Tuesday, April 30, 2013

Improv group comes to rescue of texting pedestrians with Seeing-eye People

  Top 10 Programming Skills That Will Get You Hired | Carnegie Mellon develops wee QWERTY texting technology for impossibly tiny devices
 
  Network World After Dark

Forward this to a Friend >>>


Improv group comes to rescue of texting pedestrians with Seeing-eye People
The scene-making Improv Everywhere troupe has released a pair of videos in which it pokes fun at people who can't take their eyes off their texting devices even while navigating busy streets in New York City. Improv Everywhere's solution for safeguarding oblivious walking/texting zombies: Seeing-eye People. Read More


WHITE PAPER: HP and Intel® Xeon® processors

Top 10 Benefits of Virtualization
In this eGuide, Network World sister publications InfoWorld, and PC World examine some of the current uses of blade servers in today's data center, as well as how trends such as server virtualization are reshaping enterprise computing. Read Now!

WEBCAST: Meru Networks

Advanced WLAN Architectures for BYOD and Beyond
Join industry - expert Craig Mathias and Robert Crisp from Meru Networks as they discuss today's key IT challenges View Now

Top 10 Programming Skills That Will Get You Hired
Have you been considering adding some new programming skills to your toolbox, but you're not sure where to start? When it comes to what's hot for developers, CIO.com has you covered with which programming languages are in demand and where the development and programming jobs are. Read More

Carnegie Mellon develops wee QWERTY texting technology for impossibly tiny devices
If smartwatches and other ultra-small devices are to become the text generators of the future, their diminutive keyboards are going to have to be way more useful for, um, big fingered typists. Carnegie Mellon researchers may have the answer to that problem. Called ZoomBoard, the text entry technique is based on the iconic QWERTY keyboard layout. Read More

White House program targets IT jobs for service members
The Obama administration this week teamed with Cisco, Microsoft, HP and others to roll out what it called an "IT Training and Certification Partnership" designed to get thousands of service members into the information technology world. Read More

HP refreshes data center core and aggregation with SDN switches
HP this week refreshed its switch line and fortified its SDN portfolio with three new systems and a router, along with management and provisioning software extensions. Read More

Universities Closing Big Data Talent Gap But Need Real Data
Any discussion about the challenges of big data will eventually come to the talent gap--the demand for people with big data analytics skills is expected to dramatically outpace supply over the next several years. Read More

Microsoft links Skype voice, video calling to Outlook.com
Microsoft is rolling Skype in with its free Outlook.com email service, giving customers the ability to fire up VoIP calls directly from their mail inbox. Read More

Apache servers ambushed by sophisticated backdoor attacks
Apache servers are being ambushed by a particularly pernicious malware program called Linux/Cdorked.A that's infecting visitors to the sick machines with the Blackhole malware kit. Read More

11 Profiles in Bad Leadership Behavior
Recognizing where you fall short in your management style and then developing a plan to strengthen those areas can mean the difference between being a boss and being a leader. It can also make a difference in how far you advance in your IT management career. Read More

CIO Takes the Less-Traveled Path to IT Career Success
This divisional CIO got his promotion after a stint in the IT infrastructure group -- a stint that some would view as career suicide, but he viewed as valuable experience Read More

Twitter's 'Who to follow' feature sometimes gets lost
This post is for serious Twitter users, so others should feel free to check their Facebook pages. Read More

Interop: The quiz
From strange titles of talks to the use of exotic broadcast media, Interop has been drawing attention for more than two decades Read More

 
 
 

SLIDESHOWS

CEO pay

Median pay for tech CEOs in 2012 was $10.7 million, according to Network World's analysis of CEO compensation in the tech industry.

JOIN THE NETWORK WORLD COMMUNITIES

As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity).

