Archive for the ‘business’ Category

Immediately Patch Microsoft 0 day vulnerabilities being used to spread SPYWARE!

Thursday, September 14th, 2017

 

Windows 0-Day Flaw

Get ready to install a fairly large batch of security patches onto your Windows computers.

As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products.

 The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE).

Affected Microsoft products include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • .NET Framework
  • Skype for Business and Lync
  • Microsoft Exchange Server
  • Microsoft Office, Services and Web Apps
  • Adobe Flash Player

.NET 0-Day Flaw Under Active Attack

According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild.

Here’s the list of publically known flaws and their impact:

Windows .NET Framework RCE (CVE-2017-8759)—A zero-day flaw, discovered by researchers at cybersecurity firm FireEye and privately reported it to Microsoft, resides in the way Microsoft .NET Framework processes untrusted input data.

Microsoft says the flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email.

The flaw could even allow an attacker to create new accounts with full user rights. Therefore users with fewer user rights on the system are less impacted than users who operate with admin rights.

According to FireEye, this zero-day flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year.

FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies.

Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.

“The [new variant of FINSPY]…leverages heavily obfuscated code that employs a built-in virtual machine – among other anti-analysis techniques – to make reversing more difficult,” researchers at FireEye said.

“As likely another unique anti-analysis technique, it parses its own full path and searches for the string representation of its own MD5 hash. Many resources, such as analysis tools and sandboxes, rename files/samples to their MD5 hash in order to ensure unique filenames.”

Three Publicly Disclosed Vulnerabilities

The remaining three publicly known vulnerabilities affecting the Windows 10 platform include:

  • Device Guard Security Feature Bypass Vulnerability (CVE-2017-8746): This flaw could allow an attacker to inject malicious code into a Windows PowerShell session by bypassing the Device Guard Code Integrity policy.
  • Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8723): This flaw resides in Edge where the Content Security Policy (CSP) fails to properly validate certain specially crafted documents, allowing attackers to trick users into visiting a website hosting malware.
  • Broadcom BCM43xx Remote Code Execution Vulnerability (CVE-2017-9417): this flaw exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change, or delete data, even create new accounts with full admin rights.

BlueBorne Attack: Another Reason to Install Patches Immediately

Also, the recently disclosed Bluetooth vulnerabilities known as “BlueBorne” (that affected more than 5 Million Bluetooth-enabled devices, including Windows, was silently patched by Microsoft in July, but details of this flaw have only been released now.

BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.

So, users have another important reason to apply September security patches as soon as possible in order to keep hackers and cyber criminals away from taking control over their computers.

Other flaws patched this month include five information disclosure and one denial of service flaws in Windows Hyper-V, two cross-site scripting (XSS) flaws in SharePoint, as well as four memory corruption and two remote code execution vulnerabilities in MS Office.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Source:
Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears

Tuesday, September 5th, 2017
pacemakers-hacking

Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking.

The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient’s heartbeat, potentially putting half a million patients lives at risk.

A pacemaker is a small electrical battery-operated device that’s surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular heartbeats and patients recovering from heart failure—and were manufactured before August 28th.

In May, researchers from security firm White Scope also analysed seven pacemaker products from four different vendors and discovered that pacemaker programmers could intercept the device using “commercially available” equipment that cost between $15 to $3,000.

“Many medical devices—including St. Jude Medical’s implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a security advisory.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

To protect against these critical vulnerabilities, the pacemakers must be given a firmware update. The good news is that those affected by the recall do not require to have their pacemakers removed and replaced.

Instead, patients with these implanted, vulnerable device must visit their healthcare provider to receive a firmware update—something that would take just 3 minutes or so to complete—that can fix the vulnerabilities.

In the U.S., the pacemaker devices to which the firmware update applies include Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF.

Outside of the U.S., the pacemaker devices to which this update applies include Accent SR RF, Accent ST, Accent MRI, Accent ST MRI, Assurity, Assurity +, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, Quadra Allure MP RF, Quadra Allure, and Quadra Allure MP.

As a result of the firmware update, any external device trying to communicate with the pacemaker will require authorization.

Moreover, the software update also introduces data encryption, operating system fixes, the ability to disable network connectivity features, according to Abbott’s press release published on Tuesday, August 29.

Any pacemaker device manufactured beginning August 28, 2017, will have the firmware update pre-installed and will not need the update.

The FDA recall of devices does not apply to implantable cardiac defibrillators (ICDs) and cardiac resynchronization ICDs.

