Open vSwitch Fall Conference

Open vSwitch Fall Conference

http://ift.tt/2yTesRy

The Open vSwitch team will host our fourth annual conference focused on Open vSwitch and OVN on November 16 and 17, 2017, to be held at the Club Auto Sport, San Jose.

Learn more

Event Title: 
Open vSwitch Fall Conference
27 Oct

Security News

via Linux.com | The source for Linux information http://ift.tt/1Wf4iBh

October 27, 2017 at 05:03PM

Appeals Court Grills Cox and BMG in Piracy Liability Case

Appeals Court Grills Cox and BMG in Piracy Liability Case

http://ift.tt/2gPI0uP

December 2015, a Virginia federal jury ruled that Internet provider Cox Communications was responsible for the copyright infringements of its subscribers.

The ISP was found guilty of willful contributory copyright infringement and ordered to pay music publisher BMG Rights Management $25 million in damages.

Cox swiftly filed its appeal arguing that the district court made several errors that may ultimately restrict the public’s access to Internet services.

This week the Court of Appeals for the Fourth Circuit heard oral argument from both sides, which turned out to be an interesting exercise. The panel of judges Motz, Shedd, and Wynn grilled of both attorneys in an effort to distill the crucial arguments.

Cox attorney Michael Elkin was first up. Among other things, he stressed that Cox didn’t have actual and sufficient knowledge of the claimed infringements.

While BMG uncovered internal Cox emails discussing how frequent offenders were kept on board, these were not specifically discussing BMG infringed works, he argues. However, Judge Wynn stressed that the emails in question did discuss Cox’s policy of not disconnecting infringers.

“But they’re talking about the general abuse department in terms of, where we get these things, this is what we’re going to do with them because we don’t want to lose customers. I mean, it’s the same thing,” he said.

It’s also clear that BMG sent over a million takedown notices to Cox. However, since these were not the ones referenced in the company’s internal emails, these are irrelevant when it comes to the company’s liability for alleged contributory infringement, Cox’s attorney noted.

The back and forth over various issues became rather lively up to a point where Elkin was asked to stop interrupting. “When a judge speaks, you have to be quiet,” Judge Shedd said.

BMG attorney Michael Allan was next in line to present his arguments, which were also carefully dissected by the judges. The attorney stressed that in addition to the takedown notices, BMG provided Cox with a wealth of information on the alleged infringers.

He explained that they sent 1.8 million takedown notices to Cox. When asked what the Internet provider should do with all these notices, Allan mentioned the dashboard they made available, which would help the ISP to check all claims.

“We also provided them with a dashboard. It’s a searchable website that they can search by most egregious repeat infringer, they can pull up every single piece of information we’ve ever provided to them, and they can play the actual songs that were downloaded,” BMG’s attorney said.

Judge Wynn, however, questioned whether the ISP’s abuse department would listen to thousands of infringing songs.

“An internet service provider is going to receive 20,000 of these things per day, 1.8 million a year, or whatever, I don’t care. And they’re going to start playing songs and things like that to see if it’s going on?

“You think that’s where this case is going to go?” Wynn added.

The judges then moved on to the repeat infringer question. An important question asked, was what a ‘repeat infringer’ actually is. BMG’s attorney described this as “someone who repeatedly infringes copyright,” but that wasn’t enough.

“How does somebody know a third party is an infringer? ‘Cause you say so?” Judge Shedd asked.

Cox, for example, sees a repeat infringer as someone who has been previously adjudicated, not someone who has received several takedown notices. Eventually, all had to admit that a repeat infringer is not clearly defined in the DMCA.

Judge Wynn then moved on to highlight another peculiarity. While this case deals with Cox’s failure to implement a repeat infringer policy, this legal requirement by itself is rather meaningless. Even when subscribers are disconnected, they can still join another ISP or come back to Cox after a few months, which makes it pointless.

“As Judge Motz indicated it’s not a perfect solution,” BMG’s lawyer commented.

“It’s not even a good one,” Judge Wynn added.

Another controversial topic that came up is the fact that Cox refused to pass on BMG’s demands because the ISP saw the included settlement demands as extortion. While BMG’s attorney tried to downplay the money issue, Judge Shedd made it very clear what this case is actually about.

“[The DMCA notice] says: you are infringing, you can go to this website and click and pay us $20 or $30. If not, you’re looking at a $150,000 fine. It was about collecting money. We don’t dance around that do we?” Shedd said.

Both Cox and BMG ultimately wanted money from the allegedly infringing subscribers, who might now face an even bigger threat.

“You have two corporations fighting over money, which may be justified. But the net effect of this battle is going to be up against another policy, which is, I think it is the policy, that people should have access to the Internet,” Judge Shedd said.

While the case can still go either way, the oral hearing suggests that the panel of judges is not putting too much weight on the notices sent by BMG. The internal emails from Cox appear to be the key part. Still, we’ll have to wait for the full opinion to see if that’s really true.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security News

via TorrentFreak http://ift.tt/JHJIUI

October 27, 2017 at 05:00PM

Fear the Reaper, or Reaper Madness?

