As part of the demonstration, Cui inserted and removed a small external circuit board from the phone’s Ethernet port — a move he asserted could be accomplished by someone left alone inside a corporate office for a few seconds. He then used his own smartphone to capture every word spoken near the VoIP phone, even though it was still “on-hook.”
via Security Researcher Compromises Cisco VoIP Phones With Vulnerability – Dark Reading.
That trend, naturally, shows up in its full-year numbers. For fiscal 2012, Ciena generated revenues of $1.83 billion, up about 5 percent year-on-year, and a net loss of $144 million. Its full-year non-GAAP loss was 23.5 million, or 24 cents per share, slightly worse than Wall Street had expected.
Ciena’s not alone, of course, in feeling the effects of a shrinking optical market. (See Margin Misery for Alcatel-Lucent.)
FreedomPop is now also entering the home market, with a free home broadband product called FreedomPop Hub Burst that uses Clearwire WiMax, the company is announcing today. FreedomPop is now accepting orders and expects to ship its home modem next month. The service is faster than DSL but slower than cable. Stokols says the service will disrupt incumbents like Time Warner Cable, AT&T, Verizon and Comcast. Users get free service of 1 gigabyte per month but they can “earn” unlimited free access by adding friends to their network or participating in partner promotional offers. That amount of data is fine for 70% of users, says Stokols, the former CEO of digital video company Woo Media and vice president at British Telecom.
via FreedomPop Preps Open Wi-Fi, Launches Free Home Internet Challenging ISPs – Forbes.
ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.
via Security Hole in Samsung Smart TVs Could Allow Remote Spying | The Security Ledger.
A little short on details as I wondered how this could be done sitting behind a proper firewall.
Network administrators who do not appreciate this sort of hole in their firewall and are worried about abuse, are left with only one option – they have to block outgoing UDP traffic, or limit it to essential individual cases. UDP is not required for normal internet communication anyway – the web, e-mail and suchlike all use TCP. Streaming protocols may, however, encounter problems, as they often use UDP because of the reduced overhead.
via How Skype & Co. get round firewalls – The H Security: News and Features.
This may be a first. Bad webpage coding can often cause a browser to crash, but yesterday’s crash looks like something different: widespread crashing kicked off by a web service designed to help drive your browser.
As the culmination of ten years’ work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations.
via Samba – opening windows to a wider world.
Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments.
It is the second flight for this original X-37B spaceplane. The craft circled the planet for seven months in 2010. A second X-37B spacecraft spent more than a year in orbit.
Imgur’s API exposes the entire Imgur infrastructure via a standardized programmatic interface. Using Imgur’s API, you can do just about anything you can do on imgur.com, while using your programming language of choice.
The Imgur API is a RESTful API based on HTTP requests and XML or JSON responses. If you’re familiar with the APIs of Twitter, Amazon’s S3, del.icio.us, or a host of other web services, you’ll feel right at home.
This version of the API, version 3, uses OAuth 2.0. This means that all requests will need to be encrypted and sent via SSL/TSL to https://. It also means that you need to register your application, even if you aren’t allowing users to login.
Staff examined hundreds of apps for children and looked at disclosures and links on each app’s promotion page in the app store, on the app developer’s website, and within the app. According to the report, “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data. Even more troubling, the results showed that many of the apps shared certain information with third parties – such as device ID, geolocation, or phone number – without disclosing that fact to parents. Further, a number of apps contained interactive features – such as advertising, the ability to make in-app purchases, and links to social media – without disclosing these features to parents prior to download.”