Home Tags Dynamic Routing Protocol

Tag: Dynamic Routing Protocol

Citrix isn’t just for telecommuting, Red Bull Racing uses it at...

But the next big thing will be machine learning and AI for simulations and design.

You Have One Year to Make GDPR Your Biggest Security Victory...

The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.

RIP: Antivirus veteran Raimund Genes, 54

Trend Micro CTO suffered fatal heart attack Colleagues and friends are mourning the sudden death of distinguished antivirus industry veteran Raimund Genes last Friday.…

The Collapsing Empire is rip-roaring space opera with a conscience

John Scalzi’s latest novel is a thought experiment about the fall of civilization

New(ish) Mirai Spreader Poses New Risks

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices.

This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.

99.6% of new smartphones run iOS or Android; RIP Windows and...

Apple retakes sales crown from Samsung, but biggest gains are from the Chinese.

DDoS attacks in Q4 2016

2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, attack scale and impact on our daily life.
In fact, the year ended with massive DDoS attacks unseen before, leveraging Mirai botnet technology.

RIP, “Six Strikes” Copyright Alert System

The anti-piracy accord between ISPs and entertainment industry meets its demise.

Western Union coughs up $586m for turning a blind eye to...

Helping internet scammers proved profitable, for a while Western Union will forfeit more than half a billion dollars after admitting it broke money laundering laws. The admission comes after America's trade watchdog, the FTC, looked into why so many fraudsters use the company's services to launder ill-gotten gains. Under the terms of the settlement, Western Union pled guilty to willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud.
It agreed to pay back $586m, retrain its staff, and submit to three years of independent oversight. "Western Union owes a responsibility to American consumers to guard against fraud, but instead the company looked the other way, and its system facilitated scammers and rip-offs," said FTC Chairwoman Edith Ramirez. "The agreements we are announcing today will ensure Western Union changes the way it conducts its business and provides more than a half billion dollars for refunds to consumers who were harmed by the company's unlawful behavior." The amount of the, effectively, nine-figure fine is certainly larger than the usual slap on the wrist that US regulators hand out. Last year, Western Union banked a net income of $837.8m, so the forfeit accounts for over eight months of profits – although considering that the complaint [PDF] states that the company has been carrying on in this way for at least eight years, Western Union is still in black from its activities. The FTC complaint states that Western Union must have been aware that they were carrying fraudulent transfers on their network and did nothing to stop them, or to rein in rogue agents in its employ.
In doing so, it violated banking secrecy laws and FTC reporting requirements. The government stated that Western Union agents were used in a number of scams, including internet fraud and online gambling.
It says that some of the funds identified came from scammers who took over social media accounts to declare they have been mugged and asking friends to send funds via Western Union to help. It also highlighted large numbers of transactions designed to send just under $10,000 overseas.
If someone sends more than that abroad it must be reported, so scammers do multiple smaller transactions that Western Union must have known were dodgy, the complaint claims. "As a major player in the money transmittal business, Western Union had an obligation to its customers to ensure they offered honest services, which include upholding the Bank Secrecy Act, as well as other US laws," said Chief Richard Weber of Internal Revenue Service–Criminal Investigation (IRS-CI). "Western Union's blatant disregard of their anti-money laundering compliance responsibilities was criminal and significant.
IRS-CI special agents – working with their investigative agency partners – uncovered the massive financial fraud and is proud to be part of this historic criminal resolution." ® Sponsored: Customer Identity and Access Management

JSA10772 – 2017-01 Security Bulletin: Junos: RPD crash while processing RIP...

2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303)Product Affected:This issue can affect any product or platform running Junos OS where RIP is enabled. Problem: Certain RIP advertisements received by the rou...

