Skip to content

Nick L

Updated! Vulnerability in Cyberoam appliance

1) Stay on Version 10.6.5 – In our testing of Version 10.6.6. of CROS (Cyberoam Firmware), we discovered a bug that causes blocking of certain web content. We request customers stay on 10.6.5 until this is fixed.

2)To get patched for the SQL Vulnerability simply make sure that “Allow Over-the-air Hotfix” option is enabled on Cyberoam device as shown in the image below. Devices that already have this option enabled will automatically fetch the fix and remain protected.

Click here for larger image in browser

(System>Maintenance>Updates and then check the “Allow Over-the-air Hotfix Box)

To see if you are patched, You can login to the SSH/telnet console session of the unit and execute following command to check Hot Fix version:

console> cyberoam diagnostics show version-info

The Hot Fix version should be displayed as 1 or higher.

 

——–
Full Knowledge-base Article:
here

——
Other news
– Over the next two weeks we will be updating our store site for Fortinet & Meraki. Other updates after these.

Our Blog Site: Here

Contact US

 

Vulnerability Affecting Cyberoam Appliances

A SQL injection vulnerability has been discovered in Cyberoam appliances running the Cyberoam operating system (CROS) that allows for unauthenticated remote code execution.

A small percentage of appliances have been impacted by a cryptominer that consumed CPU cycles, and our investigations have found no evidence that any data has been compromised or exfiltrated from those appliances.

For customers running CROS version 10.6.1 and above that use the default setting of automatic updates, the hotfix was automatically installed, and there is no action required. Customers who have changed their default settings will need to apply the update manually.
Remediation

CROS Version

Patch Distributed

Version 10.6.3 and above

December 7, 2017

Version 10.6.1, 10.6.2.x

December 8, 2017

All versions prior to 10.6.1

Upgrade to current CROS version

 
Full Knowledge-base Article here

Google Chrome vows to carpet bomb meddling Windows antivirus tools

Quote

Browser will block third-party software from mucking around with pages next year.

By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows.

“In the past, this software needed to inject code in Chrome in order to function properly; unfortunately, users with software that injects code into Windows Chrome are 15 per cent more likely to experience crashes.”

In particular, the target here seems to be poorly coded AV tools can not only crash the browser or cause slowdowns, but also introduce security vulnerabilities of their own for hackers to exploit.

Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes. With Chrome 68, the browser will block third-party code in all cases except when the blocking itself would cause a crash. In that case, Chrome will reload, allow the code to run, and then give the user a warning that the third-party software will need to be removed for Chrome to run properly. The warning will be removed and nearly all code injection will be disabled in January of 2019.

“While most software that injects code into Chrome will be affected by these changes, there are some exceptions,” said Hamilton.

“Microsoft-signed code, accessibility software, and IME software will not be affected.”

Small Business Should Be Worried about Net Neutrality Rollback Efforts

Quote

David Callicott needs to be online to run his small company, GoodLight Natural Candles in San Francisco.

Dozens of orders from wholesale customers like Whole Foods and Bed Bath & Beyond are relayed online each day to fulfillment warehouses, which send out Mr. Callicott’s paraffin-free candles. The GoodLight website accounts for 15 percent of its sales, which could reach $1.5 million this year; the e-commerce behemoth Amazon makes up another 10 percent. And many of the company’s business documents are stored in cloud-based data centers.

Without those regulations, GoodLight and other smaller businesses fear they may not have a level digital playing field to compete against deep-pocketed industry giants that could pay to get an edge online.

“For such an analog product, we’re heavily reliant on the digital world and the internet for our day-to-day operations,” said Mr. Callicott, who helped found the company nearly eight years ago and now works with three other full-time employees. “The internet, the speed of it, our entire business revolves around that.”


A good Video on What is Net Neutrality



For small businesses, a rollback could fundamentally change how, and whether, they do business. Many started online or turned to e-commerce to expand their thin margins.

“Things are already difficult enough as it is for a small businesses,” Mr. Callicott said. “You’re busy enough just keeping your company running, trying to grow and succeed or just stay alive, that you don’t have the resources or the time to contemplate how to prepare for something like this.”

In the United States, 99.7 percent of all businesses have fewer than 500 employees, according to government statistics. Of those, nearly 80 percent, or more than 23 million enterprises, are one-person operations.