Abbott is working with the FDA, the U.S. Department of Homeland Security (DHS), global regulators, and leading independent security experts, in efforts to “strengthen protections against unauthorized access to its devices.”

Although there are no reports of compromised pacemakers yet, the threat is enough to potentially harm heart patients with an implanted pacemaker that could even put their lives at great risk.

Source:
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

Wednesday, July 26th, 2017

sweden-data-leak

A Massive data breach in the Swedish Transport Agency Accidentally Leaks Personal Details of Nearly All Citizens
Another day, Another data breach!

This time sensitive and personal data of millions of transporters in Sweden, along with the nation’s military secrets, have been exposed, putting every individual’s as well as national security at risk.

Who exposed the sensitive data? The Swedish government itself.

Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military.

The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military’s most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and much more.

The incident is believed to be one of the worst government information security disasters ever.

Here’s what and How it Happened:

In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks.

However, the Swedish Transport Agency uploaded IBM’s entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs.

The transport agency then emailed the entire database in messages to marketers that subscribe to it.

And what’s terrible is that the messages were sent in clear text.

When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.

If you think the scandal ends there, you are wrong. The outsourcing deal gave IBM staff outside Sweden access to the Swedish transport agency’s systems without undergoing proper security clearance checks.

IBM administrators in the Czech Republic were also given full access to all data and logs, according to Swedish newspaper Dagens Nyheter (DN), which analysed the Säpo investigation documents.

According to Pirate Party founder and now head of privacy at VPN provider Private Internet Access Rick Falkvinge, who brought details of this scandal, the incident “exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.”

Tons of Sensitive Info Exposed about Both Individuals and Nation’s Critical Infrastructures

According to Falkvinge, the leak exposed:

  • The weight capacity of all roads as well as bridges (which is crucial for warfare, and gives a lot idea about what roads are intended to be used as wartime airfields).
  • Names, photos, and home addresses of fighter pilots in the Air Force.
  • Names, photos, and home addresses of everybody in a police register, which are believed to be classified.
  • Names, photos, and residential addresses of all operators in the military’s most secret units that are equivalent to the SAS or SEAL teams.
  • Names, photos, and addresses of everybody in a witness relocation program, who has been given protected identity for some reasons.
  • Type, model, weight, and any defects in all government and military vehicles, including their operator, which reveals a much about the structure of military support units.

Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.

Ågren was also fined half a month’s pay (70,000 Swedish krona which equals to $8,500) after finding her guilty of being “careless with secret information,” according to the publication.

What’s the worrying part? The leaked database may not be secured until the fall, said the agency’s new director-general Jonas Bjelfvenstam. The investigation into the scope of the leak is still ongoing.

Swati - Hacking News

Microsoft (SFB/O365) Dropping Support for PBX Connections leaving Legacy Platforms behind

Wednesday, July 26th, 2017

Microsoft recently announced that it will no longer provide session border controller (SBC) support for PBX systems accessing Office 365.

Essentially, the news means that starting July 2018, users of Exchange Online Unified Messaging (UM) will have to use an alternative method of connecting voicemail with Outlook. Microsoft won’t support PBX connections using SBCs for that purpose.

In its announcement, Microsoft suggested that only “a small number of customers are affected by this change” and that it was making it to “provide a higher quality of service for voicemail.” Microsoft also offered four alternative options, though they likely won’t be cheap or simple for affected organizations, said Paul Cunningham, a Microsoft Most Valuable Professional, commenting in a Practical 365 blog post. The move could simplify things for Microsoft, though, he suggested.

“I see this simply as part of Microsoft’s grand strategy to jettison legacy platforms and solutions that are complex and not highly profitable, and focus on services like Cloud PBX that they can deliver more efficiently,” Cunningham added.

Microsoft is discontinuing its SBC support on the Office 365 side so that it won’t have to rely on “a third-party system” that’s difficult to manage, suggested Jeff Guillet, a Microsoft certified solutions master and Microsoft MVP. He explained the technical aspects of Microsoft’s move in this blog post, adding that giving companies just one year to move is “asking a lot,” since the switchover likely will affect large companies.

Some Help for Orgs
Meanwhile, AVST, a Microsoft Gold partner on Skype for Business and Exchange, and a voicemail pioneer, is indicating that it has the means to support organizations faced with Microsoft’s one-year deadline.

The company’s CX-E Unified Communications platform offers a quick solution that can integrate with leading PBX systems, such as systems from Avaya, Cisco, Microsoft and others. The platform permits organizations to continue to use Outlook forms to link voicemail with e-mail. Because of the potential pain involved in such moves, it’s currently offering discounts via its Value-Added Reseller partners.