Network World on Facebook

Network World on LinkedIn

MOST-READ STORIES

1. IBM launches an appliance for the 'Internet of Things'

2. FAQ: Phishing tactics and how attackers get away with it

3. Brocade unleashes a data center barrage

10. 10 years of the iTunes Store

9. Interop: The quiz

6. iPhone 6 rumor rollup for the week ending April 26

5. 25 must-have technologies for SMBs

4. iPhoneys 6: The iPhone 6 and iPhone 5S edition

7. Windows 8 update: Transition from Android to Windows Phone made easier

8. How big is cloud's impact? Depends on who's asking

 

 

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_after_dark_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2013 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **

 

Need your voice at the immigration visit in New York this Thursday

Organizing for Action
Joe --

This Thursday during the congressional recess, OFA supporters in New York are getting together to visit your representative's local office.

We're sending one important message: We support passing comprehensive immigration reform now.

It's an opportunity to show the lawmakers who are on our side that we have their backs in this fight -- and let everyone who plans to stand in the way of reform know that we will hold them accountable.

Can you join in?

RSVP to be a part of the office visits this Thursday and voice your support for reform:

What: Visit your representative's office in New York

Where: 780 3rd Ave #2301
New York, NY 10017

When: Thursday, May 2nd
12:00 pm

RSVP now

Two weeks ago, a bipartisan group of eight senators introduced groundbreaking legislation that gets us one step closer to passing comprehensive immigration reform.

We hear they'll be debating the issue in the Senate soon, and it'll be a big part of Congress' agenda over the next several weeks.

That's why lawmakers need to hear from their constituents while they're home over the recess.

Make your voice heard -- RSVP today to visit your local representative's office in New York on Thursday:

http://my.barackobama.com/Immigration-Reform-May-2nd

Thanks,

Emmy

Emmy Ruiz
Immigration Campaign Manager
Organizing for Action

----------------
A movement of millions elected President Obama. Let's keep fighting for change. Chip in $5 or more to support Organizing for Action today.









Paid for by Organizing for Action

Contributions or gifts to Organizing for Action are not tax deductible.


This email was sent to: securityworld@gmail.com.
If that is not your preferred email address, you can update your information here. We believe that emails are a vital way to stay in direct contact with supporters. Click here if you'd like to unsubscribe from these messages.
Organizing for Action, P.O. Box 66732 Washington, D.C. 20035

firewall-wizards Digest, Vol 64, Issue 17

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. OpenBSD IPSEC VPN question (David Lang)
2. Re: Linked-in and its Phishing-like contacts option!
(lordchariot@embarqmail.com)
3. Re: firewall-wizards Digest, Vol 64, Issue 3 phishing (David Lang)
4. Re: Proxy advantage (David Lang)
5. Re: Linked-in and its Phishing-like contacts option! (David Lang)


----------------------------------------------------------------------

Message: 1
Date: Mon, 29 Apr 2013 04:39:04 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: [fw-wiz] OpenBSD IPSEC VPN question
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1304290435120.18827@nftneq.ynat.uz>
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

I'm seeing some odd reports on the rsyslog mailing list where someone is climing
that when using an IPSEC VPN on OpenBSD they have to explicitly set the source
IP address for all connections out from the firewall (tunnel endpoint) or else
the connection won't go through the tunnel. The person reporting this is
proposing modifications to rsyslog to have it force the local IP address for
outbound connections as a work-around for this problem

This sounds very wrong to me, but can anyone speak up who knows this OS?

It seems to me that a VPN that requires all applications to be modified to set
the outbound source IP before the VPN will be used is a very broken VPN. This
does not mesh well with the reputation that OpenBSD has.

David Lang


------------------------------

Message: 2
Date: Tue, 30 Apr 2013 12:20:39 -0400
From: <lordchariot@embarqmail.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <001401ce45be$a7e9c020$f7bd4060$@embarqmail.com>
Content-Type: text/plain; charset="UTF-8"

> I'm honestly not sure how we could block this stuff in a web-proxy, or be
> alerted by an IDS rule short of just blocking the sites.
> (Maybe this will start more discussion. How would one try this?)

I have a lot of requests from customers to try to make the web read-only. The main use cases are for social network, blogs/wikis, and commenting on posts. The fundamental ways to do this are to 1) have MITM SSL decryption, and 2) block the POST method for specific sites. Most commercial proxies can do this and even squid does SSL MITM.

