CSCO | Bach Seat

Tag Archive for CSCO

RB | November 20, 2015

Comments Off

Shadiest Neighborhoods on the Web

The Internet is organized into domains. Readers of Bach Seat are familiar with the .net domain since you got here. You are also probably familiar with other web neighborhoods like .com where Facebook and Google live. The folks in charge of the Intertubes have added more neighborhoods or technically Top Level Domains (TLD), and now we have over 1,000 TLDs, many of which have only been around for the past two years.

This rapid growth raises questions about how well those in charge of these new TLD’s secure their neighborhood against malware and other threats. CSO Online explains that just like any city, the Web has neighborhoods where dubious activities often take place: spam, scams, the distribution of potentially unwanted software (PUS), malware, botnets, phishing, and other suspicious activity.

Web security and WAN optimization firm Blue Coat Systems (BCSI) regularly analyzes hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to track “shady activity” on the Web. In September, it released Do Not Enter: Blue Coat Research Maps the Web’s Shadiest Neighborhoods (PDF), with a list of the 10 top-level domains (TLDs) on the Web that are home to shady sites.

Blue Coat recommends that organizations take steps to protect themselves, including blocking traffic to the riskiest TLDs and cautioning users to be careful clicking on any links that contain these TLDs. It further suggests that users who are unsure of a source hover their mouse over a link to help verify that it leads to the address displayed in the text of the link, or “press and hold” links on a mobile device to do the same verification

Blue Coat’s list of TLDs most associated with shady sites is constantly in flux but here is their September list.

.review – The .review TLD is shady mostly due to scam sites, Blue Coat’s Larsen says. “Just looking at the list of domain names, I would say all of the top 15 are scam sites,” he adds, “.review does not seem to be making any effort whatsoever to keep the bad guys out.”

.country – The security firm says the .country TLD appears to have been colonized by scam networks that like to use a game/survey “reward” or “prize” as bait. Blue Coat’s Larsen told CSO there is a strong connection between some of the supporting ad networks on and known PUS networks (adware and spyware). Mr. Larson says, “So if you’d like to block that entire TLD on your Web gateway, I wouldn’t blame you.

.kim – The .kim TLD hosts some legitimate domains, most notably a Korean tech blog and several Turkish sites. According to Blue Coat, the TLD earned its shady online reputation due to the presence of scam networks linked to PUS, malware, and at least one domain that hosts a domain generation algorithm (DGA) used to pump out domain names that can be used with malware according to the blog.

.cricket – Named for the world’s second-most popular sport, the .cricket TLD is another shady neighborhood on the Web. The author notes that while home to some legitimate sites, researcher Larsen points to many instances of search engine poisoning. For instance, StarWarsMovie.cricket pulls lots of random Star Wars items into one place to get traffic — including images clearly lifted from other places.

.science – The .science TLD may be a victim of its own marketing. In trying to raise the TLD’s profile, the registry gave away free .science domains and became one of the shadiest TLD’s on the web. Blue Coat’s Larsen described their downfall in the CSO article. “Generally they tend to run into trouble when they run promotions for bulk registrations for really low prices … If you can register a domain for a buck, generally there will be bad guys there registering domains.” He says the .science domains seem to be largely associated with spam, and scam sites. The shady activity included a sizable network of ebook sites, which led to a download network that’s been associated with PUS activity in the past.
.work – The .work TLD seems to be more about spam and scams than malware, though Larsen’s team did find a few tentative connections to PUS networks. There were some legitimate sites, though Larsen notes that they might be worth blocking as well. Examples include a Turkish porn site.
.party – Mr, Larson told CSO that a number of the sites on the .party TLD may seem legitimate. However, he warns, “There are some yellow flags.” of search engine poisoning. The TLD also hosts a number of MP3 sites — probably piracy or something malicious. There’s also a site that hosts what appears to be a shady tracker.

.gq – The .gq TLD is the country code for Equatorial Guinea which Blue Coat’s Larson notes is in many ways a lifetime achievement award winner. He says, “If we look at all of the .gq sites … nearly 99 percent are shady”. Most of the abuse of .gq noted by Blue Coat has been in the form of search engine poisoning and many cookie-cutter “shady video” sites associated with PUS. It also features some “shocking video” spam/scam sites that spread via social media and a smattering of malware, phishing, and porn sites.