How AVST can address the issue was explained by Tom Minifie, AVST’s chief technology officer, as well as Denny Michael, senior vice president of sales and marketing at AVST, in a phone interview last week.

AVST has been addressing the unified communications space for decades.

“The company goes back over 30 years and we were one of the folks that brought voicemail to the marketplace,” Michael said. “We’ve been around for a long time, and we primarily service the enterprise space. We’re very strong in healthcare, state and local government, regulated industries, higher education and other horizontal industries as well.”

Minifie explained that organizations with third-party (or non-Microsoft) PBX systems using Office 365, or thinking about moving to Office 365, will be affected by Microsoft’s change. Most options, of the four listed by Microsoft, will require moving to Skype for Business and scrapping PBX systems. It’ll be “disruptive,” he said.

“Clearly, from Microsoft’s position, they want that alternative to be ‘Get rid of your PBX and use Skype for Business,'” Minifie said. “So, for customers that have already been planning for that, that’s a good option for them. They move to Skype for Business and continue to use the Exchange [Online] UM component. But for customers that aren’t interested in doing that or aren’t ready to do that, then this is pretty disruptive because it’s not something that they’ve planned for already.”

AVST, with its CX-E Unified Communications platform, specializes in the fourth option presented by Microsoft.

“And what that is, it’s really saying is that instead of directly connecting the Exchange [Online] UM environment to the PBX, I’m going to have a different unified messaging solution that performs that same functionality, and that’s how we approach it,” Minifie said. “Because of our history, we evolved the integrations into the various phone systems, so whatever phone system or PBX the customer is using, we’ll be able to integrate into that, but then we also integrate into the Exchange environment so that we can provide unified messaging through Exchange.”

End users also get the same familiar Outlook look and feel with AVST’s platform.

“In our eyes, we’re providing the best of both worlds,” Minifie said. “We’re solving the problem, which is you can no longer connect Exchange [Online] UM into your PBX. So we take care of that PBX connection. But you get to continue to use the familiar Outlook interface that the end users are used to.”

Minifie affirmed that Microsoft was essentially eliminating the SBC on its end. The change was aimed at improving the quality of service of voicemail, according to Microsoft.

The Time Factor
AVST and its partners validate phone systems and architectures. They perform application discovery to address any functionalities that organization may want. The time it takes to deploy will depend on the solution chosen.

“As far as the amount of time, that kind of depends on the solution,” Minifie said. “Ours is quick because you really aren’t changing anything. Your phone system doesn’t change. Your Exchange doesn’t change. We just get put in the middle of it. And so that can be deployed very quickly.”

Other approaches can get delayed.

“With the other solutions, you’re getting into having to order telecom things,” Minifie said. “You need SIP trunking and have to order from the carrier, and there are whatever delays for that to get delivered.”

AVST’s solution can be installed on premises or it’s provided as a hosted software-as-a-service solution via subscription. More information about AVST’s replacement offerings for Exchange Online UM can be found at this page.

By Kurt Mackie

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Source: Microsoft Dropping Support for PBX Connections Using SBCs — Redmond Channel Partner

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Wednesday, July 19th, 2017
internet-of-the-things-hacking

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking.

The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

Dubbed “Devil’s Ivy,” the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices.

The Devil’s Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications.

“When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed,” researchers say.

“Since these cameras are meant to secure something, like a bank lobby, this could lead to collection of sensitive information or prevent a crime from being observed or recorded.”

Axis confirmed the vulnerability that exists in almost all of its 250 camera models (you can find the complete list of affected camera models here) and has quickly released patched firmware updates on July 6th to address the vulnerability, prompting partners and customers to upgrade as soon as possible.

However, researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

Axis immediately informed Genivia, the company that maintains gSOAP, about the vulnerability and Genivia released a patch on June 21, 2017.

The company also reached out to electronics industry consortium ONVIF to ensure all of its members, including Canon, Cisco, and Siemens, those who make use of gSOAP become aware of the issue and can develop patches to fix the security hole.

Internet of Things (IoT) devices has always been the weakest link and, therefore, an easy entry for hackers to get into secured networks. So it is always advisable to keep your Internet-connected devices updated and away from the public Internet.

Source: Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Wednesday, July 19th, 2017
Cisco-WebEx-Remote-Command-Execution

A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer.

Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and collaborate with colleagues around the world.  The extension has roughly 20 million active users.Discovered by Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security, the remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension. To exploit the vulnerability, all an attacker need to do is trick victims into visiting a web page containing specially crafted malicious code through the browser with affected extension installed.  Successful exploitation of this vulnerability could result in the attacker executing arbitrary code with the privileges of the affected browser and gaining control of the affected system.

