Archive for the ‘Services’ Category

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Wednesday, July 19th, 2017
internet-of-the-things-hacking

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking.

The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

Dubbed “Devil’s Ivy,” the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices.

The Devil’s Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications.

“When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed,” researchers say.

“Since these cameras are meant to secure something, like a bank lobby, this could lead to collection of sensitive information or prevent a crime from being observed or recorded.”

Axis confirmed the vulnerability that exists in almost all of its 250 camera models (you can find the complete list of affected camera models here) and has quickly released patched firmware updates on July 6th to address the vulnerability, prompting partners and customers to upgrade as soon as possible.

However, researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

Axis immediately informed Genivia, the company that maintains gSOAP, about the vulnerability and Genivia released a patch on June 21, 2017.

The company also reached out to electronics industry consortium ONVIF to ensure all of its members, including Canon, Cisco, and Siemens, those who make use of gSOAP become aware of the issue and can develop patches to fix the security hole.

Internet of Things (IoT) devices has always been the weakest link and, therefore, an easy entry for hackers to get into secured networks. So it is always advisable to keep your Internet-connected devices updated and away from the public Internet.

Source: Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Wednesday, July 19th, 2017
Cisco-WebEx-Remote-Command-Execution

A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer.

Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and collaborate with colleagues around the world.  The extension has roughly 20 million active users.Discovered by Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security, the remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension. To exploit the vulnerability, all an attacker need to do is trick victims into visiting a web page containing specially crafted malicious code through the browser with affected extension installed.  Successful exploitation of this vulnerability could result in the attacker executing arbitrary code with the privileges of the affected browser and gaining control of the affected system.

“I see several problems with the way sanitization works, and have produced a remote code execution exploit to demonstrate them,” Ormandy said. “This extension has over 20M [million] active Chrome users alone, FireFox and other browsers are likely to be affected as well.”Cisco has already patched the vulnerability and released “Cisco WebEx Extension 1.0.12” update for Chrome and Firefox browsers that address this issue, though “there are no workarounds that address this vulnerability.”

“This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows,” Cisco confirmed in an advisory released today.

Download Cisco WebEx Extension 1.0.12

In general, users are always recommended to run all software as a non-privileged user in an effort to diminish the effects of a successful attack.

 Fortunately, Apple’s Safari, Microsoft’s Internet Explorer and Microsoft’s Edge are not affected by this vulnerability.  Cisco WebEx Productivity Tools, Cisco WebEx browser extensions for Mac or Linux, and Cisco WebEx on Microsoft Edge or Internet Explorer are not affected by the vulnerability, the company confirmed.The remote code execution vulnerability in Cisco WebEx extension has been discovered second time in this year.

 

Source: Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Understanding Open Source Agility – Watching revenue upside in SD-WAN, UCaaS services.

Thursday, July 13th, 2017
“A penny saved is a penny earned” –Wise Anonymous person’s words that I heard from my mother growing up.
R O I should be an initial checkpoint and a major focus of any technological investment.  What is the solution solving?  I can’t stop adding items to the list.  I found the article below rather interesting – The service and cloud scene is poppin right now.
–Aaron
business meeting

SatPhone Encrypted Calls Can be Cracked in Fractions of a Second

Thursday, July 13th, 2017

Decrypting-Satellite-Phone-Calls

Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”

According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.

The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.

Such attacks could pose a significant threat to satellite phone users’ privacy.

“Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks,” researchers said.

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” researchers concluded.

The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones.”

Story Credit ::
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst.
She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Critical Flaws Found – NTLM Security Protocol – Patch Now!

Thursday, July 13th, 2017

As part of this month’s Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007.

Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain.

NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems.

Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely.

The first vulnerability involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second impact Remote Desktop Protocol (RDP) Restricted-Admin mode.

LDAP fails to adequately protect against NTLM relay attacks, even when it has built-in LDAP signing the defensive measure, which only protects from man-in-the-middle (MitM) attacks and not from credential forwarding at all.

The vulnerability could allow an attacker with SYSTEM privileges on a target system to use incoming NTLM sessions and perform the LDAP operations, like updating domain objects, on behalf of the NTLM user.

