Craig Butler

Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others

October 21, 2016 , 10:01 am

IoT Botnets Are The New Normal of DDoS Attacks

October 5, 2016 , 8:51 am

Leftover Factory Debugger Doubles as Android Backdoor

October 14, 2016 , 9:00 am

Backdoor Found in Firmware of Some Android Devices

November 21, 2016 , 3:20 pm

Threatpost News Wrap, November 18, 2016

November 18, 2016 , 9:15 am

iPhone Call History Synced to iCloud Without User Consent, Knowledge

November 17, 2016 , 1:51 pm

Microsoft Patches Zero Day Disclosed by Google

November 8, 2016 , 2:57 pm

Microsoft Says Russian APT Group Behind Zero-Day Attacks

November 1, 2016 , 5:50 pm

Google to Make Certificate Transparency Mandatory By 2017

October 29, 2016 , 6:00 am

Microsoft Extends Malicious Macro Protection to Office 2013

October 27, 2016 , 4:27 pm

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers

October 25, 2016 , 3:00 pm

Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers

October 22, 2016 , 6:00 am

FruityArmor APT Group Used Recently Patched Windows Zero Day

October 20, 2016 , 7:00 am

Experts ‘Outraged’ by Warrant Demanding Fingerprints to Unlock Smartphones

October 18, 2016 , 4:58 pm

Researchers Break MarsJoke Ransomware Encryption

October 3, 2016 , 5:00 am

OpenSSL Fixes Critical Bug Introduced by Latest Update

September 26, 2016 , 10:45 am

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

September 22, 2016 , 3:47 pm

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

September 22, 2016 , 12:31 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

Serious Dirty Cow Linux Vulnerability Under Attack

October 21, 2016 , 11:21 am

Facebook Debuts Open Source Detection Tool for Windows

September 27, 2016 , 12:24 pm

Popular Android App Leaks Microsoft Exchange User Credentials

October 14, 2016 , 8:00 am

Cisco Warns of Critical Flaws in Nexus Switches

October 7, 2016 , 10:55 am

Free Tool Protects Mac Users from Webcam Surveillance

October 7, 2016 , 7:00 am


Threatpost | The first stop for security news

</head><body id="readabilityBody"> </p> <p>%PDF-1.6 %äãÏÒ 1 0 obj [/PDF/ImageB/ImageC/ImageI/Text] endobj 4 0 obj <</Length 5 0 R /Filter/FlateDecode >> stream xœ endstream endobj 5 0 obj 8 endobj 6 0 obj <</Subtype/Image /Width 150 /Height 150 /BitsPerComponent 8 /ColorSpace/DeviceRGB /Filter/FlateDecode /Length 7 0 R >> stream xœígx]ŵ÷!!›póá^¾¼onè á’¼¸@hƒ &6„zÁÀIè6ظɲ-˲%Y]Vï½Z½ËjVï½Ë²lÉr’ûþgÖÞsf—st$ ‰÷³=Gçì}ÊþíµÖÍ̞ùßÿ=¿ßÎoç·óÛùíüv~;¿ßÎosޞjk﬩­/.-ËÍ/ŒOLŽKHŽOŠ‰KŒŽM€EÅÄGFÇEDņGÆÀÂ"¢³sóaûË*êšpøää‘sý;þ…¶écÇúúªkëò ŠSÓ3SÒ2RR÷%§¦'¥¤'&§%$ ¥Æ'¦Ø14<*$ ,’,($ †7))-ëìꞜœ<׿òŸm;yêÔÀà`]}#\,3+7#3g_FvzFVÚ¾,Sˆx”’Ãㄤ”ø4ŽJƒÃ‚BaØ­¨¤´£³ëÌ™3çúׇ·S§N WVUçææä îeåäefç ˆY9YÙyx>'¯ûäååçåãùþ2tÎ:…œ@ASÑ? æ·7(;'ï<Ê9m_~ùåÁƒãÈP…%ŒHAˆˆpâ’â’²Òýå°XiYqÉþ¢âÒ¢Råû ê<~Ë<484BÑ×?–•Û××®OÏ·z;}útOoyE•ŽHAa10••WÂ+*À°þ…YXˆ"‡Â7‘4]÷†È}üÂ#£Tל>ï’Ú ì !tD`eåUªkkjêªkêð ê@Í7 QÄXDW¢·ïހÀ|¹cÇfÎõ™;÷ÛéÓgÚ;:C&@5µu MP/0T ç"R. ½|üaˆêǎ;×gñÜlÐ=½} "pà/56575·66µ€à· "B+4R¤qo@peÕ\ŠçúŒ~£ÛÈÈh}}#p"õ -­íÜÚš[Zç€âyáŸèéåóðòñðdæã»72:6" ¥DtjzÆÙ@¤b)R@ôôöójmm;×çõ›ØŽÍ̀b$ pÔp …@ kkïhmë°bfVNDd´¯_Àf‡­«×¬]õ—÷ædŸ­]¿~ÃfW7$ 50š+DªAWD/ß„Ääééés}Ž¿® eÂððáA–è›;;»;»z cPsÙ1'7?4,b‡³Ë~2Wd¶íãO>Å•àíãrÞ~ˆpFè$ Gq§OEeÕ¹>Ù¿Í?ÞÖÖÑÐØL8ðà»z»º{f…˜_Päãë¿æÓu6¼òÖÊ'þôâ²Wž¾ý™mö­úÏvûò«¯úú…CØ ã¯mˆyù.»\§§Ôpædkñ•,¹ò‚¯ºàÁ«/xèê–’]sÁÃ’á_z;`7ìŒCp aå@q1€&|Ùø¹[·CÙΈˆJÝ=¼‹JJq ŸkóÜNž< 4¡ÀhxddxdthxÄÄä”´›¶Áýæ©E?yðj„ì!"uí¿¿ö‚e?g¶üç.ÿÅ…»Ž›úïò_`eO‚qøC*P•&>׉åºÏ7BºÌ 184冀ˆˆzêÔésMcn®:hN!‡‚ µ±°¨dÓf ;d+8ÅO–¨à«ÔàS„Œ`=z³?üòÂÇ`×3{ÜŠÑ«Ø ;ÓQ€é/T *M|G g_üâãFŽÁa¶!Rù/ b¤’sÅÞ ø¦¦¦ETăѱƒÇ·±¾¡i»ÓN,¹þñ».yà*Åãdp‚Ú~©Àzâ¿™=yÃ…OÁ~uáa¿fö´dô^ÂØ ;ÓQ„•€M%÷J| ¸¤Nü8lÙp¶!"¢ ˆÐ9€ø폨ø†GQ±·¯ÿÐÄaØø¡ Sˆ cdÇÒ9ÅIœêhDíIÎtžý¿Ÿåö܍°ïÁž7‰í‰Cžápñ&TÐ|ä: Jî’—</p> <p>hbàÛ‘ÉÎC‡xTì<:<9 ›8<em>< ß)1Saw­Âî:pÌ}TjŒ‡uË^æöÊÿ0•Ûk·êž§hș⭚ÏÞ¨¢T½RqIž(UüɃס–Ñ8ãn÷ï4D|Ÿ#GŽ"¯A±"ßôô1dCSˆí]H"²Î¼lé L«È~GiŽ±»%/îq8Ãßþ7½À½ì%Áú춬 »Ùë£çiìü'+}é–‹š„’åy€\I”ÄW]ô3TrPÝ°Ñྋ™t™ž;„ÁËffŽ;6c ±¤´ì£×ˆ_ˆÄÂ&i•¥×hüîIbÇC¥î•[,Ôˆè¼ûíVÂîøÁ›6 ;`7ìü†Àʁ š„’%°:Ž"®rƒ ºì•§ÅÏY½fíÞÀ¨˜øY!"'BÞ 2é25…° ×DÈ­|3…˜¾/CÎz¬0®GZå×éØ1§C¨D{Y€ãNôºŠŒ¸¼uÇÅoÝyñŸ™]ò6Ù]cÏÓ>؇¨L9Ð×µ(™Wr—4áxÝ…¤sTg¼þñ»…3"¢Bº|W âÓOœ<É_? "Á?~ü„ºé É bJÖ[r•%lB<°|§cG¡Rõ8œJ ,Ö;ÜÞ…ÝÍl•£WßU÷û®‹9S…&ÞÖ‚òVö¡ŠKj9âKB²Š ú û!—=ü+¹Àm—=ƒCOœ8y® âsÏœ9ƒŠ‚ƒÃàj¦ƒÅ¯C¬DNR,Ë¥°ù4Ïwzv</em></p> <p><em><¸¿ª¢¯¿ dÒˆK\Eå scÍãÌø6:̘Ê6vp“v¦Ã‡GG¡+z{Ÿpû{¥–ãJ®]Wˆ *9ãSŠ¼a5#~2û¢ŸÉU¿ËnwkEÛ)T Nà7Ÿrúôé¶6Ö㈤(ñP&!ÊÁSÅw•Š‰OœÏßȲÞË·8„{Jø¬²£ '\Ž£;8ÓÑDÄǬö=áþ!eLŽ¯ËΨfFüüJ‹ñþËïy~¹=ÂFôbÄÆ'"1ñ)==}ˆs-­pÁnülüp#ÄŒŒ,}ðTðqÝB‰O-¼RxíÖŠÚjÆÎßȈÀGìdp4ãcãÌ*vH5ö/½dŠ²§§¿qÏG,]Êßæ5ˆT¹3òˆjø„¢6œúúšBý‰ûËʿ÷ªÆ¦–¦æV@c'P±¬¼Â€ïJ->%ñ)¢gcÅíHõ  àé âÌoqÜ&ÊvV÷‘òÔãSKªV²"8«ë vÚyhVj¶iâÍò¦§¦5ûúžÄîSjáŒoßÅ"*j‘M ruºøJÔ‰¢Øwزîg4B¥š¾ŽXʺݏ«­k¨«oD¤œm#ÄаÑhÆZ]¨l_FÊSÉŠ÷½ªâ“zïÜ‚føT¹b…‘"·Ã‡›ë¯œŸÐÕ××_XXˆ ö•´"û“žÿÛ÷iœQŽ¨zˆBØP‰ÁŠýËþ•H+î{¼L!î ¡!‹ªÐKáÚÍÍ-5µõ€ J ¡2ÄŠÊ*ñ=Y›çý—+eû£¼p ´4«««KKKQ ˆñ¾ Ä÷­AdÂF)1Pìã‡?¦ªžE†»‡·)D1Œ?/¿p¡$ ç±²ªºê@ ¢ìêîÑA¬®©ñ󲥿’ÒW/HîÏ)e;Sà$ ]´øpN@p|ÂõLØ8…ÑáÙÌBSEYVV¶ÿþŽŽS‚ˆ-RÒ¢" ¥Nä-6BÕP,}àŠë¿[ÄR1PJ†ˆX*n¨™šš:7$ „t©¨<ˆM͝]ÝÔš-CtÚ±S–`ñóÁ«ôéïß V8@ÈQîøpN::;mà3u=…mjG¸ÙD‰ü[^^ˆMMMÖ ˆ[¬AdêT­_¾E‘¦"!bé¶íÎòl¢¸+ª¸¤ôì݈äN7÷`ÔoÍ–!æäækô§!~*ê‰~Åm¬~ëÖŠŇsÒÙÙi ܼ­½S±ÅÚë:{kjj©¬¨Äææf bÿ€Q §¼Ä`u"µØ0Us‹šo`Jà%–ʺg„ˆXJ÷'ú¥ª°iY ¢Ž­Ù2ÄÏÖ®·4¿þ¤òÇÏï='ÒßmL³!ý1Æر¢UU¢m‚:OÔQm±áª†%Dc,½ÿrÑÚæà¸]7ï A„IJòŠ³qC8 ®>k 6·°¶PÄ”Ôt1ÎS¦?Y¿ƒ6~jÒŸ„ïC†ïÇŸ<ÐÙÙ%)OCð”#§.l9:yT¶©#dSS_šdf9¤¥¹åÀj‚8+Á¯ŒÂæ=QìKªÆKÕâºôák/XråO¼NHxœ"|“n÷FÝqòäü;ñ¿øâÀ*)-DȨPjЖ!Zq@¡?¥ø)ÒÔáŸãûˆá»t5'¨-¬á“sÜ¬àŽªfJ“Ž­©©…J#ˆ8cöBP!¾/ Ê Q©-º”j¸¤ÝO[·g DqÏ>NõWóª Ù˜'àzÅ%û±¶*¦U1#3[€úS-´éð-úñÇ÷ߥkƒ ¦Ée6K-óY,½‰±‘%Í’«.Y|µÈ†tW”"jCš=#m_æ©S§æá†ø†ÃÃ#…E¥EÅ¥ˆ¢¨©KB†¸mûÈÌ-l|éOmü$ õ"ð]úéx´Q|ŠÆ1=>«ì,°¦¦MGG!«¢œkkëfffæ1Î÷ߌ±”t)~>IJÙpç.Wã\p JS  '>|x®-¥Ô[[ßPPXˆ4S"Ô© RÔ: "`HJñSJ—®¾Å—~¶¤‹Ôâ›°Ÿ`'HM6£šòŒåÀÀ@CCƒžØÓÓ348„¯sôèQÄ"{ J ‘ÅRE—šº!²áb– Emh:¡Ÿ˜Çæ@u 2Úœ‚øôôta1M©TRS[‚:ˆ~þ–PvÀ'ŒÈéOKü>‹^úÙƒŒ Yüäø&'fç73›)(q`gª‰</em></p> <p></body></div> <div><html xmlns="http://www.w3.org/1999/xhtml"><head><title/></head><body id="readabilityBody"> </p> <p>%PDF-1.6 %äãÏÒ 1 0 obj [/PDF/ImageB/ImageC/ImageI/Text] endobj 4 0 obj <</Length 5 0 R /Filter/FlateDecode >> stream xœ endstream endobj 5 0 obj 8 endobj 6 0 obj <</Subtype/Image /Width 150 /Height 150 /BitsPerComponent 8 /ColorSpace/DeviceRGB /Filter/FlateDecode /Length 7 0 R >> stream xœígx]ŵ÷!!