Year: 2016

February 5, 2016 1 Comment
Avatar

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities

Vulnerabilities Discovered by Yves Younan of Cisco Talos.

Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, LibreOffice, and other major applications. The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary code execution. A second vulnerability is an exploitable heap overflow. Finally, the last two vulnerabilities result in denial of service situations. To exploit these vulnerabilities, an attacker simply needs the user to run a Graphite-enabled application that renders a page using a specially crafted font that triggers one of these vulnerabilities. Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts).

In this post, we will discuss the following vulnerabilities:

  • CVE-2016-1521
  • CVE-2016-1522
  • CVE-2016-1523
  • CVE-2016-1526

Read More>>

Authors

Avatar

Talos Group

Talos Security Intelligence & Research Group

4 Comments
Avatar

CMX Delivers Real World Impact for Retailers

 

AP11393

Industry-focused tradeshows are great. There’s no better way to get a concentrated dose of the real challenges that customers face day after day.

Last week, Cisco participated in the National Retail Federation’s tradeshow in New York City. At our booth, we provided an in-store experience showing how Cisco technology can help optimize the experience for customers and retailers. As part of that experience, we presented presence and locations analytics. And after dozens of presentations to some of the largest retailers in the world, it’s clear that customers see CMX analytics as a key tool for making meaningful business decisions.

In presentation after presentation, it was clear that several real-world use cases from CMX customers really resonated with retailers. While there were several provided, two uses case in particular stood out.

A/B Testing: Even in today’s digital world, advertising campaigns are still critical to retail success. But what campaigns really work? With CMX Analytics, retailers can apply one advertising campaign to one set of stores and another advertising campaign to a second set of stores. CMX can track the numbers of visitors and dwell times in the store to determine which campaign delivers the better results.

High Traffic and Wholesale Negotiation: CMX analytics can graphically display the most highly trafficked areas of a store. Assume a grocery store has two entrances. The grocer can use this insight to negotiate better wholesale terms from a manufacturer for placing that product in the high traffic zones.

Both of these use cases are currently being employed by CMX customers. And, judging from the interest expressed by the retailers we spoke with at NRF, they won’t be the last.

Authors

Avatar

Daryl Coon

Cisco Customer Solutions Marketing

2 Comments
Avatar

Keeping It Simple While Keeping It Fresh

When you read the headline, you may think this blog is about a new restaurant or cuisine, but this post is about UCS management. The description may not sound like it has much to do with software, but stay with me. One of the challenges you encounter when you have more than 50,000 customers and hundreds of thousands of end users that use your software every day to manage millions of systems is providing significant enhancements (keeping it fresh) while still making it easy to use (keeping it simple). This is the challenge we faced when we made the latest upgrades to UCS management.

Here’s an example. In the new release of UCS Manager, version 3.1, we have added a new HTML 5 user interface (UI) to keep it fresh. Our customers have been using the Java UI in UCS Manager for years, so we had to make sure it was simple for them to transition. Our developers replicated the screens in HTML 5, so there is virtually no difference from the same screens in the Java UI. The layout, colors, icons and text are almost identical between the Java and HTML5 UI to provide a seamless user transition.

(There’s an example of the new HTML 5 UI in the screen captures below.) The new release supports both the HTML 5 and Java UI, so customers can transition in a way that works best for them without the hassle of having to learn new screens or modifying any of their processes.

Figure 1  Example of the new HTML 5 UI in UCS Manager

UCS Manager Screenshots 2

There are many new enhancements in the latest updates to UCS management.

Continue reading “Keeping It Simple While Keeping It Fresh”

Authors

Avatar

Ken Spear

Sr. Marketing Manager, Automation

UCS Solution Marketing

February 4, 2016 1 Comment
Avatar

Become a Part of the Future at Cisco Live! Berlin

CiscoLiveBerlin2016b_1

If you’re attending Cisco Live! Berlin later this month, make sure to stop by Hall 7.3, Breakout room 732 at 2:30 pm on Wednesday, February 17 for the exciting session entitled: “The Foundation for Better Mobile Experiences”.