“To realize how severe this issue is, we need to realize all Windows protocols use the Windows Authentication API (SSPI) which allows downgrade of an authentication session to NTLM,” Yaron Zinar from Preempt said in a blog post, detailing the vulnerability.

“As a result, every connection to an infected machine (SMB, WMI, SQL, HTTP) with a domain admin would result in the attacker creating a domain admin account and getting full control over the attacked network.”

Video Demonstration of Relay Attack

Preempt researchers also provided a video to demonstrate credential relay attacks.

The second NTLM vulnerability affects Remote Desktop Protocol Restricted-Admin mode – this RDP Restricted-Admin mode allows users to connect to a remote computer without giving their password.

According to Preempt researchers, RDP Restricted-Admin allows authentication systems to downgrade to NTLM. This means the attacks performed with NTLM, such as credential relaying and password cracking, could also be carried out against RDP Restricted-Admin.

When combined with the LDAP relay vulnerability, an attacker could create a fake domain admin account whenever an admin connects with RDP Restricted-Admin and get control of the entire domain.

The researchers discovered and privately reported LDAP and RDP Relay vulnerabilities in NTLM to Microsoft in April.

However, Microsoft acknowledged the NTLM LDAP vulnerability in May, assigning it CVE-2017-8563, but dismissed the RDP bug, claiming it is a “known issue” and recommending configuring a network to be safe from any NTLM relay.

“In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a domain controller. An attacker who successfully exploited this vulnerability could run processes in an elevated context,” Microsoft explained in its advisory.

“The update addresses this vulnerability by incorporating enhancements to authentication protocols designed to mitigate authentication attacks. It revolves around the concept of channel binding information.”

So, sysadmins are recommended to patch their vulnerable servers with NT LAN Manager enabled as soon as possible.

You can either consider turning NT LAN Manager off or require that incoming LDAP and SMB packets are digitally signed in order to prevent credential relay attacks.

Besides this NTLM relay flaw, Microsoft has released patches for 55 security vulnerabilities, which includes 19 critical, in several of its products, including Edge, Internet Explorer, Windows, Office and Office Services and Web Apps, .NET Framework, and Exchange Server.

Windows users are strongly advised to install the latest updates as soon as possible in order to protect themselves against the active attacks in the wild.

Swati - Hacking News

Enron Opens Bandwidth Commodity Trading Service

Tuesday, March 8th, 2016

Cutting the red ribbon for bandwidth commodity trading, high-bandwidth application service company Enron Communications Inc. Friday officially introduced its new approach to bandwidth.”This is ‘Day One’ of a potentially enormous market,” said Jeff Skilling, Enron president and chief operating officer. He compared the present inflexible agreements for pre-set capacity amounts to pre-reform “oil contracts in the 1970s, natural gas contracts prior to 1990 and electric power contracts prior to 1994.”The first contract for Enron’s (ENE) new structure is for DS-3 bandwidth between New York and Los Angeles which transmits video and other high-bandwidth data at 45 megabits per second. Global Crossing (GBLX) is selling the capacity, and has expressed its excitement to be involved in the new system.Skilling said that his company will prove that bandwidth can be traded without losing quality standards, adding that both the buyer and the seller will be monitoring the transactions.

Enron introduced plans for the new bandwidth capacity reservation system in May, promising that bandwidth trading would make Internet applications more efficient and cost-effective, as well as pave the way for development of new applications. Cisco Systems Inc. and other major companies welcomed the concept, which would free them from signing long-term capacity contracts.Enron Communications also announced that the currently operational North American (New York-Los Angeles) Benchmark Segment is expected to be connected to the mid-construction Atlantic (New York – London) Benchmark Segment soon after its introduction in May of next year. Once tapped, the connection will allow international bandwidth trade in the near future.

Global Crossing enters the picture again as the facility owner of the UK bandwidth pooling point.

Enron’s IP broadband infrastructure, the Enron Intelligent Network, is also expected to expand into Europe, Japan, Asia and South America early next year.

Source: Enron Opens Bandwidth Commodity Trading Service – InternetNews.

