Hackin9

InfoSec News

Introduction

There are several new protocols that are on their way to being adopted in some form or another. In the previous article we covered how different standards bodies can cover and sometimes govern similar protocols and standards. Here we will discuss two emerging data center orriented standards and how they compete.

TRILL

First, I would like to draw your attention to a protocol called TRILL or TRansparnet Interconnection of Lots of Links. [1] There are several good sources for a technical overview so I will be brief. In short TRILL is a method of Routing Bridges or RBRidges [4] to exchange link state and does so with another protocol called IS-IS [2] or Intermediate System to Intermediate System.

Before we get lost in our first example of too many cooks making the soup, lets be clear on TRILL using IS-IS that are both published by the IEFT as RFC6327 and RFC 1142. RFC1142 is a republication of an ISO Standards body routing protocol publication. So, RFC6327 uses a standard that that was actually published by the ISO body but republ You see where I am going.

SUPER OVER Simplification (TRILL)


TRILL is desinged to run at Layer 2 in the OSI model and allows for each TRILL switch to exchange link state information. You get enough information shared between TRILL Switches that they can make route discisions for optimized pathing. Here is a great write up http://en.wikipedia.org/wiki/TRILL_(computing) on Wikipedia. So basically build a tree of L2 States, trade them, and help them to talk, REALLY Fast Well that's the goal anyways.

Why are we talking about this new Data Center Protocol by the IETF and through republication the ISO?

SPB


Enter Protocol number 2, this protocol is brought to you by the good ole folks at the IEEE. If we remember our breakdown from my last diary, we will know they govern things like 802.1 [5] and 802.11 [6]. Why is this relevant? Enter contender number two for datacenter bridging protocols. SPB or Shortest Path Bridging. [7] [8]

SUPER OVER Simplification (SPB)

Use IS-IS (------seeing a trend?) to exchange a tree information to compute shortest path for packets. There is, of course, a lot more to it than the above but hopefully my point is made. Another great write up: http://en.wikipedia.org/wiki/IEEE_802.1aq

Conclusion

So, to recap, the IEFT and the IEEE are working on similar protocols to accomplish similar goals. We will see who Markets the best to gain acceptance but It might be important to understand how many standards bodies have influence on the widgets and tools we implement. With SDN [9] or Software Defined Networking being the new Cloud word, it is good to understand who is shaping the SDN protocols. We can now start to see that many standards bodies go into making the Internet go....

And most of all, awareness of this is good as we are the ones that have to secure it

IETF - TRILL
IEEE - SPB

[1] http://tools.ietf.org/html/rfc6327
[2] http://tools.ietf.org/html/rfc1142
[3] http://tools.ietf.org/pdf/rfc1142.pdf -- PDF Warning
[4] http://tools.ietf.org/html/rfc6325
[5] http://www.ieee802.org/1/
[6] http://www.ieee802.org/11/
[7] http://en.wikipedia.org/wiki/IEEE_802.1aq
[8] http://www.ieee802.org/1/pages/802.1aq.html
[9]http://www.technologyreview.com/article/412194/tr10-software-defined-networking/




(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
"Apple Maps is the worst-received new product to come out of Cupertino since the 1993 launch of the Newton...the child of a nasty divorce between two of the world's most powerful companies." "
 
If US$8 billion shows up in Sprint Nextel's wallet as planned in Softbank's proposed takeover, the No. 3 U.S. mobile operator may pay off debt, speed up its rollout of LTE, or even buy its network partner, Clearwire.
 
Reader Adam Spelbring is unsure of exactly what limitations the Lightning connector places on iOS devices, particularly in their relationship to iTunes. He writes:
 
Facebook users who have associated a mobile phone number with their accounts in order to enable the "Login Approvals" security feature can no longer be found on the website based on those phone numbers, the company said Monday.
 
Critical issues affecting Steam users
 
[slackware-security] seamonkey (SSA:2012-288-01)
 
Multiple vulnerabilities in Samsung Kies
 
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability
 
AT&T's version of the quad-core LG Optimus G will go on sale Nov. 2 for $199.99 with a two-year contract. Pre-orders will start Tuesday, AT&T announced.
 
[CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability
 
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
 
SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection
 
Re: VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution (Update)
 
Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America.
 
In an exclusive interaction, Ravishankar, CEO & Co-Founder, Nevales Networks speaks about the company's value proposition as the defacto managed service provider for SMBs in India. The Indian company is sure about the success of their 'Cloud' model. Is it a big business opportunity for channel partners ?
 
By using a system that allows Flipkart's engineers to launch multiple versions of its website in real time, IT drives a new level of innovation.
 
Claims by a German website that Apple will price the iPad Mini starting at [euro]249 were met today with skepticism by an analyst who two months ago projected the opening price would be $299 in the U.S.
 
[ MDVSA-2012:167 ] firefox
 
The Internet Corporation for Assigned Names and Numbers has rolled out a new service designed to help users find the information they're looking for on ICANN's sprawling website.
 
