MojoKid writes: AMD is adding a new family of Opterons to its enterprise processor line-up today called the Opteron A1100 series. Unlike AMD's previous enterprise offerings, however, these new additions are packing ARM-based processor cores, not the X86 cores AMD has been producing for years. The Opteron A1100 series is designed for a variety of use cases and applications, including networking, storage, dense and power-efficient web serving, and 64-bit ARM software development. The new family was formerly codenamed "Seattle" and it represents the first 64-bit ARM Cortex-A57-based platform from AMD. AMD Opteron A1100 Series chips will pack up to eight 64-bit ARM Cortex-A57 cores with up to 4MB of shared Level 2 and 8MB of shared Level 3 cache. They offer two 64-bit DDR3/DDR4 memory channels supporting speeds up to 1866 MHz with ECC and capacities up to 128GB, dual integrated 10Gb Ethernet network connections, 8-lanes of PCI-Express Gen 3 connectivity, and 14 SATA III ports. AMD is shipping to a number of software and hardware partners now with development systems already available.

An anonymous reader writes: Spamhaus, an international non-profit organization that hunts down spammers, is accusing Verizon of indifference and facilitation of cybercrime because it failed for the past six months to take down stolen IP routes hosted on its network from where spam emails originated. Spamhaus detected over 4 million IP addresses, mainly stolen from China and Korea, and routed on Verizon's servers with forged paperwork. Spamhaus says, "For a start, it seems very strange that a large US-based ISP can be so easily convinced by abusers to route huge IP address blocks assigned to entities in the Asian-Pacific area. Such blocks are not something that can go unnoticed in the noise of everyday activity. They are very anomalous, and should call for an immediate accurate verification of the customer. Internal vetting processes at large ISPs should easily catch situations so far from normality."

An anonymous reader writes: The IT community was shaken a few weeks ago when Juniper Networks firewalls were found to contain "unauthorized code" that seemed to enable a backdoor. Now, Fortinet firewalls have been found to contain an apparent SSH backdoor as well. "According to the exploit code, the undisclosed authentication works on versions 4.3 up to 5.0.7. If correct, the surreptitious access method was active in FortiOS versions current in the 2013 and 2014 time frame and possibly earlier, based on this rough release history. The weakness was eventually patched, but so far, researchers have been unable to locate a security advisory that disclosed the alternative authentication method or the hard-coded password." A spokesperson for Fortinet told El Reg, "This was not a 'backdoor' vulnerability issue but rather a management authentication issue."

An anonymous reader writes: OAuth 2.0 is one of the most used single sign-on systems on the web: it is used by Facebook, Google, Microsoft, GitHub and other big Internet companies. A group of researchers from University of Trier, Germany, have performed the first formal security analysis of the OAuth 2.0 standard, and have discovered two previously unknown attacks that could be mounted to break authorization and authentication in OAuth. However, says the article, "[w]ith these problems solved, the researchers ultimately concluded that OAuth 2.0 is secure enough to provide both authorization and authentication -- if implemented correctly."

An anonymous reader writes: The X.Org domain predates the X.Org Foundation. It was used in the '90s as a destination by The Open Group around the X Window System. While many are expecting Mir and Wayland to eventually succeed the X.Org Server, it seems the X.Org/X11 Server may outlive the valuable domain. Thanks to poor management by the X.Org Foundation, they risk losing access to their one-letter domain. Procrastination, paired with not transferring the domain when forming the non-profit foundation, has led to a last-minute mess. They left the domain registered for years to a person who is no longer involved with X.Org — and doesn't want to relinquish it. In the few days until the domain expires, they are hoping for a "Hail Mary." Let this be a lesson for open-source projects to better manage their assets.

lpress writes: Cuba has little Internet infrastructure, but they have a well-organized sneaker net called El Paquete Semanal (the weekly packet). El Paquete distributes a terabyte of digital entertainment nationwide every week using portable drives. The system is reliable and the organization is said to be Cuba's largest private employer, but it is technically illegal and the content is pirated. A legitimatized Paquete would save scarce Internet resources for other applications. El Paquete is also a possible model for other developing nations. Vox has a short documentary about the system.

