Talos is disclosing TALOS-2016-0259 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using libbpg.
Details
BPG (Better Portable Graphics) is an image format created in 2014 based on the HECV video compression standard. BPG has been praised for its ability to produce the same quality image as the well known JPEG format, but in a much smaller file size. Talos is disclosing the presence of a remote code execution vulnerability in the libbpg library which is widely used to support the file format. During the decoding of a BPG, in the `restore_tqb_pixels` function, an attacker controlled integer underflow can occur during the calculation of offsets for the `src` and `dst` operands of a `mempcy`. Because of the underflows, the resulting addresses passed to the `memcpy` are outside the bounds of the original heap structures, resulting in an out of bounds write condition. This vulnerability can be used to create a specially crafted BPG image file which results in remote code execution when opened with any application using a vulnerable version of the libbpg library. Read more >>
It may have come to you in an email or perhaps during a 1:1 with your boss but either way the news probably caught you by surprise. You will be taking your security skills to the industrial side of the house.
Congratulations! And good luck – you are going to need it.
Much of what you have learned and the craft that you have perfected in protecting confidential information with your security wizardry won’t work in this new world. In fact that “I” in IT (information technology) isn’t nearly as critical and confidentiality is now on the lower end of the concerns spectrum. You are about to enter the “OT” where the O stands for operations. It is safety, yes human safety, and continuous operations that are more important than any kind of data slurping attacker.
So where to begin? Get your steel toed boots on and visit the plant, or whatever industrial environment you are there to secure and prepare to unlearn and relearn much of what you know. Its time to make new friends with the engineers that keep the products going out the door.
Lets start with that word “secure.” Sure, it still has that door lock connotation but there is more to it. Consider the view that the hinges on the door are *securely* attached to the frame. So the act of opening or unlocking won’t result in the whole thing falling on you. That means operating safely first and then “locked down secure” second.
And what is most likely, or most commonly going to bring those operations to a halt? Well chances are its an aging piece of equipment that was old enough to have chaperoned you on your first date. Those failures are one of the reasons people started connecting everything to modern networks in the first place. Monitoring things to know when they will fail and then preventing it. And how does that monitoring happen? Possibly not so differently from the very first telemetry efforts. You know, the ones that connected the Russian Winter Palace to Army Headquarters – in 1845. Signals over a wire. You can debug things by oscilloscope right? If not then perhaps these plant floor engineers have got some tricks worth learning.
What about those human caused events? The ones in the newspapers. The ones that got you hooked on this security journey? Those happen too but not as you thought. Perhaps some sleepy eyed process engineer accidently sets the cooling system threshold to 350 Celsius instead of 35. Or the eternally eager, fresh from college, new hire is dreaming of a big bonus when he decides to “optimize” the system that has been running fine for the last 15 years. What does that mean to you? A bit less “intrusion” and a lot more application control.
Speaking of human caused events – you don’t want to be a cause of one yourself. A natural desire to take a quick inventory or get a network map might drive you to run a quick scan and see what all is out there. But remember much of the connectivity and endpoints don’t have the most robust of TCP stacks in place. In other words your standard NMAP type approaches could take down the systems you were trying to discover.
So now what? Move slowly, cautiously, make friends with your OT brethren and watch this space. Over the next few months we will provide some best practices and “how to”s that will help your impeccable IT security expertise succeed in the OT world.
Since helping launch the data virtualization market in 2006, I have interacted with thousands of organizations. A common question across these conversations is “How do we know if we are ready for data virtualization?”
What these organizations are really asking is: “When do we know if our existing data integration tools are holding us back?” Socrates and other great philosophers encourage us to “look within to find our answers,” however, I’ve found the best way to answer this question is by asking another – in fact, several.
I would argue that data virtualization adds a key set of missing capabilities to an organization’s data integration toolbox, and without it, chances are your organization is not reaching its full potential. A claim like this requires deeper questioning, wouldn’t you agree? Let’s explore further.
First Principles of Data Integration
We all understand the first principles of data integration: data exists in silos; integrating it adds value; but integrating it is difficult. It requires business and technical understanding, skilled resources, infrastructure, tools, and time – all of which are dear in today’s competitive environment.
As such, organizations are smart to consider anything that reduces data integration time and resources. Forrester conducted a Total Economic Impact™ study to evaluate the financial impact of investing in the Cisco Data Virtualization solution, and concluded organizations can achieve up to 346% ROI. Let’s take a look at some common situations that lead teams to data virtualization and its benefits.
