AT&T Wants White Box Routers with an Open Operating System

AT&T says it’s not enough to deploy white box hardware and to orchestrate its networks with the Open Network Automation Platform (ONAP) software. “Each individual machine also needs its own operating system,” writes Chris Rice, senior vice president of AT&T Labs, Domain 2.0 Architecture, in a blog post. To that end, AT&T announced its newest effort — the Open Architecture for a Disaggregated Network Operating System (dNOS).

“If we want to take full advantage of the benefits of white box routers and other hardware, we need an equally open and flexible operating system for those machines,” writes Rice.

DNOS appears to be in the visionary phase. “Our goal is to start an industry discussion on technical feasibility … and determine suitable vehicles (standards bodies, open source efforts, consortia, etc.) for common specification and architectural realization,” according to an AT&T white paper, introducing dNOS.

Read more at SDxCentral

Advertisements

Minecraft Is Getting Cross-Play On Multiple Platforms

With the upcoming release of the Better Together this summer, Mojang will unify the Nintendo Switch and Xbox One with mobile and Windows 10 PC versions of the game under the Bedrock Engine family. (excluding Java Minecraft which will continue to be supported as an independent version)
Continue reading Minecraft Is Getting Cross-Play On Multiple Platforms

Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices

A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.

According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.

Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.

Once a Raspberry Pi device is infected, the malware changes the password for the “pi” account to:

\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

Read the full article here

Computer printers have been quietly embedding tracking codes in documents for decades

In 2004, when color printers were still somewhat novel, PCWorld magazine published an article headlined: “Government Uses Color Laser Printer Technology to Track Documents.”

It was one of the first news reports on a quiet practice that had been going on for 20 years. It revealed that color printers embed in printed documents coded patterns that contain the printer’s serial number, and the date and time the documents were printed. The patterns are made up of dots, less than a millimeter in diameter and a shade of yellow that, when placed on a white background, cannot be detected by the naked eye.
Continue reading Computer printers have been quietly embedding tracking codes in documents for decades

New Internet-Privacy Bill to address Ad Tracking or Online-Data Collection

digital-ad industry says that if it passes it could mean ‘Facebook won’t be free’

Tennessee Congresswoman Martha Blackburn says she wants to give consumers control of their internet experience.

She’s introduced a bill — the “BROWSER Act” — that would require internet users to actively opt in to say yes to any sort of ad tracking or online-data collection.

“Facebook won’t be free,” said Scott Howe, CEO of the data company Acxiom. Acxiom collects consumer data on millions of Americans — where they live and the kinds of things they shop for — that marketers and media companies use to target consumers and deliver more-relevant ads. So it’s looking out for any legislation in this realm closely.
Continue reading New Internet-Privacy Bill to address Ad Tracking or Online-Data Collection

New Attack Method Delivers Malware Via Mouse Hover

Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.

Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.

Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.

“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.

“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover

Netgear Router Security Update

Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.

Tip:
To find the model/version number, check the bottom or back panel of your NETGEAR device.

From the vulnerability Notes Database:

R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 1.0.7.2_1.1.93, R6400 version 1.0.1.12_1.0.11, and R8000 version 1.0.3.4_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.

By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND

Continue reading Netgear Router Security Update