In August, the American Sustainable Business Council and other small business groups published an open letter to the F.C.C. on behalf of more than 500 small businesses in the country. Weakening or undoing net neutrality protections would be “disastrous” for American businesses, according to the letter.

“The open internet has made it possible for us to rely on a free market where each of us has the chance to bring our best business ideas to the world without interference or seeking permission from any gatekeeper first,” the groups wrote.

Many entrepreneurs worried that, without net neutrality provisions, internet providers would wield their increased power to control how businesses reach consumers.

Online consumers are a demanding crowd. Research from a Google subsidiary suggested that visitors who have to wait more than 3 seconds for a mobile site to load will abandon their search 53 percent of the time.

Changes in net neutrality regulations could also affect the freelancers, franchisees and temporary workers who earn a living doing piecemeal work in the so-called gig economy. Nearly a quarter of American adults made money last year using digital platforms to take on a job or a task, selling something online or renting out their properties using a home-sharing site like Airbnb, according to the Pew Research Center.

A pay-for-play internet system could also be problematic for Codecademy, an education company founded in 2011. Its services include courses on tech-related subjects like data analysis, website design and coding language — all conducted online.

But Zach Sims, the company’s chief executive, said that students, many of whom are aspiring entrepreneurs, would suffer most.

“They’ll perceive it as an unfair playing field,” he said. “As every industry is upended by tech, the barrier to entry is knowing what technology is and how to implement it, but this adds another level of confusion, making the hurdle even higher for normal businesses to participate.”

Why the Courts Will Have to Save Net Neutrality

Here is what started net neutrality

Back in 2005, a small phone company based in North Carolina named Madison River began preventing its subscribers from making phone calls using the internet application Vonage. As Vonage was a competitor in the phone call market, Madison River’s action was obviously anticompetitive. Consumers complained, and the Federal Communications Commission, under Michael Powell, its Republican-appointed chairman, promptly fined the company and forced it to stop blocking Vonage.

But it may be tough?

On Tuesday, the F.C.C. chairman, Ajit Pai, announced plans to eliminate even the most basic net neutrality protections — including the ban on blocking — replacing them with a “transparency” regime enforced by the Federal Trade Commission. “Transparency,” of course, is a euphemism for “doing nothing.” Companies like Madison River, it seems, will soon be able to block internet calls so long as they disclose the blocking (presumably in fine print). Indeed, a broadband carrier like AT&T, if it wanted, might even practice internet censorship akin to that of the Chinese state, blocking its critics and promoting its own agenda.

Allowing such censorship is anathema to the internet’s (and America’s) founding spirit. And by going this far, the F.C.C. may also have overplayed its legal hand. So drastic is the reversal of policy (if, as expected, the commission approves Mr. Pai’s proposal next month), and so weak is the evidence to support the change, that it seems destined to be struck down in court.

The problem for Mr. Pai is that government agencies are not free to abruptly reverse longstanding rules on which many have relied without a good reason, such as a change in factual circumstances. A mere change in F.C.C. ideology isn’t enough. As the Supreme Court has said, a federal agency must “examine the relevant data and articulate a satisfactory explanation for its action.” Given that net neutrality rules have been a huge success by most measures, the justification for killing them would have to be very strong.

It isn’t. In fact, it’s very weak. From what we know so far, Mr. Pai’s rationale for eliminating the rules is that cable and phone companies, despite years of healthy profit, need to earn even more money than they already do — that is, that the current rates of return do not yield adequate investment incentives. More specifically, Mr. Pai claims that industry investments have gone down since 2015, the year the Obama administration last strengthened the net neutrality rules.

Setting aside whether industry investments should be the dominant measure of success in internet policy (what about improved access for students? or the emergence of innovations like streaming TV?), Mr. Pai is not examining the facts: Security and Exchange Commission filings reveal an increase in internet investments since 2015, as the internet advocacy group Free Press has demonstrated.

Moreover, the F.C.C. is acting contrary to public sentiment, which may embolden the judiciary to oppose Mr. Pai. Telecommunications policy does not always attract public attention, but net neutrality does, and polls indicate that 76 percent of Americans support it. The F.C.C., in short, is on the wrong side of the democratic majority.