Your (Seemingly) Endless Data Integration Backlog
You know you’re ready for data virtualization when your data integration backlog is delaying realization of your business opportunities.
To better understand the impact your existing approaches are having on your business, ask:
What revenue enhancement, cost & risk reduction, and/or compliance opportunities are being delayed due our data integration backlog?
Which opportunities are we bypassing altogether for the same reason?
What more could we do if we could accelerate data integration development by 3-4 fold?
How much faster might we realize M&A synergies if we could integrate both organizations’ data sets sooner?
To the Hammer, Everything Looks Like a Nail
For dimensioned data sets, large-scale historical analysis, and a myriad of other data integration challenges, the tried-and-true ETL/Data Warehouse-based approach to data integration is a perfect solution.
But should every data integration problem require the same solution? You know you’re ready for data virtualization when you wisely consider that data virtualization takes a far less resource-intensive approach to appropriate integration problems.
As you look at your upcoming projects, ask:
Are your requirements firm or are you actually operating in rapid-prototyping mode?
Will most of your queries be wide and shallow resulting in light loads on source systems?
Are your source data sets already too large to physically integrate?
Does your data reside outside your firewall (SaaS apps, third party data services, etc.) and thus preclude physical integration?
Is some of the data changing so rapidly that the batch ETL runs can’t keep pace?
Taking Advantage of Data Infrastructure Opportunities and Data Governance Mandates
You know you’re ready for data virtualization when your existing tools are keeping your organization from leveraging new data infrastructure opportunities and data governance mandates.
Ask your organization:
How can we gain by mixing and matching lower-cost big data infrastructure, high-performance analytics infrastructure, traditional ETL, the cloud, and more?
What could we save from a reduction in rogue, replicated, dependent data marts?
How might we better comply with regulations that limit data replication and crossing of national borders?
From Philosophers to Physicists
Albert Einstein once said, “The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking.”
Answering these questions will help your organization change its thinking about data integration. Your organization will be ready for data virtualization when you do.
We humans love to share and communicate. From the beginning of recorded history, we’ve sought connection, culture, and commerce by sharing aspects of ourselves with others. But we also want to be left alone without undue interference to lead our lives. So how do we solve this dichotomy?
First off, let me emphatically say that I view privacy as a basic human right – along with life, liberty, and the pursuit of happiness. But in today’s information age, many say privacy is dead. I prefer to think of this as a challenging and exciting time for exploration, innovation, and creation — not defeat. We can best reconcile the opportunities and challenges of the digital age through a thoughtful approach to the data organizations collect and how they use it, as well as awareness and responsibility for what individuals willingly share.
Data is one of an organization’s most valuable assets, but it must be planned for, managed and responsibly protected just as any other critical business asset. We do this with our budget and finances. Why not approach data the same way?
Getting this right requires engagement from the Board level down to those who “touch” the data in their daily work. Throughout the organization, we must remember that “data” is an excellent way to get to know our customers and employees and, therefore, demands respect. Brand reputations can be strengthened or badly damaged depending on how an enterprise uses or misuses, protects or compromises their customer data asset and the people behind it.
My privacy engineer colleagues and I see a horizon where privacy and security, if done well, can combine to create great value. We are confident that we can realize that value through systematic engineering and privacy policies based on enterprise goals and appropriate government regulations.
Be a Privacy Champion
I urge you to take time on National Data Privacy Day to reflect and act on the importance of privacy strategy in all aspects of our lives. Participate through your social channels in some of the many Data Privacy Day activities Cisco is championing with the National Cyber Security Alliance. Join the conversation!
Join #ChatSTC Twitter Chat: Being #PrivacyAware is Good for Business, Wednesday, Jan. 25, 3 p.m. EST/12 p.m. PST: This #ChatSTC Twitter chat will help you understand how privacy is good for business and the steps your organization can take to respect privacy, safeguard data and enable trust.
High-speed networks, digital devices, and creative applications are revolutionizing education. Students can be empowered to take their learning to deeper and deeper levels while developing essential skills that will prepare them for success in the 21st century.
For example, our once-isolated classrooms now can connect students to authentic audiences around the world, leading to a deeper understanding of global issues. Powerful yet easy-to-use software tools can empower educators and students alike to create top-quality digital tutorials to contribute and build support for all learners. Our students now have access to primary source materials that would have been beyond the imagination (and limited education budgets) without high-speed networks. We can now support our special education students and have them collaborate where they were once isolated. Virtual reality tools allow us to explore places where a human being could never physically visit, such as the sun or the center of a nucleus. We have technologies that can make abstract concepts accessible and exciting.