This hour and thirty minute panel discussion is bound to be a lively exchange of ideas centered around the future of wireless technology. After listening—and hopefully participating—in this session, you can determine whether your organization is ready for the changes in wireless networks that are speeding your way. We know that these changes can be a bit scary, but the best news is that you won’t have to go through it alone.

Customers will discuss how they are benefitting from a robust wireless network deployment and the solutions that they use to improve their businesses. You will hear their insight into some of the decisions they made in choosing Cisco and where they see their network in the future. You’ll benefit from hearing directly from customers who have built a robust wireless network for cutting edge solutions. And the customers are all from well known companies that you’ll recognize. Continue reading “Become a Part of the Future at Cisco Live! Berlin”

Authors

Avatar

Byron Magrane

Product Manager, Marketing

4 Comments
Avatar

Live #Ciscochat Feb 23rd: Cyber attacks ahead. Are you ready?

As Mike Riegel pointed out in his recent blog, ‘Financial services is the prime example of an IT-intensive industry.’ Financial institutions rely on consistent technology and innovation to compete and to ensure compliance with regulatory requirements. Customers put a lot of trust in their financial services provider to secure their data and privacy.

On the other hand, cyber criminals put financial institutions in their sights in efforts that, when successful, can damage customer trust and an institution’s reputation. Financial institutions around the world are targets for malware, phishing, ransomware, and ATM skimming. The most serious losses come from targeted attacks. According to the Cisco 2016 Annual Security Report, malware is becoming increasingly sophisticated and cyber criminals are launching attacks through a variety of attack vectors, including tools that users trust or view as benign. Furthermore, targeted attacks are on the rise and the cyber criminals are unrelenting in the execution their mission.

CiscoChat_Security_Linkedin

Continue reading “Live #Ciscochat Feb 23rd: Cyber attacks ahead. Are you ready?”

Authors

Avatar

Leni Selvaggio

Global Senior Manager

Financial Services Industry

2 Comments
Avatar

Customer Spotlight: Idaho Transportation Department Creates Cohesive Communications Environment

While Idaho isn’t a very populous state, with only 1.5 million people, it stretches across 83,000 million square miles. The Idaho Transportation Department (ITD) is responsible for all transportation-related efforts in that area, from highway construction to the Department of Motor Vehicles. But with only 1,800 employees, that can be a real challenge! As ITD employees crisscross the state to ensure all transportation is running smoothly, they rely on a host of communications tools to stay connected with the department headquarters in Boise and other workers on the road.

Despite the amount the customer relied on communications tools to function, the department didn’t actually have a unified communications environment. Instead, employees just used whatever communications tools were available, purchasing and deploying new tools as they needed them. The result was a hodgepodge of tools that didn’t all fit together well and made for both inefficient communication and negative financial repercussions.

To control costs and create an easy and cohesive communications infrastructure, ITD went looking for a unified communications (UC) environment to address the challenge. After an internal audit and careful research, ITD chose to deploy a suite of Cisco collaboration tools, which included voice, video, data communications, IP phones, a call management system, Cisco WebEx, and Cisco Jabber.

Now, all of ITD’s employees have a suite of communications tools that work together seamlessly, are user-friendly, and expand the opportunities for employees to collaborate. The UC environment has also reduced long-term IT costs for the department and given them a successful model of how to quickly and successfully roll-out new communications in the future.

To read more about how Idaho Transportation Department is reaping the rewards of their new UC environment, check out the full case study. You can also go here to learn more about how Cisco collaboration tools can help your agency.

