OpenFlow Inventor Martin Casado on SDN, VMware and Software Defined Networking Hype

Posted on by

Casado noted that the term SDN was coined in 2009, and at the time, it did mean something fairly specific.

“Now it is just being used as a general term for networking, like all networking is SDN,” Casado said. “SDN is now just an umbrella term for cool stuff in networking.”

via OpenFlow Inventor Martin Casado on SDN, VMware and Software Defined Networking Hype [VIDEO].

I wondered this after seeing almost every other article in networking blogs like Light Reading with SDN in the title.  Click out the sdn tag to see all that made it here.

Possible Exploit Vector for DarkLeech Compromises

Posted on by

The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username field, successful attackers are able to bypass authentication and upload files to the targeted server. These types of attacks could be one avenue used in the DarkLeech compromises. Although not as common as the Plesk remote access vulnerability (CVE-2012-1557) described in the report, it does appear that this vulnerability is being actively exploited. 

via Possible Exploit Vector for DarkLeech Compromises.

How Facebook Built Natural Language into Graph Search

Posted on by

The engineers used a weighted context-free grammar (WCFG) to represent Graph Search’s query language. Think of a tree, with the root or base as the “Start” of a particular query. Facebook calls this the “parse tree,” and the various “limbs” branching from the root include verbs, objects, etc. The “leaves” at the top are the terminal symbols, or entities such as users, cities, employers, groups, and the phrases that link those entities together. It’s perhaps easier to diagram than explain:

via How Facebook Built Natural Language into Graph Search.

Time To Set Up That Honeypot

Posted on by

Still not sure where to start? Take a look at the Active Defense Harbinger Distribution (ADHD) project, which is part of the Samurai family of Linux-based LiveCD distributions. ADHD provides a bootable ISO that contains the two previously mentioned tools and many others that are specifically focused on providing early warning detection of attacker activity. Some of those are more geared toward alerting, because, technically, no computers should be communicating with the honeypot so all traffic has the potential to be considered malicious.

via Tech Insight: Time To Set Up That Honeypot — Dark Reading.

Rambler Takes Home The Disrupt NY 2013 Hackathon Grand Prize, Learn To Drive And Radical Are Runners Up

Posted on by

Rambler, created by William Hockey, Zach Perret and Michael Kelly, is a web app that lets users view their credit and debit card transactions on a map. During the dev process, the team tapped the Foursquare API for locations and the Plaid API to access user spending data.

via Rambler Takes Home The Disrupt NY 2013 Hackathon Grand Prize, Learn To Drive And Radical Are Runners Up | TechCrunch.

This is an interesting science project.  The security implications however would cause me to steer clear of this app entirely.  I don’t understand what benefit anyone would gain from using this app and this is the grand prize winner.

Here’s another one

After 24 hours of hard work at the Disrupt NY Hackathon, Michael Kolodny, Jingen Lin and Ricardo Falletti demoed us HangoutLater, a nifty hack built on top of the Foursquare API. When you check in and a friend is close to you, it will ask you if you want to hang out later. Then, it will automatically find you a central location to meet.

If they’re that close to you why not just talk to them the old fashioned way?  And my favorite:

A project at our Disrupt Hackathon called “Bar Power” is an app that will remind you to “not be a douchebag.” It’s somewhat of a game, walking you through nice things to do when you enter a bar. For example, the app will suggest that you say “hi” to the bartender and introduce yourself. If you do it and mark it down in the app, you get some karma points.

Perhaps they should consider a little less coding/hacking and a little more focus on requirements.  My favorite comment about the above app:

BREAKING: Yahoo just acquired it for $300 million.

EVE Online | Stories From The First Decade

Posted on by

The decade of history of EVE Online is unique. It has its heroes, scoundrels, heists and intrigue. Unlike other games, those are not stories written by developers and acted out by NPCs. They are true stories about the actions of the players that inhabit this world.

via EVE Online | Stories From The First Decade.

Go to this site and read some stories.  This game has always amazed me with the news it generates through the stories it has produced throughout the years.   I find games like this very complicated.  The stories do read like a novel or possible screenplay.

Wolfram Alpha Drills Deep into Facebook Data

Posted on by

At this year’s South by Southwest (SXSW) conference in Austin, Texas, Wolfram Alpha creator Stephen Wolfram offered up some interesting details about his computational engine. Wolfram Alpha contains more than 10 trillion pieces of data cultivated from primary sources, along with tens of thousands of algorithms and equations. Solving complex math problems is one of the system’s key abilities.

via Wolfram Alpha Drills Deep into Facebook Data.

More information from Data Science of the Facebook World

Some of this is rather depressingly stereotypical. And most of it isn’t terribly surprising to anyone who’s known a reasonable diversity of people of different ages. But what to me is remarkable is how we can see everything laid out in such quantitative detail in the pictures above—kind of a signature of people’s thinking as they go through life.

LivingSocial Hacked — More Than 50 Million Customers Impacted

Posted on by

The hack includes customer names, emails, birthdates and encrypted passwords.

via LivingSocial Hacked — More Than 50 Million Customers Impacted – Kara Swisher – Commerce – AllThingsD.

I’d like to read a post mortum on this.  Knowing names and emails will allow for more precise phishing attacks against those 50 million customers.  Hopefully people know to lie about their birthday and if this attack was caught fast enough the bad guys might not have had time to decrypt the encrypted passwords to exploit the accounts.

One positive note in a not-so-positive situation: The email sent to employees and customers noted that neither customer credit card nor merchant financial information was accessed in the cyber attack.

Pinging the Whole Internet Reveals Unsecured Backdoors That Could Tempt Hackers and Cyber Criminals

Posted on by

Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could to let anyone take control of them.

via Pinging the Whole Internet Reveals Unsecured Backdoors That Could Tempt Hackers and Cyber Criminals | MIT Technology Review.

Help Stop 1-800-CONTACTS from Abusing Patents to Squelch Competition

Posted on by

1-800-CONTACTS also protests that there is nothing “scandalous” about its CEO visiting Ditto’s site to check out its product. We agree. There is certainly nothing wrong with keeping tabs on the competition. What we do think is scandalous, however, is what the company did next. After checking out Ditto’s product, 1-800-CONTACTS apparently went out and purchased a patent in order to sue its competitor.

via UPDATED: Help Stop 1-800-CONTACTS from Abusing Patents to Squelch Competition | Electronic Frontier Foundation.