Without question, there is a “wow factor” across all disciplines and grade levels. Every day brings the potential for new opportunity to expand and deepen the boundaries of learning. However, adding technology to our campuses does not automatically contribute to improved learning. There is the problem of what we could label, “the $1,000 pencil – applying new tools to do old work.” Research shows that unless we redefine the work we will not be tapping the full power of our emerging technologies. While we must support our educators to learn new tools, the truly creative challenge is to redesign the work and the roles of the learner and educator to tap the potential of our new technologies.
We need leaders who understand how to manage the opportunities of this historic transition. While it is not uncommon to find amazing pioneering educators on any one campus, it is more difficult to find whole campuses that have scaled the innovative practice across their entire faculty. Leadership will make the difference to the rate and distribution of these powerful innovations.
As exciting as these changes are, it is only normal that transformative change will bring some level of resistance from both faculty and students who are used to a traditional design of teaching and learning. One of the most important leadership skills moving forward is to help colleagues manage this shift.
Transforming our education system is not so much an intellectual/intelligence problem as it is an emotional one. For example, many of these emerging technologies represent a shift of control from the educator to the learner. It is not unusual for very gifted educators to feel a sense of professional loss when a new tool, such as the knowledge engine WolframAlpha, allows students to correct their own homework in math, physics, and chemistry and even explore the design of more difficult problems than assigned.
From a management perspective, it is much easier simply to add technology to do exactly what has been done before—the same curriculum, same assessments, same schedule, same assignments—than to fundamentally redesign the work and the culture of learning. While there are benefits to automating certain aspects of teaching and learning, we will need leaders who can create professional cultures of innovation where faculty members feel supported in fundamentally redesigning the work to make it more rigorous, creative, and motivating.
We are in a period of constant innovation that will take decades to absorb. What we need to do is correctly define the opportunity, craft a powerful vision, and develop implementation strategies that scale the improvement in increased quality.
Defining the Opportunity
In defining the opportunity that technology brings to learning, there are two broad decision trees for leaders:
What are we currently doing within our curriculum that we could be doing better by using technology?
What have we never done before that technology uniquely enables to enhance teaching and learning?
The first decision tree does not require changes to what is learned, but it might change how you approach learning. An example would be the difference between how my two children learned in college. My son, Dan, was able to receive much more support because he could watch lecture videos over and over again, and because he had a social network of fellow students to lean on—and these supports allowed him to learn the same material much more effectively. My daughter didn’t receive the same support, only graduating a few years earlier.
The second decision tree involves redesigning learning to take advantage of design concepts our world of paper could not provide. For example, in Bergen, Norway, students have a much deeper sense of global empathy. The Norwegian teacher is a pioneer in connecting students to journalists, police, prisoners, and native people around the world. Teacher and students fully appreciate that there is no way that a textbook or teacher-designed videos could ever come close to providing the level of depth of critical thinking enabled by global communication. As is too often the norm, this classroom also happens to be the only one in the school where students can gain a sense of developing the critical skill of reasoning based on authentic conversations.
Both decision trees can lead to improved learning. Since adding technology to existing work is fairly straightforward, this article will focus on the definition of transformation. The questions that leaders should ask themselves include:
Are we adding unique value to what we are doing as a school or district when using technology?
How can we ensure these changes are scaled throughout the organization?’
Crafting A New Vision: ‘Transformational Six’
To support leaders to craft a new vision of teaching and learning, I have put together a framework of six key questions that education leaders can use to assess whether technology has brought transformative value to instruction. If you can answer “yes” to any of these six questions, then you’re on the right track:
Did the assignment build capacity for critical thinking on the web?
Did the assignment develop new lines of inquiry?
Are there opportunities for students to make their thinking visible?
Are there opportunities to broaden the perspective of the conversation with authentic audiences from around the world?
Is there an opportunity for students to create a contribution (purposeful work)?
Do students own their learning?
Did the assignment build capacity for critical thinking on the web?
Before the Internet, our students accessed sources for learning that had been preselected by a teacher or a librarian. Clearly, the Internet has removed any pretense of control of information. Now that students are choosing sources that have often never been professionally reviewed, it is absolutely vital that we prepare students to make thoughtful decisions about how to select high-quality sources.