›póá^¾¼onè á’¼¸@hƒ &6„zÁÀIè6ظɲ-˲%Y]Vï½Z½ËjVï½Ë²lÉr’ûþgÖÞsf—st$ ‰÷³=Gçì}ÊþíµÖÍ̞ùßÿ=¿ßÎoç·óÛùíüv~;¿ßÎosޞjk﬩­/.-ËÍ/ŒOLŽKHŽOŠ‰KŒŽM€EÅÄGFÇEDņGÆÀÂ"¢³sóaûË*êšpøää‘sý;þ…¶écÇúúªkëò ŠSÓ3SÒ2RR÷%§¦'¥¤'&§%$ ¥Æ'¦Ø14<*$ ,’,($ †7))-ëìꞜœ<׿òŸm;yêÔÀà`]}#\,3+7#3g_FvzFVÚ¾,Sˆx”’Ãㄤ”ø4ŽJƒÃ‚BaØ­¨¤´£³ëÌ™3çúׇ·S§N WVUçææä îeåäefç ˆY9YÙyx>'¯ûäååçåãùþ2tÎ:…œ@ASÑ? æ·7(;'ï<Ê9m_~ùåÁƒãÈP…%ŒHAˆˆpâ’â’²Òýå°XiYqÉþ¢âÒ¢Råû ê<~Ë<484BÑ×?–•Û××®OÏ·z;}útOoyE•ŽHAa10••WÂ+*À°þ…YXˆ"‡Â7‘4]÷†È}üÂ#£Tל>ï’Ú ì !tD`eåUªkkjêªkêð ê@Í7 QÄXDW¢·ïހÀ|¹cÇfÎõ™;÷ÛéÓgÚ;:C&@5µu MP/0T ç"R. ½|üaˆêǎ;×gñÜlÐ=½} "pà/56575·66µ€à· "B+4R¤qo@peÕ\ŠçúŒ~£ÛÈÈh}}#p"õ -­íÜÚš[Zç€âyáŸèéåóðòñðdæã»72:6" ¥DtjzÆÙ@¤b)R@ôôöójmm;×çõ›ØŽÍ̀b$ pÔp …@ kkïhmë°bfVNDd´¯_Àf‡­«×¬]õ—÷ædŸ­]¿~ÃfW7$ 50š+DªAWD/ß„Ääééés}Ž¿® eÂððáA–è›;;»;»z cPsÙ1'7?4,b‡³Ë~2Wd¶íãO>Å•àíãrÞ~ˆpFè$ Gq§OEeÕ¹>Ù¿Í?ÞÖÖÑÐØL8ðà»z»º{f…˜_Päãë¿æÓu6¼òÖÊ'þôâ²Wž¾ý™mö­úÏvûò«¯úú…CØ ã¯mˆyù.»\§§Ôpædkñ•,¹ò‚¯ºàÁ«/xèê–’]sÁÃ’á_z;`7ìŒCp aå@q1€&|Ùø¹[·CÙΈˆJÝ=¼‹JJq ŸkóÜNž< 4¡ÀhxddxdthxÄÄä”´›¶Áýæ©E?yðj„ì!"uí¿¿ö‚e?g¶üç.ÿÅ…»Ž›úïò_`eO‚qøC*P•&>׉åºÏ7BºÌ 184冀ˆˆzêÔésMcn®:hN!‡‚ µ±°¨dÓf ;d+8ÅO–¨à«ÔàS„Œ`=z³?üòÂÇ`×3{ÜŠÑ«Ø ;ÓQ€é/T *M|G g_üâãFŽÁa¶!Rù/ b¤’sÅÞ ø¦¦¦ETăѱƒÇ·±¾¡i»ÓN,¹þñ».yà*Åãdp‚Ú~©Àzâ¿™=yÃ…OÁ~uáa¿fö´dô^ÂØ ;ÓQ„•€M%÷J| ¸¤Nü8lÙp¶!"¢ ˆÐ9€ø폨ø†GQ±·¯ÿÐÄaØø¡ Sˆ cdÇÒ9ÅIœêhDíIÎtžý¿Ÿåö܍°ïÁž7‰í‰Cžápñ&TÐ|ä: Jî’—</p> <p>hbàÛ‘ÉÎC‡xTì<:<9 ›8<em>< ß)1Saw­Âî:pÌ}TjŒ‡uË^æöÊÿ0•Ûk·êž§hș⭚ÏÞ¨¢T½RqIž(UüɃס–Ñ8ãn÷ï4D|Ÿ#GŽ"¯A±"ßôô1dCSˆí]H"²Î¼lé L«È~GiŽ±»%/îq8Ãßþ7½À½ì%Áú춬 »Ùë£çiìü'+}é–‹š„’åy€\I”ÄW]ô3TrPÝ°Ñྋ™t™ž;„ÁËffŽ;6c ±¤´ì£×ˆ_ˆÄÂ&i•¥×hüîIbÇC¥î•[,Ôˆè¼ûíVÂîøÁ›6 ;`7ìü†Àʁ š„’%°:Ž"®rƒ ºì•§ÅÏY½fíÞÀ¨˜øY!"'BÞ 2é25…° ×DÈ­|3…˜¾/CÎz¬0®GZå×éØ1§C¨D{Y€ãNôºŠŒ¸¼uÇÅoÝyñŸ™]ò6Ù]cÏÓ>؇¨L9Ð×µ(™Wr—4áxÝ…¤sTg¼þñ»…3"¢Bº|W âÓOœ<É_? "Á?~ü„ºé É bJÖ[r•%lB<°|§cG¡Rõ8œJ ,Ö;ÜÞ…ÝÍl•£WßU÷û®‹9S…&ÞÖ‚òVö¡ŠKj9âKB²Š ú û!—=ü+¹Àm—=ƒCOœ8y® âsÏœ9ƒŠ‚ƒÃàj¦ƒÅ¯C¬DNR,Ë¥°ù4Ïwzv</em></p> <p><em><¸¿ª¢¯¿ dÒˆK\Eå scÍãÌø6:̘Ê6vp“v¦Ã‡GG¡+z{Ÿpû{¥–ãJ®]Wˆ *9ãSŠ¼a5#~2û¢ŸÉU¿ËnwkEÛ)T Nà7Ÿrúôé¶6Ö㈤(ñP&!ÊÁSÅw•Š‰OœÏßȲÞË·8„{Jø¬²£ '\Ž£;8ÓÑDÄǬö=áþ!eLŽ¯ËΨfFüüJ‹ñþËïy~¹=ÂFôbÄÆ'"1ñ)==}ˆs-­pÁnülüp#ÄŒŒ,}ðTðqÝB‰O-¼RxíÖŠÚjÆÎßȈÀGìdp4ãcãÌ*vH5ö/½dŠ²§§¿qÏG,]Êßæ5ˆT¹3òˆjø„¢6œúúšBý‰ûËʿ÷ªÆ¦–¦æV@c'P±¬¼Â€ïJ->%ñ)¢gcÅíHõ  àé âÌoqÜ&ÊvV÷‘òÔãSKªV²"8«ë vÚyhVj¶iâÍò¦§¦5ûúžÄîSjáŒoßÅ"*j‘M ruºøJÔ‰¢Øwزîg4B¥š¾ŽXʺݏ«­k¨«oD¤œm#ÄаÑhÆZ]¨l_FÊSÉŠ÷½ªâ“zïÜ‚føT¹b…‘"·Ã‡›ë¯œŸÐÕ××_XXˆ ö•´"û“žÿÛ÷iœQŽ¨zˆBØP‰ÁŠýËþ•H+î{¼L!î ¡!‹ªÐKáÚÍÍ-5µõ€ J ¡2ÄŠÊ*ñ=Y›çý—+eû£¼p ´4«««KKKQ ˆñ¾ Ä÷­AdÂF)1Pìã‡?¦ªžE†»‡·)D1Œ?/¿p¡$ ç±²ªºê@ ¢ìêîÑA¬®©ñ󲥿’ÒW/HîÏ)e;Sà$ ]´øpN@p|ÂõLØ8…ÑáÙÌBSEYVV¶ÿþŽŽS‚ˆ-RÒ¢" ¥Nä-6BÕP,}àŠë¿[ÄR1PJ†ˆX*n¨™šš:7$ „t©¨<ˆM͝]ÝÔš-CtÚ±S–`ñóÁ«ôéïß V8@ÈQîøpN::;mà3u=…mjG¸ÙD‰ü[^^ˆMMMÖ ˆ[¬AdêT­_¾E‘¦"!bé¶íÎòl¢¸+ª¸¤ôì݈äN7÷`ÔoÍ–!æäækô§!~*ê‰~Åm¬~ëÖŠŇsÒÙÙi ܼ­½S±ÅÚë:{kjj©¬¨Äææf bÿ€Q §¼Ä`u"µØ0Us‹šo`Jà%–ʺg„ˆXJ÷'ú¥ª°iY ¢Ž­Ù2ÄÏÖ®·4¿þ¤òÇÏï='ÒßmL³!ý1Æر¢UU¢m‚:OÔQm±áª†%Dc,½ÿrÑÚæà¸]7ï A„IJòŠ³qC8 ®>k 6·°¶PÄ”Ôt1ÎS¦?Y¿ƒ6~jÒŸ„ïC†ïÇŸ<ÐÙÙ%)OCð”#§.l9:yT¶©#dSS_šdf9¤¥¹åÀj‚8+Á¯ŒÂæ=QìKªÆKÕâºôák/XråO¼NHxœ"|“n÷FÝqòäü;ñ¿øâÀ*)-DȨPjЖ!Zq@¡?¥ø)ÒÔáŸãûˆá»t5'¨-¬á“sÜ¬àŽªfJ“Ž­©©…J#ˆ8cöBP!¾/ Ê Q©-º”j¸¤ÝO[·g DqÏ>NõWóª Ù˜'àzÅ%û±¶*¦U1#3[€úS-´éð-úñÇ÷ߥkƒ ¦Ée6K-óY,½‰±‘%Í’«.Y|µÈ†tW”"jCš=#m_æ©S§æá†ø†ÃÃ#…E¥EÅ¥ˆ¢¨©KB†¸mûÈÌ-l|éOmü$ õ"ð]úéx´Q|ŠÆ1=>«ì,°¦¦MGG!«¢œkkëfffæ1Î÷ߌ±”t)~>IJÙpç.Wã\p JS  '>|x®-¥Ô[[ßPPXˆ4S"Ô© RÔ: "`HJñSJ—®¾Å—~¶¤‹Ôâ›°Ÿ`'HM6£šòŒåÀÀ@CCƒžØÓÓ348„¯sôèQÄ"{ J ‘ÅRE—šº!²áb– Emh:¡Ÿ˜Çæ@u 2Úœ‚øôôta1M©TRS[‚:ˆ~þ–PvÀ'ŒÈéOKü>‹^úÙƒŒ Yüäø&'fç73›)(q`gª‰</em></p> <p></body></html></div> <p><img src="http://pixel.quantserve.com/pixel/p-89EKCgBk8MZdE.gif" border="0" height="1" width="1" /><br /> <a rel="nofollow" href="https://www.sans.org/reading-room/whitepapers/incident/bgp-hijinks-hijacks-incident-response-backbone-enemy-37422">SANS Information Security Reading Room</a></p> <!-- /article-content --> </div> <div class="cleared"></div> <div class="romeo-postfootericons romeo-metadata-icons"><span class="romeo-postcategoryicon"><span class="categories">Posted in</span> <a href="http://www.ineedachick.com/category/uncategorized/" rel="category tag">Uncategorized</a></span> | <span class="romeo-posttagicon"><span class="tags">Tagged</span> <a href="http://www.ineedachick.com/tag/backbone/" rel="tag">Backbone</a>, <a href="http://www.ineedachick.com/tag/enemy/" rel="tag">Enemy</a>, <a href="http://www.ineedachick.com/tag/hijacks/" rel="tag">Hijacks</a>, <a href="http://www.ineedachick.com/tag/hijinks/" rel="tag">Hijinks</a>, <a href="http://www.ineedachick.com/tag/incident/" rel="tag">Incident</a>, <a href="http://www.ineedachick.com/tag/response/" rel="tag">Response</a></span> | <span class="romeo-postcommentsicon"><a href="http://www.ineedachick.com/bgp-hijinks-and-hijacks-incident-response-when-your-backbone-is-your-enemy/#respond">Leave a comment</a></span></div> </div> <div class="cleared"></div> </div> </div> <div class="romeo-box romeo-post post-2732 post type-post status-publish format-standard has-post-thumbnail hentry category-uncategorized tag-attack tag-buys tag-cyber tag-oracle tag-target" id="post-2732"> <div class="romeo-box-body romeo-post-body"> <div class="romeo-post-inner romeo-article"> <div class="romeo-postmetadataheader"><h2 class="romeo-postheader"><a href="http://www.ineedachick.com/oracle-buys-cyber-attack-target-dyn/" rel="bookmark" title="Oracle Buys Cyber Attack Target Dyn">Oracle Buys Cyber Attack Target Dyn</a></h2><div class="romeo-postheadericons romeo-metadata-icons"><span class="romeo-postdateicon"><span class="date">Published</span> <span class="entry-date" title="11:38 pm">November 21, 2016</span></span> | <span class="romeo-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="http://www.ineedachick.com/author/craig-butler/" title="View all posts by Craig Butler">Craig Butler</a></span></span></div></div><div class="avatar alignleft"><a href="http://www.ineedachick.com/oracle-buys-cyber-attack-target-dyn/" title="Oracle Buys Cyber Attack Target Dyn"><img width="16" height="14" src="http://www.ineedachick.com/wp-content/uploads/2016/11/tag_icon-7.jpg" class="attachment-128x128 size-128x128 wp-post-image" alt="" title="Oracle Buys Cyber Attack Target Dyn" /></a></div> <div class="romeo-postcontent"> <!-- article-content --> <div> <p><span class="c10"><strong>Oracle on Monday announced it is buying Dyn, a Web traffic management firm recently hit with a cyber attack that closed off the internet to millions of users.