Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Another Cloud Implosion
Code Spaces, formerly a popular cloud-based source code hosting service run by AbleBots from New Jersey was forced to close. Infosecurity reports that after an attacker managed to get access to its Amazon (AMZN) Web Services EC2 control panel and delete most of its customers’ data. According to an explanation on the Code Spaces website, the firm was a victim of DDoS with the apparent attempt to extort “a large fee to resolve the DDOS.”
As the firm attempted to restore control of its machines, the attacker escalated the attack, the site says;
… the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel … We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances. In summary, most of our data, backups, machine configurations, and offsite backups were either partially or completely deleted.
Code Spaces marketed itself as a trusted provider offering “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management” and a “full recovery plan” with full redundancy, duplication, and distribution of the data across three different geographical data centers if things went wrong. According to the Infosecurity blog despite the marketing hype the Code Spaces sites is folding up its tent and hanging out a closed sign by saying;
Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on-going credibility.
rb-
Another high-profile Cloud Computing service goes bust. Last year when Nirvanix went belly up I wrote about the need for a cloud exit plan. Calum MacLeod, vice president of EMEA at Lieberman Software told CIO.com that security incidents like this are avoidable if companies take effective steps. He suggested firms should implement:
- Certificate-based authentication along with normal user IDs and passwords,
- Whitelist applications,
- A schedule for changing Credentials every few hours for critical applications,
- Continuous discovery of the systems and applications to check if there were any changes to account settings, like happened to Code Spaces where new privileged accounts were created to allow the attack to continue.
He concludes that the Code Spaces incident reads like a cyberattack 101 scenario, where the failure to properly manage privileged credentials ultimately was the cause of the breach.
Other suggested measure for organizations using AWS would be to enable multi-factor authentication for admin logins. Alternatively, to prevent the wholesale loss of files Amazon Glacier could be used for longer-term data archival, to augment regular offline backups.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2014, Amazon, AMZN, Cloud computing, Code Spaces, DDOS, EC2, Fail, Ransomware, Security, Web Services
Who’s Hacking Who?
Update – The hacking map function seems to have been shut down – I got an error message “All access to this object has been disabled.”
A new animated map of the Internet created by the U.S.-based computer security firm Norse helps cyber-defenders visualize where hackers are coming from and illustrate just how ubiquitous hacking is around the world according to a recent article by Maya Kosoff from BusinessInsider.
St. Louis-based Norse offers a product call IPViking which displays a map and lists of the countries doing the most hacking, the countries getting hacked the most, and the types of attacks happening. Quartz noted the animated map looks kind of like the vintage video game Missile Command.
Norse, founded by a former intelligence expert with the U.S.’s Department of Homeland Security explained to Smithsonian Magazine how the system works;
attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors.
BI continues that the map doesn’t show all the hacking going on in the world, it could be a representative snapshot of today’s hacking ecosystem. A snapshot of the stats shows some of the baseline back-and-forth hacking attempts. Today, over 5 hours,
The top attack types:
- SSH port 22 – 6,308 attacks
- SIP port 5060 – 2,380 attacks
- Microsoft-DS port 445 – 2,317 attacks
- MS-SQL-S port 1433 – 2,193 attacks
- DNS port 53 – 2,182 attacks
- HTTP-Alt port 8080 – 2,007 attacks
- SNMP port 161 – 1,367 attacks
- MS-term-services port 3389 – 1,327 attacks
Internet Attacks
| Rank | # of Attacks sent | Attack Origins | Rank | # of Attacks received | Attack Target |
|---|---|---|---|---|---|
| 1 | 12,216 | China | 1 | 27,667 | United States |
| 2 | 7,827 | United States | 2 | 1,161 | Thailand |
| 3 | 2,446 | Mil/Gov | 3 | 1,077 | Hong Kong |
| 4 | 2,161 | Netherlands | 4 | 682 | Canada |
| 5 | 1,899 | France | 5 | 655 | Portugal |
| 6 | 1,351 | Russia | 6 | 650 | Australia |
| 7 | 1,331 | Canada | 7 | 600 | Singapore |
| 8 | 717 | Hong Kong | 8 | 469 | Netherlands |
| 9 | 627 | Thailand | 9 | 458 | France |
| 10 | 495 | Bulgaria | 10 | 411 | Bulgaria |
rb-
I have posted a couple of good maps on here before. This map relays a lot of good info while being mesmerizing also. The amount of malicious traffic flying at U.S. sites is staggering. The attacker’s emphasis is on basic network services, SSH, SIP, AD, SQL, DNS, HTTP, SNMP. Attacks on the basic services we rely on reinforce the urgency for U.S. network users to get their basics in order. The U.S. and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries.
