Juniper has acknowledged that “unauthorized code” was somehow inserted into their ScreenOS. The code appears to have been around since at least 2012 which means that it went unnoticed during multiple code updates, patches and even full version updates. Although the code was buried deep in cores parts of the OS it still should have been noticed during at least one update over the last three years.
In an unsurprising move Intel has kicked out a new SoC (System on Chip) that bears the label Xeon. The Xeon D 1500 family is intended as to be a one-chip solution for networking devices, storage appliances and micro-servers. The Xeon D also has functions to assist with compute operations which should make it pretty versatile.
Malware and breaches are inevitable. Anyone that has been in security knows that this is a simple fact. Every day there are hundreds of attempted (and successful) attacks executed against businesses, consumers, and the government. These attacks have been traditionally met with an incident-response thought process. IT departments monitor their networks for suspicious activity and respond when/if they find someone who is either attempting to or actually has broken in. Sadly, this is probably not the best way to handle security.
Yesterday we wrote about a disturbing flaw in some D-Link routers that allow for a malicious individual to access it without a username or password. Shortly after we published the article we were reminded that this flaw does not just exist in D-Link hardware, but is also present in devices from many other companies that have SOHO and Residential products. The string for each might be different and in some cases harder to gain access to, but it is there.
In preparation for launching their own internet, the Iranian government has decided to block Google. This move should “protect” Iranian citizens from big bad internet freedom. An official known only by his last name Khoramabadi stated "Google and Gmail will be filtered throughout the country until further notice“. The Iranian Students News Agency (ISNA) said that this move was provoked by the anti-Islamic movie posted on YouTube that Google refused to remove. As we all know, Muslims don’t take these kinds of things lightly and we saw many newspapers or TV shows that made fun of their religious figures have received death threats shortly after the incident.
Internet Protocol Version 6 (IPV6) has officially launched in certain areas of the globe. The replacement for the aging Internet Protocol Version 4 (IPV4) is said to have built in security, Encryption capabilities and a ridiculous number of address combinations making it sustainable for a very long time. The downside is that, as with many core technology updates, there are not many products that use it and the average home user is facing a pretty steep learning curve in getting things going.