.link – The .link TLD is rife with porn content delivery networks and piracy sites, neither of which is counted as “shady” by Blue Coat. There are apparently a handful of legit sites in .link but beyond these legitimate domains are a host of survey scam sites. “Historically, it’s been a place for spammers to live,” Larsen says.

Of course, there are well-run TLD’s. The best according to Blue Coat are:

rb-

These TLD’s are why companies like BluseCoat, Websense, and OpenDNS are in business. (OK- Websense and OpenDNS are no longer stand-alone companies anymore. Websense was gobbled by defense contractor Raytheon and then spit out as ForcePoint and OpenDNS has been assimilated into Cisco (CSCO).

You can use these tools to just block almost anybody from going to these shady parts of the web for the reasons explained above.

Google Choose .XYZ Over .Com for Alphabet. Is .Com Irrelevant? (makeuseof.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2015, BCSI, Blue Coat Systems, Cisco, Cricket, CSCO, DNS, Domain name, Malware, Phishing, Raytheon, Security, SPAM, TLD, Top-level domain, WebSense

RB | October 30, 2015

Comments Off

Tech Titans Dodge Taxes

A recent report by the Center for Tax Justice (CTJ) on the use of tax havens in 2014, identified the 500 largest American companies hold more than $2.1 trillion in accumulated profits overseas to avoid U.S. taxes. The report found that one-quarter of that amount (549.7 billion) is hoarded abroad by ten tech companies alone, as the chart from Statista illustrates.

Among the tech titans hoarding cash, Apple (AAPL) has parked the largest amount of cash outside the United States. The article notes that the iPhone maker has stashed a whopping $181 billion overseas. That is almost twice as much as second-ranked Microsoft (MSFT) ($108.3b) and roughly three times the total of IBM (IBM), which ranks third in the tech-list with foreign cash holdings of $61.4 billion. Cisco (CSCO), ranked fourth, stands out with as many as 59 tax haven subsidiaries.

The top twenty tech firms in the order of the amount of money hoarded overseas in 2014 to cheat the taxman in 2014:

Apple
Microsoft
IBM
Cisco
Google (GOOG) $47,400 millions
HP (HPQ) $42,900 millions
Oracle (ORCL) $38,000 millions
Qualcomm (QCOM) $25,700 millions
Intel (INTC) $23,300 millions
EMC (EMC) $11,800 millions
Western Digital (WDC) $9,400 millions
Xerox (XRX) $8,500 millions
Ebay (EBAY) $7,900 millions
Cognizant Technology (CTSH) $6,121 millions
Agilent Technologies (A) $5,700 millions
Micron Technology (MU) $4,910 millions
Broadcom (BRCM) $4,850 millions
Symantec (SYMC) $3,600 millions
Computer Sciences (CSC) $2,552
Amazon (AMZN) $2,500 millions

Statista notes that the study found the number of tax haven subsidiaries is not directly connected to the amount of taxes dodged by a company. On the contrary, some companies now report fewer subsidiaries in tax haven countries than they did in 2008 while reporting significant increases in the amount of cash they hold abroad.

The study offers two possible explanations for this occurrence: First of all, some companies may choose not to report all of their subsidiaries because the SEC’s penalties for failing to do so are pretty lax and secondly companies could simply consolidate more income in fewer offshore subsidiaries, often in structures dubbed “Double Irish”.

This chart shows how much money U.S. tech companies hold in offshore subsidiaries to avoid U.S. taxes.

You will find more statistics at Statista

The CTJ claims U.S.-based multinational corporations are allowed to play by a different set of rules than small and domestic businesses or individuals when it comes to the tax code. Rather than paying their fair share, many multinational corporations like Apple, Cisco, Google, and Intel use accounting tricks to pretend for tax purposes that a substantial part of their profits are generated in offshore tax havens, countries with minimal or no taxes where a company’s presence may be as little as a mailbox. Multinational corporations’ use of tax havens allows them to avoid an estimated $90 billion in federal income taxes each year.

Congress, by failing to take action to end to this tax avoidance, forces ordinary Americans to make up the difference. Every dollar in taxes that corporations avoid by using tax havens must be balanced by higher taxes on individuals, cuts to public investments and public services, or increased federal debt.

The CTJ recommends the following steps to stop the abuse of offshore tax havens by the tech titans and restore fairness to the US tax system and reduce pressure on America’s budget deficit and improve the functioning of markets.