“I see several problems with the way sanitization works, and have produced a remote code execution exploit to demonstrate them,” Ormandy said. “This extension has over 20M [million] active Chrome users alone, FireFox and other browsers are likely to be affected as well.”Cisco has already patched the vulnerability and released “Cisco WebEx Extension 1.0.12” update for Chrome and Firefox browsers that address this issue, though “there are no workarounds that address this vulnerability.”

“This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows,” Cisco confirmed in an advisory released today.

Download Cisco WebEx Extension 1.0.12

In general, users are always recommended to run all software as a non-privileged user in an effort to diminish the effects of a successful attack.

 Fortunately, Apple’s Safari, Microsoft’s Internet Explorer and Microsoft’s Edge are not affected by this vulnerability.  Cisco WebEx Productivity Tools, Cisco WebEx browser extensions for Mac or Linux, and Cisco WebEx on Microsoft Edge or Internet Explorer are not affected by the vulnerability, the company confirmed.The remote code execution vulnerability in Cisco WebEx extension has been discovered second time in this year.

 

Source: Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

SatPhone Encrypted Calls Can be Cracked in Fractions of a Second

Thursday, July 13th, 2017

Decrypting-Satellite-Phone-Calls

Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”

According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.

The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.

Such attacks could pose a significant threat to satellite phone users’ privacy.

“Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks,” researchers said.

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” researchers concluded.

The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones.”

Story Credit ::
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst.
She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Enron Opens Bandwidth Commodity Trading Service

Tuesday, March 8th, 2016

Cutting the red ribbon for bandwidth commodity trading, high-bandwidth application service company Enron Communications Inc. Friday officially introduced its new approach to bandwidth.”This is ‘Day One’ of a potentially enormous market,” said Jeff Skilling, Enron president and chief operating officer. He compared the present inflexible agreements for pre-set capacity amounts to pre-reform “oil contracts in the 1970s, natural gas contracts prior to 1990 and electric power contracts prior to 1994.”The first contract for Enron’s (ENE) new structure is for DS-3 bandwidth between New York and Los Angeles which transmits video and other high-bandwidth data at 45 megabits per second. Global Crossing (GBLX) is selling the capacity, and has expressed its excitement to be involved in the new system.Skilling said that his company will prove that bandwidth can be traded without losing quality standards, adding that both the buyer and the seller will be monitoring the transactions.

Enron introduced plans for the new bandwidth capacity reservation system in May, promising that bandwidth trading would make Internet applications more efficient and cost-effective, as well as pave the way for development of new applications. Cisco Systems Inc. and other major companies welcomed the concept, which would free them from signing long-term capacity contracts.Enron Communications also announced that the currently operational North American (New York-Los Angeles) Benchmark Segment is expected to be connected to the mid-construction Atlantic (New York – London) Benchmark Segment soon after its introduction in May of next year. Once tapped, the connection will allow international bandwidth trade in the near future.

Global Crossing enters the picture again as the facility owner of the UK bandwidth pooling point.

Enron’s IP broadband infrastructure, the Enron Intelligent Network, is also expected to expand into Europe, Japan, Asia and South America early next year.

Source: Enron Opens Bandwidth Commodity Trading Service – InternetNews.

Mellanox Adds Cumulus Linux Support for Ethernet Switches

Tuesday, March 8th, 2016

SUNNYVALE, Calif. & YOKNEAM, Israel–(BUSINESS WIRE)–Mellanox® Technologies, Ltd. (NASDAQ:MLNX), a leading supplier of high-performance, end-to-end interconnect solutions for data center servers and storage systems, today announced it has added Cumulus® Linux® support for the Spectrum line of 10/25, 40/50, and 100 Gb/s Ethernet switches.

The addition of Cumulus Linux provides customers a best in class Network Operating System (NOS) with the highest performance and most predictable Ethernet switch platform. The availability of third party NOS solutions is the cornerstone of the Open Ethernet initiative and provides customers with freedom of choice. “Mellanox is uniquely positioned to capitalize on a big opportunity as the industry continues to move towards open solutions” Tweet this“The addition of Cumulus Linux means we now give our customers the option to choose the leading Linux NOS on the market,” said Amit Katz, vice president Ethernet switch sales, Mellanox Technologies. “We are confident our Ethernet switch platforms will continue to deliver unmatched predictability, packet performance and the ability to achieve Web-Scale IT efficiencies.”In order to achieve more agile innovation and to avoid vendor lock-in, many of the largest and most advanced web scale businesses have rejected closed, proprietary, black box switches.

