Network Security Notes: Network Security News: Be Aware of Dangerous vulnerability in Skype |
- Network Security Notes: Network Security News: Be Aware of Dangerous vulnerability in Skype
- Network Security Notes: Understanding Route Filtering
- Network Security Notes: Network Protocols: Configuring OSPF Authentication Protocol
- High Quality Flash Game Collection
- Swiffy: Convert Flash SWF to HTML 5 Files
Network Security Notes: Network Security News: Be Aware of Dangerous vulnerability in Skype Posted: 17 Jul 2011 08:38 PM PDT Skype is a software application that allows users to make voice and video calls and chats over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system. Skype has also become popular for its additional features which include instant messaging, file transfer, and video conferencing. Skype has 663 million registered users as of 2010. The network is operated by Skype Limited, which has its headquarters in Luxembourg. Most of the development team and 44% of the overall employees of Skype are situated in the offices of Tallinn and Tartu, Estonia. Unlike other VoIP services, Skype is a peer-to-peer system rather than a client–server system, and makes use of background processing on computers running Skype software; the original name proposed – Sky peer-to-peer – reflects this. Some network administrators have banned Skype on corporate, government, home, and education networks, citing reasons such as inappropriate usage of resources, excessive bandwidth usage, and security concerns. On 10 May 2011, Microsoft Corporation agreed to acquire Skype Communications, S.à r.l for US$8.5 billion. The company is to be incorporated as a division of Microsoft, and Microsoft will acquire all of the company's technologies, including Skype, with the purchase. Registered users of Skype are identified by a unique Skype Name, and may be listed in the Skype directory. Skype allows these registered users to communicate through both instant messaging and voice chat. Voice chat allows telephone calls between pairs of users and conference calling, and uses a proprietary audio codec. Skype's text chat client allows group chats, emoticons, storing chat history, offline messaging (since version 5) and editing of previous messages. The usual features familiar to instant messaging users — user profiles, online status indicators, and so on — are also included. The Online Number, a.k.a. SkypeIn, service allows Skype users to receive calls on their computers dialled by conventional phone subscribers to a local Skype phone number; local numbers are available for Australia, Belgium, Brazil, Chile, Colombia, Denmark, the Dominican Republic, Estonia, Finland, France, Germany, Hong Kong, Hungary, Ireland, Italy, Japan, Mexico, New Zealand, Poland, Romania, South Africa, South Korea, Sweden, Switzerland, the Netherlands, the United Kingdom, and the United States. A Skype user can have local numbers in any of these countries, with calls to the number charged at the same rate as calls to fixed lines in the country. Video conferencing between two users was introduced in January 2006 for the Windows and Mac OS X platform clients. Skype 2.0 for Linux, released on 13 March 2008, also features support for video conferencing. Version 5 beta 1 for Windows, released 13 May 2010, offers free video conferencing with up to five people. Skype for Windows, starting with version 3.6.0.216, supports "High Quality Video" with quality and features, e.g., full-screen and screen-in-screen modes, similar to those of mid-range videoconferencing systems.[14] Skype audio conferences currently support up to 25 people at a time, including the host. Skype does not provide the ability to call emergency numbers such as 911 in the United States and Canada, 999 in the United Kingdom and many other countries, 111 in New Zealand, 000 in Australia, or 112 in Europe. The U.S. Federal Communications Commission (FCC) has ruled that, for the purposes of section 255 of the Telecommunications Act, Skype is not an "interconnected VoIP provider". As a result, the U.S. National Emergency Number Association recommends that all VoIP users have an analog line available as a backup. In 2011, Skype partnered with Comcast to bring its video chat service to Comcast subscribers via their HDTV sets. Be Aware of Dangerous vulnerability in Skype According to NetworkWorld posted on 15 July 2o11, Researcher found dangerous vulnerability in Skype. A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online. The consultant, Levent Kayan, based in Berlin, posted details of the flaw on his blog on Wednesday and notified Skype a day later. He said on Friday he hasn't heard a response yet. The problem lies in a field where a person can input their mobile phone number. Kayan wrote that a malicious user can insert JavaScript into the mobile phone field of their profile. When one of their contacts comes online, the malicious user's profile will be updated, and the JavaScript will be executed when the other contact logs in. Kayan wrote that the other person's session could be hijacked, and it may be possible to gain control of that person's computer. An attacker could also change the password on someone's account. There are some mitigating factors, such as that the