uncompiled.com

Cisco (NASDAQ: CSCO) today announced a major advancement in Internet networking — the Cisco® CRS-3 Carrier Routing System (CRS) — designed to serve as the foundation of the next-generation Internet and set the pace for the astonishing growth of video transmission, mobile devices and new online services through this decade and beyond.

With more than 12 times the traffic capacity of the nearest competing system, the Cisco CRS-3 is designed to transform the broadband communication and entertainment industry by accelerating the delivery of compelling new experiences for consumers, new revenue opportunities for service providers, and new ways to collaborate in the workplace.

Overview:

* The Cisco CRS-3 triples the capacity of its predecessor, the Cisco CRS-1 Carrier Routing System, with up to 322 Terabits per second, which enables the entire printed collection of the Library of Congress to be downloaded in just over one second; every man, woman and child in China to make a video call, simultaneously; and every motion picture ever created to be streamed in less than four minutes.

* The Cisco CRS-3 enables unified service delivery of Internet and cloud services with service intelligence spanning service provider Internet Protocol Next-Generation Networks (IP NGNs) and data center. The Cisco CRS-3 also provides unprecedented savings with investment protection for the nearly 5,000 Cisco CRS-1 deployed worldwide. Cisco’s cumulative investment in the Cisco CRS family is $1.6 billion, further underscoring the company’s commitment.

* AT&T, one of the world’s largest telecommunications companies, recently tested the Cisco CRS-3 in a successful completion of the world’s first field trial of 100-Gigabit backbone network technology, which took place in AT&T’s live network between New Orleans and Miami. The trial advances AT&T’s development of the next generation of backbone network technology that will support the network requirements for the growing number of advanced services offered by AT&T to consumer and business customers, both fixed and mobile.

* The Cisco CRS-3 is currently in field trials, and its pricing starts at $90,000 U.S.

Highlights and Capabilities for the Next-Generation Internet:

* Unmatched Scale: With a proven multi-chassis architecture, the Cisco CRS-3 can deliver up to 322 tbps of capacity, more than tripling the 92 tbps capacity of the Cisco CRS-1 and representing more than 12 times the capacity of any other core router in the industry.
* Unique Core and Data Center/Cloud Services Intelligence: In addition to capacity requirements, the growths of mobile and video applications are creating new multidirectional traffic patterns with the increasing emergence of the data center cloud. The new Cisco Data Center Services System provides tight linkages between the Cisco CRS-3, Cisco Nexus family and Cisco Unified Computing System (UCS) to enable unified service delivery of cloud services. This intelligence also includes carrier-grade IPv6 (CGv6) and core IP/MPLS technologies that permit new IP NGN architectural efficiencies required to keep pace with the rapidly growing cloud services market. Unique capabilities include:
o Network Positioning System (NPS) — provides Layers 3 to 7 application information for best path to content, improving consumer and business experiences while reducing costs.
o Cloud virtual private network (VPN) for Infrastructure as a Service (IaaS)-enables ‘pay-as-you-go’ for compute, storage and network resources by automating Cisco CRS-3 and Cisco Nexus Inter-Data center connections for Cisco UCS.
* Unprecedented Savings: The Cisco CRS-3 offers dramatic operational expense savings and up to 60 percent savings on power consumption compared to competitive platforms. The Cisco CRS-3 also delivers significant capital expenditures savings and investment protection for existing Cisco CRS-1 customers. The new capabilities in the platform can be achieved by reusing the existing chassis, route processors, fans and power systems with the addition of new line cards and fabric. These upgrades can be performed in-service and be provided by Cisco Services to ensure a smooth transition.
* Silicon Innovation: The Cisco CRS-3 is powered by the new Cisco QuantumFlow Array Processor, which unifies the combined power of six chips to work as one, enabling unprecedented levels of service capabilities and processing power. Making this implementation even more unique is its ability to deliver capabilities with a fraction of the power required by lesser performing chipsets. The Cisco QuantumFlow Array chipset was designed to provide the new system the ability to scale with the ever increasing demands being placed on the IP NGN by the many different applications and billions of devices being used by both businesses and consumers in the Zettabyte era.