By blocking POST to certain categories of sites and only allowing the POST for the */logon pages, users can view all the facebook/twitter/youtube they want, but can't write anything outbound to the site. It's pretty effective.

e?
_____________________________________

From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Bruce Platt
Sent: Friday, April 26, 2013 7:41 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!

I have a love/hate relationship with these as well. I was only tempted down this perfidious path a few years ago when a set of my Grandchildren asked me to get a Facebook account so we could interact that way as they live on the other coast from me. I started disliking it within five minutes when a former employer sent me a request to "friend" him. Then it became an issue of who can I not be "friends" with among my contemporaries.

Same with Linked-In, same with Twitter.

Up to this point I'm just addressing the personal inconvenience aspect of it, which is why I chose Crispan's post to which to reply.

But, the larger issue is really the risk of exposing all sorts of personal / corporate information in a variety of unwitting ways. This is the part I hate. We've had many discussions about the risks of allowing people to use social media web sites from work. It's a losing battle. Entering one's email password is just one, and Linked-In is not the only villain. I just made some flight reservations yesterday. The airline website offered to add the reservation to my Calendar. Not let me download a .cal file, but to directly insert it into my calendar. Uh, no. Not today.

But, this now get's added to our list of worst practices and meet's Paul's criteria of being part of overall operational security. I'm honestly not sure how we could block this stuff in a web-proxy, or be alerted by an IDS rule short of just blocking the sites. (Maybe this will start more discussion. How would one try this?)

Mix these with BYOD, and it makes a daunting task indeed.

Cheers

--
+------------------------------------+
Bruce B. Platt, Ph.D.
V.P. Research
ei3 Corporation
136 Summit Avenue
Montvale, NJ 07645
Phone: +1-201-802-9080 ext. 404
Facsimile: +1-201-802-9099

On Fri, Apr 26, 2013 at 12:53 AM, Crispin Cowan <crispin@crispincowan.com> wrote:
I boycott all social media. I?m not opposed to social networking, but I am opposed to some dot.com monetizing my relationships; I do all my social networking via open protocols like e-mail, and having a beer with a friend ?

I broke this rule once, joining LinkedIn 5 years ago, because I needed a job. LinkedIn was a total failure at getting a job, but attending ToorCon and having a beer with someone I met there worked. I deleted my LinkedIn account when I got tired of the ?Foo wants to connect with you? spam. I?m still getting LinkedIn spam.

Screw social networking web sites. I don?t have a FaceBook page or a Twitter account, and never will.

Funny, I never envisioned myself as Clint Eastwood yelling at kids to get off my lawn, but here I am ?

Sent from Windows Mail

From: Gautier . Rich
Sent: ?Thursday?, ?April? ?25?, ?2013 ?9?:?28? ?PM
To: Firewall Wizards Security Mailing List

Thoughts? I?m wondering why User Operational Security falls under the realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone by any stretch of the imagination, and plenty of users seem to be perfectly willing to accept the risk (or be unaware of it). However, not much you can do on the firewall side other than turning off webmail access...

Richard Gautier, CISSP
Enterprise Architect, Federal Group
650 Massachusetts Avenue NW
Suite 510
Washington, DC 20001
Office: (571) 226-8828 | Cell: (703) 231-2156
rgautier@drc.com | www.drc.com

From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
Sent: Monday, April 22, 2013 7:30 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!

Hiya all.

Has anyone else noticed the option to see who else they know is connected on Linked-in? Have you noticed that if you click on the outlook button it asks you for your WORK EMAIL PASSWORD!!!!!
Bloody hell! It's not like the job of getting users to not submit this information to other sites isn't already hard enough without this!!! The "can't put brains in pumpkins " department must be having a field day over this.
Am I the only one that think this is a touch negligent on the part of Linked-in? Or should I just accept that it is corporate facebook, accepts that they have the dame moral fibre and move on?
Maybe I am expecting too much? Thoughts?
--
Regards,
M@
--
"Some things are eternal by nature,
others by consequence"
________________________________________
This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




