Archive | Other

View all postings from the Other category in “Security to the Core,” the Arbor Networks Security Engineering and Response Team Blog.

The Heartburn Over Heartbleed: OpenSSL Memory Leak Burns Slowly

Marc Eisenbarth, Alison Goodrich, Roland Dobbins, Curt Wilson Background A very serious vulnerability present in OpenSSL 1.0.1 for two years has been disclosed (CVE-2014-0160). This “Heartbleed” vulnerability allows an attacker to reveal up to 64kb of memory to a connected client or server. This buffer-over-read vulnerability can be used in rapid succession to exfiltration larger […]

Continue Reading

2008 Worldwide Infrastructure Security Report

Growing financial pressures, unforeseen threats, and a volatile and rapidly changing business landscape — apt descriptions for both the world economy and this years Worldwide Infrastructure Security Survey. Arbor Networks once again has completed a survey of the largest ISPs and content providers around the world. Some 70 lead security engineers responded to 90 questions […]

Continue Reading

P4P Missing the Bandwidth Utilization Boat

Verizon recently made public research data on reducing the amount of P2P traffic flowing over an ISP’s network, thereby reducing costs to ISPs and in theory Verizon’s costs.The basic premise is to add routing and topology awareness to P2P protocols, keeping traffic localized and reducing an ISP’s costs. The researchers measured the average per-hop count […]

Continue Reading

The “User Experience” on Mobile Handsets

There has been a lot of media attention recently on the “user experience” for handsets. Much of this attention, of course, originated with Apple’s iPhone. More recent excitement was generated during the Mobile World Congress held in Barcelona with the launch of Google’s Android open source operating system and software platform for mobile phones and […]

Continue Reading

Internet Routing Insecurity::Pakistan Nukes YouTube?

So, assume you’re an ISP in Pakistan and, for whatever reason, you receive an order such as this (PDF) from the Pakistan Telecommunication Authority (PTA). The letter is from the Deputy Director of Enforcement with the PTA, and is requiring that you immediately block access to a YouTube URL, or more specifically (actually, less specifically, […]

Continue Reading

Information Security and NFL Espionage

In late January 2007 several NFL-related web sites were hacked, to include and Considering the Miami Dolphins stadium was about to host the NFL’s biggest game of the year, Superbowl XLI, this seemed a reasonable enough target. The sites were modified to serve malicious JavaScript code that would compromise victim’s computers, providing a […]

Continue Reading

ddos de da: Internet attacks still considerable

Here at Arbor we’re working with many of our service provider partners on trying to qualify and quantify denial of service attacks and other network threats. Here are a few data points relative to DDoS attacks we’ve observed over the past 255 days of data collection: 255 days of data collection 39 ISPs participation average […]

Continue Reading