</strong></span></p> <p><span class="c10">Business software and hardware titan Oracle did not disclose financial terms of the deal to acquire US-based Dynamic Network Services Inc, or Dyn.</span></p> <p><span class="c10">Oracle planned to enhance its own offerings with Dyn's expertise in monitoring, controlling, and optimizing cloud-based internet applications and managing online traffic.</span></p> <p><span class="c10">"Dyn's immensely scalable and global DNS is a critical core component and a natural extension to our cloud computing platform," Oracle product development president Thomas Kurian said in a release.</span></p> <p><span class="c10">Dyn was the target of cyber attacks that pounded the underpinnings of the internet in October, crippling Twitter, Netflix and other major websites with the help of once-dumb devices made smart with online connections.</span></p> <p><span class="c10">The onslaught incapacitated a crucial piece of internet infrastructure, taking aim at a service entrusted to guide online traffic to the right places by turning website names people know into addresses computers understand.</span></p> <p><span class="c10">The hacker was probably a disgruntled gamer, an expert whose company closely monitored the attack said last week.</span></p> <p><span class="c10">Dale Drew, chief security officer for Level 3 Communications, which mapped out how the October 21 attack took place, told a Congressional panel that the person had rented time on a botnet -- a network of web-connected machines that can be manipulated with malware -- to level the attack.</span></p> <p><span class="c10">Using a powerful malicious program known as Mirai, the attacker harnessed some 150,000 "Internet of Things" (IoT) devices such as cameras, lightbulbs and appliances to overwhelm Dyn systems, according to Drew.</span></p> <p><span class="c10">Dyn has more than 3,500 customers including Netflix, Twitter, and CNBC, making tens of billions of online traffic optimizing decisions daily, according to Oracle.</span></p> <div class="ad_in_content c12"> <p><img src="http://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1296" height="0" width="0" alt="view counter" /></p> </p></div> <div class="sharethis"> <div class="c8"><img class="c7" src="http://www.ineedachick.com/wp-content/uploads/2016/11/RSS-Icon-7.png" /></div> </p></div> <div class="author_content"> <div class="author_text"> <p><img src="http://www.ineedachick.com/wp-content/uploads/2016/11/picture-86-2.png" alt="" title="" width="68" height="40" class="imagecache imagecache-auth_story" /></p> <p> © AFP 2016</p></div> </p></div> <div class="author-terms"> <div class="terms"><img height="14" width="16" alt="" src="http://www.ineedachick.com/wp-content/uploads/2016/11/tag_icon-7.jpg" /><strong>Tags:</strong> </p> <ul class="links"> <li class="taxonomy_term_33 first">NEWS & INDUSTRY</li> <li class="taxonomy_term_2">Security Infrastructure</li> <li class="taxonomy_term_6 last">Management & Strategy</li> </ul> </div></div> <p> <noscript> </noscript></div> <p><img src="http://pixel.quantserve.com/pixel/p-89EKCgBk8MZdE.gif" border="0" height="1" width="1" /><br /> <a rel="nofollow" href="http://feedproxy.google.com/~r/Securityweek/~3/J47L2GzuyEQ/oracle-buys-cyber-attack-target-dyn">SecurityWeek RSS Feed</a></p> <!-- /article-content --> </div> <div class="cleared"></div> <div class="romeo-postfootericons romeo-metadata-icons"><span class="romeo-postcategoryicon"><span class="categories">Posted in</span> <a href="http://www.ineedachick.com/category/uncategorized/" rel="category tag">Uncategorized</a></span> | <span class="romeo-posttagicon"><span class="tags">Tagged</span> <a href="http://www.ineedachick.com/tag/attack/" rel="tag">attack</a>, <a href="http://www.ineedachick.com/tag/buys/" rel="tag">buys</a>, <a href="http://www.ineedachick.com/tag/cyber/" rel="tag">Cyber</a>, <a href="http://www.ineedachick.com/tag/oracle/" rel="tag">Oracle</a>, <a href="http://www.ineedachick.com/tag/target/" rel="tag">Target</a></span> | <span class="romeo-postcommentsicon"><a href="http://www.ineedachick.com/oracle-buys-cyber-attack-target-dyn/#respond">Leave a comment</a></span></div> </div> <div class="cleared"></div> </div> </div> <div class="romeo-box romeo-post post-2668 post type-post status-publish format-standard has-post-thumbnail hentry category-ransonware tag-attacks tag-ninetyfive tag-percent tag-webshell tag-written" id="post-2668"> <div class="romeo-box-body romeo-post-body"> <div class="romeo-post-inner romeo-article"> <div class="romeo-postmetadataheader"><h2 class="romeo-postheader"><a href="http://www.ineedachick.com/ninety-five-percent-of-webshell-attacks-written-in-php/" rel="bookmark" title="Ninety-Five Percent of Webshell Attacks Written in PHP">Ninety-Five Percent of Webshell Attacks Written in PHP</a></h2><div class="romeo-postheadericons romeo-metadata-icons"><span class="romeo-postdateicon"><span class="date">Published</span> <span class="entry-date" title="10:39 am">November 20, 2016</span></span> | <span class="romeo-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="http://www.ineedachick.com/author/craig-butler/" title="View all posts by Craig Butler">Craig Butler</a></span></span></div></div><div class="avatar alignleft"><a href="http://www.ineedachick.com/ninety-five-percent-of-webshell-attacks-written-in-php/" title="Ninety-Five Percent of Webshell Attacks Written in PHP"><img width="128" height="128" src="http://www.ineedachick.com/wp-content/uploads/2016/11/webshellblog_figure1-150x150.png" class="attachment-128x128 size-128x128 wp-post-image" alt="" title="Ninety-Five Percent of Webshell Attacks Written in PHP" /></a></div> <div class="romeo-postcontent"> <!-- article-content --> <div> <p>There’s nothing inherently malicious about a webshell, which is a script that can be uploaded to a web server to enable remote administration of the machine. In the hands of an attacker, however, they are a serious cyberthreat. Advanced persistent threat (APT) groups often use webshells to breach organizations.