News Roundup: Week of Aug 19, 2019

by | 22 Aug 2019

Announcing the Launch of our New Documentation Site!

We are proud to announce the launch of our new documentation site! Moving forward, this will be the new home for all of our documentation detailing cloud setup, VNS3, VNS3:ms, network edge plugins, upgrading, troubleshooting, and the like. As part of this process we’ve also begun converting our API specifications to the OpenAPI spec standard.Starting with VNS3 v4.8, you can view and downloadthe specification as JSON. The OpenAPI standard will improve the testability and usability of Cohesive APIs. Users can also generate an API client library in their language of choice with the OpenAPI Generator. We will be supporting API clients in the near future with added API macro functions for simplifying topology automations.

Cybercrime in Residential Networks

KrebsonSecurity discusses The Rise of “Bulletproof” Residential Networksin a recent article. These residential networks are considered bulletproof by cybercrooks because they typically ignored abuse complaints or blamed the abuse on a reseller. The article describes a Maryland based IP provider that either mistakenly or intentionally provided just such a network. Krebs traces down ownership of the IP addresses and finds a hacker selling services on this “bulletproof” network.

Web Browsers Band Together to Block Kazakh CA Certificate

The Register released an articlethis week claiming that “Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority (CA) certificate” citing collectively emphatic statements condemning the certificate as a surveillance tool. The move to block this certificate comes on the heels of intriguing notifications to Kazakhstani telecom customers about the legality, permanence, and nature of the certificate.

Check Your Bluetooth Devices

As the Key Negotiation of Bluetooth (KNOB) narrative continues to develop, it seems prudent to start at the conveniently named source of the investigation. If you haven’t heard, this attack identifies an encryption vulnerability for all Bluetooth BR/EDR connections and includes “chips from Broadcom, Qualcomm, Apple, Intel, and Chicony.’ It allows attackers to intercept and manipulate bluetooth traffic. The resource suggests that devices updated after late 2019 might have addressed the vulnerability by now, but it might be worth double-checking for yourself. The resolution included an update to the Bluetooth specification to recommend an increased encryption key length.

Introducing the Confidential Computing Consortium

The Linux Foundation’s newly-formed Confidential Computing Consortium has announcedtheir “new cross-industry effort” which boasts a team representing the likes of Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. In this first press release they promise to bring together organizations affecting all major aspects of computing in order to drive transformation via “a variety of technical open source projects and open specifications” in the near future.

PSA: Cisco Advisories & Alerts

Cisco just discloseda large number of vulnerabilities – many of which are critical – via their security advisories and alerts publication. We advise reviewing and relevant product vulnerabilities and implementing any suggested workaround offered by Cisco.