 
Drupal Feeds Module Access Security Bypass Vulnerability
 
[slackware-security] mozilla-firefox (SSA:2012-285-01)
 
Will U.S. regulators balk over Japan-based SoftBank becoming a 70% owner of Sprint, based in Overland Park, Kansas.?
 
Fedora 'Dracut' Package Information Disclosure Vulnerability
 
hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
 
Gitolite CVE-2012-4506 Security Bypass Vulnerability
 
[ MDVSA-2012:166 ] bacula
 
[ MDVSA-2012:165 ] graphicsmagick
 
The U.S. Federal Trade Commission should "tread carefully" before bringing an antitrust complaint against Google, a veteran U.S. lawmaker said as news reports suggested the agency is ready to move forward.
 
Microsoft and its retail partners revealed a few more details about Windows 8 pricing, clarifying what the Redmond, Wash., developer has purposefully left muddy in the months leading up to its release next week. We try to answer the most-pressing questions.
 
Security researchers from Kaspersky Lab have identified another piece of malware targeting the Middle East that is likely part of the interrelated cyberespionage efforts behind Stuxnet, Duqu, Flame and Gauss.
 
[slackware-security] mozilla-thunderbird (SSA:2012-285-02)
 
Nokia's Nearby location app has exited beta testing, and is now available in the phone maker's app store, as it continues to push location services across its range of phones.
 
Natalya Kaspersky, co-founder of Kaspersky Lab, has acquired 16.8 per cent of shares in the German security software provider G Data and will be joining the company's advisory board


 
RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
 
FileBound On-Site Password Reset Security Bypass Vulnerability
 
Linux Kernel 'inet->opt ip_options' Local Denial of Service Vulnerability
 
From the rise of foundations to emerging revenue models, the open source movement is primed for even greater impact on tomorrow's technologies
 
Japan's Softbank said Monday it has reached a deal to acquire a 70% stake in U.S. mobile operator Sprint Nextel for $20 billion, forming one of the world's largest telecom operators.
 
Social networking has become so critical to the 2012 presidential campaign that one analyst said Facebook is accurately predicting swings in the election polls.
 
Infrastructure-as-a-service lets users take advantage of the benefits of the cloud without locking down to a particular cloud provider. But becoming 'cloud-agnostic' requires new tools and mindsets. Insider (registration required)
 

Posted by InfoSec News on Oct 15

Forwarded from: Wenyuan Xu <wyxu (at) cse.sc.edu.

----------------------------------------------------------------------------
-----
The Sixth ACM Conference on Security and Privacy
in Wireless and Mobile Networks

ACM WiSec '13

April 17-19, 2013
Budapest, Hungary...
 

Posted by InfoSec News on Oct 15

http://www.odt.co.nz/news/politics/230439/staggering-security-breach-winz

By Kate Shuttleworth
Otago Daily Times
15 Oct 2012

Thousands of files on the Ministry of Social Development's computer
servers, including the personal details of at-risk children, have been
accessed through a Wellington Work and Income jobseeker kiosk.

Journalist and blogger Keith Ng described how he went into a Work and
Income (WINZ) office and used a...
 

Posted by InfoSec News on Oct 15

http://www.timesofisrael.com/israel-developing-digital-iron-dome-to-guard-against-cyber-terrorism/

By Asher Zeiger
The Times of Israel
October 14, 2012,

Israel’s National Cyber Committee is developing a “digital Iron Dome”
system to protect Israel against daily cyber-attacks, Prime Minister
Benjamin Netanyahu told his cabinet on Sunday.

Israel has of late made fighting cyberterrorism a priority, creating the
cyber task force and...
 

Posted by InfoSec News on Oct 15

http://www.foreignpolicy.com/articles/2012/10/12/ready_player_one

[Via Twitter - @csoghoian: Unintended irony: photo for "Did the Pentagon just
take over America's cybersecurity?" article shows
soldier checking Yahoo email, no HTTPS. - WK]

By James Andrew Lewis
ForeignPolicy.com
OCTOBER 12, 2012

It was bound to happen. The Senate fumbles and the House proffers only
magical solutions for cybersecurity. The task of improving...
 

Posted by InfoSec News on Oct 15

http://www.darkreading.com/security-monitoring/167901086/security/security-management/240008880/security-monitoring-an-elixir-for-intrusion-costs.html

By Robert Lemos
Contributing Writer
Dark Reading
Oct 12, 2012

Companies that want to reduce the cost of detecting, responding and
recovering from cyberattacks should invest in technologies designed to
give businesses better visibility into the security of their networks
and systems, according...
 
Iran has rejected US media reports saying that Iranian computer-security experts were behind the recent hacker attacks on American targets. A spokesperson has said that the allegations are false, unethical and politically motivated


 
Japan's Softbank said Monday it has reached a deal to acquire a 70 percent stake in U.S. mobile operator Sprint Nextel for US$20 billion, forming one of the world's largest telecom operators.
 
Internet Storm Center Infocon Status