attacker and victim must be friends on Skype. Also, the attack may not immediately execute when the victim logs in. Kayan said he noticed the behavior happened only after the victim logged in several times. But he said in an e-mail that once it happens the first time, "it happens with each re-login." Skype should be checking the input into the mobile phone field and validating that it is indeed a phone number and not executable code. The problem affects the latest version of Skype, 5.3.0.120, on Windows XP, Vista and 7 as well as Mac OS X operating system. Other sites you may want to see: Entertainment on Flixya: http://visalittleboy.flixya.com/ WWE: http://visa-wwe.blogspot.com/ The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/ Daily Blogging: http://visablogging.blogspot.com/ Love Sharing: http://visa-love.blogspot.com/ NetworkSecurity: http://networksecuritynotes.blogspot.com/ About Insurance:http://visa-insurance.blogspot.com All about Love: http://visa-love.blogspot.com/ Learning English Online: http://visa-elb.blogspot.com/ Discovery Internet: http://visa-isp.blogspot.com/ |
Network Security Notes: Understanding Route Filtering Posted: 17 Jul 2011 08:03 PM PDT Network Security Notes: Understanding Route Filtering What is Routing? Routing or routering is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network (Circuit switching) , electronic data networks (such as the Internet), and transportation networks. This article is concerned primarily with routing in electronic data networks using packet switching technology. In packet switching networks, routing directs packet forwarding, the transit of logically addressed packets from their source toward their ultimate destination through intermediate nodes, typically hardware devices called routers, bridges, gateways, firewalls, or switches. General-purpose computers can also forward packets and perform routing, though they are not specialized hardware and may suffer from limited performance. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations. Thus, constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most routing algorithms use only one network path at a time, but multipath routing techniques enable the use of multiple alternative paths. Routing, in a more narrow sense of the term, is often contrasted with bridging in its assumption that network addresses are structured and that similar addresses imply proximity within the network. Because structured addresses allow a single routing table entry to represent the route to a group of devices, structured addressing (routing, in the narrow sense) outperforms unstructured addressing (bridging) in large networks, and has become the dominant form of addressing on the Internet, though bridging is still widely used within localized environments. What is Route filtering? In the context of network routing, route filtering is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. Route filtering is particularly important for BGP on the global Internet, where it is used for a variety of reasons. What is BGP? The Border Gateway Protocol (BGP) is the protocol backing the core routing decisions on the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems (AS). It is described as a path vector protocol. BGP does not use traditional Interior Gateway Protocol (IGP) metrics, but makes routing decisions based on path, network policies and/or rulesets. For this reason, it is more appropriately termed a reachability protocol rather than routing protocol. BGP was created to replace the Exterior Gateway Protocol (EGP) protocol to allow fully decentralized routing in order to transition from the core ARPAnet model to a decentralized system that included the NSFNET backbone and its associated regional networks. This allowed the Internet to become a truly decentralized system. Since 1994, version four of the BGP has been in use on the Internet. All previous versions are now obsolete. The major enhancement in version 4 was support of Classless Inter-Domain Routing and use of route aggregation to decrease the size of routing tables. Since January 2006, version 4 is codified in RFC 4271, which went through more than 20 drafts based on the earlier RFC 1771 version 4. RFC 4271 version corrected a number of errors, clarified ambiguities and brought the RFC much closer to industry practices. Most Internet service providers must use BGP to establish routing between one another (especially if they are multihomed). Therefore, even though most Internet users do not use it directly, BGP is one of the most important protocols of the Internet. Compare this with Signaling System 7 (SS7), which is the inter-provider core call setup protocol on the PSTN. Very large private IP networks use BGP internally. An example would be the joining of a number of large OSPF (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another reason to use BGP is multihoming a network for better redundancy either to multiple access points of a single ISP (RFC 1998) or to multiple ISPs. What is Internet? The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite (TCP/IP) to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies. The Internet can also be defined as a worldwide interconnection of computers and computer networks that facilitate the sharing or exchange of information among users. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail. Most traditional communications media including telephone, music, film, and television are reshaped or redefined by the Internet, giving birth to new services such as Voice over Internet Protocol (VoIP) and IPTV. Newspaper, book and other print publishing are adapting to Web site technology, or are reshaped into blogging and web feeds. The Internet has enabled or accelerated new forms of human interactions through instant messaging, Internet forums, and social networking. Online shopping has boomed both for major retail outlets and small artisans and traders. Business-to-business and financial services on the Internet affect supply chains across entire industries. The origins of the Internet reach back to research of the 1960s, commissioned by the United States government in collaboration with private commercial interests to build robust, fault-tolerant, and distributed computer networks. The funding of a new U.S. backbone by the National Science Foundation in the 1980s, as well as private funding for other commercial backbones, led to worldwide participation in the development of new networking technologies, and the merger of many networks. The commercialization of what was by the 1990s an international network resulted in its popularization and incorporation into virtually every aspect of modern human life. As of 2009, an estimated quarter of Earth's population used the services of the Internet. The Internet has no centralized governance in either technological implementation or policies for access and usage; each constituent network sets its own standards. Only the overreaching definitions of the two principal name spaces in the Internet, the Internet Protocol address space and the Domain Name System, are directed by a maintainer organization, the Internet Corporation for Assigned Names and Numbers (ICANN). The technical underpinning and standardization of the core protocols (IPv4 and IPv6) is an activity of the Internet Engineering Task Force (IETF), a non-profit organization of loosely affiliated international participants that anyone may associate with by contributing technical expertise. How many Types of filtering? There are two times when a filter can be naturally applied: when learning routes from a neighbour, and when announcing routes to a neighbour. Input filtering In input filtering, a filter is applied to routes as they are learned from a neighbour. A route that has been filtered out is discarded straight away, and hence not considered for inclusion into the local routing database. Output filtering In output filtering, a filter is applied to routes before they are announced to a neighbour. A route that has been filtered out is never learned by a neighbour, and hence not considered for inclusion in the remote route database. Why Need Filtering? Reasons to filter Economic reasons When a site is multihomed, announcing non-local routes to a neighbour different from the one it was learned from amounts to advertising the willingness to serve for transit, which is undesirable unless suitable agreements are in place. Applying output filtering on these routes avoids this issue. Security reasons An ISP will typically perform input filtering on routes learned from a customer to restrict them to the addresses actually assigned to that customer. Doing so makes address hijacking more difficult. Similarly, an ISP will perform input filtering on routes learned from other ISPs to protect its customers from address hijacking. Technical reasons In some cases, routers have insufficient amounts of main memory to hold the full global BGP table. A simple work-around is to perform input filtering, thus limiting the local route database to a subset of the global table. This can be done by filtering on prefix length (eliminating all routes for prefixes longer than a given value), on AS count, or on some combination of the two. This practice is not recommended, as it can cause suboptimal routing or even communication failures with small networks, and frustrate the traffic-engineering efforts of one's peers. Other sites you may want to see: Entertainment on Flixya: http://visalittleboy.flixya.com/ WWE: http://visa-wwe.blogspot.com/ The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/ Daily Blogging: http://visablogging.blogspot.com/ Love Sharing: http://visa-love.blogspot.com/ NetworkSecurity: http://networksecuritynotes.blogspot.com/ About Insurance:http://visa-insurance.blogspot.com All about Love: http://visa-love.blogspot.com/ Learning English Online: http://visa-elb.blogspot.com/ Discovery Internet: http://visa-isp.blogspot.com/ |