</p> <h2>Webshell Attacks Surging</h2> <p>Earlier this year, we reported on two notable upticks in webshell attacks: C99 Shell and b374k. This activity intrigued our analysts, warranting further investigation.</p> <p>Our subsequent analysis of IBM Managed Security Services (MSS) data showed an increase in webshell attacks this year, most notably in Q2 and the beginning of Q3. We expect to see that trend continue in 2017.</p> <p><img class="c1" title="webshell attacks" src="http://www.ineedachick.com/wp-content/uploads/2016/11/webshellblog_figure1.png" alt="graph of webshell attacks from Sept 2016 to Sept 2016."/></p> <h2>PHP Is Prevalent and Persistent</h2> <p>Almost all the attacks — approximately 95 percent — were written in PHP, a widely used open-source scripting language. Although not readily apparent, the number of command injection attacks resulting from malicious PHP webshells is relatively significant. No other single command injection attack type was observed to be as prevalent, or as persistent, for as long.</p> <p class="align center c2">Download the webshell report </p> <p>Analysis of IBM MSS data from 2016 also revealed over 120 unique types of PHP webshell scripts. The great majority were observed in attempts to plant webshell scripts in remote servers via command injection to ultimately breach the servers and gain unauthorized access to the data they host. C99 was the most common variety, accounting for nearly 9 percent of the attacks recorded in 2016.</p> <p>Malicious webshell exploitation is one of the easiest ways attackers can gain unauthorized access to an organization’s network. To learn about more about this threat, including ways to protect against it, read the IBM report titled “Understanding the Webshell Game.”</p> </p></div> <p><img src="http://pixel.quantserve.com/pixel/p-89EKCgBk8MZdE.gif" border="0" height="1" width="1" /><br /> <a rel="nofollow" href="http://feedproxy.google.com/~r/SecurityIntelligence/~3/Nz0hzC3Zj5o/">Security Intelligence</a></p> <!-- /article-content --> </div> <div class="cleared"></div> <div class="romeo-postfootericons romeo-metadata-icons"><span class="romeo-postcategoryicon"><span class="categories">Posted in</span> <a href="http://www.ineedachick.com/category/ransonware/" rel="category tag">Ransonware</a></span> | <span class="romeo-posttagicon"><span class="tags">Tagged</span> <a href="http://www.ineedachick.com/tag/attacks/" rel="tag">Attacks</a>, <a href="http://www.ineedachick.com/tag/ninetyfive/" rel="tag">NinetyFive</a>, <a href="http://www.ineedachick.com/tag/percent/" rel="tag">Percent</a>, <a href="http://www.ineedachick.com/tag/webshell/" rel="tag">Webshell</a>, <a href="http://www.ineedachick.com/tag/written/" rel="tag">Written</a></span> | <span class="romeo-postcommentsicon"><a href="http://www.ineedachick.com/ninety-five-percent-of-webshell-attacks-written-in-php/#respond">Leave a comment</a></span></div> </div> <div class="cleared"></div> </div> </div> <div class="romeo-box romeo-post post-2663 post type-post status-publish format-standard hentry category-uncategorized tag-camera tag-compromised tag-seconds tag-surveillance" id="post-2663"> <div class="romeo-box-body romeo-post-body"> <div class="romeo-post-inner romeo-article"> <div class="romeo-postmetadataheader"><h2 class="romeo-postheader"><a href="http://www.ineedachick.com/surveillance-camera-compromised-in-98-seconds/" rel="bookmark" title="Surveillance camera compromised in 98 seconds">Surveillance camera compromised in 98 seconds</a></h2><div class="romeo-postheadericons romeo-metadata-icons"><span class="romeo-postdateicon"><span class="date">Published</span> <span class="entry-date" title="4:39 am">November 20, 2016</span></span> | <span class="romeo-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="http://www.ineedachick.com/author/craig-butler/" title="View all posts by Craig Butler">Craig Butler</a></span></span></div></div> <div class="romeo-postcontent"> <!-- article-content --> <div id="body"> <p>Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $ 55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network.</p> <p>According to Graham's series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds.</p> <p>Mirai conducts a brute force password attack via telnet using 61 default credentials to gain access to the DVR software in video cameras and to other devices such as routers and CCTV cameras.</p> <p>After the first stage of Mirai loads, "it then connects out to download the full virus," Graham said in a Twitter post. "Once it downloads that, it runs it and starts spewing out SYN packets at a high rate of speed, looking for new victims."</p> <p>Graham said the defense recommended by the Christian Science Monitor – changing the default password of devices before connecting them to the Internet – doesn't help because his Mirai-infected camera has a telnet password that cannot be changed.</p> <p>"The correct mitigation is 'put these devices behind your firewall'," Graham said. ®</p> <p class="wptl btm"><span>Sponsored:</span> 10 Reasons LinuxONE is the best choice for Linux workloads</p> </p></div> <p><img src="http://pixel.quantserve.com/pixel/p-89EKCgBk8MZdE.gif" border="0" height="1" width="1" /><br /> <a rel="nofollow" href="http://go.theregister.com/feed/www.theregister.co.uk/2016/11/18/surveillance_camera_compromised_in_98_seconds/">The Register - Security</a></p> <!