Mellanox Adds Cumulus Linux Support for Ethernet Switches

Tuesday, March 8th, 2016

SUNNYVALE, Calif. & YOKNEAM, Israel–(BUSINESS WIRE)–Mellanox® Technologies, Ltd. (NASDAQ:MLNX), a leading supplier of high-performance, end-to-end interconnect solutions for data center servers and storage systems, today announced it has added Cumulus® Linux® support for the Spectrum line of 10/25, 40/50, and 100 Gb/s Ethernet switches.

The addition of Cumulus Linux provides customers a best in class Network Operating System (NOS) with the highest performance and most predictable Ethernet switch platform. The availability of third party NOS solutions is the cornerstone of the Open Ethernet initiative and provides customers with freedom of choice. “Mellanox is uniquely positioned to capitalize on a big opportunity as the industry continues to move towards open solutions” Tweet this“The addition of Cumulus Linux means we now give our customers the option to choose the leading Linux NOS on the market,” said Amit Katz, vice president Ethernet switch sales, Mellanox Technologies. “We are confident our Ethernet switch platforms will continue to deliver unmatched predictability, packet performance and the ability to achieve Web-Scale IT efficiencies.”In order to achieve more agile innovation and to avoid vendor lock-in, many of the largest and most advanced web scale businesses have rejected closed, proprietary, black box switches.

Taking a page from these hyperscale data centers, more modestly sized businesses are emulating these architectures and adopting open, disaggregated switches – which separate the choice of hardware and software components. These open networking platforms enable customers to choose best of breed components in order to optimize and automate their data centers to meet their business needs. The fully integrated and tested combination of Spectrum switches and Cumulus Linux is the ideal way to achieve this agility, with an open networking platform that frees enterprises to extend and improve the pace of innovation, efficiency, and automation of their data center infrastructure.Mellanox is helping to accelerate the adoption of open networking and the transformation of businesses to achieve web-scale IT efficiencies.

The partnership between Mellanox and Cumulus Networks is a realization of the Open-Ethernet initiative and furthers both companies’ long-standing commitment to open networking, as demonstrated by their contributions to the Open Compute Project (OCP), Switch Abstraction Interface (SAI), Linux Switchdev, and Open Network Install Environment (ONIE). In addition, Mellanox has made multiple contributions of 10/25, 40/50, & 100 Gb/s Ethernet switch and OCP adapters designs.“Mellanox is uniquely positioned to capitalize on a big opportunity as the industry continues to move towards open solutions,” said JR Rivers, CEO and co-founder, Cumulus Networks. “With Mellanox’s performance-focused value proposition, Open Ethernet initiative, and large base of clients, Cumulus can expand into new markets and help accelerate customers’ move to Web IT. Open is becoming the industry standard at every level in modern infrastructure builds. As ecosystems open up, customers win; all due to selecting the best technology under the best terms.”“At Cloudalize, we offer the GPU Desktop as a Service (GDaaS) Platform to a wide range of partners for the cloud solutions they deliver to their customers, so we demand performance, predictability, and industrial-grade control of our networking equipment,” said Benny Willen, CEO Cloudalize. “Cloudalize’s requirements for high performance networking, that could be provisioned as easily as servers, led us to look at an Open solution in the form of Cumulus Linux running on top of Mellanox’s Ethernet Switches.

With Cumulus Linux, we could leverage many of our server tools to automate our network orchestration and monitoring activities. With Mellanox Ethernet Switches, we get the predictable performance we need, without worrying about packet loss.”Come see how to transform your data center and achieve web-scale IT efficiency with the Cumulus Linux running on the Spectrum switch at the Mellanox booth #B4 at the OCP Summit taking place March 9-10 at the San Jose Convention Center.

Source: Mellanox Adds Cumulus Linux Support for Ethernet Switches | Business Wire

Ting sets Sandpoint, Idaho as its next 1 Gbps broadband target

Tuesday, March 8th, 2016

If Ting sees enough interest in service after completing its “demand assessment” phase, Ting says that network construction will begin later this year.

Google Fiber (NASDAQ: GOOG) and other large telcos like AT&T (NYSE: T) have gained national attention for their 1 Gbps FTTH builds in major cities like Atlanta and Austin, Texas. But Ting said its goal is to bring similar capabilities to areas like Sandpoint where the population is less than 10,000 people.