Now for the really scary part. This IPViking map only reveals the tip of the hack-attack iceberg. It only shows penetration attempts against Norse’s network of “honeypot” traps. The real number of hack attempts lighting up interwebs at any given moment is far, far greater than this cool piece of big data mining can ever possibly show.
Related articles
- A secure cloud can keep an enterprise safe from attack (cloudentr.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Heartbleed Old News – Servers Still Vulnerable
Proof that data breaches like Code Spaces, P.F.Chang’s, Domino’s, Target, Neiman Marcus continue to be inevitable. The Verge is reporting that the Heartbleed Open SSL bug is still running rampant. Despite the initial panic several months ago when Neel Mehta of Google’s (GOOG) security team discovered the major bug which put over a million web servers at risk, the threat is old news.
600,000 still vulnerable to Heartbleed
Being old news does not mean the problem’s solved according to the article. They cite security researcher Robert David Graham who found that at least 309,197 servers out there on the interwebs are still vulnerable to the exploit.
Immediately after the announcement, Mr. Graham found some 600,000 servers were exposed by Heartbleed. One month after the bug was announced, that number dropped down to 318,239. In the past month, only 9,042 of those servers have been patched to block Heartbleed. The author says that’s cause for concern because it means that smaller sites aren’t making the effort to implement a fix.
Affects the OpenSSL protocol
The Verge concludes that it’s likely that the lightly trod corners of the internet will remain vulnerable for many years to come, as sites with sub-par security standards continue to leave themselves and their users exposed. The danger is particularly real now since the exploit has been widely publicized. The bug, which affects the OpenSSL protocol used widely online, can cause some serious damage — it can be exploited to give hackers encryption keys, passwords, and other sensitive information.
rb-
I mean who do all these people think they are the NSA?
CNET has kept a running list of where you should change your password due to Heartbleed.
- Google (GOOG)
- Facebook (FB)
- YouTube
- Yahoo (YHOO)
- Wikipedia
- Bing
- Tumblr
- ESPN
- NetFlix
- Weather.com
- Dropbox
- AT&T (T)
- OKCupid
Related articles
- OpenSSL vulnerability allows hackers to read 64k of memory on target server (ehackingnews.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Facebook Challenges Cisco
Julie Bort at the BusinessInsider says Facebook is challenging the stagnate network giant Cisco (CSCO). Facebook’s (FB) Najam Ahmad, leader of the OCP networking project announced a product that should have Cisco shaking in its boots. Mr. Ahmad told the New York Times, “The bigger strategy here is to get computer networking out of the black box, black operations part of the world.”
Facebook introduced the new top-of-rack Wedge switch in 2013. The Wedge release made good FB’s promise to disrupt the $23 billion Ethernet switch market, now dominated by Cisco. Wedge is part of the Open Compute Project (OCP). The author says is OCP one of the most important tech projects Facebook has ever created. OCP began in 2012 as a radically new way to build and buy computer hardware. It creates free and “open source” designs where anyone can contribute to the designs and use them for free.
Open Compute Project
The hardware OCP designs range from computer servers to hard drives to the racks that hold them all. While Facebook still leads the project, it has grown into an industry phenom. In 2013, the article says Facebook saved “over $1 billion” by using the hardware invented by Facebook.
And a year ago, OCP announced plans to build a network switch. And not just any network switch, but one designed as a software-defined networking (SDN) device. BI explains that SDN is a new way to build networks that threaten Cisco, or at least Cisco’s 60+% profit margins. SDN takes the fancy features baked into network equipment – things like security, management – and puts them into the software. This turns the hardware into something that dumbly moves bits of information around. The hardware switch becomes easier to move around and manage, and far less expensive, all things that cloud computing does better.
Software-defined networking
Cisco has already recently released its own SDN product line Cisco Open Network Environment (ONE). Ms. Bort (and others) contend these products encourage customers to keep buying Cisco’s high-performance but expensive gear by including features that will only work with said Cisco’s products. No doubt many enterprises will want that. But Facebook’s switch is a threat for a lot of reasons.
- Facebook is already testing it in its own data centers, one of the most demanding environments around, it said.
- Wedge is “open source.” Cisco gear is somewhat like Apple’s (AAPL) gear. Cisco controls and keeps secret every part of it from the operating system to the custom processors.
The Wedge is different. Everything from the software to the choice of processor Intel (INTC), AMD (AMD), or ARM (ARMH), is “open source” meaning others can see and use or modify the design. As Facebook’s Yuval Bachar and Adam Simpkins explain in a Facebook post about the Wedge switch:
Traditional network switches often use fixed hardware configurations and non-standard control interfaces, limiting the capabilities of the device and complicating deployments. … Unlike with traditional closed-hardware switches, with “Wedge” anyone can modify or replace any of the components in our design to better meet their needs.