For the entire careers of most practicing computer scientists, a fundamental observation has consistently held true: CPUs are significantly more performant and more expensive than I/O devices. The fact that CPUs can process data at extremely high rates, while simultaneously servicing multiple I/O devices, has had a sweeping impact on the design of both hardware and software for systems of all sizes, for pretty much as long as we've been building them. This assumption, however, is in the process of being completely invalidated.

An anonymous reader writes: IEEE researchers are proposing new standards for haptic codecs over software-defined 5G networks in order to achieve the ambitious 1ms latency and reliability required for the 'tactile internet'. It's a trivial consideration when hugging chickens over a network, more serious for applications of telesurgery, and a proposed leap in network quality that seems likely to yield benefits for general data streams as well.

An anonymous reader writes: Ars notes that the RFC for IPv6 was published just over 20 years ago, and the protocol has finally reached the 10% deployment milestone. This is an increase from ~6% a year ago. (The percentage of users varies over time, peaking on the weekends when most people are at home instead of work.) "If a 67 percent increase per year is the new normal, it'll take until summer 2020 until the entire world has IPv6 and we can all stop slicing and dicing our diminishing stashes of IPv4 addresses."

"A decade or so ago, it was still quite common for people to complain about certain IPv6 features, and proclaim the protocol would never catch on. Although part of that can be blamed on the conservative nature of network administrators, it's true that adopting IPv6 requires abandoning some long standing IPv4 practices. For instance, with IPv4, it's common to use Network Address Translation (NAT) so multiple devices can share the use on an IPv4 address. IPv6 has more than enough addresses to give each device its own, so there's no NAT in IPv6. The Internet is probably better off without NAT and the complications that it adds, but without NAT as a first but relatively porous line of defense against random packets coming in from the open Internet, it's necessary to be much more deliberate about which types of packets to accept and which to reject."

hol writes: Linode has been getting hit with DDoS attacks since Christmas Day, and it looks like their pain is set to continue. The attackers are rotating DDoS traffic through various regions of Linode's service. They say, "All of these attacks have occurred multiple times. Over the course of the last week, we have seen over 30 attacks of significant duration and impact. As we have found ways to mitigate these attacks, the vectors used inevitably change. As of this afternoon, we have mostly hardened ourselves against the above attack vectors, but we expect more to come. ... Once these attacks stop, we plan to share a complete technical explanation about what has been happening." See their status page for updates.

jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company? I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.

But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgment and zero action. So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.

I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely. This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect. So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions.

An anonymous reader writes: In the wake of the discovery of two backdoors on Juniper's NetScreen firewall devices, Cisco Systems has announced that they will be reviewing the software running on their devices, just in case. Anthony Grieco, a Senior Director of the Security and Trust Organization at Cisco, made sure to first point out that the popular networking equipment manufacturer has a "no backdoor" policy. According to Grieco, Although our normal practices should detect unauthorized software, we recognize that no process can eliminate all risk. Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience. The reviewers will be looking for backdoors, hardcoded or undocumented account credentials, covert communication channels and undocumented traffic diversions.

itwbennett writes: In a blog post on Rapid7's community portal Sunday, HD Moore posted some notes on the Juniper ScreenOS incident, notably that his team discovered the backdoor password that enables the Telnet and SSH bypass. Quoting: "Although most folks are more familiar with x86 than ARM, the ARM binaries are significantly easier to compare due to minimal changes in the compiler output. ... Once the binary is loaded, it helps to identify and tag common functions. Searching for the text "strcmp" finds a static string that is referenced in the sub_ED7D94 function. Looking at the strings output, we can see some interesting string references, including auth_admin_ssh_special and auth_admin_internal. ... The argument to the strcmp call is <<< %s(un='%s') = %u, which is the backdoor password, and was presumably chosen so that it would be mistaken for one of the many other debug format strings in the code. This password allows an attacker to bypass authentication through SSH and Telnet, as long as they know a valid username. If you want to test this issue by hand, telnet or ssh to a Netscreen device, specify a valid username, and the backdoor password. If the device is vulnerable, you should receive an interactive shell with the highest privileges."

