT Forces that Are Changing Business

SOAWorld, 13 July 2013 – Today four converging IT trends are changing the IT paradigm and will forever change the way businesses communicate, collaborate, store and manage information. Each on its own would have significant impact without the others. However, combined together, they are a disruptive force. [More]

Why We Can No Longer Trust Microsoft

PC Mag, 12 July 2013 – If the NSA is spying on Microsoft products, why would anyone want to use them? Microsoft, despite denials, appears to be in bed with the NSA. [More]

New Gaping Security Holes Found Exposing Servers

We Live Security, 2 July 2013 – A widely deployed protocol and controller used in servers and workstations both contain serious vulnerabilities that, in effect, give attackers near-physical access to the machines, a pair of renowned researchers said today. HD Moore, chief research officer at Rapid7 and creator of Metasploit, and security researcher Dan Farmer announced findings of their research on major flaws in the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMC) packaged with most servers for remote management purposes. [More]

Ten Steps to Planning an Effective Cyber-Incident Response

Harvard Business Review, 1 July 2013 – With cyber criminals successfully targeting organizations of all sizes across all industry sectors, organizations need to be prepared to respond to the inevitable data breach. [More]

Written by Doug Vitale

September 17, 2013 at 11:47 AM

%d bloggers like this: