Tag Archive for MSFT

Whats Up With Cisco?

Whats Up With Cisco?What is up with Cisco? Their fiscal results for the recently closed 2017 Q3 showed revenue of $11.9 billion, a 1% decline in revenue, compared to the same quarter last year. This is the 6th consecutive down quarter. The networking goliath also issued downward guidance for 2017 Q4. They estimated a revenue declines of 4-6% year-over year.

Cisco logoOn the earnings call, Cisco CEO Chuck Robbins blamed several factors for the lower guidance. He cited:

  • “a pretty significant stall right now” in the U.S. federal public sector
  • Service provider revenues were down in Mexico.
  • United Kingdom business is being dampened by currency issues.
  • Middle East, there is “pressure… relative to oil prices.”

Then there are the layoffs. Cisco buried the announcement in a footnote in the company’s SEC 8-K report that 1,100 more layoffs are coming, on top of the 5,500 announced Layoffsin August 2016.

In May 2017, we extended the restructuring plan to include an additional 1,100 employees with $150 million of estimated additional pretax charges.

According to SDXCentral, the Cisco CEO stressed several times on the earnings call, that the company is transitioning to more software and subscription-based business. He declared,

I am pleased with the progress we are making on the multi-year transformation of our business.

These weak fiscal results and the move to a subscription-based business have led to speculation about what the Cisco business will look like in the future. TechTarget speculates that Cisco may go so far as to separate the Network Operating System (NOS) from the hardware. They contend that such a move would be a dramatic departure from Cisco’s traditional business model of bundling high-margin hardware with its NOS. The author believes that market trends will likely force the vendor to release an open NOS.

Cisco Catalyst 3750-E.TechTarget cites reports from the The Information that a hardware-independent NOS called Lindt is coming. Reportedly Lindt will run on a white box powered by merchant silicon. According to the article, a number of market trends are driving the move to a hardware-independent NOS.

The first market trend forcing Cisco to release a hardware-independent NOS is the company’s declining dominance of the Ethernet switch market. Since 2011, the company’s share has dropped from about 75% to less than 60% last year, according to the financial research site Trefis. The decline is important to Cisco’s bottom line because switches accounted for 40% of Cisco’s product sales in 2016, 30% of net revenues and 20% of the company’s $162 billion valuation, Trefis reported.

Infrastructure as a ServiceCisco’s weakening performance in switching is tied to the second market trend forcing Cisco to release a hardware-independent NOS. It’s customers are turning to public cloud providers, such as Amazon (AMZN) Web Services, Microsoft (MSFT) Azure and IBM (IBM) SoftLayer, for their IT infrastructure. The more enterprises subscribe to infrastructure as a service, the less networking gear they need in their data centers.

The shift to cloud providers is found in the latest numbers from Synergy Research Group. Revenue from public cloud infrastructure services is growing at almost 50% a year. In the fourth quarter of last year, revenues topped $7 billion.

Cloud providersThe third market trend forcing Cisco to release a hardware-independent NOS is the trend where enterprises that were Cisco’s largest customers are joining cloud providers in building open networking hardware and software to replace inflexible proprietary systems that lock them to a vendor. Those companies include large financial institutions, like Bank of America, Goldman Sachs and Fidelity Investments, and communication service providers, such as AT&T (T), Deutsche Telekom and Verizon (VZ).

The technology shift is driving an enormous amount of spending on IT infrastructure. Worldwide spending on public and private cloud environments will increase 15% this year from 2016 to $42 billion, according to IDC. Meanwhile, spending in Cisco’s core market of traditional infrastructure for noncloud data centers will fall by 5%.

Arista NetworksWhile Cisco is ignoring the trend away from proprietary hardware, the article says Cisco’s rivals are embracing it. Juniper Networks (JNPR) and Arista Networks (ANET) have released a version of their NOS for white boxes favored by cloud providers and large enterprises. Both companies reported year-to-year revenue growth in switching last year. Even Cisco’s patent lawsuit against upstart Arista was set-back by the courts.

Rohit Mehra, an analyst at IDC hypothesized that Cisco’s resistance to change is likely due to fear that giving customers other hardware options would accelerate declining sales in switching. “There would be potentially some risk of cannibalization in the enterprise space,” he added.

Cisco insists its customers are not interested in buying networking software that’s separate from the underlying switch. The Cisco spokesperson told TechTarget:

Cisco insists its customers are not interested

The vast majority of our customers see tremendous value in the power and efficiency of Cisco’s integrated network platforms, and the tight integration of hardware and software will continue to be the basis of the networking solutions we offer our customers

TechTarget adds that Cisco doesn’t say the article is wrong. Instead, the company falls back on a corporate cliché for refusing to discuss a media report. “We don’t comment on rumor or speculation,” a Cisco spokesperson said.

The networking market is evolving away from the hardware that Cisco depends on for much of its valuation. Cisco will resist changing its market approach for as long as possible. But in the end, the company will have to become a part of the trend with an open NOS capable of running on whatever hardware the customer chooses.

Mergers and acquisitionsRather than change its model for selling networking gear, Cisco has spent billions of dollars on acquisitions over the last few years to create software and subscription-based businesses in security and analytics. But Cisco’s software push has yet to pay off with 5 conservative down quarters.

Finally, Cisco just recently patched a flaw in IOS software that affected more than 300 models of its switches. Despite issuing an advisory on March 17, Cisco did not release the patch for this vulnerability until May 8, 2017. The Cisco vulnerability was part of the Vault 7 WikiLeaks dump of alleged CIA hacking tools.

Alleged CIA hacking toolsThe vulnerability, rated a critical 9.8 out of 10 by the Common Vulnerability Scoring System, is in the Cluster Management Protocol, or CMP. could allow a remote, unauthenticated attacker to reload devices or execute code with elevated privileges. This vulnerability can be exploited during Telnet session negotiation over either IPv4 or IPv6.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Redmond’s Terrible, Horrible, No Good, Very Bad Month

Redmond's Terrible, Horrible, No Good, Very Bad MonthRedmond’s Terrible, Horrible, No Good, Very Bad month continues. The WannaCry ransomware hit mostly Windows 7 machines, and now researchers from the Russian information security company Aladdin RD, recently discovered a new bug that will slow down and crash Microsoft (MSFT) Windows Vista, Windows 7 and Windows 8 PCs, but does not seem to impact Windows 10 so far.

Microsoft logoIn a throw back to the Windows 95 and 98 era Ars Technica reports that certain specially crafted filenames could make the operating system lock up or occasionally crash with a blue screen of death. Ars reports that the bug allows a malicious website to try to load an image file with the “$MFT” name in the directory path. Windows uses “$MFT” for special metadata files that are used by NTFS file system. The effected systems do not handle this directory name correctly.

The file exists in the root directory of each NTFS volume, but the NTFS driver handles it in special ways. Ars explains that it’s hidden from view and inaccessible to most software. Attempts to open the file are normally blocked, but if the filename is used as if it were a directory name—for example, trying to open the file c:\$MFT\123—then the NTFS driver takes out a lock on the file and never releases it. Every subsequent operation sits around waiting for the lock to be released. Forever. This blocks all other attempts to get access to the file system, and so every program will start to hang, rendering the machine unusable until it is rebooted.

Denial of Service attackArs says that web pages that use the bad filename in an image source for example, will provoke the bug and make the machine stop responding. Depending on what the machine is doing concurrently, it will sometimes blue screen. Either way, you’re going to need to reboot it to recover. Some browsers will block attempts to access these local resources, but Internet Explorer, will try open the bad file.

Ars couldn’t immediately cause the same thing to occur remotely (by sending IIS a request for a bad filename), but it wouldn’t immediately surprise us if certain configurations or trickery were enough to cause the same problem.

Windows Blue Screen of DeathThe Verge has successfully tested the bug on a Windows 7 PC with the default Internet Explorer browser. Using a filename with “c:\$MFT\123” in a website image, their test caused a machine to slow down to the point they had to reboot to get the PC working again.

A Microsoft spokesperson told Engadget that the company is looking into the matter and will give an update as soon as it can.
“Our engineers are currently reviewing the information. Microsoft has a customer commitment to investigate reported security issues and provide updates as soon as possible.”

The Redmond boys also had to release an emergency out of band update for the Malware Protection Engine aka Windows Defender. Two Google security researchers discovered the “crazy bad” flaw. They claimed it was “the worst Windows remote code exec in recent memory.” The TechNet article says the vulnerability they patched would allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file (CVE-2017-0290). To MSFT’s credit, they did fix the bug and release the patch with a week of being notified.

rb-

Early reports are that this bug is an attack vector. However, this is a denial of service attack that will need a reboot. This new flaw could be bundled with other more dangerous malware to force the user to reboot allowing the attack malware to get loaded.

Related articles

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Whose Time Is It?

Whose Time Is It?What time is it? If you looked at the lower right corner of your Windows PC screen, you know what time it is. That is good enough for most people, but followers of the Bach Seat want to know more. How does Microsoft know that time it is? Microsoft and everybody else uses Internet Engineering Task Force (IETF) RFC 7822 standard protocol called Network Time Protocol (NTP).

Network Time ProtocolNTP is one of the oldest Internet protocols still in use. NTP was designed by UMich alum David Mills at the University of Delaware. NTP can maintain time to within tens of milliseconds over the public Internet, and better than one millisecond accuracy on a LAN. Like many other things in the network world, NTP is set up as a hierarchy. At the top of the tree are “Atomic Clocks” (Stratum 0). Corporations, governments and the military run atomic clocks.

USNO NTP Servers

Atomic clocks are high-precision timekeeping devices which use the element cesium, which has a frequency of 9,192,631,770 Hertz. That means it “oscillates” a little over nine billion times a second. Knowing the oscillation frequency and then measuring it in a device creates an incredibly accurate timekeeping mechanism. Atomic clocks generate a very accurate interrupt and timestamp on a connected Stratum 1 computer. Stratum 0 devices are also known as reference clocks.

Stratum 1 – These are computers attached to stratum 0 devices. Stratum 1 servers are also called “primary time servers”.

Stratum 2 – These are computers that synchronize over a network with stratum 1 servers. Stratum 2 computers may also peer with other stratum 2 computers to offer more stable and robust time for all devices in the peer group.

Stratum 3 computers synchronize with stratum 2 servers. They use the same rules as stratum 2, and can themselves act as servers for stratum 4 computers, and so on.

NIST's first atomic beam clockOnce synchronized, with a stratum 1, 2 or 3 server, the client updates the clock about once every 10 minutes, usually requiring only a single message exchange. The NTP process uses User Datagram Protocol port 123. The NTP timestamp message is 64-bits and consist of a 32-bit part for seconds and a 32-bit part for fractional second. 64-bits gives NTP a time scale of 232 seconds (136 years) and a theoretical resolution of 2?32 seconds (233 picoseconds). NTP uses an epoch of January 1, 1900 so the first roll over will be on February 7, 2036.

Microsoft (MSFT) has a mixed history of complying with NTP. All Microsoft Windows versions since Windows 2000 include the Windows Time service (“W32Time”) which was originally implemented to support the Kerberos version 5 authentication protocol. It required time to be within 5 minutes of the correct value to prevent replay attacks. The NTP version in Windows 2000 and XP violates several aspects of the NTP standard. Beginning with Windows Server 2003 and Vista, MSFT’s NTP which was reliable to 2 seconds. Windows Server 2016 can now support 1ms time accuracy.

Atomic clockIn 2014 a new NTP client, ntimed, was started. As of May 2017, no official release was done yet, but ntimed can synchronize clocks reliably under Debian and FreeBSD, but has not been ported to Windows or Apple (AAPL) macOS.

Accurate time across a network is important for many reasons; discrepancies of even fractions of a second can cause problems. For example:

  • Distributed procedures depend on coordinated times to make sure proper sequences are followed.
  • Authentication protocols and other security mechanisms depend on consistent timekeeping across the network.
  • File-system updates carried out by a number of computers depend on synchronized clock times.
  • Network acceleration and network management systems also rely on the accuracy of timestamps to measure performance and troubleshoot problems.
  • Each individual blockchain includes a timestamp representing the approximate time the block was created.

NTP has known vulnerabilities. The protocol can be exploited and used in distributed denial of service (DDoS) attacks for two reasons: First, it will reply to a packet with a spoofed source IP address; second, at least one of its built-in commands will send a long reply to a short request.

More vulnerabilities were recently discovered in NTP. SearchSecurity.com reports that security researcher Magnus Stubman discovered the vulnerability and, instead of going public, took the mature route and privately informed the community of his findings. Mr. Stubman wrote that the vulnerability he discovered could allow unauthenticated users to crash NTPF with a single malformed UDP packet, which will cause a null point dereference. The article explains this means that an attacker could be able to craft a special UDP packet which targets NTP, resulting in an exception bypass that can crash the process. A patch to remediate specific vulnerability — named NTP 4.2.8p9  — was released by the Network Time Foundation Project .

This is a Windows only vulnerability at this time. The author urges anyone running the NTP daemon on a Windows systems to patch it as soon as possible. This particular DoS attack against NTP could incapacitate a time-server and cause havoc in the network. The easiest fix is to apply the NTP patch the article states.

rb-
NTP is important to your network and patching and protecting it should be a priority. The threat to your environment is real. If NTP is not patched, an attacker could take advantage of the chaos created by this vulnerability to hide their tracks since timestamps on files and in logs won’t match.

Way back in the day, when I was a network administrator, I inherited a network where a directory services container was frozen. Seems that time had never been properly set up on the server holding the replica and as time passed, the server time drifted away from network time and at some point we could not make changes or force a replica update. That meant a late night call to professional services to kill the locked objects and then apply DSRepair –xkz (I think) and then re-install an R/O replica.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Crack Your New Phone with a Pix

Crack Your New Phone with a PixFollowers of the Bach Seat know biometrics have a limited value in replacing passwords. Despite the technical flaws another round of biometric hype is running across the intertubes. The latest round of biometric hype is coming from Samsung (005930). In the hope to revive their brand, they are on the verge of releasing the Galaxy S8. The Samsung Galaxy S8 includes the ability to use facial recognition software to unlock your brand new phone. CNet says that this idea “sounds awesome.”

Samsung Galaxy S8However, this awesome will lower the bar for your security. CNet reports that the video blogger MarcianoTech demonstrated a pre-release version of the Galaxy S8 is seen being unlocked using just a photo (at the 1:09 mark). To their credit Samsung has acknowledged that the Face Unlock feature is more for convenience than for security, and it cannot be used for mobile payments. Weak facial recognition software is a convenience for the user, it could also be very convenient for others, too.

The troubles with Face Unlock date back to 2011 when SlashGear reported that Google admitted the security system can be fooled by a picture of you and not the real thing. CNet reports that a Carnegie Mellon University spin-off in Pittsburgh, PittPatt, developed  that Face Unlock which was later acquired by Google (GOOG).

photographs are stored in facial recognition databasesJust to make Face Unlock and similar facial recognition systems more dangerous, the Guardian reports during recent testimony before congress the FBI admitted that they store about half of all adult Americans’ photographs in a facial recognition databases that can be accessed by the FBI. About 80% of photos in the FBI’s network are non-criminal entries, including driver’s licenses pictures from 18 states including Michigan (pdf) and passports.

The FBI first launched its advanced biometric database, Next Generation Identification, in 2010, augmenting the old fingerprint database with further capabilities including facial recognition. The bureau did not tell the public about its newfound capabilities nor did it publish a privacy impact assessment, required by law, for five years.

Unlike with the collection of fingerprints and DNA, which is done following an arrest, photos of innocent civilians are being collected proactively. The FBI made arrangements with 18 different states to gain access to their databases of driver’s license photos.

States allowing FBI to search driver license pictures

“I’m frankly appalled,” said Paul Mitchell, a congressman for Michigan. “I wasn’t informed when my driver’s license was renewed my photograph was going to be in a repository that could be searched by law enforcement across the country.”
So anyone with a photo of you, or maybe even just access to your Facebook photos, could potentially access your phone.

rb-

There are two important reasons why biometrics don’t work, and why the old-fashioned password is still a better option: a person’s biometrics can’t be kept secret and they can’t be revoked.

There's no real way to conceal your eyes, face or fingerprints from the worldPeople expose their biometrics everywhere – they leave fingerprints behind at bars and restaurants, their faces and eyes are captured in photos and film, etc. There’s no real way to conceal your eyes, face or fingerprints from the world. As far back as 2002, research  led by Japanese cryptographer Tsutomu Matsumoto. Matsumoto and his team used clear gelatin to make artificial fingers that they then used to fool fingerprint scanners. The gelatin-based finger was successful in fooling all 11 devices tested. I wrote about spoofing fingerprints  in 2016.

However, it’s the second problem with biometrics that is the really big one: once a person’s biometrics have been compromised, they will always be compromised. Since a person can’t change their fingerprint or whatever biometric is being relied upon, it’s ‘once owned, forever owned.’ That is biometrics’ major failing and the one that will be hardest to overcome.

Part of the reason is that it’s silly to only have 10 possible passwords your whole life (20, if you count toes) but unlike a password, once a biometric is compromised, it is permanent. Today, if your Twitter account gets hacked, you just change the password – but if you are using a biometric, you will be stuck with that hacked password for the rest of your life.

With the release of Windows 10, Microsoft (MSFT) stepped up their biometrics game. CNet reports that with the recent improvements in Windows 10 biometric security includes facial recognition software. Besides facial recognition, Windows Hello also supports fingerprint and iris recognition to secure your PC. For facial recognition though, Microsoft has partnered with chipmaker Intel (INTC) for its RealSense 3D camera tech to get the job done. RealSense uses depth-sensing infrared cameras to track the location and positions of objects, which Microsoft then uses to scan a person’s face or iris before unlocking the device in question.

To further push the biometrics agenda, more than 200 companies including Microsoft, Lenovo, Alibaba and MasterCard have already come together to form a partnership known as the FIDO (Fast Identity Online) Alliance. Founded in 2013, FIDO was set up to address issues such as a worldwide adoption of standards for authentication processes over the Web to help reduce reliance on passwords.

 

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Who Rules the Internet?

Who Rules the Internet?Singapore based ISP Vodien published an infographic which lists the 100 highest ranking websites in the U.S. by traffic, according to website analytics company Alexa. There are over 1.1 billion websites on the internet, but the majority of all traffic actually goes to a very small number of firms. Seven companies control 30% of the top 100 web sites and the related web traffic.

100 highest ranking websitesNot surprisingly Alphabet controls the most popular sites on the web, Google and YouTube. Surprisingly, Microsoft controls the most sites in the top 100. Redmond controls seven of the top web properties including recently purchased LinkedIn, Bing and Microsoft.com. For a long time, MSFT’s online efforts were a disaster. That seems to have changed with Azure, but I still hate Bing. According to the Vodien infographic Alphabet controls four of the most popular sites.

The Visual Capitalist points out that Google.com gets an astounding 28 billion visits per month. The next closest is also a Google-owned property, YouTube, brings in 20.5 billion visits.

Facebook (FB) controls two of the most popular web sites; Facebook (#3) and Instagram (#13).

Jeff Bezo’s firm Amazon (AMZN) directs four popular web sites;

The infographic says Verizon (VZ) now controls the Huffington Post (#49) and AOL (#59) and will control Yahoo (#5) and Tumlr (#12) if the deal closes in 2017 Q2.

Reddit.com comes in at #7 and Reddituploads.com is #61.

Online retailer eBay comes in as the #8 website.

POTUS favorite Twitter (TWTR) is the 9th ranked website and t.co is #25.

Video streamer Netflix comes in ranked #10 by Vodien.

Microsoft (MSFT) controls 7 of the top 100 web sites with recently purchased LinkedIn at #11, Live.com #14. so-so search engine Bing is #17, followed by Office.com (#23), Microsoft Online Services (#24), MSN (#37) and Microsoft.com (#41).


100 Websites that Rule the Internet

rb-

The consolidation of all of this web traffic is troubling. The current administration is going to allow online firms to sell all the personal information they collect to the government, data aggregators or anybody else to make a buck.

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.