------------------------------

Message: 3
Date: Mon, 29 Apr 2013 08:15:02 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: Re: [fw-wiz] firewall-wizards Digest, Vol 64, Issue 3
phishing
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Cc: Marcus Ranum <mjr@ranum.com>
Message-ID: <alpine.DEB.2.02.1304290812320.28665@nftneq.ynat.uz>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Mon, 15 Apr 2013, Dave Piscitello wrote:

> Cloud is simply the current incarnation of server (LAN/farm, data
> center, virtualization...). I really don't see that the security
> issues have changed all that much (evolved maybe), or approaches to
> solving them.

Except with the "Cloud" you as an organization give up a lot of the tools that
have been used in the past to secure things.

Plus, you have the DevOps approach being misinterpreted by management to mean
"engineers can do everything, they can bypass those annoying ops and security
folks to get things done"

It's going to be an interesting few years as everyone learns that you still need
admins and security folks in the cloud.

David Lang


------------------------------

Message: 4
Date: Mon, 29 Apr 2013 08:25:09 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: Re: [fw-wiz] Proxy advantage
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1304290819430.28665@nftneq.ynat.uz>
Content-Type: text/plain; charset="iso-8859-15"; Format="flowed"

If you start with the premise that the only thing that's a firewall is a packet
filter, especially with deep packet inspection being optionsl, then you are
going to be in rather bad shape.

I have run a fairly large organization with proxy firewalls (800+ people, 100+
separate networks), it can be done. In some areas it bypasses whole classes of
problems.

Even for user desktops you can do it, but you need to get a good proxy, not just
install squid and think that you've gained a lot.

Yes, it breaks some things, but rather than there being 10% 'good' apps, it's
more like 1% completely broken apps, and 20% apps that need special
configuration (the vast majority of this 20% are not desktop apps, and if you
are willing to look at other tools rather than sticking with fighting to make a
tool work that's not proxy friendly, it's usually not a big problem)

Remember that you will need to do SSL MITM with your proxy, so you will need to
deploy your own CA certs on desktops.

David Lang

On Tue, 16 Apr 2013, Magos?nyi ?rp?d wrote:

> On 04/15/2013 11:13 PM, Paul D. Robertson wrote:
>> I've always railed against DNS tunneling. It seems to be rearing its ugly head again. Today with all the in-band HTTP attacks, it once again seems the major advantage of a proxy server is not having to pass DNS down to the client. Should this be a best practice?
>
> It seems like a good idea, which is easy to execute. I see you ending up
> with either hundreds of angry end-users who were using non-http
> applications, or carefully migrating thousands of them one-by-one to a
> new AD domain which does not know about your real DNS servers. And after
> two months busily analysing http proxy logs to figure out how much of
> your users were connected to the C&C.
> Okay, I am exaggerating, and I do think that the idea is worth a
> thought. Just wanted to point out that
> 1) there are exceptions, and this is without exception
> you will still have to provide internet dns to them, and have the
> measures against dns tunneling.
> And yes, it is much easier if you know that > 10 lookup/min is either
> your http proxy, or a reverse proxy.
> 2) you will still be hit by http reverse proxies
> And yes, you can at least have the opportunity to control them from a
> central point, as before.
>
> On a general level:
>
> The best practice would be to proxy everything, and let in only the
> traffic which adheres to the respective standards, the firewall
> understands and finds harmless.
> Let's see how it works out in real world:
> 1. Adheres to standards
> Maybe 10% of the current traffic? Proprietary protocols and protocol
> extensions, misimplementations, horrific web pages, etc.
> 2. The firewall understands it
> Your average packet filter is ignorant to nearly anything which is
> not needed for pushing the traffic through the device.
> Your average proxy firewall, which knows a bit more about the basic
> protocols, so it can stop some attacks on that level.
> And there are the toolkit firewalls (I know only Zorp as an instance
> of this kind), which know all the ins and outs of the basic protocols,
> can do anything with them, and relatively easy to teach them higher
> level ones. But they need a lot of tuning to get to the level which
> really gives better protection than an average firewall.
> There are high-level gateways (like the xml proxies) which may
> understand things even on layer 7, but know only very few protocols, and
> in most cases only a subset of them.
> And there are the ESBs, which can do anything with the cost of
> configuration complexity - nearly like a toolkit firewall, but maybe for
> less protocols - , but have a distinct use case, which is not about
> security.
> 3. the firewall finds it harmless
> If adheres to standards and we understood it, then we alredy know
> whether it is harmless. With protocols and passive contents it is easy,
> and we can proof that we understood the content by disassembling and
> reassembling it (this is what Zorp and ESBs do).
> But active content (from software updates through pdf/word documents
> to javascript) is another thing. We either trust them based on the
> provider of content, deny them, try to get some assurance, or use some
> kind of sandbox (from the one built in to the web browser/java vm to
> malware isolation products). They are either unacceptable from the
> business perspective (deny), inherently insecure (most of the malware
> detection stuff violates the "default deny" principle), have extensive
> operational burden (maintaining trust related database/ensuring leakless
> sandboxen), or all of the above.
>
> Once upon a time we optimistically assumed that if enough operators deny
> non-adhering, potentially harmful content, providers of such content
> will adhere to safe standards. It turned out to be a dream.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

