Cisco Patches Traffic Snooping Flaw In Its Networking Gear Oses – Computerworld

Prime Features Latest Low Noise Block (LNB) Converter With Entropic’s Analog Channel Stacking Switch; New Device Seamlessly Distributes Triple the Entertainment Value – Yahoo Finance

It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic. “This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic,” Cisco said in a security advisory . Exploiting the vulnerability doesn’t require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device. The packets could contain false routes that would then get propagated throughout the entire OSPF AS domain. However, the attacker does need to determine some information in advance in order to launch a successful attack, Cisco said. This information includes the network placement and IP address of the targeted router, the LSA database sequence numbers and the router ID of the OSPF Designated Router (DR).
For the original version including any supplementary images or video, visit http://www.computerworld.com/s/article/9250127/Cisco_patches_traffic_snooping_flaw_in_its_networking_gear_OSes

Cisco patches traffic snooping flaw in its networking gear | Security – InfoWorld

5, 2014 (GLOBE NEWSWIRE) — ABTA 2014 — Supporting the global Direct Broadcast Satellite (DBS) Outdoor Unit (ODU) market, Entropic ( ENTR ), a world leader in semiconductor solutions for the connected home and Prime Electronics & Satellitics Inc ., a leading manufacturer of advanced digital satellite communication and wireless consumer electronic products, today announced the availability of a single-chip, three-tuner analog Channel Stacking Switch (CSS) Low Noise Block (LNB) converter that can triple the distribution of satellite signals from a satellite receiver to gain access to more DBS content in the home. The latest product will be on display in Entropic’s booth (D4) and Prime’s booth (M2) at the ABTA 2014 Expo & Conference in Sao Paulo, Brazil, from August 5-7, 2014. Prime’s first single-chip, three-tuner analog CSS LNB was announced in January 2014, and in less than nine months, Prime and Entropic unveil today an LNB that leverages Entropic’s leading analog CSS technology, the RF5218, with Triple Single Cable Router (SCR) capabilities. This powerful combination allows Prime’s LNB to seamlessly distribute satellite signals for three receivers when in Triple SCR mode.
For the original version including any supplementary images or video, visit http://finance.yahoo.com/news/prime-features-latest-low-noise-120100468.html

How often should you conduct penetration testing? | ZDNet

IT Security in the Snowden Era

] The OSPF protocol is commonly used on large enterprise networks. It gathers link state information from available routers into a database in order to built a network topology map which is then used to determine the best route for IP traffic. “This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic,” Cisco said in a security advisory . Exploiting the vulnerability doesn’t require authentication and can be achieved remotely by sending specifically crafted OSPF LSA type 1 packets via unicast or multicast to the vulnerable device. The packets could contain false routes that would then get propagated throughout the entire OSPF AS domain. However, the attacker does need to determine some information in advance in order to launch a successful attack, Cisco said.
For the original version including any supplementary images or video, visit http://www.infoworld.com/d/security/cisco-patches-traffic-snooping-flaw-in-its-networking-gear-247572

Many VPNs don’t do a whole lot of good against a compromised endpoint, after all — they’redesigned to secure traffic as it traverses a network. The first thing a company should do, he told ZDNet, is “lock down its DNS service, and companies should demand routine and regular testing of their DNS changeprocedures.” “If you control a company’s DNS, you control virtually all of their e-mail, and that’s where the routine, day-to-day secrets live.” After that, Beardsley continued,basic “perimeter” pentesting is in order. “Identifying the assets a company has that are Internet facing (web, e-mail, VPN, filesharing, etc), and rigorously and routinely testing them for breachability is important, since the most obvious attacks are going to occur there.” Anyone keeping up with today’s headlines can see that once a year isn’t gonna cut it. Divulging a critical piece of today’s most effective attack strategies, Rapid7’s Metasploit Lead told us, “Internal penetration testing is getting even more important, given the pervasiveness of smart phones and other devices in the workplace that the employerdoesn’t control.” “These devices are effectively dual-homed, spending a lot of time out on their ISP’s network, and a lot of time on thecompany’s internal networks” he said, “making for attractive targets for intruders.” That’s where you need to worry about your employee’s Android device carrying malware into your office network, and why everyone in your office needs to know about how exploitable those little keychain flash drives really are — before they plug in. You might think that Rapid7’s Beardsley wants organizations pentesting as often as a chiropractor wants return visits (as in, for the money, not your health), yet it’s hard to dismiss not just his position of expertise, but the attack landscape logic revealed in his reasoning. “Most organizations take their guidance from the regulations that they’re subject to, for example in the financial or retail sectors.” Referencing a sobering truth, he tells us “This often translates to a once-a-year commitment.” Special Feature Beardsley cautions, “If an attacker succeeds at uncovering a novel ingress technique that the pentester didn’t consider, the good guys lose.” Anyone keeping up with today’s headlines can see that once a year isn’t gonna cut it.
For the original version including any supplementary images or video, visit http://www.zdnet.com/how-often-should-you-conduct-penetration-testing-7000032285/