Source

The development team behind secure shell server OpenSSH have released version 5.4, which includes a range of new functions and fixes a number of bugs in the previous version.

Following a transition period of more than 10 years, OpenSSH 5.4 finally disables, by default, the old SSH protocol version 1. The legacy SSH version, which is no longer considered secure, can still be used by adjusting the appropriate settings in the configuration file. Where certificates are used to authenticate users and computers, version 5.4 offers a new minimal OpenSSH format. Key pairs for users can be revoked using the new RevokedKeys option. Host keys can be revoked in the known_hosts file.

Using the -W switch and a host:port argument, OpenSSH 5.4 can be started in netcat mode, which connects a local computer’s standard input channel (stdio) to a port on a remote PC. The SFTP server, which carries out FTP-like file transfer, now protects file sharing settings from being overwritten (read-only mode) and can, if required, set explicit privileges when generating new files (umask) at the command line. The SFTP client now has tab completion for commands and paths and supports recursive get and put commands which allows entire file trees to be transferred between client and server.

Source

The Cloud Connect conference March 15-18 will feature leaders of the NoSQL movement speaking on how to handle large data sets in the cloud. The NoSQL movement and other cloud practitioners are likely to be out in force at the Cloud Connect 2010 conference March 15-18 in Santa Clara, Calif., one of the first major gatherings of the year on cloud computing.

One of the workshop instructors March 15 will be Dwight Merriman, CEO and co-founder of gen10 and the architect of the DoubleClick ad serving system, DART. DART is now serving billions of ads a day. Merriman will instruct a first day workshop on MongoDB and why it and other no-SQL systems, such as CouchDB and Hadoop, are preferable to traditional database systems for operations in the cloud.

MongoDB is a cluster or cloud-based data management system that does not rely on relational database principles. Cloud users try to get away from relational database for operations on large data sets because SQL queries tend to consume CPU cycles and “thrash the disk” as they pull data off it.

“NoSQL” systems work with data in memory, or upload chunks of data from many disks in parallel. 10gen is a New York-based company that sponsors the MongoDB open source project and provides commercial support for it.

Alistair Croll, an organizer of the event, said Merriman is one of several cloud computing professionals recruited to speak based on their credentials as “doers” in the cloud environment.

Another is Bradford Stephens, founder of Drawn to Scale, a firm which designs systems to deal with Web-sized masses of data. He will speak on “Introduction to Big Data and Storage at Scale” at 8:15-9:15 a.m. on March 18. His co-speaker will be Florian Leibert, software engineer, research, at Twitter.

The topic “Processing Big Data” at 9:30 a.m. March 18 will feature Chris Wensel, CTO and founder of Concurrent, a supplier of tools for creating applications that execute on parallel computing clusters, and Nathan Marz, lead engineer for BackType.com, a Web site that searches blogs and social networking sites for particular topics of discussion.

“Learning from Big Data with Scalable Analytics” will be the topic of a talk at 10:45 a.m. March 18 given by Michael Driscoll, founder of Dataspora, a firm producing software for data analytics and visualization, and Ted Dunning, CTO of Deepdyve, an aggregator of medical knowledge.

The Cloud Connect conference at the Santa Clara Convention Center is organized by TechWeb and is billed as bringing cloud computing stakeholders together in one event.

“These are the people who are the experts in a given domain, the guy who wrote the thing or the guy who invented it, ” said Croll. There will be many cloud computing vendors both on the show floor and in the ranks of speakers, but Croll said the conference was seeking to make their presentations “non-partisan” and focused on their subject expertise.

Source

Brocade’s “man-on-the-street” survey at this week’s RSA conference in San Francisco, revealed that 47 percent of respondents believe their network security solutions are less than 25 percent effective in thwarting security threats. Given the frequency of new attacks on networks every day, it’s clear IT security professionals aren’t feeling prepared.

Of those polled, nearly 20 percent of those surveyed believe their company’s security policies that deal with threats or data leaks are not being enforced effectively, while 80 percent believe the policies are only being “somewhat enforced.” Therefore, regardless of how ironclad a company’s security policies are, enforcing them 100 percent of the time is impossible and can expose a company to outside threats unnecessarily.