End incentives to shift profits and jobs offshore. The most comprehensive solution to ending tax haven abuse would be to stop permitting U.S. multinational corporations to indefinitely defer paying U.S. taxes on profits they attribute to their foreign subsidiaries. Ending “deferral” could raise nearly $900 billion over ten years, according to the report.

Reject the Creation of New Loopholes. Reject a “territorial” tax system. The CTJ estimates that switching to a territorial tax system could add almost $300 billion to the deficit over ten years.

Close the most egregious offshore loopholes. Policymakers can take some basic common-sense steps to curtail some of the most obvious and brazen ways that some companies abuse offshore tax-havens. Close the inversion loophole by treating an entity that results from a U.S.-foreign merger as an American corporation if the majority (as opposed to 80 percent) of voting stock is held by shareholders of the former American corporation. These companies should be treated as U.S. companies if they are managed and controlled in the U.S. and have significant business activities in the U.S.

Stop companies from shifting intellectual property (e.g. patents, trademarks, licenses) to shell companies in tax haven countries and then paying inflated fees to use them. This common practice allows companies to legally book profits that were earned in the U.S. to the tax haven subsidiary owning the patent. Limited reforms proposed by President Obama could save taxpayers $21.3 billion over ten years.

Stop companies from deducting interest expenses paid to their own offshore affiliates, which put off paying taxes on that income. This reform would save $51.4 billion over ten years, according to the CTJ.

Increase transparency. Require full and honest reporting to expose tax haven abuses. Multinational corporations should report their profits on a country-by-country basis so they can’t mislead each nation about the share of their income that was taxed in the other countries.

Michigan-based companies dodging the taxman in 2014 have hoarded almost $55 Billion according to the CTJ. With just a 1% tax on the withheld income, we could probably get the roads fixed. On the list ranked by millions held off-shore by Michigan based firms according to the CTJ are:

Dow Chemical $18,037 millions
General Motors $7,100 millions
Stryker $5,878 millions
Whirlpool $4,900 millions
Ford $4,300 millions
Autoliv $4,000 millions
TRW Automotive $3,400 millions
BorgWarner $2,700 millions
Kellogg $2,200 millions
Lear $1,200 millions
Penske $711 millions
Visteon $245 millions
Kelley Services $111 millions
Conway $32 millions
Masco $12 millions

China President Xi Jinping meets with Big Tech execs (money.cnn.com)

Category: Uncategorized | Tags: 2015, AAPL, Apple, Center for Tax Justice, Cisco, CSCO, IBM, Microsoft, MSFT, Policy, Politics, Security and Exchange Commission, Tax

RB | October 1, 2015

Comments Off

HPE Been Busy

HPE Been Busy HP (HPQ) has been busy since it divorced itself and spawned HP Enterprise and HP Inc. There has been more enterprise activity in the past month than in the past years, as the spun-out HP Enterprise (HPE) side of the tech megalith tries to make a more relevant name for itself.

HPE layoffs

First, Tim Stonesifer the CFO of the new HPE says that up to another 30,000 people will be laid off. The Business Insider reports these cuts will be focused on HP’s Enterprise Services Division, the consulting arm of the company.

During CEO Meg Whitman‘s tenure, HP has let go 85,000 workers with this latest round of layoffs. And they aren’t over yet claims CIO.com. Ms. Whitman and CFO Cathie Lesjak said that HP would lay off another 5% of staff.

Michigan lawsuit

More bad news as the State of Michigan announced it is suing HP. Michigan’s Secretary of State Ruth Johnson is charging HP with failing to deliver on a $49 million contract after 10 years, according to a press release from the state.

FierceCIO reports that the project was supposed to replace a legacy mainframe system that has run 131 Secretary of State offices. However, since 2005, and after $27.5 million was paid to the company, the state said that not a single promised function was delivered. In the press release she states:

I inherited a stalled project when I came into office in 2011 and, despite our aggressive approach to hold HP accountable and ensure they delivered, they failed … We have no choice but to take HP to court to protect Michigan taxpayers.

Michigan The state alleged that following a set of failed negotiations over the past few months, it rescinded its contract on Aug. 28 with a termination for cause letter. The article says the state argued, according to the terms of the contract, HP was supposed to provide support services for the state for some extended period of time. The state said that, instead, HP employees stopped reporting as of Aug. 31.

