Tag Archives: Security

Cisco today confirmed it will lay off about 7% of its workforce – about 5,500 jobs

During its earnings announcement the company said total revenue actually increased 3% to $48.7 billion for its fiscal year ended July 30. Still, the company faces challenges in its core switching and routing business.

“Product revenue growth was led by Security at 16%. Collaboration, Wireless and switching product revenue increased by 6%, 5%, and 2%, respectively. Service Provider Video, NGN Routing and Data Center product revenue decreased by 12%, 6%, and 1%, respectively,” Cisco stated.

We expect to reinvest substantially all of the cost savings from these actions back into these businesses and will continue to aggressively invest to focus on our areas of future growth.”Or as Cisco put it: “Today, we announced a restructuring enabling us to optimize our cost base in lower growth areas of our portfolio and further invest in key priority areas such as security, IoT, collaboration, next generation data center and cloud.

Sounding more optimistic CEO Chuck Robbins said:

“We had another strong quarter, wrapping up a great year. I am particularly pleased with our performance in priority areas including security, data center switching, collaboration, services as well as our overall performance, with revenues up 2% in Q4 excluding the SP Video CPE business,” Robbins said. “We continue to execute well in a challenging macro environment. Despite slowing in our Service Provider business and Emerging Markets after three consecutive quarters of growth, the balance of the business was healthy with 5% order growth. This growth and balance demonstrates the strength of our diverse portfolio. Our product deferred revenue from software and subscriptions grew 33% showing the continued momentum of our business model transformation.”

Reports earlier this week had the networking giant cutting as much as 14,000 jobs. Others have speculated Cisco would make a sizable cut in its workforce this year giving its growing stable of acquisitions and its shifting software emphasis. Cisco has acquired 15 companies under CEO Chuck Robbins tenure, which is now early into its second year.

Most recently the company bought cloud security firm CloudLock; other cloud-based technology from Synata; network semiconductor technology from Leaba and Software as a Service (SaaS) provider Jasper.

In recent history– the year end earnings report — hasn’t been kind to Cisco employees. The company has laid off a little over 11,000 employees total in late summer reductions since 2012.

Apple totally fixes serious flaw in AirPort wireless routers

Apple has released firmware updates for its AirPort wireless base stations in order to fix a vulnerability that could put the devices at risk of hacking.

According to Apple security, the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.

The AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS can be used to install the new firmware versions on AirPort devices, the company said in an advisory.

As is typical for Apple security announcements, the company did not release details about possible exploitation scenarios and did not assign a severity rating for the flaw. However “arbitrary code execution,” especially through a remote vector like DNS, is as bad as it can possibly get for a vulnerability.

What is not clear is whether the data parsing issue is in the DNS server or DNS client functionality.

A router like AirPort can serve as a local DNS resolver for devices on a network. This means that it receives DNS queries from computers and passes those queries upstream through the global Internet DNS chain.

The company released firmware updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n Wi-Fi, as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Wi-Fi.

 

On the other hand, routers also act like DNS clients, asking other DNS servers on the Internet to resolve host names.

 

Another unknown is the privilege with which attackers would execute malicious code if this flaw is successfully exploited. If the code is executed under the root account, it could lead to a full device compromise.

By controlling an AirPort device, attackers could launch various attacks against local network computers. They could hijack search queries, insert rogue ads into Web pages and even direct users to malicious websites when they try to access legitimate ones.

If the error is in the parsing of queries received from LAN computers, it would limit the attack to the local network. Whereas, if the flaw is in the parsing of DNS responses, it could be exploited remotely.

When a DNS client asks a server to resolve a domain name, the query is eventually passed to one of the Internet’s 13 so-called root DNS servers — in reality clusters of servers. Those servers indicate the authoritative DNS server for the queried domain name and it’s that authoritative server that replies with the requested information.

Attackers could register rogue domain names and configure the authoritative DNS server for them to respond with specifically crafted data that would exploit the flaw. They would then have to trick a computer from behind an AirPort router to send a DNS query for one of their domain names, for example by tricking a user to click on a link.

Giving the potentially serious impact of this vulnerability and the fact that DNS is a critical service that can’t be easily disabled, users are advised to install the updated firmware as soon as possible.

Flaws Shows Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices.

The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router.

While exploiting the buffer overflows requires attackers to have an authenticated session in the device’s Web-based interface, the XSS flaw can be triggered by tricking authenticated users to click on specifically crafted URLs.

“A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information,” Cisco said in an advisory.

Cisco Systems warned about the vulnerability in a security advisory Wednesday, but no patches are yet available. The company plans to release firmware updates that will address this flaw on affected models sometime in the third quarter of 2016.

The XSS flaw makes it difficult for users to find a mitigation strategy in the absence of patches, because it can be combined with the other vulnerabilities. For example, if users disable external management in their devices in order to protect them from the critical vulnerability, the devices will still be exposed through the cross-site scripting flaw.

It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.

Worse yet, this is not the only unpatched vulnerability that exists in these three Cisco devices. The company also warned of a medium-severity, cross-site scripting (XSS) flaw and two medium-risk buffer overflows that could result in denial-of-service conditions.