When asked about sources of security threats and breaches, 48 percent of those polled identified individuals within their organization providing or selling sensitive information to competitive companies as their most serious security concern; this was followed by concerns about threats posed by foreign governments (15%) and hacking attacks by cyber criminals (10%). Despite the constant threat of foreign entities and governments infiltrating U.S. companies that have made headlines, most security executives’ fears are overwhelmingly focused on internal competitive threats vs. a malicious foreign attack.

Another interesting finding revealed that nearly 40 percent of those surveyed felt background checks on employees were ineffective in determining if that person could be a potential spy for a competitor or foreign government.

The survey polled 144 conference attendees that are involved in the IT security decision making process within a wide variety of industries including networking manufacturing, education, software, healthcare, telecommunications, government and finance.

Source

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it.

Schmidt’s official title is cyber-security coordinator at the White House, a job he took over just before Christmas. Schmidt has no budgetary authority, but he said that doesn’t make him powerless, because his office is in the White House. He’s been there before as an adviser to President George W. Bush, and he’s been the president and board member of countless security associations.

One of his first moves in his new job was to publish an unclassified summary of the country’s 12-point cybersecurity plan, known as the Comprehensive National Cybersecurity Initiative, a move toward transparency that he announced Monday as the keynote speaker at the world’s premier security conference.

That plan was first formulated under a veil of secrecy in January 2008 by President Bush. He was prompted in no small part by McConnell, who was director of national intelligence and reportedly convinced the president that a cyberattack could cause more economic damage to the United States than the 9/11 terrorist attacks.

Much of the authority and the funds under that initiative fell to the National Security Agency, the military’s premier spying agency that also has responsibility for locking down the government’s classified networks. Not surprisingly, McConnell, as DNI, held power over the NSA.

McConnell rejoined Booz Allen Hamilton, a defense contractor who made more than $4 billion in 2008, mostly in government contracts, including secret ones. A former NSA director, McConnell now servers as the vice president for national security business at Booz Allen Hamilton. It was recently acquired by the powerful and politically connected Carlyle Group, the world’s largest private equity whose advisers and board members have included George Bush, George W. Bush, James Baker and former SEC chief Arthur Levitt.

In an op-ed in the Washington Post last weekend, McConnell called for a re-engineering of the internet and a return to a Cold War mentality of deterrence, based on the threat that the United States would massively retaliate against any perceived attack.

“More specifically, we need to re-engineer the internet to make attribution, geolocation, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable,” McConnell wrote.

Threat Level rebutted that notion Monday, in a post that called McConnell the greatest threat to the internet.

For his part, Schmidt said no re-engineering of the internet is in the plans under the Obama administration. And he re-emphasized the president’s promise — delivered in a May speech addressing cybersecurity — that the government would not monitor the internet at large.

“People have to recognize that when we close the door and go home, we are just normal netizens like anyone else,” Schmidt said. “I’ve been in the internet from the very beginning. We don’t want to see it changed to where it is no longer available and we don’t have the ability to do things anonymously as we choose to in certain realms.”

“But we also need to do our financial transactions securely and you need to be able to file your story online in a manner so that by the time you upload it, it doesn’t say ‘At noon, today San Francisco had a terrible earthquake’ when that didn’t happen,” Schmidt added.

But that commitment to keep the government’s monitoring equipment out of the commercial internet seems belied by a CNET interview at RSA with a Homeland Security cybersecurity official, who said that DHS was considering installing its classified “Einstein 3″ security technology to non-government infrastructure.

Cyberwar advocates make their case for this in part by pointing to high-profile stories that hackers have penetrated the grid and, in some cases, caused massive blackouts including the 2003 cascading failure in the Northeast that affected some 50 million citizens. Those stories (on 60 Minutes, in the Wall Street Journal and the National Journal), relied nearly exclusively on anonymous defense intelligence officials or contractors, and are often easily debunked.

Schmidt said it’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. He’s never heard that the grid itself has been hacked.