HP responded to a request for comment from FierceCIO with the following email statement: “It’s unfortunate that the state of Michigan chose to terminate the contract, but HP looks forward to a favorable resolution in court.”

HPE 3PAR

On the product side, HPE has updated the software that runs all of its HP 3PAR StoreServ Storage products to boost the performance of its SAN and other storage products an HP presser announced.

One of the changes to the HP 3PAR Operating System. HP has added a new feature in the HP 3PAR Priority Optimization software. Fierce Enterprise Communications reports that the software now enables users to set specific latency goals as low as 0.5 milliseconds in the hopes of ensuring consistent performance levels in multi-tenant environments. The intention is to boost the quality of service for improved application performance.

VMware support

For data protection, HPE also added support for VMware (VMW) vSphere 6.0 with VMware Virtual Volumes to StoreOnce Recovery Manager Central for VMware. The update also includes more granular recovery of individual virtual machines and files, simplifying data recovery.

With these changes, another Fierce Enterprise Communications article observes that HP is getting cozier in its relationship with VMware as the company unveiled new consulting and support services for VMware’s NSX SDN product.

There’s actually a laundry list of new aspects of the two companies’ partnership, according to the article. The partnership includes a variety of HP services and products that tie into different VMware software-defined data center and end-user computing products, but the networking aspect comes in the form of HP Network Virtualization Services.

The consulting and support services will be available starting in January 2016. According to an HP announcement at VMworld, the services were “designed to transform and operate the network when combining physical and virtual network resources, functionality and management to ready a network for virtualized cloud, network functions virtualization or SDI.”

HP plans to implement a novel idea by putting consulting and support services under the HP Network Virtualization Services umbrella to provide a 24/7/365 single place to connect with networking, virtualization, and NSX experts in the hopes of quickly resolving issues.

Security changes

On the security front, HP announced new enterprise security tools that can detect communications between malware and a remote server as well as uncover bugs in enterprise software using machine learning.

The first called HP DNS Malware Analytics, uses an algorithm to detect enterprise machines infected with malware by analyzing Domain Name System traffic between the devices and remote servers according to a FierceCIO article. A one-year subscription to HP DMA starts at $80,000 to analyze up to 5 million DNS packets per day. Frank Mong, vice president of solutions at HP Security, claims, “This solves the problem of finding an infected host that has been missed by anti-virus and endpoint security”.

HP also introduced HP Fortify scan analytics, machine-learning technology, as part of HP Fortify on Demand, which uses an enterprise’s app security data to improve the accuracy and efficiency of app security. This technology integrates into existing app security testing workflows, increasing the efficiency of the app security audit process and the relevancy of findings, HP explained.

rb-

Color me skeptical but I’m not sure that HP is the best horse for VMware to bet on in their battle with former partner Cisco (CSCO).

Category: Uncategorized | Tags: 2015, 3Par, Cisco, CSCO, Hardware, HP, HPQ, Lawsuit, Layoffs, Michigan, SDN, VMW, VMware, VSphere

RB | September 1, 2015

Comments Off

Cisco Loves Apple

Apple has announced a new partnership with network giant Cisco. If you believe Fortune, the goal is to sell more iPhones and iPads to business customers. The move is intended to make it easier for businesses to use Cisco products like its video, chat, and web conferencing services on Apple‘s (AAPL) mobile devices. Fortune says that no new products have been announced under the partnership.

In fact, this collaboration seems to be a deal looking for a plan. Rowan Trollope, Cisco’s senior vice president and general manager of Cisco’s collaboration technology group, told the author that both Cisco (CSCO) and Apple sales teams would soon meet with business leaders at other companies to discuss their technology needs. The conversations are intended to help give Cisco and Apple ideas about the products they will develop together. He also declined to confirm if any Cisco or Apple engineers are engaged or any timeline for when the new products will hit the market.

Even though there are no plans, the Cisco VP claimed that customers will be able to prioritize mobile traffic on their networks so that workers watching YouTube videos on their iPhones won’t hog all of a company’s bandwidth. Apparently, Cisco and Apple engineers will work on updating iOS Apple’s mobile operating system, to prioritize network traffic from Apple devices, which “would be difficult without a joint engineering project,” according to the article.

Prioritization would be a good start, iOS updates have crushed networks in the past. The number of hoops you have to jump through to make AppleTV’s Bonjour work on an enterprise network is stupid. Just proof that Apple is not ready for the enterprise.