------------------------------

Message: 5
Date: Mon, 29 Apr 2013 08:29:27 -0700 (PDT)
From: David Lang <david@lang.hm>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1304290828210.28665@nftneq.ynat.uz>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

On Fri, 26 Apr 2013, Gautier . Rich wrote:

> Yes, that's what I meant...turn off Webmail access entirely - I was mostly
> kidding - but if it's something that you can afford to do [users all have
> working VPNs, e.g.] - it would reduce a great deal of risk. ;)

when you say turn off webmail, do you mean to cut off access to public webmail
servers from inside your network? or do you man to not run things like OWA that
expose your company mail to the Internet?

David Lang

> Oh, and can that guy who gave the "God, whatever you do, don't fire your
> network geek" speech please come and give a motivational speech here?


>
> Richard Gautier, CISSP
> Enterprise Architect, Federal Group
>
> 650 Massachusetts Avenue NW
> Suite 510
> Washington, DC 20001
> Office: (571) 226-8828 | Cell: (703) 231-2156
> rgautier@drc.com | www.drc.com
>
>
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Jim Seymour
> Sent: Friday, April 26, 2013 11:39 AM
> To: firewall-wizards@listserv.icsalabs.com
> Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
>
> On Wed, 24 Apr 2013 19:26:01 +0000
> "Gautier . Rich" <RGautier@drc.com> wrote:
>
>> Thoughts? I'm wondering why User Operational Security falls under the
>> realm of Firewall Wizards..
>
> I think of it this way: Firewall security, in and of itself, doesn't get the job done. You may have the most bullet-proof border the world has ever seen, but, unless that bullet-proof-ness means essentially blocking everything, both incoming and outgoing, it will not be enough. A layered defense is mandatory. One of those layers is end-user operational security.
>
> Our goal is to protect the organizational jewels, no?
>
> Besides: We've pretty-much beaten stateful/deep-packet inspection vs.
> application proxy to death, no? :)
>
>> ... plenty of users seem to
>> be perfectly willing to accept the risk (or be unaware of it).
>
> Both, IME.
>
>> However, not much you can do on the firewall side other than turning
>> off webmail access...
>
> Turning off webmail access? How would one accomplish that, exactly, without essentially turning off web access entirely?
>
> As for LinkedIn: I've received so many LinkedIn emails reported as spam at work that they've occasionally been there. I may have them listed on my mailserver at home, for the same reason. (Possibly so. Can't say as I've seen LinkedIn spam for a while.)
>
> This nonsense of them asking for "work email password" is grounds, in _my_ view, to block them entirely. That's intolerable. I'm going to see if I can do that.
>
> But I'm old school. I don't believe convenience, golly-gee-whiz-bang, and _especially_ "social networking" ought to trump security. Generally my bosses tend to agree. (Esp. ever since a couple of the Big Guys attended some-or-another network security briefing, which incl. a retired FBI agent, and were told that "whatever your network security is, it's probably not good enough" and "for God's sake, whatever you do, do not lose your network geek" ;).)
>
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> ________________________________
>
> This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 64, Issue 17
************************************************
Did you receive my proposal?

