Cisco Blogs


Cisco Blog > The Platform

Agility is the New Smart

agile businessAs businesses strive to become digital, they need to be more flexible, innovative, and agile than ever. Customers are engaging with businesses differently from how they were just five years ago, and the bulk of their interactions are not with people but with systems (think airport and hotel check-in, ordering a product, or getting a taxi).

For all this to work, it’s critical that the systems on the back end know who you are, where you are, and what you need, to connect flawlessly to the front-end device. That airport check-in app on your phone, for example, requires integration with the airline reservation system, the ticketing system, the baggage handling system and gate information in order to provide full value to you as a user.

Read More »

Tags: , , , , ,

Join the Conversation: Where Shopping Experience Meets the New Digital Consumer

The demands of increasingly mobile and digital consumers are creating unprecedented complexity for retailers and brands.  How should retailers respond?  We’re going to tackle this question together on Twitter next Tuesday, October 27 at 1pm EST/ 10am PST.

Together, we’ll discuss questions such as:

  • Who is the new “digital consumer”?
  • What does the future of retail look like through the lens of digital technologies?
  • What have you learned about the behaviors and expectations of the digital shopper?
  • What is the role of security in retail?
  • Why “trust” is key in winning wallet share of the digital shopper?

It’s always been my experience that the best ideas emerge from a combination of people with different viewpoints, areas of expertise, and experiences.  That’s one reason I’m (@anabellepinto) looking forward to being part of the next #CiscoChat with my colleague, Ron Kjelden (@rkjelden), focused on how retailers can create shopping experiences that meet the demands of the new digital consumer. Read More »

Tags: , , , , , , , , , , ,

Project Aspis

Aspis_Logo_FIN

One of the hardest jobs on the Internet is to work the abuse desk at a hosting provider.  These teams have to strike a difficult balance between protecting their customers, ensuring that their services aren’t being abused by malicious actors and delivering the service and convenience their customers expect.  They don’t get near enough credit for their work.

Recently, Talos had the privilege to work with the abuse team from Limestone Networks.  In the course of our joint investigation, we learned that Limestone Networks had been working against the same actor abusing their services for months.  Based on our findings, this actor was costing them approximately $10,000 a month in fraudulent charges plus wasted engineering time and the overhead of managing the abuse tickets this actor was causing.  By working together, Talos and Limestone Networks were able to make their network a difficult one for the actor to work in by rapidly identifying and terminating the systems they were trying to use.  As a result, the actor moved off of their network.

The results of this experience were so positive, both for Limestone Networks and Talos, that today Talos is announcing Project Aspis.

What is Project Aspis?
Provided by Talos, Project Aspis assists hosting providers, in certain situations, who are dealing with malicious actors who are persistent in their environment and a threat to others on the Internet.
Read More »

Tags: , , ,

Cybersecurity: The Holistic Trust Approach

In the past few years, the security industry has invested heavily in the detection and containment of attacks and breaches as a primary focus of innovation. To help protect Cisco, its customers, products, services and partners, we have embarked on a journey to build security and trust into every aspect of our business, including the culture of our workplace itself. The rapid evolution of the threat landscape has made this trust journey a necessity. Exploits are more frequent, better financed, more sophisticated and are causing more damage. Technology shifts like mobility and BYOD are the new normal and have resulted in more points of access for malware, resulting in a larger attack surface. In order to be more effective against the broad range of security threats, the industry must focus on foundational security being present in critical systems. By ensuring that trustworthiness is built into the technology, processes and policies involved in your IT systems, you can reduce risk and the attack surface while enabling more effective overall security.

Read More »

Tags: , , ,

Vulnerability Spotlight: MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow

Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Post authored by Earl Carter and William Largent

Talos is disclosing the discovery of an exploitable buffer overflow vulnerability in the the MiniUPnP library TALOS-2015-0035 (CVE-2015-6031). The buffer overflow is present in client-side XML parser functionality in miniupnpc. A specially crafted XML response can lead to a buffer overflow, on the stack, resulting in remote code execution.

This miniupnpc buffer overflow is present in client-side part of the library. The vulnerable code is triggered by an oversized XML element name when applications using miniupnpc library are doing initial network discovery upon startup, while parsing the replies from UPNP servers on the local network.

MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, such as Tor and cryptocurrency miners and wallets, to operate on the network.

When parsing the UPNP replies, the XML parser is initialized and `parsexml()` function is called:

1miniupnp

Read More »

Tags: , , , ,