2009 | Bach Seat

Tag Archive for 2009

RB | July 28, 2009

Comments Off

Feds to Test IPv6

NetworkWord is reporting that the U.S. government has reportedly launched a comprehensive product testing program for IPv6. The new program, USGv6 Test Program, will be run by the National Institute of Standards and Technology (NIST) will require all network hardware and software vendors to pass IPv6 compliance and interoperability tests before they can sell their products to the U.S. federal government market.

The NIST IPv6 test plan covers basic IPv6 functionality as well as related standards such as IP Security (IPsec), Internet Key Exchange (IKEv2 ), Dynamic Host Configuration Protocol (DHCPv6), Open Shortest Path First (OSPFv3), Border Gateway Protocol (BGP4+) and multicast requirements in MLDv2.

The USGv6 program will allow vendors to run IPv6 compliance tests in their own labs as long as it is accredited by NIST, but they must run IPv6 interoperability testing in someone else’s lab. Erica Johnson, Director of the University of New Hampshire InterOperability Laboratory told NetworkWorld, “The way that the NIST profile is going to work is that conformance testing can be done in an accredited first-party [vendor], second-party [buyer] or third-party [independent] lab…But the interoperability testing must be done in a second-party or third-party lab.”

The time frame for the USGv6 Test Program is tight. NIST is expected to publish this week [July 31] the final version of its IPv6 test specifications aka Special Publication 500-273 and to finalize its test plan in November 2009. Testing labs are to be accredited before the end of the calendar year. Network vendors will have six months to get their routers, operating systems, firewalls and other security systems through IPv6 testing before the federal government’s July 2010 acquisition deadline.

By July 2010, federal agencies will be required to buy only hosts, routers, and network security systems that have been tested for IPv6 compliance. Vendors must issue a “Suppliers’ Declaration of Conformity” that states host and router products have been tested for IPv6 compliance and interoperability, while security products must undergo functional IPv6 testing. All of the testings must be done in NIST-accredited labs.

rb-

It’s about time – I have included IPv6 requirements in RFP’s for over 6 years. It is amazing to watch the vendors tap-dance around what IPv6 compatibility means. Only some of these products from Cisco or Foundry Brocade are IPv6 compatible depending on the image you buy. I guess the real trick will be to get a “Suppliers’ Declaration of Conformity” if you are not a Fed.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2009, BGP, DHCP, Feds, IKE, IPV4, IPv6, Networking, NIST, OSPF, US Government

RB | July 25, 2009

Comments Off

SPAM Continues to Grow

Despite some recent victories in the struggle against spam, like the takedowns of McColo and PriceWert micro-analysis of spam trends confirms the continuing surge of spam. The overall trend over the last 12 months in spam volume is still headed up. This upward trend continues despite a year-long decline in the trend from April 2008 to April 2009, a trend Google also noted.

May 2009 saw a doubling of the spam received which moved the trend line up. The amount of spam in June 2008 fell back within the expected range, which coaxed the trend higher. If the amount of SPAM received in July 2009 stays at the average projected levels, the trend will continue to climb, which Google describes as “the recent upward trajectory of spam ”

These results are based on spam statistics from my business email account. The practice of safer emailing, which includes the judicious use of email filters, anti-malware software on the desktop a hosted email server and Gmail helps keep spam under control. Whenever I conduct business with an unknown entity, they always get a GMail address until I know it is safe to transact business with them.

Avoid Careerbuilder.com (killerteacup.wordpress.com)

Category: Uncategorized | Tags: 2009, Gmail, GOOG, Google, Malware, McColo, Message transfer agent, MTA, Security, SPAM

RB | July 18, 2009

Comments Off

Weak PBX Passwords Cost $55 Million

Weak PBX Passwords Cost $55 Million The U.S. Justice Department unsealed indictments against three Filipino residents on 06-12-2009 for an international PBX hacking scheme. According to Security Fix, the three are accused of hacking into thousands of private telephone networks in the U.S. and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls and used the profits to help finance terrorist groups in Southeast Asia.