“As for getting into the power grid, I can’t see that that’s realistic,” Schmidt said.

There’s been much ink spilled in recent years over the turf battles in D.C. over whether the NSA (representing the military) or DHS (on the civilian side) takes the lead role in cybersecurity.

Rod Beckstrom, now the president of the International Corporation for Assigned Names and Numbers, resigned from his role heading cybersecurity for DHS last spring. He protested that the NSA was encroaching too far, and that the job of protecting non-military government websites should be handled by civilians — especially as the government pushes citizens to use those websites for more and more business.

But Schmidt said he hasn’t run into that problem and said government agencies are working together.

“I haven’t seen that tension,” Schmidt said.

As for which will take the cybersecurity lead, Schmidt simply says it’s a shared effort.

But that’s a very thorny issue — one that has dogged the government’s intrusion protection system Einstein and its successors, Einstein 2 and 3.

Why should U.S. citizens trust cybersecurity to the NSA? Under President Bush, it secretly turned its powerful spying apparatus inward in violation of U.S. law and its longstanding mantra to never spy on citizens.

Schmidt counters that the NSA has long had the job of protecting classified computers and has already become a participant in the wider security community. Among other things, it offers advice on how to secure computer systems, such as Linux and Windows. And more important, Schmidt said, the president maintains the NSA has to obey limits.

“When your boss, in our case the president, tells an agency not to do something and here are the controls put in place and here is the coordination put into place, that’s a pretty big commitment,” Schmidt said.

As for his priorities, Schmidt says education, information sharing and better defense systems rank high.

That includes efforts to train more security professionals and have the government share more information with the private sector — including the NSA’s defensive side.

“One thing we are looking at is how do make sure that the private sector has the information it needs from the government,” Schmidt said, referring to what he called “some of the unique visibility the government has from the attacks on our systems.”

The government must also be active in reducing its own vulnerabilities, according to Schmidt.

“We can’t sit there and be waiting for the next intrusion attempts to take place,” Schmidt said. “We need to become stronger in what we are doing so we are better able to resist the things that are being thrown at us.”

Schmidt, who has held cybersecurity positions inside the Air Force, the FBI and Microsoft, mentioned he’s part of a Facebook group of Wired magazine collectors. The oldest one he has, he said, had co-founder of the Electronic Frontier Foundation John Perry Barlow on the cover. Though the irascible Barlow never made the cover (other than a mock-up of the first edition), Schmidt could have been referring to Issue 2.04 which included a promo for an essay from Barlow.

Fittingly, that essay – about the failed effort to mandate government-accessible backdoors in encryption technology, was entitled “Jackboots on the Infobahn.”

Source

Abstract

This document contains a security assessment of the IETF
specifications of the Internet Protocol version 4, and of a number of
mechanisms and policies in use by popular IPv4 implementations. It
is based on the results of a project carried out by the UK’s Centre
for the Protection of National Infrastructure (CPNI).

Status of this Memo

This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as “work in progress.”

The list of current Internet-Drafts can be accessed at

http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at

http://www.ietf.org/shadow.html.

This Internet-Draft will expire on August 24, 2010.

Source

An update which fixes around 40 bugs is available for the PHP 5.2 development branch. Version 5.2.13 comes highly recommended for all PHP 5.2.x users, as it includes a number of security-related fixes. These include a bug when validating the safe_mode configuration variable in the tempnam() function which arises when the path does not end in /). An open_basedir/safe_mode bypass vulnerability in the session extension has also been fixed.

More details about the release, including other significant changes, can be found in the release announcement and change log. PHP 5.2.13 is available to download from the project’s site.

The current PHP development branch is PHP 5.3, for which version 5.3.1 has been available since November 2009. A third release candidate for PHP 5.3.2 was released on the 23rd of February.

Source

Cryptome, the whistleblower site that serves as a repository for “documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance”, has been taken down on Wednesday afternoon by its hosting provider, Network Solutions, which also had the domain “legally locked”.