Special Invitation: Consumerization of IT in the Enterprise Conference

You're invited to join us for the Consumerization of IT in the Enterprise (CITE) Conference & Expo, June 2-4th in San Francisco, California!  CITE Conference & Expo is the leading event focused on the emerging issues, demands and opportunities surrounding the infusion of consumer technologies into today's workplace.

Register now and save $300 off conference registration (regularly $995) at:  http://www.citeconference.com/specialprice

CITE 2013
June 2-4th
Marriott Marquis
San Francisco, California

From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

Industry leaders selected to speak at CITE 2013, include:
-Judy Batenburg, VP, IT Infrastructure & Operations, Starz Entertainment
-Lawrence Coburn, Co-Founder & CEO, DoubleDutch
-Steve Damadeo, IT Operations Manager, Festo Corporation
-Nathan McBride, Vice President, IT & Chief Cloud Architect, AMAG Pharmaceuticals
-Brian Katz, Director, Mobility Engineering, Global Infrastructure Services, Sanofi
-Tony Lalli, Vice President, Technology Consultant, Bank of New York Mellon
-Tom Petrocelli, Senior Analyst, Social Enterprise, Enterprise Strategy Group (ESG)
-Brandon Porco, Chief Technologist & Solutions Architect, Northrop Grumman
-Ted Shelton, Managing Director, Social Enterprise Strategy, PricewaterhouseCoopers LLP (PwC)

View the agenda at: http://www.citeconference.com/2013Agenda

Register now at:  http://www.citeconference.com/specialprice

To learn more about CITE, go to www.citeconference.com

The CITE team will lead a series of Twitter chats focused on key topics of interest to the audience.  The chats will be held on Fridays at 1 pm ET beginning May 3, with topics as follows:

May 3: Mobile devices
May 10: Mobile apps
May 17: The User Experience
May 24: Consumerization and the Changing Face of IT  

To join or listen to a CITEchat, please follow @CITEconference on Twitter and the hashtag #CITEchat.

Learn about the latest Consumerization of IT news, analysis, product reviews, and trends at: http://www.citeworld.com/

CITE 2013 Sponsors:

Game Changer:
AT&T
Cisco
Citrix
IntraLinks

Innovator:
Box

Next Gen Plus:
AirWatch
AppSense
JIVE
MOBI
WatchDox

Next Gen:
Bitzer Mobile
BoardVantage
Capriza
EffectiveUI
i7
K2
ITinvolve
OutSystems
TrackVIA
 

Forward this to a Friend >>>

SUBSCRIPTION SERVICES - You are currently subscribed as security.world@gmail.com. If you do not wish to receive future mailings from CIO Consumerization of IT, need to change your email or other preference, please visit us here.

View CXO Media's online privacy policy

Copyright 2013 | CXO Media Inc. | 492 Old Connecticut Path | Framingham MA 01701 | www.cxo.com

VMware View Best Practices Guide

VDI Enables Organizations to Increase Corporate IT Control and Flexibility of Desktop Resources
Networkworld
Learn More
NetApp and VMware View Solution Guide for Architecture, Deployment and Management

This guide offers guidance on how to architect, implement and manage a large, scalable VMware View solution on NetApp storage. It provides details of best integration points for each of the key enabling NetApp technologies and explains how each of the components works together to increase control, manageability and flexibility.

Learn More
Forward to a Friend >>
Networkworld
Additional Resources
Application Performance Management: The End User is King >>
Double your business with high performance computing.
SUBSCRIPTION SERVICES
You are currently subscribed as security.world@gmail.com
If you do not wish to receive future mailings from Network World Online Resources, unsubscribe.
View Network World's online privacy policy.
Copyright 2013 | Network World | 492 Old Connecticut Path | Framingham MA 01701 | www.networkworld.com.