Taking a page from these hyperscale data centers, more modestly sized businesses are emulating these architectures and adopting open, disaggregated switches – which separate the choice of hardware and software components. These open networking platforms enable customers to choose best of breed components in order to optimize and automate their data centers to meet their business needs. The fully integrated and tested combination of Spectrum switches and Cumulus Linux is the ideal way to achieve this agility, with an open networking platform that frees enterprises to extend and improve the pace of innovation, efficiency, and automation of their data center infrastructure.Mellanox is helping to accelerate the adoption of open networking and the transformation of businesses to achieve web-scale IT efficiencies.

The partnership between Mellanox and Cumulus Networks is a realization of the Open-Ethernet initiative and furthers both companies’ long-standing commitment to open networking, as demonstrated by their contributions to the Open Compute Project (OCP), Switch Abstraction Interface (SAI), Linux Switchdev, and Open Network Install Environment (ONIE). In addition, Mellanox has made multiple contributions of 10/25, 40/50, & 100 Gb/s Ethernet switch and OCP adapters designs.“Mellanox is uniquely positioned to capitalize on a big opportunity as the industry continues to move towards open solutions,” said JR Rivers, CEO and co-founder, Cumulus Networks. “With Mellanox’s performance-focused value proposition, Open Ethernet initiative, and large base of clients, Cumulus can expand into new markets and help accelerate customers’ move to Web IT. Open is becoming the industry standard at every level in modern infrastructure builds. As ecosystems open up, customers win; all due to selecting the best technology under the best terms.”“At Cloudalize, we offer the GPU Desktop as a Service (GDaaS) Platform to a wide range of partners for the cloud solutions they deliver to their customers, so we demand performance, predictability, and industrial-grade control of our networking equipment,” said Benny Willen, CEO Cloudalize. “Cloudalize’s requirements for high performance networking, that could be provisioned as easily as servers, led us to look at an Open solution in the form of Cumulus Linux running on top of Mellanox’s Ethernet Switches.

With Cumulus Linux, we could leverage many of our server tools to automate our network orchestration and monitoring activities. With Mellanox Ethernet Switches, we get the predictable performance we need, without worrying about packet loss.”Come see how to transform your data center and achieve web-scale IT efficiency with the Cumulus Linux running on the Spectrum switch at the Mellanox booth #B4 at the OCP Summit taking place March 9-10 at the San Jose Convention Center.

Source: Mellanox Adds Cumulus Linux Support for Ethernet Switches | Business Wire

Ting sets Sandpoint, Idaho as its next 1 Gbps broadband target

Tuesday, March 8th, 2016

If Ting sees enough interest in service after completing its “demand assessment” phase, Ting says that network construction will begin later this year.

Google Fiber (NASDAQ: GOOG) and other large telcos like AT&T (NYSE: T) have gained national attention for their 1 Gbps FTTH builds in major cities like Atlanta and Austin, Texas. But Ting said its goal is to bring similar capabilities to areas like Sandpoint where the population is less than 10,000 people.

“While it’s obviously very important to get major metros connected with fast fiber Internet, Ting Internet is proving that the fastest Internet access available isn’t just for city centers,” said Elliot Noss, CEO of Ting and its parent company Tucows. “Smaller cities and towns need faster, more reliable Internet too. Maybe even more so.”

Sandpoint will be the fourth area where Ting offers its FTTH service.

In early 2015, Ting launched FTTH service Charlottesville, Va. followed by Westminster, Md., later that year. In early 2016, Ting Internet began demand generation and assessment in Holly Springs, N.C.

Although network installation costs vary by location, Ting said they are not more than $200 for a home or $400 for an individual business. The Ting Internet Box, which doubles as a high speed wireless router, costs $199 up front or a user can pay $9 a month for the device.

Eligible residential customers can get a 1 Gbps connection for $89, while business services are available for $139 a month. The service provider is also offer a symmetrical 5 Mbps service for $19 a month.

Ting is taking its 1 Gbps FTTH show to the Sandpoint, Idaho area with plans to offer the service to residents in the communities of Sandpoint, Dover, Ponderay and Kootenai.Similar to the way it launched services in Holly Springs, N.C. and in Virginia, interested residents and businesses that reside in these towns can pre-order service by going to the ting.com/sandpoint site.The service provider said that pre-orders will impact not just when Ting starts bringing service to a town, but also where it will begin its network buildout.

 

Source: Ting sets Sandpoint, Idaho as its next 1 Gbps broadband target – FierceTelecom