A Look Inside Responsible Vulnerability Disclosure

It's time for security researchers and vendors to agree on a standard responsible disclosure timeline. Animal Man, Dolphin, Rip Hunter, Dane Dorrance, the Ray. Ring any bells? Probably not, but these characters fought fictitious battles on the pages of DC Comics in the 1940s, '50s, and '60s. As part of the Forgotten Heroes series, they were opposed by the likes of Atom-Master, Enchantress, Ultivac, and other Forgotten Villains. Cool names aside, the idea of forgotten heroes seems apropos at a time when high-profile cybersecurity incidents continue to rock the headlines and black hats bask in veiled glory. But what about the good guys? What about the white hats, these forgotten heroes? For every cybercriminal looking to make a quick buck exploiting or selling a zero-day vulnerability, there's a white hat reporting the same vulnerabilities directly to the manufacturers. Their goal is to expose dangerous exploits, keep users protected, and perhaps receive a little well-earned glory for themselves along the way. This process is called "responsible disclosure." Although responsible disclosure has been going on for years, there's no formal industry standard for reporting vulnerabilities. However, most responsible disclosures follow the same basic steps. First, the researcher identifies a security vulnerability and its potential impact. During this step, the researcher documents the location of the vulnerability using screenshots or pieces of code. They may also create a repeatable proof-of-concept attack to help the vendor find and test a resolution. Next, the researcher creates a vulnerability advisory report including a detailed description of the vulnerability, supporting evidence, and a full disclosure timeline. The researcher submits this report to the vendor using the most secure means possible, usually as an email encrypted with the vendor's public PGP key. Most vendors reserve the [email protected] email alias for security advisory submissions, but it could differ depending on the organization. After submitting the advisory to the vendor, the researcher typically allows the vendor a reasonable amount of time to investigate and fix the exploit, per the advisory full disclosure timeline. Finally, once a patch is available or the disclosure timeline (including any extensions) has elapsed, the researcher publishes a full disclosure analysis of the vulnerability. This full disclosure analysis includes a detailed explanation of the vulnerability, its impact, and the resolution or mitigation steps. For example, see this full disclosure analysis of a cross-site scripting vulnerability in Yahoo Mail by researcher Jouko Pynnönen. How Much Time?Security researchers haven't reached a consensus on exactly what "a reasonable amount of time" means to allow a vendor to fix a vulnerability before full public disclosure. Google recommends 60 days for a fix or public disclosure of critical security vulnerabilities, and an even shorter seven days for critical vulnerabilities under active exploitation. HackerOne, a platform for vulnerability and bug bounty programs, defaults to a 30-day disclosure period, which can be extended to 180 days as a last resort. Other security researchers, such as myself, opt for 60 days with the possibility of extensions if a good-faith effort is being made to patch the issue. I believe that full disclosure of security vulnerabilities benefits the industry as a whole and ultimately serves to protect consumers. In the early 2000s, before full disclosure and responsible disclosure were the norm, vendors had incentives to hide and downplay security issues to avoid PR problems instead of working to fix the issues immediately. While vendors attempted to hide the issues, bad guys were exploiting these same vulnerabilities against unprotected consumers and businesses. With full disclosure, even if a patch for the issue is unavailable, consumers have the same knowledge as the attackers and can defend themselves with workarounds and other mitigation techniques. As security expert Bruce Schneier puts it, full disclosure of security vulnerabilities is "a damned good idea." I've been on both ends of the responsible disclosure process, as a security researcher reporting issues to third-party vendors and as an employee receiving vulnerability reports for my employer's own products. I can comfortably say responsible disclosure is mutually beneficial to all parties involved. Vendors get a chance to resolve security issues they may otherwise have been unaware of, and security researchers can increase public awareness of different attack methods and make a name for themselves by publishing their findings. My one frustration as a security researcher is that the industry lacks a standard responsible disclosure timeline. We already have a widely accepted system for ranking the severity of vulnerabilities in the form of the Common Vulnerability Scoring System (CVSS). Perhaps it's time to agree on responsible disclosure time periods based on CVSS scores? Even without an industry standard for responsible disclosure timelines, I would call for all technology vendors to fully cooperate with security researchers. While working together, vendors should be allowed a reasonable amount of time to resolve security issues and white-hat hackers should be supported and recognized for their continued efforts to improve security for consumers. If you're a comic book fan, then you'll know even a vigilante can be a forgotten hero.  Related Content: Marc Laliberte is an information security threat analyst at WatchGuard Technologies. Specializing in network security technologies, Marc's industry experience allows him to conduct meaningful information security research and educate audiences on the latest cybersecurity ... View Full Bio More Insights

Sony Music Apologizes for Britney Spears RIP Tweets

Oops, Sony did it again.

Got hacked that is. Sony is well aware of the damage a hacked account can cause, especially when it impacts an entire service such as the PlayStation Network.

The latest Sony hack is on a much smaller scale, though, with the ...