Authors

Avatar

Leah Lewis

Director

Public Sector Consulting Services

3 Comments
Avatar

Using E-Rate to lead a Digital Transformation in Education

For many businesses, technology has become an integral part of operations, transforming the way people learn, think, and do their jobs. With the right tools, K-12 school districts can experience these same transformational benefits. Digital transformation in education means using technology to create better access to educational experiences for students. That can be using mobile solutions to allow students to access anytime, anywhere learning in a secure way. Or it could be using collaboration tools to create a shared learning environment, or data analytics to help teachers fill in gaps in students’ skills and knowledge.

While the benefits of digital transformation for students are vast, one of the biggest hurdles schools face in their quest for transformation is funding. It requires a significant investment to ensure network infrastructure is adequate, to purchase technology tools for students and teachers, and to train educators on how to best use the new technologies in the classroom.

Schools facing this hurdle should consider leveraging the E-rate Program. USAC just announced that the window for filing E-rate applications for Funding Year 2016 will open on February 3, 2016. The window will close 87 days later on April 29. If your school meets the criteria for the program, you can save anywhere from 20 to 90 percent on eligible services. These discounts can ease the financial burden of upgrading network infrastructure and put schools on the path to a successful digital transformation. To learn more about digital transformation in education and how the E-rate Program can help, check out this special report from Cisco and eSchool News.

On Tuesday, February 9, Cisco will host a webcast on E-rate and the digital transformation. The webcast will feature Scott Smith, the CTO of Mooresville Graded School District in North Carolina, and John Harrington, CEO, Funds for Learning. Scott will discuss how their all-digital curriculum has led to more personalized, student-centric, and data-driven approaches. John will provide a briefing on current status of the E-Rate program—including procurement best practices and current filing deadlines. To register for the webcast, click here.

Authors

Avatar

Renee Patton

No Longer at Cisco

3 Comments
Avatar

Cisco Assists in Making Swiss College a Little Greener

AR76119With one eye on the bottom line and one on future energy consumption, Switzerland’s University of St. Gallen turned to Cisco to help make their campus a little greener.

With a campus wireless network powered by Cisco products already in place, the university looked towards Cisco switches and the Cisco Energy Management (CEM) suite to bring their energy saving dreams to light. University officials hoped that this idea would reduce their carbon footprint, raise energy efficiency and save a little money along the way.

The plan centered around using Cisco routers and Catalyst switches to power access points and other connected devices. This allowed for greater energy efficiency over the college’s 42 institutions and 30 buildings.

The results were two-fold. Armed with CEM, the network not only improved energy efficiency in the present but also allowed St. Gallen to look at curtailing excess energy consumption in the future. Since the more environmentally friendly network has been up and running, the school has been able to establish baselines for how much power each device consumes. If a device goes over that benchmark, the network is robust enough to enforce energy saving policies, such as shutting down idling PCs. Continue reading “Cisco Assists in Making Swiss College a Little Greener”

Authors

Avatar

Byron Magrane

Product Manager, Marketing

3 Comments
Avatar

From Connected Devices to Smart Services: The Real Value of IoT

If you follow me on Twitter (@rowantrollope) you might have followed along this past Christmas as, home with the family, I started writing some code and building some hardware devices to connect more of the things around my house. After all, these days anything can be a smart device; from a toaster that delivers perfectly browned slices to a Christmas tree that automatically waters itself, the ideas are endless.

As a hacker at home, writing some simple code or building a connected hardware device is easy with today’s software and hardware platforms. But moving from a side project at home to building a business is quite another matter. How do you collect and analyze data from these connected devices, scale to manage more and more connected devices, and eventually find a way to monetize your connected devices? In other words, how do you turn a good idea into a great IoT business?

That’s why I’m so excited by yesterday’s news about our intent to acquire Jasper. Jasper’s approach is unique because it is so simple – they manage connectivity of IoT services for any device, from connected cars to connected printers, all through the cloud. It’s not just about connecting devices, but helping our customers to collect data, act on that data and deliver services to their end customers based on that data. Continue reading “From Connected Devices to Smart Services: The Real Value of IoT”

Authors

Avatar

Rowan Trollope

Senior Vice President and General Manager

IoT and Collaboration Technology Group