What it means is that domain information can’t be modified and the domain name transferred – only the registration can be renewed. This action from Network solutions was motivated by a Digital Millennium Copyright Act (DMCA) complaint filed by Microsoft against Cryptonome and its owners, regarding the publication of their Global Criminal Compliance Handbook, a document that reveals to users things that Microsoft would not like to become common knowledge.

In it you can find information about what records are retained and for how long, and what information can and will be given to law enforcement and intelligence agencies if requested by subpoena. Microsoft is not the only company whose “spy guide” has been published by Cryptome, but it’s apparently the one with the most clout.

ReadWriteWeb reports that once the complaint was filed and they requested of Paul Young, one of the owners of Cryptome, to take the document off the website, he refused. So the ISP intervened with a warning that said that if the document wasn’t removed by Thursday, they would disable the site. And so they did – one day before the imposed deadline.

In the complaint, Microsoft states as the reason for their request an infringement of copyright laws. The Electronic Frontier Foundation (EFF), the well-known international digital rights watchdog group, spoke up: “We find it troubling that copyright law is being invoked here. Microsoft doesn’t sell this manual. There’s no market for this work. It’s not a copyright issue. John’s copying of it is fair use. We don’t do this anywhere else in speech law.”

Cryptome has been active since 1996, and this is the first time that someone has succeeded in their mission to shut it down. Young has filed a counter-notification, and we probably won’t have to wait long for the next installment of this story. If Microsoft doesn’t forward a notice of litigation, Network Solutions will reactivate the Website and unlock the domain in no more than 14 business days. In the meantime, the website is temporarily available here.

If you want to read Microsoft’s “spy guide”, you can download it at Wikileaks, who has also offered to to host Cryptome on their multi-jurisdictional network-outside the US.

Source

The web site cryptome.org is currently online at http://cryptomeorg.siteprotect.net/ until the domain can be transferred away from Network Solutions. The following is from the temporary site:

This is temporary Cryptome address until the Cryptome.org domain is transferred. Network Solutions shut Cryptome.org and has placed a “legal lock” on the domain name, preventing its transfer, until the “dispute” is settled. Some recent files are available now and the full collection is being transferred.

In a US Senate Committee on Commerce, Science and Transportation hearing, security experts have expressed extreme concern about US defences against cyber-attacks. Former vice-admiral and head of National Intelligence Michael McConnell even went as far as claimingPDF that the US would be on the losing side should a hostile power launch a cyber war against it. This is not, according to McConnell, because US security staff are less talented or because its technology is inferior, but rather the US is vulnerable because it is the best networked country – for which reason it also has the most to lose.

It is precisely this state of affairs which the recently passed Cybersecurity Enhancement Act of 2009 is intended to resolve. It aims to ensure, by means of training, research and better coordination, that the government and government agencies are better protected against attacks originating from cyberspace. The Act still has to pass through the US Senate.

James Lewis of the Center for Strategic and International Studies (CSIS) also emphasisedPDF US vulnerability to attacks. According to Lewis, it is known that countries such as China and Russia are already carrying out espionage to determine how they can disable the US electricity grid. He believes that they and other countries are now in a position to be able to knock out the electricity grid in the event, for example, of a conflict over Taiwan or Georgia. However he thinks that it unlikely that China or Russia would go down this route, as it would be too great a risk politically, comparable to bombing a power plant, and would trigger a vigorous US reaction. In addition, he notes, even hostile states would suffer should, for example, Wall Street be knocked out.

However Lewis plays down concerns about terrorist attacks, saying that If terrorists were really in a position to carry out cyber-attacks, they would already have done so. The belief that they are in a position to do so, but have so far held back for whatever reason is “ridiculous”. Terrorists are, in his opinion, crazy people. Lewis warns that this situation could change if hostile powers were to provide terrorists with the requisite knowledge and skills. Lewis feels that at present, neither China nor Russia would cooperate with extremists.

Nonetheless, the US and the US economy is already being bled by constant small-scale cyber-attacks. According to Lewis, theft of important information and attacks by cyber-criminals are already doing immense damage to both business and government. If no action is taken, the patient will, Lewis told the hearing, eventually bleed to death – therefore he considers passage of the Act to be an urgent necessity.

Source