But Mr. Pai faces a more serious legal problem. Because he is killing net neutrality outright, not merely weakening it, he will have to explain to a court not just the shift from 2015 but also his reasoning for destroying the basic bans on blocking and throttling, which have been in effect since 2005 and have been relied on extensively by the entire internet ecosystem.

This will be a difficult task. What has changed since 2004 that now makes the blocking or throttling of competitors not a problem? The evidence points strongly in the opposite direction: There is a long history of anticompetitive throttling and blocking — often concealed — that the F.C.C. has had to stop to preserve the health of the internet economy. Examples include AT&T’s efforts to keep Skype off iPhones and the blocking of Google Wallet by Verizon. Services like Skype and Netflix would have met an early death without basic net neutrality protections. Mr. Pai needs to explain why we no longer have to worry about this sort of threat — and “You can trust your cable company” will not suffice.

Moreover, the F.C.C. is acting contrary to public sentiment, which may embolden the judiciary to oppose Mr. Pai. Telecommunications policy does not always attract public attention, but net neutrality does, and polls indicate that 76 percent of Americans support it. The F.C.C., in short, is on the wrong side of the democratic majority.

In our times, the judiciary has increasingly become a majoritarian force. It alone, it seems, can prevent narrow, self-interested factions from getting the government to serve unseemly and even shameful ends. And so it falls to the judiciary to stop this latest travesty.

Source: This article is by Tim Wu is a law professor at Columbia, the author of “The Attention Merchants: The Epic Struggle to Get Inside Our Heads” and a contributing opinion writer. Published in NYT today Here

If you want to see what America would be like if it ditched net neutrality, just look at Portugal

Quote

.. with the Republican-majority FCC likely to vote on December 14 in favor of rolling back the order, what might the American internet look like without net neutrality? Just look at Portugal.

The country’s wireless carrier Meo offers a package that’s very different from those available in the US. Users pay for traditional “data” — and on top of that, they pay for additional packages based on the kind of data and apps they want to use.

(internet net neutrality portugal English translation via Google Translate)

 

Really into messaging? Then pay €4.99 ($5.86 or £4.43) a month and get more data for apps like WhatsApp, Skype, and FaceTime. Prefer social networks like Facebook, Instagram, Snapchat, Messenger, and so on? That’ll be another €4.99 a month.

Video apps like Netflix and YouTube are available as another add-on, while music (Spotify, SoundCloud, Google Play Music, etc.) is another, as is email and cloud (Gmail, Yahoo Mail, iCloud, etc.).

Net-neutrality advocates argue that this kind of model is dangerous because it risks creating a two-tier system that harms competition — people will just use the big-name apps included in the bundles they pay for, while upstart challengers will be left out in the cold.

For example: If you love watching videos, and Netflix is included in the video bundle but Hulu isn’t, you’re likely to try to save money by using only Netflix, making it harder for its competitors.

And without net neutrality, big-name apps could theoretically even pay telecoms firms for preferential access, offering them money — and smaller companies just couldn’t compete with that. (It’s not clear whether any of the companies named above have paid for preferential access.) An ISP could even refuse to grant access to an app at all unless they paid up.

Democratic Rep. Ro Khanna of California originally shared the Meo example on Twitter in October.

“In Portugal, with no net neutrality, internet providers are starting to split the net into packages,” he wrote. “A huge advantage for entrenched companies, but it totally ices out startups trying to get in front of people which stifles innovation. This is what’s at stake, and that’s why we have to save net neutrality.”

Technically, Portugal is bound by the European Union’s net-neutrality rules, but loopholes allow certain kinds of pricing schemes like the one outlined above.

Yonatan Zunger, a former Google employee, recently retweeted Khanna’s tweet, adding: “This isn’t even the worst part of ending net neutrality. The worst part happens when ISPs say ‘we don’t like this site’s politics,’ or ‘this site competes with us,’ and block or throttle it.”

Getting Bad Things Done – On Trump, FCC, Net Neutrality, ….

Simply put, Team Trump didn’t want the average American to have good information about what is fast becoming the defining feature of our 45th presidency: It doesn’t want the public to have good information. …The cloud of chaos emanating from 1600 Pennsylvania Avenue these days makes it easy to lose the big picture. ..