-- /article-content --> </div> <div class="cleared"></div> <div class="romeo-postfootericons romeo-metadata-icons"><span class="romeo-postcategoryicon"><span class="categories">Posted in</span> <a href="http://www.ineedachick.com/category/uncategorized/" rel="category tag">Uncategorized</a></span> | <span class="romeo-posttagicon"><span class="tags">Tagged</span> <a href="http://www.ineedachick.com/tag/camera/" rel="tag">Camera</a>, <a href="http://www.ineedachick.com/tag/compromised/" rel="tag">Compromised</a>, <a href="http://www.ineedachick.com/tag/seconds/" rel="tag">seconds</a>, <a href="http://www.ineedachick.com/tag/surveillance/" rel="tag">surveillance</a></span> | <span class="romeo-postcommentsicon"><a href="http://www.ineedachick.com/surveillance-camera-compromised-in-98-seconds/#respond">Leave a comment</a></span></div> </div> <div class="cleared"></div> </div> </div> <div class="romeo-box romeo-post post-2646 post type-post status-publish format-standard has-post-thumbnail hentry category-uncategorized tag-affected tag-flaws tag-moxa tag-products tag-serious tag-surveillance tag-vanderbilt" id="post-2646"> <div class="romeo-box-body romeo-post-body"> <div class="romeo-post-inner romeo-article"> <div class="romeo-postmetadataheader"><h2 class="romeo-postheader"><a href="http://www.ineedachick.com/moxa-vanderbilt-surveillance-products-affected-by-serious-flaws/" rel="bookmark" title="Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws">Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws</a></h2><div class="romeo-postheadericons romeo-metadata-icons"><span class="romeo-postdateicon"><span class="date">Published</span> <span class="entry-date" title="5:38 pm">November 19, 2016</span></span> | <span class="romeo-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="http://www.ineedachick.com/author/craig-butler/" title="View all posts by Craig Butler">Craig Butler</a></span></span></div></div><div class="avatar alignleft"><a href="http://www.ineedachick.com/moxa-vanderbilt-surveillance-products-affected-by-serious-flaws/" title="Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws"><img width="32" height="32" src="http://www.ineedachick.com/wp-content/uploads/2016/11/RSS-Icon-3.png" class="attachment-128x128 size-128x128 wp-post-image" alt="" title="Moxa, Vanderbilt Surveillance Products Affected by Serious Flaws" /></a></div> <div class="romeo-postcontent"> <!-- article-content --> <div> <p><strong><span class="c10">Surveillance products from Moxa and Vanderbilt are affected by several critical and high severity flaws that can be exploited by remote hackers to take control of vulnerable systems.</span></strong></p> <p><strong><span class="c10">Moxa SoftCMS vulnerabilities</span></strong></p> <p><span class="c10">ICS-CERT has published an advisory describing three serious vulnerabilities affecting Moxa SoftCMS, a central management software designed for large-scale surveillance systems. Gu Ziqiang from Huawei Weiran Labs and Zhou Yu have been credited for finding the security holes.</span></p> <p><span class="c10">The most severe of the flaws, with a CVSS score of 9.8, is a SQL injection (CVE-2016-9333) that can be exploited by a remote attacker to access SoftCMS with administrator privileges.</span></p> <p><span class="c10">Another flaw, tracked as CVE-2016-8360, is a double free condition that allows an attacker to cause a denial-of-service (DoS) and possibly even execute arbitrary code.</span></p> <p><span class="c10">The third vulnerability (CVE-2016-9332) has been described by ICS-CERT as an “improper input validation” issue that can lead to a crash of the application.</span></p> <p><span class="c10">ICS-CERT said in its advisory that Moxa patched these security holes with the release of SoftCMS 1.6 on November 10, but the vendor’s release notes show that the latest version only addresses the SQL Injection issue.</span></p> <p><span class="c10">A different SQL injection, also discovered by Zhou Yu, was patched by Moxa in its SoftCMS software a couple of months ago with the release of version 1.5. Versions 1.3 and 1.4, released last year, also fixed potentially serious flaws found by security researchers.</span></p> <p><strong><span class="c10">Vulnerabilities in Siemens-branded Vanderbilt CCTV cameras</span></strong></p> <p><span class="c10">Siemens and ICS-CERT informed users that several Siemens-branded Vanderbilt IP cameras are affected by a vulnerability (CVE-2016-9155) that allows an attacker with network access to obtain administrative credentials using specially crafted requests. Updates have been released by Vanderbilt for each of the affected products.</span></p> <p><span class="c10">Vanderbilt Industries completed the acquisition of Siemens’ security products business in June 2015. Since the affected CCTV cameras are Siemens-branded products, the German engineering giant has published a security advisory on its own website.</span></p> <p><strong><span class="c10">Related: Flaws Found in Moxa Industrial Ethernet Products</span></strong></p> <p><strong><span class="c10">Related: Privilege Escalation Flaw Affects Several Siemens Products</span></strong></p> <p><strong><span class="c10">Related: Flaws Found in Moxa Factory Automation Products</span></strong></p> <div class="ad_in_content c12"> <p><img src="http://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1296" height="0" width="0" alt="view counter" /></p> </p></div> <div class="sharethis"> <div class="c8"><img class="c7" src="http://www.ineedachick.com/wp-content/uploads/2016/11/RSS-Icon-3.png" /></div> </p></div> <div class="author_content"> <p><img src="http://www.ineedachick.com/wp-content/uploads/2016/11/picture-106-1.gif" alt="" title="" width="68" height="67" class="imagecache imagecache-auth_story" /></p> <div class="author_title"><span class="headline">Previous Columns by Eduard Kovacs:</span> </div> </p></div> <div class="author-terms"> <div class="terms"><img height="14" width="16" alt="" src="http://www.ineedachick.com/wp-content/uploads/2016/11/tag_icon-3.jpg" /><strong>Tags:</strong> </p> <ul class="links"> <li class="taxonomy_term_33 first">NEWS & INDUSTRY</li> <li class="taxonomy_term_49 last">SCADA / ICS</li> </ul> </div></div> <p> <noscript> </noscript></div> <p><img src="http://pixel.quantserve.com/pixel/p-89EKCgBk8MZdE.gif" border="0" height="1" width="1" /><br /> <a rel="nofollow" href="http://feedproxy.google.com/~r/Securityweek/~3/uQAX31OTwKQ/moxa-vanderbilt-surveillance-products-affected-serious-flaws">SecurityWeek RSS Feed</a></p> <!