We must recognize that with fundamental change there can be unintended consequences. Perhaps our weakest response to the web replacing our libraries as the “go to” source of information for our students, is their lack of preparation to understand how to verify the value of their search results. For example, if you have ever watched a student do research online, you probably noticed that they entered the exact title of their homework assignment as their search query—and then they only looked at the first page of results. Critical thinking and careful evaluation of the reliability of sources can be sorely lacking. Too many of our students believe they know how to use Google effectively. When was the last time any student asked a teacher for help in designing a search? Perhaps more importantly, when was the last time a teacher offered to help? If our students fail at step one—selecting the right information—then they will automatically fail at critical analysis.
We cannot abrogate our responsibility to prepare our students to be critical thinkers in the Internet Age. We need to teach our students how search engines work and how to design a powerful (and effective) query.
Here’s an example: Suppose the assignment is to write an analysis of the Iranian Hostage Crisis. Here are two very different search designs in Google:
“Iranian Hostage Crisis”
site:ac.ir “conquest of the American spy den”
It would be normal for students to type the name of the assignment “Iranian hostage crisis” into Google. This will yield only search results with Western sources if the search is done anywhere in North America. If you ask students to review their results and ask them what is missing, many will not know how to answer this question. They cannot imagine that what is missing from the first page of search results are Iranian sources.
If you challenge students to refine their search strategy to find Iranian sources, most will simply add “Iranian sources” on the back end of their original search. This still will not yield any Iranian sources. But it’s possible to use the advanced search page to select Iran as the source of your content. Or, you can use the Google operator “site” to switch your search to Iranian sources with the two-letter Iranian country code “ir” (site:ir). If you further want to improve the quality of your Iranian sources you could type: site:ac.ir + “conquest of the American spy den” into the search bar. Now you will find sources that are limited to Iranian universities that deal with what the Iranians called that historic event. This last search query will have no overlap with the original search yielding only Western sources. You will be learning about the Iranian point of view. This can lead to a fascinating set of comparison questions.
It should be the responsibility of all teachers to teach the research skills that lead to high-quality comparative searches. In this case, the teacher could have required two sources from Iran. There should have been a review of country codes and the use of the advanced search techniques to generate results from Iran. Finally, the teacher should have spent some time in class challenging the students to think about their search terms—such as by asking: “What did the Iranians call the takeover of the American embassy?” We need leaders who recognize that it is no longer sufficient to teach students how to read books and articles. We must prepare students to be web literate across the curriculum.
Did the assignment develop new lines of inquiry?
With access to massive amounts of information, including primary sources and different points of view from around the world, comes an opportunity to teach students to ask questions we could never ask in the limited world of paper.
Continuing with the example about Iran, if students discovered Iranian points of view about the hostage crisis, they could develop whole new lines of inquiry that would broaden their perspective of these events. For instance: Why did the Iranians refer to the takeover as the “Conquest of the American Spy Den?” Did the goals of the student-initiated revolution against the Shah align with the goals of the religious leaders who became the leaders of the new government?
In an interview I had with Stephan Wolfram, a chief designer of the computational knowledge engine WolframAlpha, he explains that most of the answers to traditional assignments are available online if you know how to find them. What isn’t on the web are the questions. One of the most important skills we can teach our students is how to ask creative, innovative, and even impossible questions. “The new answers are the creative questions,” Wolfram says.
Are there opportunities to provide our educators with new insights into how their students are thinking?
We now have powerful new tools that can help reveal what students are thinking in ways we couldn’t do before without technology.
These tools also help with self-assessment, which research shows to be one of the most important skills that can improve student achievement. And when students know what their peers were thinking about an assignment, they are more comfortable sharing their ideas in class—which can lead to richer discussions.
Are there opportunities to broaden the perspective of the conversation with authentic audiences from around the world?
As mentioned in the Norwegian example, not only are students gaining valuable perspectives that have served to deepen their learning and help them develop new lines of inquiry, but students can also learn critical global communication skills that will prepare them for future success in anything they do—and they are typically fully engaged in their learning. As one student commented, “I will remember these conversations for the rest of my life.”
Is there an opportunity for students to create a contribution (purposeful work)?
This might be the most difficult quality to build into assignments, but it’s no less important. Many teachers I talk to worry about the decline of student focus, but we can immediately address this decline by adding a meaningful purpose to student work. As author Dan Pink notes in his book Drive, research shows that purpose is a key motivating factor.