Network Security Notes: Network Protocols: Configuring OSPF Authentication Protocol Posted: 17 Jul 2011 07:34 PM PDT As my previous post about the Understanding OSPF Protocol and the OSPF Protocol on CISCO Routing Protocol and Concepts, you may already know much details about the OSPF Protocol. And here this post I would like to introduce you about Configuring OSPF Authentication Protocol... Open Shortest Path First (OSPF) supports two forms of authentication: plain text and MD5. Plain text authentication should be used only when neighboring devices do not support the more secure MD5 authentication. To configure plain text authentication of OSPF packets, follow these steps: In interface configuration mode, use the ip ospf authentication−key [key] command. The key that is specified is the plain text password that will be used for authentication. 1. Enter OSPF configuration mode using the router ospf [process id] command. Then use the area [area−id] authentication command to configure plain text authentication of OSPF packets for an area. Referring to Figure Image below, we will configure Router A and Router B for plain text authentication of OSPF packets. Listing A and Listing B below display each router's configuration. Figure Image: Listing A: Router A configured to authenticate OSPF packets using plain text authentication interface Loopback0 Listing B: Router B configured to authenticate OSPF packets using plain text authentication interface Loopback0In Listing A and Listing B, plain text authentication is configured to authenticate updates across area 0. By issuing the show ip ospf command, you can determine if plain text authentication is properly configured for each area. Here is an example of the output for the show ip ospf command: Router−B#show ip ospf 50 Configure MD5 authentication of OSPF packets To configure MD5 authentication of OSPF packets, follow the steps outlined here: 1. From interface configuration mode, enable the authentication of OSPF packets using MD5 with the following command: ip ospf message−digest−key [key−id] md5 [key] The value of the key−id allows passwords to be changed without having to disable authentication. 2. Enter OSPF configuration mode using the router ospf [process id] command. Then configure MD5 authentication of OSPF packets for an area using this command: area [area−id] authentication message−digest This time, Routers A and B will be configured to authenticate packets across the backbone using the MD5 version of authentication. Listing C shows the configuration for Router A, and Listing D shows Router B's configuration. Listing C: Router A configured for MD5 authentication interface Loopback0 Listing D: Router B configured for MD5 authentication interface Loopback0 When you use the ip ospf message−digest−key command, the key value allows the password to be changed without having to disable authentication. Note For OSPF, authentication passwords do not have to be the same throughout the area, but the key id value and the password must be the same between neighbors. Using the show ip ospf [process−id] command again, you can see that it now states that MD5 authentication is being used across area 0: Router−A#sh ip ospf 60 As noted earlier, the key id value and the passwords must be the same between neighbors. If you change the key id value to a number other than 15 on Router A, authentication should not take place and OSPF should get mad. Here is the changed configuration: interface Serial0/0Notice that it has been changed to a value of 30. The following lines show what OSPF has to say about this: Router−A#debug ip ospf events OSPF is obviously not happy. If you change the key value back, everything should again be all right. As mentioned earlier, the key id value allows passwords to be changed without having to disable authentication. Listing E and Listing F display the configuration of Router A and Router B with multiple keys and passwords configured. Listing E: Router A configured with multiple keys and passwords interface Loopback0 Listing F: Router B configured with multiple keys and passwords interface Loopback0 As a result of this configuration, Routers A and B will send duplicate copies of each OSPF packet out of their serial interfaces; one will be authenticated using key number 15, and the other will be authenticated using key number 20. After the routers each receive from each other OSPF packets authenticated with key 20, they will stop sending packets with the key number 15 and use only key number 20. At this point, you can delete key number 15, thus allowing you to change passwords without disabling authentication. Other sites you may want to see: Entertainment on Flixya: http://visalittleboy.flixya.com/ WWE: http://visa-wwe.blogspot.com/ The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/ Daily Blogging: http://visablogging.blogspot.com/ Love Sharing: http://visa-love.blogspot.com/ NetworkSecurity: http://networksecuritynotes.blogspot.com/ About Insurance:http://visa-insurance.blogspot.com All about Love: http://visa-love.blogspot.com/ Learning English Online: http://visa-elb.blogspot.com/ Discovery Internet: http://visa-isp.blogspot.com/ |
High Quality Flash Game Collection Posted: 16 Jul 2011 11:53 PM PDT |
Swiffy: Convert Flash SWF to HTML 5 Files Posted: 16 Jul 2011 11:38 PM PDT If you are a webmaster or flash developer, you'd probably be worried with so many iOS devices that can't support flash. Naturally, you'd feel stuck, but with Google's Swiffy, you can convert Flash SWF Files to HTML 5 to help you reach a wider audience. Swiffy output files works straight with HTML 5, removing the [...] |
You are subscribed to email updates from "Cisco" via Ehsan in Google Reader To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |
0 comments:
Post a Comment