But behind the smoke and mirrors, Trump World is getting stuff done — bad stuff, like the gutting of many major regulations that once protected our environment, or the toxic police-state culture created by “taking the gloves off” ICE enforcement agents or your local cops, or installing regressive judges across the land. But the defining feature of Donald Trump’s presidency is its all-encompassing war on the truth. The tactic is the stream of lies that the president spews — sometimes dozens in a week. But the broader strategy is equally alarming: Trump hopes to extend and expand his reign of dishonesty by remaking the media landscape with fewer. diminished sources of valid facts, elevating the handful of outlets that worship our Dear Leader (Sinclair, Fox) while seeking to destroy the credibility and reputation of everyone else.

Trump’s big, bad idea is so universal it can embrace ideas that seem to be contradictions — until you look a little closer. How else to explain the fact that the FCC — controlled by a majority of pro-Trump commissioners — is, with its all-but-a-done-deal rollback of net neutrality, giving the gift of a lifetime to monster communication companies like Philadelphia-based Comcast, Verizon and AT&T. Yet at the same time Trump’s Justice Department seems to be taking an anti-big-business stance in opposing the planned merger of AT&T and Time-Warner without the spin-off of key assets like Time-Warner’s CNN, the bete noir of Trump’s rabid fan base.

But a thousand Alabamas and a thousand Roy Moores will blossom across America’s political landscape in an era when the flow of information is even more tightly controlled by a handful of powerful corporations who can and will be bullied and intimidated by the White House. It’s critical for the future of American free speech and democracy that the net neutrality rollback be stopped, but with the rubber-stamp FCC preparing to vote on Dec. 14, there are few good options and virtually no time to stop this dictator move. The war on factual information and the truth is repulsive, but it’s not the most outrageous thing about the Trump presidency. The most outrageous thing is that Trump is winning.

But there’s been widespread (and seemingly informed) speculation that the government’s merger move has little to do with its usually pro-business ideology and everything to do with old-fashioned revenge against the news outlet that Trump has called “the Fake News Network” and accused of treating him so unfairly (despite considerable evidence of the exact opposite). There’s no smoking gun, but pro-Trump news outlets like the Daily Caller and the New York Post have quoted sources that Trump would love to oust CNN chief Jeff Zucker, and other journalists have labored to find a reason for trying to block the merger other than presidential spite. So basically Team Trump wants fewer outlets controlling the news — and it wants those that survive to, in the immortal words of Omarosa Manigault, “bow down to President Trump.”

Hatred for, and the stifling of, a free press and free flow of information is the glue that holds the Trump presidency — and the 36 percent who support him — together. Consider these droplets:

In addition to its net neutrality push, the FCC has also adopted a series of rules that will dramatically expand the reach of Sinclair Broadcasting into a coast-to-coast behemoth (including, at least for now, Philadelphia’s Channel 17) and allow it to reshape your local TV news away from community journalism and toward its relentlessly pro-Trump political agenda, with one-size-fits-all Trumpian commentary and inane “terrorism alert desk.”
Trump’s Justice Department seems to be sending a chilling message to rank-and-file journalists — and especially alternative journalists on the left more likely to be critical of the president — by its shocking decision to pursue felony “rioting” charges that could lead to a 10-year prison sentence for a Texas photojournalist named Alexei Wood. Wood covered a destructive melee on Trump’s inauguration day and his apparent “crime” was going “wooo” as he filmed an act of vandalism, not very smart but not anywhere near the ballpark of criminality.
These official acts come against a constant drumbeat from Trump seeking to delegitimatize journalism and the First Amendment at least in the eyes of his own supporters, calling hard-working reporters “the enemy of the American people,” threatening to relax libel laws amid the dream of forcing more outlets to go out of business like Gawker, and disrupting the news cycle with increasingly off-his-meds 6 a.m. tweets.

But the end of net neutrality would mean Trump and his allies are going nuclear in their war on information. Without the controls adopted by past incarnations of the FCC, your internet carrier would be free to charge you more for certain content; imagine if Comcast or Verizon started charging you for packages of accelerated and accessible websites — a “news” package with CNN.com and Philly.com or a “sports” package with league websites or Deadspin. (That’s how they do it now in countries like Portugal that don’t have net neutrality.)

There’s more. An internet provider would have the power to slow down the delivery of sites (presumably ones that don’t pay or offer other perks in return for high speed) and it could block some altogether — like, for example, that sites that are dedicated to complaints from customers of Comcast or other telecoms. To civil liberties groups like the ALCU, ending net neutrality isn’t just a way for billion-dollar companies to squeeze a few extra bucks from consumers, but “also one of the foremost free speech issues of our time.” In explaining its opposition, the ACLU writes: “After all, freedom of expression isn’t worth much if the forums where people actually make use of it are not themselves free.”