[SECURITY] [DSA 2665-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2665-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
April 30, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : strongswan
Vulnerability : authentication bypass
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2944

Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN
solution.

When using the openssl plugin for ECDSA based authentication, an empty, zeroed
or otherwise invalid signature is handled as a legitimate one. An attacker
could use a forged signature to authenticate like a legitimate user and gain
access to the VPN (and everything protected by this).

While the issue looks like CVE-2012-2388 (RSA signature based authentication
bypass), it is unrelated.

For the stable distribution (squeeze), this problem has been fixed in
version 4.4.1-5.3.

For the testing distribution (wheezy), this problem has been fixed in
version 4.5.2-1.5+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 4.6.4-7.

We recommend that you upgrade your strongswan packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJRf9owAAoJEG3bU/KmdcClCOUIAJrk1tERsSDSH308tjwSnI2O
7iNJGuo2euCKyp160yk2ZJlCfM+n/7j5Bu95bGzr9u7XvPzzoQD9HMdEZ3Tux/8/
FQ54pFqq/xL1btemBYaPNFr92nppiedLLV2e30OzyAvfHMwPdkRwfsU6LypG6Keb
CdljTXadZktCoBPK3hy3z5qNYzN2Ycde3GDFw8hTaYJ+1kZwuTxATpL2+O4YVB+k
ecAVf3d/YFMlHajI/e+YEP6COHV/t6dBlyYcQtAH2DHWu5lsltl5v/68ModhXNP3
rCDfu+boGL/672tuN36hcrQLb6KO7CMqXgmEVu5W2jPFBo+1RVKrQNkjxU63+ys=
=1nHw
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20130430145029.GA8365@scapa.corsac.net

Yeni Evlenecek Çiftlere ve Evini Yenilemek İsteyenlere Müjde

Peşin fiyatına 12 ay taksit ve ücretsiz kargo evinizi yenilemeniz için Hızlıal'da. 
E-postayı düzgün görüntüleyemiyorsanız tıklayın.Üyelik Ayarları
E-postalarımızın gelen kutunuza (inbox) düştüğünden emin olmak için bulten@e.hizlial.com adresini adres defterine ekleyebilirsiniz. 

Hızlıal.com - Hızlı ve Hesaplı
Hızlıal-TwitterHızlıal-FacebookHızlıal-FacebookHızlıal - Ürün Ara
Bonus Kampanyası
BilgisayarAkıllı TelefonlarEv Elektroniği ve TelevizyonFotoğraf Makinesi ve KameralarBeyaz Eşya ve Mutfak ÜrünleriDiğer Ürünler
 
 
İstediğin Özellikteki Tabletleri seçUltrabooklar
Tablet SihirbazıOyunlar & Oyun Konsolları
Bonus Card Kampanyası
"2013 | Fiyatlar döviz kurları nedeniyle değişiklik gösterebilir | Hizlial.com kampanya koşullarını değiştirme hakkına sahiptir.
Teknoloji alanında 1986 yılından bugüne edindiğimiz tüm tecrübe ve birikimi siz değerli müşterilerimizle daha fazla paylaşabilmek için 2007 yılında 
www.hizlial.com Trend A.Ş. isimli şirketimiz kurulmuştur. En başta müşteri memnuniyetini en üst noktada tutmayı bir yaşam ilkesi olarak gören Trend A.Ş. olarak; uygun fiyat politikası ile hizmet ve fiyat avantajını bir arada bulundurmak ve 27 senelik tecrübemizi siz müşterilerimizle buluşturmayı hedeflemekteyiz.

Sitemiz ve ürünlerimiz hakkında bilgi almak için bize 08:30 ile 18:45 saatleri arasında "Hızlı Mesaj" bölümünden ulaşabilirsiniz. Müşteri hizmetlerimiz en kısa sürede size yanıt verecektir. 0216 645 00 00 numaralı telefondan veya 
musterihizmetleri@hizlial.com e-posta adresinden destek alabilirsiniz.