 

FCC emphasizes that users of authorized wireless gear must obey rules

Just because your wireless equipment is authorized for use by the FCC doesn’t mean you can do whatever the heck you please with it, according to an enforcement advisory issued by the commission just before the long weekend (see the entire warning below).

“Authorized equipment must be used in a manner that complies with federal law and the Commission’s rules,” reads the advisory, in part.

Other examples include using broadcast transmitters to run pirate radio stations and using authorized wireless routers on unauthorized channels at disallowed power levels.

One longtime wireless industry expert, who asked not to be named, says www.gina-shop.com“the examples they give, along with some recent enforcement activities, say it all.  They keep running across people and organizations who are using legitimate functions of wireless devices in ways that are inconsistent with the regs.  Said people and organizations then try to make the claim that if the function works at all, it must be consistent with the regs.”

In other words, the expert says, the Enforcement Bureau is “telling people, in polite terms, ‘Ignorance is no excuse for breaking the law, so understand the regulations and don’t violate them.'”

 

In fining big hospitality outfits like Marriott and others tens or even hundreds of thousands of dollars for wrongdoing, the FCC has shown it isn’t messing around. It encourages those who suspect equipment is being misused to make note of it at the FCC’s new Consumer Complaint Data Center.

While the advisory might appear to be stating the obvious, an FCC spokesman elaborates that “the FCC’s Enforcement Bureau is taking proactive measures to decrease the number of complaints about the use of authorized equipment in a manner that is not compliant with their authorizations.  Reducing complaint volume helps us handle those that do come in in a timely manner. The issue is an ongoing, steady problem.”

One example of such rule-breaking is Wi-Fi hotspot blocking, in which organizations interfere with others’ rights to use shared spectrum, often in the name of security. As we documented in a Network World report earlier this year based on a Freedom of Information Act request for complaints filed about Wi-Fi blocking, the public continues to find fault with hotels, casinos and other organizations on this front.

 

FCC Enforcement Advisory

Apple Fixes Serious Flaw In AirPort Wireless Routers By Releasing Firmware Updates

Apple has released firmware updates for its AirPort wireless base stations in order to fix a vulnerability that could put the devices at risk of hacking.

The company released firmware updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n Wi-Fi, as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Wi-Fi.

According to Apple security, the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.

The AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS can be used to install the new firmware versions on AirPort devices, the company said in an advisory.

However “arbitrary code execution,” especially through a remote vector like DNS, is as bad as it can possibly get for a vulnerability.As is typical for Apple security announcements, the company did not release details about possible exploitation scenarios and did not assign a severity rating for the flaw.

What is not clear is whether the data parsing issue is in the DNS server or DNS client functionality.

A router like AirPort can serve as a local DNS resolver for devices on a network. This means that it receives DNS queries from computers and passes those queries upstream through the global Internet DNS chain.

On the other hand, routers also act like DNS clients, asking other DNS servers on the Internet to resolve host names.

If the error is in the parsing of queries received from LAN computers, it would limit the attack to the local network. Whereas, if the flaw is in the parsing of DNS responses, it could be exploited remotely.

When a DNS client asks a server to resolve a domain name, the query is eventually passed to one of the Internet’s 13 so-called root DNS servers — in reality clusters of servers. Those servers indicate the authoritative DNS server for the queried domain name and it’s that authoritative server that replies with the requested information.

Attackers could register rogue domain names and configure the authoritative DNS server for them to respond with specifically crafted data that would exploit the flaw. They would then have to trick a computer from behind an AirPort router to send a DNS query for one of their domain names, for example by tricking a user to click on a link.

Another unknown is the privilege with which attackers would execute malicious code if this flaw is successfully exploited. If the code is executed under the root account, it could lead to a full device compromise.

By controlling an AirPort device, attackers could launch various attacks against local network computers. They could hijack search queries, insert rogue ads into Web pages and even direct users to malicious websites when they try to access legitimate ones.

Giving the potentially serious impact of this vulnerability and the fact that DNS is a critical service that can’t be easily disabled, users are advised to install the updated firmware as soon as possible.

Flaws open Cisco small-business routers, firewalls to hacking

The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router.

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices.

It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.

The company plans to release firmware updates that will address this flaw on affected models sometime in the third quarter of 2016.Cisco Systems warned about the vulnerability in a security advisory Wednesday, but no patches are yet available.

Worse yet, this is not the only unpatched vulnerability that exists in these three Cisco devices. The company also warned of a medium-severity, cross-site scripting (XSS) flaw and two medium-risk buffer overflows that could result in denial-of-service conditions.

While exploiting the buffer overflows requires attackers to have an authenticated session in the device’s Web-based interface, the XSS flaw can be triggered by tricking authenticated users to click on specifically crafted URLs.

“A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information,” Cisco said in an advisory.

The XSS flaw makes it difficult for users to find a mitigation strategy in the absence of patches, because it can be combined with the other vulnerabilities. For example, if users disable external management in their devices in order to protect them from the critical vulnerability, the devices will still be exposed through the cross-site scripting flaw.