Cisco has tried to create new product lines outside of its core networking and switching businesses to help boost its sales. Sales of its collaboration products are so stagnant that the firm has resorted to 85% discounts on telepresence gear.

Cisco has a history of buying consumer-orientated businesses like Apple, destroying the business, and then jettisoning the remains. Linksys and Flip Video come to mind.

Apple has also buddied up to IBM (IBM). The plan seems to be to add an IBM markup to overpriced Apple mobile devices. And then sell them to firms that have too much money. The combination has developed pushed-based apps that target specific industries, like healthcare or law enforcement.

rb-

The fanboyz are drooling over this deal – Apple Will Change the World (again?) – Maybe if they clean up their proprietary non-routable protocols.

It has been a while since Cisco has done something notable. Maybe new CIO Chuck Robbins will shake things up at Cisco now that King Chambers has mostly moved on.

Apple iOS passcode authentication vulnerability discovered by Vulnerability Lab (cyberwarzone.com)

Category: Uncategorized | Tags: 2015, AAPL, Apple, Apple TV, Bonjour, Business, Cisco, CSCO, Flip Video, IBM, IOS, iPhone, LinkSys, Telepresence, WebEx

RB | August 27, 2015

Comments Off

Back to School Cybersafety Resources

The new school year is here. If cybersafety is not on your “back to school” checklist, it should be. SecureWorld offered up a list of resources to help parents have a meaningful conversation about “cyber-safety” with their children. Parents need to talk with their kids about what they can do to protect themselves from the threats that are lurking online.

There are a variety of resources available that can help parents teach their children about the importance of Internet safety and privacy. Here are some recommended in the article.

In 2009, President Obama asked the Department of Homeland Security to create the Stop.Think.Connect. Campaign to help Americans understand the dangers that come with being online. The program stresses that cybersecurity is a shared responsibility. Parents can download a Cybersecurity for Kids tip card (PDF) that offers helpful hints and advice designed specifically for children.

ConnectSafely.org is a nonprofit organization dedicated to educating users of connected technology about safety, privacy and security. The website offers a number of Parent Guides, written by parents for parents, including:

The National Cybersecurity Alliance is an industry-led group, founded by the likes of Symantec (SYMC), Cisco (CSCO), Microsoft (MSFT), and EMC (EMC), whose mission is to educate and therefore empower a digital society to use (rb- their products) the Internet safely and securely at home, work and school.

Parents and teachers can download tips and resources from their website StaySafeOnline.org. The tip sheets are created specifically for different age groups ranging from kindergarten to college students. This site offers resources like:

Free Security Check-Up and Tools – Which has download locations for tools from A to W – Avast to Webroot. (as always use at your own risk).

Tip Sheets for:

The author states that industry professionals are also placing a high priority on preparing children for life in cyberspace. For instance, the (ISC)2 Foundation’s Safe and Secure Online program was introduced in 2006 in conjunction with Childnet International. They offer resources for parents which include Top 10 Tips for Parents (PDF) and the Parent-Child Commitment to Safety Agreement (PDF).

The Business Insider polled and a bunch of industry cyber security experts about what they teach their kids about the internet. The experts working in the field recommend you:

Start discussing online safety at an early age.
If you wouldn’t do it face to face – Don’t do it online.
Once you’ve written something you can’t delete it.
Not just to tell them the rules but also to spend the time/

You can read the rest of the tips at Business Insider here.

rb-

Good luck, you will need it.

Talk to your students about cyber safety – Staysafe.org’s guide on Internet Safety for Teens: https://www.staysafe.org/teens/

Family Cyber Security [Video] (drdonysreviews.com)

Category: Uncategorized | Tags: (ISC)2, 2015, Cisco, ConnectSafely.org, CSCO, Cyberbullying, DHS, EMC, K12, Microsoft, MSFT, NCSA, PII, Safety, Security, Symantec, SYMC

« Older Entries Recent Entries »

Bach Seat

Tag Archive for CSCO

Shadiest Neighborhoods on the Web

Related articles

Tech Titans Dodge Taxes

Related articles

HPE Been Busy

HPE layoffs

Michigan lawsuit

HPE 3PAR

VMware support

Security changes

Cisco Loves Apple

Related articles

Back to School Cybersafety Resources

Related articles

Meta