The U.S. government alleges that the people arrested in the Philippines were responsible for hacking private branch exchange (PBX) systems and voice mail systems owned by more than 2,500 companies worldwide. The indictments allege that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwords on the systems. According to Erez Liebermann, assistant U.S. attorney for New Jersey, “The default passwords were left open in most of these PBX systems.”

The government charges that Italian call center operators paid the hackers $100 for each hacked PBX system they found. The defendants are charged with computer hacking, conspiracy to commit wire fraud, and access device fraud. The case was filed in the U.S. District Court of New Jersey, the home of long-distance provider AT&T. The documents allege the thieves used the hacked PBX systems to relay more than 12 million minutes in unauthorized international phone calls, or $55 million worth of telephone charges.

According to Reuters the defendants allegedly sold access to the compromised systems to 40-year-old Pakistani Mohammed Zamir, the manager of a call center in Brescia, Italy. Italian authorities arrested Zamir and at least four other Pakistani men operating call centers throughout Northern Italy. According to the AP and Carlo De Stefano, head of Italy’s anti-terrorism police unit, much of the proceeds were sent to the Philippines and may have been forwarded to Islamic extremist groups in the region, including Al-Qaeda-linked Abu Sayyaf. “There are strong suspicions and some clues, but nothing concrete,” De Stefano said.

Rb-

No matter the system (TCM, VoIP, SIP, T’s) sloppy installation practices can make any type of system vulnerable. That’s why I always include a requirement that all manufacturer and VAR account passwords be changed before the equipment is brought on-site and that they are changed by the Owner at the time of acceptance of the system. I have started to back this up by tying this requirement to their PLM bond requirements.

We also recommend to our clients that they disable international calling by default on their system and only allow it as required, based on the concept of least privilege.

Category: Uncategorized | Tags: 2009, Hack, Networking, Passwords, PBX, Security

RB | July 13, 2009

Comments Off

Researchers Recycle LCDs into Meds

FastCompany reports that researchers at the University of York have discovered they can recycle waste polyvinyl-alcohol (PVA), from old LCD televisions for medical purposes. The researchers believe that PVA a material used in polarizing films on the front and back of LCD displays can be transformed into pills, dressings, and even a substance used in tissue scaffolds to help body parts regenerate. PVA isn’t normally used in these applications, but the researchers have figured out that it doesn’t provoke an immune system response, so it could be used in any number of medical settings.

Recycle LCD panel parts

The process for recycling PVA is simple according to the article. The process for creating “expanded PVA” suitable for medical use, involves dousing the material in water, microwaving it, and then washing it in ethanol.

The research “Expanding the potential for waste polyvinyl-alcohol” can be found on the Green Chemistry website. The paper was written by five academics in the University’s Department of Chemistry. Professor James Clark, director of the York Green Chemistry Centre of Excellence and one of the authors of the research, told EurekaAlert. “It is important that we find ways of recycling as many elements of LCDs as possible so we don’t simply have to resort to burying and burning them.”

Category: Uncategorized | Tags: 2009, Green, Hardware, Healthcare, LCD, Recycling

RB | July 11, 2009

Comments Off

USB Mario

Perhaps former Alaska Senator Ted Stevens was right, the Internet is just a bunch of tubes and finally, the plumber we need to fix the tubes is here!

This handcrafted Nintendo (7978) hero, stores 4GB of USB memory inside Mario sitting atop one of Mario Bros. famous question boxes. You can also store your data with Luigi, Koopa, a Gooba, or a shroom (when not sold out). Mario and is buddies are available at Etsy, from sgedra but you will have to wait since they are currently sold out.

Category: Uncategorized | Tags: 2009, Fun, Hardware, Mario Bros, Nintendo, Ted Stevens, USB

« Older Entries Recent Entries »

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Bach Seat

Tag Archive for 2009

Feds to Test IPv6

SPAM Continues to Grow

Related articles

Weak PBX Passwords Cost $55 Million

Researchers Recycle LCDs into Meds

Recycle LCD panel parts

USB Mario

Meta