-- /article-content --> </div> <div class="cleared"></div> <div class="romeo-postfootericons romeo-metadata-icons"><span class="romeo-postcategoryicon"><span class="categories">Posted in</span> <a href="http://www.ineedachick.com/category/uncategorized/" rel="category tag">Uncategorized</a></span> | <span class="romeo-posttagicon"><span class="tags">Tagged</span> <a href="http://www.ineedachick.com/tag/affected/" rel="tag">affected</a>, <a href="http://www.ineedachick.com/tag/flaws/" rel="tag">Flaws</a>, <a href="http://www.ineedachick.com/tag/moxa/" rel="tag">Moxa</a>, <a href="http://www.ineedachick.com/tag/products/" rel="tag">Products</a>, <a href="http://www.ineedachick.com/tag/serious/" rel="tag">serious</a>, <a href="http://www.ineedachick.com/tag/surveillance/" rel="tag">surveillance</a>, <a href="http://www.ineedachick.com/tag/vanderbilt/" rel="tag">Vanderbilt</a></span> | <span class="romeo-postcommentsicon"><a href="http://www.ineedachick.com/moxa-vanderbilt-surveillance-products-affected-by-serious-flaws/#respond">Leave a comment</a></span></div> </div> <div class="cleared"></div> </div> </div> <div class="romeo-box romeo-post post-2603 post type-post status-publish format-standard has-post-thumbnail hentry category-uncategorized tag-better tag-cached tag-mode tag-online tag-versus" id="post-2603"> <div class="romeo-box-body romeo-post-body"> <div class="romeo-post-inner romeo-article"> <div class="romeo-postmetadataheader"><h2 class="romeo-postheader"><a href="http://www.ineedachick.com/cached-versus-online-mode-which-one-is-better-for-you/" rel="bookmark" title="Cached versus Online mode – which one is better for you?">Cached versus Online mode – which one is better for you?</a></h2><div class="romeo-postheadericons romeo-metadata-icons"><span class="romeo-postdateicon"><span class="date">Published</span> <span class="entry-date" title="12:42 pm">November 18, 2016</span></span> | <span class="romeo-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="http://www.ineedachick.com/author/craig-butler/" title="View all posts by Craig Butler">Craig Butler</a></span></span></div></div><div class="avatar alignleft"><a href="http://www.ineedachick.com/cached-versus-online-mode-which-one-is-better-for-you/" title="Cached versus Online mode – which one is better for you?"><img width="128" height="128" src="http://www.ineedachick.com/wp-content/uploads/2016/11/blog-cached-online-mode-exchange_SQ-150x150.jpg" class="attachment-128x128 size-128x128 wp-post-image" alt="" title="Cached versus Online mode – which one is better for you?" /></a></div> <div class="romeo-postcontent"> <!-- article-content --> <div> <p><em><img class="alignright size-thumbnail wp-image-22618" src="http://www.ineedachick.com/wp-content/uploads/2016/11/blog-cached-online-mode-exchange_SQ-150x150.jpg" alt="blog-cached-online-mode-exchange_sq" width="150" height="150" srcset="http://www.ineedachick.com/wp-content/uploads/2016/11/blog-cached-online-mode-exchange_SQ-150x150.jpg 150w, http://www.gfi.com/blog/wp-content/uploads/2016/11/blog-cached-online-mode-exchange_SQ-300x300.jpg 300w, http://www.gfi.com/blog/wp-content/uploads/2016/11/blog-cached-online-mode-exchange_SQ.jpg 630w" sizes="(max-width: 150px) 100vw, 150px"/>Various configuration scenarios fit companies differently. Whether your Outlook users will be using cached or online mode depends on a wide range of factors.</em></p> <p>Companies using Exchange Server are often confused around whether they should run cached mode or online mode on their Outlook clients. In this post, we are going to look at just what the differences are, and make some recommendations on when each is appropriate.</p> <p>Cached mode, which first came out with Microsoft Outlook 2003, keeps a local copy of the user’s mailbox stored on the hard drive as an OST file. Running in cached mode, the Outlook client looks to the local OST file for all access, including reads and searches, while a separate process checks for new mail on the server and syncs data to the local cache.</p> <p>Cached mode clients also keep a local copy of the GAL, called the Offline Global Address Book, to perform faster lookups for recipients in the organization. Running in cached mode, a user can still access mail even when the network connection to Exchange is down, such as when they are on an airplane or the WAN is down.</p> <p>Cached mode is also very good for users with high latency connections to Exchange, as accessing the local cache isolates the user from delays in connectivity to the server. Searches done against the local OST are much faster, and the client generates much less network traffic.</p> <p>You should use cached mode anytime a user must access their mail without network connectivity, such as users who travel. You should also use it for any users in an office with intermittent network connectivity, or whose network latency between client and server is typically high, like those with satellite or radio-based connectivity.</p> <p>Online mode maintains a connection to the Exchange CAS server for all access to the mailbox and reads from the GAL. If the connection to the server drops, Outlook is unusable until the connection is restored. It also requires a much better connection to the server, as far as latency is concerned. The biggest difference though is that online mode does not require any disk space for a local file, making it ideal for clients with limited or no persistent storage.</p> <p>You should user online mode when users have no persistent storage to which they can store their OST, such as VDI scenarios or on devices with limited storage capacity, such as tablets. You may also use online mode for extremely large mailboxes to improve overall performance, or where you do not want to risk having a local copy of the OST for compliance or other reasons.</p> <p>I disagree with the general opinions about risks associated with using OST files. If you have a machine that leaves the physical security of your four walls, then you have a data risk no matter whether you use cached mode or online mode. Don’t fear the OST; instead, embrace full disk encryption such as that offered by BitLocker or various third party vendors, and ensure strong authentication is required to gain local access to the disk. It’s far better to secure <strong>all</strong> the data, then to shoot yourself in the foot with regards to Outlook performance.