“While it’s obviously very important to get major metros connected with fast fiber Internet, Ting Internet is proving that the fastest Internet access available isn’t just for city centers,” said Elliot Noss, CEO of Ting and its parent company Tucows. “Smaller cities and towns need faster, more reliable Internet too. Maybe even more so.”

Sandpoint will be the fourth area where Ting offers its FTTH service.

In early 2015, Ting launched FTTH service Charlottesville, Va. followed by Westminster, Md., later that year. In early 2016, Ting Internet began demand generation and assessment in Holly Springs, N.C.

Although network installation costs vary by location, Ting said they are not more than $200 for a home or $400 for an individual business. The Ting Internet Box, which doubles as a high speed wireless router, costs $199 up front or a user can pay $9 a month for the device.

Eligible residential customers can get a 1 Gbps connection for $89, while business services are available for $139 a month. The service provider is also offer a symmetrical 5 Mbps service for $19 a month.

Ting is taking its 1 Gbps FTTH show to the Sandpoint, Idaho area with plans to offer the service to residents in the communities of Sandpoint, Dover, Ponderay and Kootenai.Similar to the way it launched services in Holly Springs, N.C. and in Virginia, interested residents and businesses that reside in these towns can pre-order service by going to the ting.com/sandpoint site.The service provider said that pre-orders will impact not just when Ting starts bringing service to a town, but also where it will begin its network buildout.

 

Source: Ting sets Sandpoint, Idaho as its next 1 Gbps broadband target – FierceTelecom

​Why has SQL Server come to Linux? Windows-only cloud makes no sense | ZDNet

Tuesday, March 8th, 2016

Some people are asking why. After all, with MySQL, MariaDB, postgreSQL, and Oracle Database 12c Linux, there’s no shortage of RDBMS servers on Linux.Part of the reason is simple enough. Scott Guthrie, head of Microsoft’s Cloud & Enterprise business, said “This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud.The more complex answer is that Microsoft’s fortune is no longer based on Windows. True, SQL Server will be available on Red Hat Enterprise Linux (RHEL) and Canonical’s Ubuntu Linux as a standalone server applications, that’s not where it’s meant to run. As Ed Bott recently uncovered, Microsoft’s new cash cows are Azure and server applications. In particular, “Microsoft Azure is growing rapidly and is reported in the same group as traditional server products (SQL Server is up, Windows Server is down). Collectively, that pair is at the top of the list.”And what operating systems run on Azure? Mark Russinovich, CTO of Microsoft Azure, Microsoft’s cloud program, said last fall that open source and Linux make great financial and technical sense for Microsoft. “It’s obvious, if we don’t support Linux, we’ll be Windows only and that’s not practical.” Then, one in four Azure operating systems instances were Linux. And that number has only been increasing.ADVERTISINGFor Microsoft to continue to grow as a cloud and services company it must become a Linux company.And, in particular, Microsoft wants to be a Linux cloud power. Today, Azure is certainly the primary way Microsoft monetizes Linux, so it’s only logical that SQL Server would be added to Linux.Al Gillen, IDC’s group vice president, sees this. “By taking this key product to Linux, Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

Source: ​Why has SQL Server come to Linux? Windows-only cloud makes no sense | ZDNet

Goodbye Applets: Another Cruddy Piece of Web Tech Is Finally Going Away | WIRED

Tuesday, March 8th, 2016

Another piece of old, insecure web infrastructure is about to be killed off.

Oracle says that it’s discontinuing its Java browser plugin starting with the next big release of the programming language. No, Oracle isn’t killing the Java programming language itself, which is still widely used by many companies. Nor is it killing off JavaScript, which is a completely different language that Oracle doesn’t control. What Oracle is getting rid of is a plugin that allows you to run programs known as “Java applets” in your browser.You may not think you even have the Java plugin installed, but if you’ve ever installed Java, or if Java came pre-installed on your computer, then you probably do, even if you never use it. The good news is that Oracle won’t be automatically installing the Java plugin when you install Java anymore. The bad news is that it won’t be providing security updates anymore either, so you should go ahead and uninstall it now. In fact, there’s a good chance you can uninstall Java entirely.

Source: Goodbye Applets: Another Cruddy Piece of Web Tech Is Finally Going Away | WIRED