An anonymous reader writes: Wine 1.8.0 is now the latest stable release of Wine Is Not An Emulator and available from WineHQ.org. Wine 1.8 features include support for DirectWrite, Direct2D support, very limited Direct3D 11 support, simple application support of DIrect3D 10, support for process jobs, 64-bit architecture support on OS X, networking updates, and over 13,000 other individual changes.

An anonymous reader writes: A month after temporarily blocking social media sites including Facebook and WhatsApp, the Bangladeshi government has now taken steps to take down online chat software Skype and social networking service Twitter. The decision came after a supreme court ruling which sentenced two opposition leaders to death, having found them guilty of crimes committed in the 1971 war of independence from Pakistan. The ruling rejected petitions to review the war criminals' death sentences. It divided the country, with many strongly protesting the decision. The social media ban is seen as a way to control any attempt at mass mobilization among dissidents.

mache writes: My cousin is finishing up a major remodel of his home in Houston and has installed video cameras for added security. At my suggestion, he wired up all the cameras to be on a separate VLAN that only uses wired Ethernet and has no WiFi access. Since the Houston police will only respond to security alarms if the monitoring company is viewing the crime in progress, he must arrange for the video feed to available to a security monitoring company. I told him that the feed should use VPN or some other encrypted tunneling technique as it travels the Internet to the monitoring company and we proceeded to try and find a company that supported those protocols. No one I have talked to understands the importance of securing a video feed and everyone so far blithely suggests that we just open a port on his home router. Its frustrating to see such willful ignorance about Internet security. Does anyone know of a security monitoring company that we can work with that has a clue?

An anonymous reader writes with word that MIT researchers "created an alternative to Tor, a network messaging system called Vuvuzela that pollutes the network with dummy data so the NSA won't know who's talking to who." Initial tests show the systems overhead adding a 44-second delay, but the network can work fine and preserve anonymity even it has more than 50% of servers compromised.

An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 more certificates issued for non-existent domains, also by Symantec, Google has now decided to ban Symantec's dodgy certificates from Android and Chrome. "Symantec has decided that this root will no longer comply with the CA/Browser Forum's Baseline Requirements," said Ryan Sleevi, Google Software Engineer. "As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products." Apparently Symantec hasn't been very careful of where and to whom it issues SSL certificates from a particular root branch.

andyring writes: Lincoln, Neb., in the heart of silicon prairie is getting gigabit fiber to every home and business in the next four years. It's a wet dream for anyone in the tech world. No install fees, no contracts, no modem rentals, guaranteed minimum of 100 mbit, no throttling, etc. It'll provide phone and TV as well. I've read the entire franchise agreement and it's a very good arrangement for the city. Interestingly enough, it's largely possible because back in the 1970s, a public works guy had the brilliant idea to install conduit to all the city's traffic signals. So there's more than 300 miles of conduit already installed and leasable. A local company, Nelnet, bought a western Nebraska company, Allo Communications, apparently because the top Nelnet guy couldn't get fiber to his home very easily. So he figured, heck, I'll just buy the company and get fiber to the whole city.

An anonymous reader writes: An article at TechDirt points out that AT&T's big fiber deployment project isn't yet adding up to much. They posted a press release last week saying how they've launched fiber internet in Los Angeles and West Palm Beach, and how they also plan to bring it to 38 other metro areas. But TechDirt notes a few parts they left out: "Nowhere does the company state when these connections will be delivered. Similarly nowhere does the company make clear that it's targeting mostly high-end housing developments where fiber is already in the ground, making costs negligible (the only way you could technically accomplish a deployment of this kind and magically have your CAPEX consistently drop). And while AT&T claims these improvements will reach 14 million residential and commercial locations, AT&T gives no timeline for this accomplishment. That means it could cherry pick a few hundred thousand University condos and housing developments per year and be wrapping up this not-so-epic fiber deployment by 2040 or so. "