Vice Motherboard’s Sam Gustin recently reported on why net neutrality is shaping up as the free speech issue of the Trump era, quoting Steven Renderos, an organizer for the Center for Media Justice: “Net neutrality is not simply about technology. It’s about the everyday people who use it and whether they will have the right to be heard online.”

The stifling of good information creates a world in which citizens decide which version of “the truth” they want to believe, often with disastrous consequences — the fantasy world that Trump and his true believers covet. If you want to go to Ground Zero for the war on information, go to Alabama, where as much as half or more of the electorate won’t believe Senate candidate Roy Moore is a sexual predator because the allegations were reported in the Washington Post, one of the news outlets that our Oval Office authoritarian has decreed as “fake.”

But a thousand Alabamas and a thousand Roy Moores will blossom across America’s political landscape in an era when the flow of information is even more tightly controlled by a handful of powerful corporations who can and will be bullied and intimidated by the White House. It’s critical for the future of American free speech and democracy that the net neutrality rollback be stopped, but with the rubber-stamp FCC preparing to vote on Dec. 14, there are few good options and virtually no time to stop this dictator move. The war on factual information and the truth is repulsive, but it’s not the most outrageous thing about the Trump presidency. The most outrageous thing is that Trump is winning.

FCC stonewalled investigation of net neutrality comment fraud, NY AG says

Quote

Net neutrality fraudsters likely impersonated “hundreds of thousands” of people.

New York’s attorney general has been trying to investigate fraud in public comments on the Federal Communications Commission’s anti-net neutrality plan but alleges that the FCC has refused to cooperate with the investigation.

NY State Attorney General Eric Schneiderman says that “hundreds of thousands of Americans” were likely impersonated in fake comments on the net neutrality docket. But FCC Chairman Ajit Pai’s office would not provide information needed for New York’s investigation, Schneiderman wrote yesterday in an open letter to Pai:

[T]he process the FCC has employed to consider potentially sweeping alterations to current net neutrality rules has been corrupted by the fraudulent use of Americans’ identities — and the FCC has been unwilling to assist my office in our efforts to investigate this unlawful activity.

Specifically, for six months my office has been investigating who perpetrated a massive scheme to corrupt the FCC’s notice and comment process through the misuse of enormous numbers of real New Yorkers’ and other Americans’ identities. Such conduct likely violates state law—yet the FCC has refused multiple requests for crucial evidence in its sole possession that is vital to permit that law enforcement investigation to proceed.

The FCC received 22 million comments on its plan to repeal net neutrality rules and deregulate broadband providers, but many were fraudulent. In May, some of the people who were impersonated by anti-net neutrality spammers asked the Federal Communications Commission to notify other victims of the impersonation and remove fraudulent comments from the net neutrality docket.

But the FCC has seemingly taken no action to remove fraudulent comments or to prevent them from being filed.

On Twitter, Schneiderman described “a massive scheme that fraudulently used real Americans’ identities” in order to “drown out the views of real people and businesses.”

Here is New York State Attorney General’s Letter Eric Schneiderman’s Letter

F.C.C. Plans Net Neutrality Repeal in a Victory for Telecoms

Quote

The Federal Communications Commission released a plan on Tuesday to dismantle landmark regulations that ensure equal access to the internet, clearing the way for internet service companies to charge users more to see certain content and to curb access to some websites.

The proposal, made by the F.C.C. chairman, Ajit Pai, is a sweeping repeal of rules put in place by the Obama administration. The rules prohibit high-speed internet service providers, or I.S.P.s, from stopping or slowing down the delivery of websites. They also prevent the companies from charging customers extra fees for high-quality streaming and other services.

The announcement set off a fight over free speech and the control of the internet, pitting telecom titans like AT&T and Verizon against internet giants like Google and Amazon. The internet companies warned that rolling back the rules could make the telecom companies powerful gatekeepers to information and entertainment. The telecom companies say that the existing rules prevent them from offering customers a wider selection of services at higher and lower price points.

Nothing to see here folks, just normal government for big business, by big business, and all for the best democracy that money can buy.