A colleague in Istanbul has her geometry students designing the geometry curriculum for blind students by visiting a local center for the blind and working with the students to understand how to build tactile activities to understand the subject. When her students finished their project, they published it to the web for global access. They know they are potentially making a difference in the lives of 1,000’s of blind children worldwide.
When I interviewed these students in their classroom in Istanbul, many shared with me that they chose to extend their required 40 hours of design work to more than 200 hours. Some students even continue their work the year after their course ended. Their commitment to their work does not depend on an external reward such as grades, but an intrinsic drive based on making a contribution. It will become increasingly essential to give our students access to a global publishing platform to help build more capacity for student driven purpose.
Are students being challenged to take more responsibility to own their learning?
Harvard physics professor Eric Mazur knows how difficult this is from his own experience. He also knows just how incredibly rewarding it can be for students.
Dr. Mazur has figured out there are seven problems that require the knowledge he used to lecture about in his Introduction to Physics course. But instead of giving those lectures, he now gives his students these seven problems to solve in teams. He gives them the necessary background information, along with other resources, and then he inspires them to solve these seven problems on their own. They now do much better on the course’s final exam, because they understand at a very deep level how to apply what they have learned. He had to let go of what he once absolutely loved about teaching – giving a brilliant lecture.
Next Steps
Harnessing the power of high-speed networks and other technologies to transform teaching and learning will require that leaders recognize the opportunities of both automating existing practices and creating new opportunities for learning that we could never do before. As knowledge becomes more available online, we are moving to a new reality where the added value of an educator will be measured less by their ability to transfer their knowledge and more by their ability to inspire students to continuously expand their own boundaries of learning.
As we teach students the lifelong skills of validating content, connecting globally, and applying their knowledge to add value to the world, educators will become more important than ever. The essential leadership skill will be to help manage this transition to redefine the work of both educator and student. It is an amazing time to be in education!
Article produced in partnership with Alan November of November Learning.
I recently had to ask myself, “What am I doing to make my “mini-world” better, and who am I connecting myself with?”
With much consideration, I came to the conclusion that if your network isn’t stacked with diversity, then that network has a higher likelihood of failing you. Groups that aren’t diverse don’t welcome the idea of inclusion, so there definitely isn’t any collaboration or engagement. It is simply the same conversation happening over and over again, and I knew I wanted my own experience with others to be different.
There were two things that first attracted me to working at Cisco – their extreme focus on Corporate Social Responsibility, and their belief that you should bring your whole self to work. I wanted to be somewhere that wouldn’t make feel like an outcast, and that would embrace all of me and what I have to offer.
I also knew that I wanted to be around people that didn’t necessarily look, talk, or think like me. There is beauty in the unknown and it’s something that should be celebrated! Whether I am turning to my co-workers as I search for opposing opinions, ideas, and beliefs or asking their advice on how a particular technology can be integrated in my customer’s network environment; my network here at Cisco is diverse, and runs deep.
Recently, my Cisco family and I went on a hiking trip that got us out of the office and enabled us to bond further. Cisconians live for moments together away from our day-to-day work! In these pictures it’s not just a bunch of millennials posing, but rather it’s what a healthy network looks like to me. It’s not just a random mix of ethnicities or races, it goes deeper than skin tone, religion, and age.
Our hikes and getaways are opportunities to bond and build relationships – they are our way of letting the world know that maybe we do not all look or act or think alike, but we all have something valuable to offer each other and to our global community.
On these trips, we openly discuss what’s happening in our “mini-worlds”…our conversations are real and raw and without judgment. Our relationships are constantly evolving and revolving around the pressing fact that we need each other to be better and to do better.
Making yourself vulnerable and opening up to someone who may not have a similar background should be looked at as an opportunity to educate or learn.
Doing so in a larger environment, I think reminds us that we are humans, not robots…and quiet honestly, it can be a sobering experience for a lot people.
I think it is important to rethink and review your network frequently – and really question how diverse those around you are. Can you learn from those around you, are you able to teach them about your culture as well? If so, great! Now is a perfect time to continue that great work and inspire a peer of yours!
If you think your network may need some work – then now is a great time to utilize Cisco and our inspiring Employee Resource Organizations (ERO) that focus on inclusion and collaboration. Each ERO has their own platform and is able to speak out on issues that matter the most to them.