Fear the Reaper, or Reaper Madness?

http://ift.tt/2zdlJyy

Last week we looked at reports from China and Israel about a new “Internet of Things” malware strain called “Reaper” that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs). Now some botnet experts are calling on people to stop the “Reaper Madness,” saying the actual number of IoT devices infected with Reaper right now is much smaller.

Arbor Networks said it believes the size of the Reaper botnet currently fluctuates between 10,000 and 20,000 bots total. Arbor notes that this can change any time.

Reaper was based in part on “Mirai,” IoT malware code designed to knock Web sites offline in high-powered data floods, and an IoT malware strain that powered most of the largest cyberattacks of the past year. So it’s worrisome to think someone may have just built an army of a million IoT drones that could be used in crippling, coordinated assaults capable of wiping most networks offline.

If criminals haven’t yet built a million-strong botnet using the current pool of vulnerable devices, they certainly have the capacity to do so.

“An additional 2 million hosts have been identified by the botnet scanners as potential Reaper nodes, but have not been subsumed into the botnet,” Arbor’s ASERT team wrote, explaining that the coders may have intentionally slowed the how quickly the malware can spread to keep it quiet and under the radar.

Arbor says Reaper is likely being built to serve as the machine powering a giant attack-for-hire service known as a “booter” or “stresser” service.

“Our current assessment of Reaper is that it is likely intended for use as a booter/stresser service primarily serving the intra-China DDoS-for-hire market,” Arbor wrote. “Reaper appears to be a product of the Chinese criminal underground; some of the general Reaper code is based on the Mirai IoT malware, but it is not an outright Mirai clone.”

On Thursday I asked Israeli cybersecurity firm Check Point — the source of the one-million Reaper clones claim — about how they came up with the number of a million infected organizations.

Check Point said it knows of over 30,000 infected devices that scanned for additional vulnerable devices.

“We had a prism into these attacks from a data set that only contains a few hundreds of networks, out of which 60% were being scanned,” said Maya Horowitz, a group manager in the threat intelligence division of Check Point. “Thus we assume that the numbers globally are much higher, in at least 1 order of magnitude.”

Reaper borrows programming code from Mirai. But unlike Mirai, which infects systems after trying dozens of factory-default username and password combinations, Reaper targets nine security holes across a range of consumer and commercial products. About half of those vulnerabilities were discovered only in the past few months, and so a great many devices likely remain unpatched against Reaper.

Chinese cybersecurity firm Netlab 360, which published its own alert on Reaper shortly after Check Point’s advisory, issued a revised post on Oct. 25 stating that the largest gathering of Reaper systems it has seen by a single malware server is 28,000. Netlab’s original blog post has links to patches for the nine security flaws exploited by Reaper.

Security News

via Krebs on Security http://ift.tt/TKsn16

October 27, 2017 at 04:53PM

DPDK

DPDK

http://ift.tt/2zWe8S3

DPDK is a set of libraries and drivers for fast packet processing. It is designed to run on any processors. The first supported CPU was Intel x86 and it is now extended to IBM POWER and ARM. It runs mostly in Linux userland. A FreeBSD port is available for a subset of DPDK features.

Learn more 

Event Title: 
DPDK
27 Oct

Security News

via Linux.com | The source for Linux information http://ift.tt/1Wf4iBh

October 27, 2017 at 04:49PM

Hyperledger Member Summit

Hyperledger Member Summit

http://ift.tt/2zWe70r

Hyperledger ​Member ​Summit ​is ​the ​premier ​event ​of ​the ​year ​for ​our ​community, ​bringing ​all ​our ​stakeholders ​together ​face-to-face ​to ​learn ​and ​collaborate ​with ​each ​other, ​across ​both ​technical ​and ​business ​topics.

Learn more

Event Title: 
Hyperledger Member Summit
27 Oct

Security News

via Linux.com | The source for Linux information http://ift.tt/1Wf4iBh

October 27, 2017 at 04:49PM

CVE-2014-3579

CVE-2014-3579

http://ift.tt/2iFJ19c

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 27, 2017 at 04:25PM

CVE-2014-3600

CVE-2014-3600

http://ift.tt/2zcMDGQ

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 27, 2017 at 04:25PM

CVE-2015-1835

CVE-2015-1835

http://ift.tt/2yY4Hn5

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 27, 2017 at 04:25PM

CVE-2017-13089

CVE-2017-13089

http://ift.tt/2ySL2my

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 27, 2017 at 04:25PM

CVE-2017-13090

CVE-2017-13090

http://ift.tt/2yYvrnl

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Technical Details

Vulnerability Type
(View All)

Security News

via National Vulnerability Database http://ift.tt/OD63ZH

October 27, 2017 at 04:25PM