Standard parts
EnterpriseTech explains the Wedge switch was built using standard parts. It uses Broadcom’s (BRCM) popular Trident-II switch ASIC, which can provide sixteen 40 Gb/sec ports, which could easily be expanded to 32 ports. The ports can also be equipped with splitter cables, breaking them down into 10 Gb/sec ports that would boost the effective port count to 64 ports in a 1U enclosure. The Wedge switch has a compute element, which is a microserver based on an unspecified Intel processor (most likely an eight-core “Avoton” C2000 processor) that adheres to Facebook’s “Group Hug” microserver specification. Finally, the Wedge switch uses a Facebook homegrown version of Linux.
OCP has already attracted some big players beyond Facebook, too, including Microsoft (MSFT), Intel, Goldman Sachs, Rackspace (RAX), Bloomberg, and many others. It’s worth noting that enterprises cannot buy this switch from Facebook. They would have to order it from a custom manufacturer, just like all other OCP designs. But if this switch does well for Facebook, enterprises will be encouraged to try SDN. And up-and-coming competitors to Cisco, like Arista and Big Switch are involved in OCP and are standing by to cash in.
rb-
Facebook is not alone. Google (GOOG) and Amazon (AMZN) have done the same thing after being frustrated by the slow pace at which incumbent tech companies move. By comparison, the Asian contractor manufacturers that Facebook has used for its open hardware have moved disarmingly quickly, according to Facebook’s Ahmad.
Is this an industry inflection point? There is a school of thought out there that believes we are. They compare today’s networking environment to the phone era when Lucent and Nortel were at their peak and failed in the face of the newfangled softswitch. The Cisco Smartnet annual fee on top of any hardware you buy from them sounds exactly like the kinds of pricing practice those who remember, saw in the voice industry when it was a duopoly of Nortel and Lucent.
Related articles
- How Does Cisco Make Money? (dailyfinance.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2014, Arista Networks, Big Switch, Cisco, Cloud computing, CSCO, Facebook, FB, Open Compute Project, SDN, Software Defined Network
Is Your Network Ready for World Cup
The 2014 FIFA World Cup games are underway and run until July 13. Normally I would not bring this up here, since most Americans ignore soccer. However web access security firm, Wavecrest Computing, make of the Cyblock web filter, reports that there has been a 32% increase in Americans interest in soccer since the broadcast of the last World Cup in 2010.
In addition to the uptick in interest, the American team won a match this time around, which will garner even more interest. This increased interest in soccer can have an impact on your Internet bandwidth. The author asks what happens to your Internet bandwidth if most of your employees start streaming the games or highlights simultaneously, can it sustain the demand and still do business?
42% of IT professionals state that popular events impact their network. How many simultaneous users watching game highlights does it take to saturate your bandwidth? The article calculates that just 2 streaming users result in a 1 Mbps download, while 17 users equal a huge 10 Mbps. Quickly overwhelming Internet bandwidth.
How many simultaneous users watching World Cup game highlights does it take to saturate your bandwidth?
Given the time difference with Brazil, most of the 64 matches will be played during U.S. office hours, and streaming video could deal a major blow to corporate network and application performance according to the blog. When the first match of the day kicks off, smartphones, tablets, and laptops will be streaming footage live from offices around the U.S.
In addition to the major spike in bandwidth usage, Wavecrest whose products help organizations manage and control employee Web activity reminds us there are World Cup 2014 malware sites are out there. According to a recent survey from Osterman Research, malware has infiltrated 74% of organizations via the Web.
The firm’s products can also address the lost productivity and revenue as staff watches the matches and not working. Most of the matches will be played during U.S. office hours. The lost productivity caused by watching the World Cup can total 99 hours average wages lost per hour each day according to Wavecrest. The Wavecrest systems can monitor, report, filter, and throttle employees’ bandwidth use.
In order to keep pace with the staff, CyBlock products can be set up to block Web access by categories and by half-hour so employees can access sports sites on their lunch break or after hours.
rb-
I have been there done that. In 2012 Michigan, Michigan State, and the University of Detroit all played in the NCAA Basketball tournament and the entire 250 Mbps Internet pipe was down to a crawl for most of the afternoon.
There are other tools to use, we were using an M-86 content filter then. We used that to block much more than you would think to get control of the network. In addition to the M-86 default groups, we had to block all the ESPN sites, NCAA sites, and CBS.
We also had a PacketShaper at our disposal and were doing to throttle streaming video, but there were legitimate users of streaming video.
A lot of this comes down to policy and discipline. Is watching NCAA hoops or soccer a business need? Is there leadership to enforce the AUP and tell people to stop wasting resources?
Related articles
- Things To Look Out For This World Cup 2014 (dtutimes.wordpress.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2014, bandwidth, Basketball, Content filtering, FIFA, M-86, Malware, NCAA, PacketShaper, Security, Wavecrest, World Cup