There are a plethora of different organizations from Connected Black Professionals (CBP), Conexión, Connected Women (CW), and Men for Inclusion to PRIDE, Women in Science and Engineering (WISE) and Cisco Disability Awareness Network (CDAN) – there is an ERO for everyone! Joining an ERO can help you to engage in enriching conversations and gain a better understanding of what’s happening in the world around you. It’s a great way to learn about that many varied cultures that go into making us Cisco, and supporting our fellow Cisconians!
Every day we work on finding ways to solve complex issues and make things simple for our customers, but often we forget that our neighbors are facing issues and challenges as well. I think now is a great time to step out of your comfort zone and attend a meeting or social event – you never know what you’ll learn or if you’ll meet a new friend in the process. The only requirement for joining these EROs is that you must support their vision and aid in empowering them.
At the end of the day we can’t really say, “We connect the unconnected” if we, ourselves, are disconnected. To be rich is one thing, but to wealthy is another…never forget your net worth is network!
For more information on Cisco EROs, please visit their website here.
Want to join a diverse company that empowers everyone? We’re hiring! Apply Now!
Networks today are supposed to be digital-ready, meaning fast and agile to propel business into a world where everything is connected. Getting there has hit some major speedbumps due to highly publicized hacks. And this has started a virtual arms race, where no expense is spared to deploy numerous, disparate security solutions. Yet somehow, the industry average for detecting a breach is currently over 100 days. It seems the marketplace is overlooking a major component of their security posture – the digital network itself.
What if your digital-ready network could not only support capabilities like automation and virtualization, but also effectively detect threats? Yes, the same network you’re enabling today could double as a threat sensor. This means built-in network security that reduces the need for numerous, disparate “bolt-on” solutions, which potentially provide redundant layers of security that increase operational cost and reduce network efficiency. Most people don’t realize their digital-ready Cisco network can detect threats TODAY.
How? You need visibility!
It’s an oft used expression – you can’t protect what you can’t see. That’s why Cisco’s Network as a Sensor solution eliminates network blind spots where sophisticated threats can hide. It’s enabled by next-generation security products – specifically, Cisco Identity Services Engine (ISE) and Cisco Stealthwatch – that use your network and transform it into its own security system.
Get 360° visibility
To detect and stop complex security issues you need visibility into who and what is accessing your network and what’s happening. With this full line of sight you have the ability to get rich reporting and analytics that lead to actionable threat intelligence. By integrating ISE to identify and provide attribution to any indicators of threat identified by Stealthwatch, you get the details you need to identify security issues fast. Built-in security offers end-to-end network visibility that makes all the difference in seeing bad things MONTHS before the industry average.
See results immediately
Getting this visibility doesn’t require a complete network overhaul. Stealthwatch and ISE can fit into your existing network infrastructure. Elavon is a payment processing company that’s benefited from the Network-as-a-Sensor approach. In their case, they’ve found that when there’s a security event they can now see what’s happening within minutes! So this isn’t theoretical. Real companies are seeing real results.
To learn more about how Cisco can make your network more than just a conduit for data, visit our Network as a Sensor solution site.
There’s a line in Alice’s Adventures in Wonderland where Alice says “It’s no use going back to yesterday, because I was a different person then.” Some days I feel that way about my storage infrastructures as well. I fell down a particular rabbit-hole into storage management accidentally almost 20 years ago.
I wouldn’t have seen Cisco’s UCS S-Series platform and MapR’s Converged Data Platform coming from that far away, but they’re both here now, ready for your next-generation applications and storage requirements.
My friend Bill Peterson, MapR’s VP of Partner Strategy, and I will have a conversation on Wednesday, January 25, 2017, about where you might want to get to, and which way you ought to go from here.
Visit my guest post on the MapR blog for more details, and to register for the webcast. We’ll talk about how data and applications have changed, what our two companies offer to make the most of your data (including the MapR CDP and Cisco’s C-Series and new S-Series server offerings), and even cover when/why you might choose not to move your use cases to our CDP on UCS platform.
Note: Links were updated after MapR site maintenance on March 20, 2017. The song remains the same.
Talos is disclosing TALOS-2016-0259 / CVE-2017-2791 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today.
This particular vulnerability is associated with the JPEG Decoder functionality embedded in the application. A specially crafted PDF document containing a JPEG can be used to trigger this vulnerability which results in a heap-based buffer overflow which can be leveraged to achieve remote code execution. This issue has been resolved in the most recent patch provided by Adobe. The full details surrounding the vulnerability are available here.
Coverage
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