</p> <p>Latency is really the most significant thing to consider when deciding between cached an online mode. If you have high latency, you should use cached mode; if you have consistent and reliably low latency, online mode is okay. What is high and what is low? That’s a good question which is as much answered by opinion as it is fact. As a rule of thumb, I consider 100 milliseconds to be the maximum latency for online mode.</p> <p>If you are seeing client connections to the CAS server go over that consistently, you might want to switch to cached mode. Various Microsoft documents will vary between that and up to 500 milliseconds, and your own users’ experiences will ultimately decide what is good enough, but with anything over 100 milliseconds Outlook starts to pop notification bubbles that it has lost connectivity to Exchange. That usually generates helpdesk calls, and nobody likes those.</p> <p>Cached mode needs local storage and that’s a problem for tablets with small SSDs or VDI systems without persistent storage. In the former, you can use a GPO to restrict the maximum size of the OST, as you may not need to cache the entire mailbox. When it detects a smaller disk drive, Outlook 2013 and later will automatically reduce the OST size by reducing the number of days cached.</p> <p>For VDI, where persistent storage can be extremely expensive and sometimes even counter to the design intent, you have to make a tradeoff between space taken and performance. You can provision a certain minimum amount of persistent storage on high performance disks for VDI systems to store the OST, or instead you can direct VDI users to use OWA when latency is too high for online mode. If latency stays below 100 milliseconds, use online mode so you don’t have to provision persistent storage.</p> <p>For Office 365 or other hosted Exchange customers, the answer is easy – use cached mode. The Exchange CAS server is not local to you, so you will have higher latency and cached mode will accommodate this. With Office 365 in particular, Microsoft will not prevent you from using online mode, but if performance is poor and you call support, they will instruct you to use cached mode.</p> <p>For the rest of you, consider the following – if you do any of these, online mode may provide the better experience for your users:</p> <ul> <li>Delegating access, when folders are not cached locally due to storage constraints (and local cache is the default)</li> <li>Opening another user’s calendar or folder that is not cached locally (local cache is the default)</li> <li>Using a public folder that is not cached. Though really, you’re still using Public Folders?</li> <li>Using one or more large (>1GB) shared mailboxes</li> </ul> <p>Ultimately, I tell all my customers to use cached mode, and if they cannot for any reason, to use OWA instead of Outlook. This generally provides Outlook users the best experience overall, while making sure VDI admins don’t break the bank provisioning persistent storage for their users.</p> <p>If you need to deploy settings for cached or online mode to your users through GPO, see https://technet.microsoft.com/en-us/library/cc179175.aspx for more guidance on that.</p> <div class="bawmrp"> <h3>You may also like:</h3> <ul> <li class="bawmrp_manual">New ways to connect: MAPI over HTTP</li> <li class="bawmrp_manual">Troubleshooting Exchange Backups</li> <li class="bawmrp_manual">Time to start thinking of the Exchange 2007 EOL</li> </ul> </div></div> <p><img src="http://pixel.quantserve.com/pixel/p-89EKCgBk8MZdE.gif" border="0" height="1" width="1" /><br /> <a rel="nofollow" href="http://feedproxy.google.com/~r/TalkTechToMe-All/~3/0ValYRXFzL4/">GFI Blog</a></p> <!-- /article-content --> </div> <div class="cleared"></div> <div class="romeo-postfootericons romeo-metadata-icons"><span class="romeo-postcategoryicon"><span class="categories">Posted in</span> <a href="http://www.ineedachick.com/category/uncategorized/" rel="category tag">Uncategorized</a></span> | <span class="romeo-posttagicon"><span class="tags">Tagged</span> <a href="http://www.ineedachick.com/tag/better/" rel="tag">Better</a>, <a href="http://www.ineedachick.com/tag/cached/" rel="tag">Cached</a>, <a href="http://www.ineedachick.com/tag/mode/" rel="tag">Mode</a>, <a href="http://www.ineedachick.com/tag/online/" rel="tag">online</a>, <a href="http://www.ineedachick.com/tag/versus/" rel="tag">versus</a></span> | <span class="romeo-postcommentsicon"><a href="http://www.ineedachick.com/cached-versus-online-mode-which-one-is-better-for-you/#respond">Leave a comment</a></span></div> </div> <div class="cleared"></div> </div> </div> <div class="romeo-box romeo-post post-2602 post type-post status-publish format-standard hentry category-uncategorized tag-kernel tag-linux tag-raspberry tag-usn31292 tag-vulnerabilities" id="post-2602"> <div class="romeo-box-body romeo-post-body"> <div class="romeo-post-inner romeo-article"> <div class="romeo-postmetadataheader"><h2 class="romeo-postheader"><a href="http://www.ineedachick.com/usn-3129-2-linux-kernel-raspberry-pi-2-vulnerabilities/" rel="bookmark" title="USN-3129-2: Linux kernel (Raspberry Pi 2) vulnerabilities">USN-3129-2: Linux kernel (Raspberry Pi 2) vulnerabilities</a></h2><div class="romeo-postheadericons romeo-metadata-icons"><span class="romeo-postdateicon"><span class="date">Published</span> <span class="entry-date" title="11:40 am">November 18, 2016</span></span> | <span class="romeo-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="http://www.ineedachick.com/author/craig-butler/" title="View all posts by Craig Butler">Craig Butler</a></span></span></div></div> <div class="romeo-postcontent"> <!-- article-content --> <div><html xmlns="http://www.w3.org/1999/xhtml" class="no-js" lang="en" dir="ltr"><head><meta charset="UTF-8"/><meta name="description" content=""/><meta name="keywords" content=""/><meta name="author" content="Canonical"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>USN-3129-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu

Jump to site nav

  • Jump to content
  • Cloud
    • Overview
    • Ubuntu OpenStack
    • Public cloud
    • Cloud tools
    • Cloud management
    • Ecosystem
    • Cloud labs
  • Server
    • Overview
    • Server management
    • Hyperscale
  • Desktop
    • Overview
    • Features
    • For business
    • For developers
    • Take the tour
    • Desktop management
    • Ubuntu Kylin
  • Phone
    • Overview
    • Features
    • Scopes
    • App ecosystem
    • Operators and OEMs
    • Carrier Advisory Group
    • Ubuntu for Android
  • Tablet
    • Design
    • Operators and OEMs
    • App ecosystem
  • TV
    • Overview
    • Experience
    • Industry
    • Contributors
    • Features and specs
    • Commercial info
  • Management
    • Overview
    • Landscape features
    • Working with Landscape
    • Return on investment
    • Compliance
    • Ubuntu Advantage
  • Download
    • Overview
    • Cloud
    • Server
    • Desktop
    • Ubuntu Kylin
    • Alternative downloads


Ubuntu Security Notices

Vulnerable: SuSE Linux Enterprise Server 11 SP2 LTSS
QEMU QEMU 0
IBM PowerKVM 2.1.1 SP3
IBM PowerKVM 2.1.1 Build 65.7
IBM PowerKVM 2.1.1 Build 65.6
IBM PowerKVM 2.1.1 Build 65.5
IBM PowerKVM 2.1.1 Build 65.4
IBM PowerKVM 2.1.1 build 57
IBM PowerKVM 3.1.0.2
IBM PowerKVM 3.1 SP2
IBM PowerKVM 3.1 SP1
IBM PowerKVM 3.1 Build 3
IBM PowerKVM 3.1 Build 2
IBM PowerKVM 3.1
IBM PowerKVM 2.1.1.3-65.10
IBM PowerKVM 2.1.1.3-65
IBM PowerKVM 2.1.1 SP2 (build 51)
IBM PowerKVM 2.1.1 Build 65.1
IBM PowerKVM 2.1.1 build 58
IBM PowerKVM 2.1
Gentoo Linux


SecurityFocus Vulnerabilities

US lawmakers balk at call for IoT security regulations

Cybersecurity researcher Bruce Schneier testifies about internet of things security before Congress on Nov. 16, 2016.

Credit: Grant Gross

The U.S. government needs to pass regulations mandating internet of things security measures before device vulnerabilities start killing people, a security expert told lawmakers.

A massive distributed denial-of-service attack aided by IoT devices in October “was benign” because a couple of websites crashed, said Bruce Schneier, a veteran cybersecurity researcher and lecturer at Harvard University. But the next attack may be more dangerous.

[ Get the scoop on the internet of things at its most fundamental level and find out where it's headed, in InfoWorld's downloadable PDF and ePub. | Pick up the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

With cars, airplanes, thermostats, and appliances now connected to the internet, “there’s real risk to life and property, real catastrophic risk,” Schneier told two House of Representatives subcommittees Wednesday.

While some Republican committee members questioned the need for IoT security regulations, Schneier suggested that sellers and customers of IoT devices have little reason to fix them without a push. 

Many IoT devices are low-profit products with little security built in, no easy avenue to patch vulnerabilities, and no way for customers to know their devices are compromised, he and other experts said. And while users replace smartphones every 18 months, a compromised DVR may be used for five years, a car for 10, and a thermostat may be replaced “approximately never,” Schneier said.

This leads to a market failure where regulation is needed, he said. “The market really can’t fix this,” Schneier added. “Buyer and seller don’t care.”

Schneier’s call for IoT regulations is likely to meet resistance in the Republican-controlled Congress, however. Regulations aren’t completely off the table, but they would be a “knee-jerk reaction” to recent attacks, said Representative Greg Walden, an Oregon Republican. “The United States cannot regulate the world.”

Many IoT devices are manufactured overseas, Walden noted, and U.S. regulations can’t mandate their security measures.

In addition, regulations could limit innovation from U.S. IoT companies and hurt the nation’s chances to be a world leader in the IoT industry, Walden said. “We don’t want this to be an innovation killer,” he added. “I don’t think I want my refrigerator talking to some food police.”

Other witnesses during Wednesday’s hearing called on the U.S. government to push for IoT standards that the industry can adopt. On Tuesday, the U.S. National Institute of Standards and Technology released updated guidance on securing IoT.

IoT security remains “woefully inadequate” even as security experts saw the problems coming, said Kevin Fu, CEO of Virta Labs and a computer science professor at the University of Michigan. “We are in this sorry and deteriorating state because there’s almost no cost for a manufacturer to deploy products with poor cybersecurity.”

Fu called for national IoT security standards, more federal research on IoT security, and a national testing lab for devices. 

The U.S. should start with standards and “apply pressure” to IoT device makers, added Dale Drew, CSO for Level 3 Communications. “They can be applied globally, and I think we can get some traction and momentum before we start regulating.”

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and
InfoWorld Security