Traduttore automatico - Read this site in another language

sabato 8 giugno 2019

I router CISCO sono a rischio ?

Qualche giorno fa, su Wired, è stato pubblicato un articolo dal titolo inquietante: "A Cisco router bug has massive global implication".
Secondo quanto riportato alcuni ricercatori di sicurezza hanno scoperto delle vulnerabilità gravi in diversi modelli di router Cisco, il problema sembra essere relativo al controllo che i router effettuano per verificare la bontà degli aggiornamenti che ricevono dalla casa madre. In particolare diversi modelli di router Cisco della serie 1001-X sembrano essere affetti dalla vulnerabilità scoperta. La Cisco, da parte sua, ha annunciato che sta lavorando alla soluzione del problema.
I ricercatori della Red Balloon Security hanno sfruttato due vulnerabilità dei router:
- un bug del Cisco IOS (il sistema operativo dei router Cisco), vulnerabilità che consente a persone non autorizzate l'accesso al router a livello root (massimo livello di accesso) e la possibilità di modificare qualunque parametro (in particolare le rotte);
- la seconda vulnerabilità consente, una volta ottenuto l'accesso di root, di bypassare il sistema di sicurezza fondamentale dei router, il cosiddetto "Trust Anchor", implementato praticamente in tutti i router Cisco a partire dal 2013.
Nell'articolo di Wired si allude alla possibilità che, con delle modifiche più o meno attagliate ai router delle diverse famiglie, si possano hackerare potenzialmente centinaia di milioni di router sparsi nel mondo, router di società come di organizzazioni pubbliche civili e militari.
Il CEO e fondatore della Red Balloon Security, Ang Cui, ha affermato che la sua società ha mostrato che è possibile disabilitare in modo permanente il Trust Anchor e quindi modificare in modo arbitrario i dati dei router Cisco facendo si che il sistema continui a segnalare di funzionare correttamente.

C'è da dire che Ang Cui non è nuovo a queste scoperte, già anni addietro aveva dimostrato che era possibile hackerare i telefono digitali di Cisco. Cisco rispose con una patch che Ang Cui dimostrò essere inefficace. Con un altro lavoro di ricerca dimostrò che era possibile hackerare le stampanti di rete HP.
Ang Cui ha affermato di aver ricevuto finanziamenti da varie organizzazioni US (tra cui la DARPA) per il suo lavori di ricerca ed è da anni alla guida della sua società che tra l'altro ha prodotto un sistema capace di mettere in sicurezza, teoricamente, qualunque sistema IoT (Internet of Things) che si chiama Symbiote Defence System.
Per chiudere con qualcosa di utile, agli amministratori di rete e sistema raccomandiamo l'applicazione delle patch indicate da Cisco. Come abbiamo fatto altre volte invitiamo tutti a studiare attentamente la propria rete, convinti che la conoscenza di ciò che si amministra sia alla base della sicurezza, e ad applicare le patch.
Agli amministratori Delegati e ai consigli di amministrazione diamo invece un suggerimento al loro livello, invitandoli a fare ogni sforzo possibile per invogliare il proprio personale a sposare la cultura della sicurezza e ad investire il giusto per gestire il rischio legato alla sempre maggiore pervasività della tecnologia.
Una cosa è certa, ogni giorno che passa rende sempre più chiaro che il mondo a cui ci siamo affidati non è quello che pensavamo. Sempre più "complesso" e tutt'altro che sicuro fa pensare ad un vecchio film statunitense del 1999, Matrix, in cui era possibile entrare ed uscire dalla rete a causa dei bachi di programmazione. Un mondo nel quale, per assurdo, all'agente Smith era possibile prendere il posto di una persona attraverso una qualche "magia digitale". 
Bene, quel mondo fantastico è ora intorno a noi...  

Alessandro RUGOLO

Per approfondire:
- https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/;
- https://www.bbc.com/news/technology-48269600?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story
- https://www.redballoonsecurity.com/;
- https://www.enterpriseai.news/2015/09/22/from-hacker-to-iot-security-hero-red-balloon-floats-new-solution/;
- https://www.extremetech.com/computing/145371-your-worst-office-nightmare-hack-makes-cisco-phone-spy-on-you;
- https://arstechnica.com/information-technology/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim/;
- https://www.cyberscoop.com/cisco-router-vulnerabilities-future-prevent-software-updates/;
- https://www.cisco.com/c/en/us/products/collateral/security/cloud-access-security/secure-boot-trust.html


martedì 4 giugno 2019

Rapid7 Achieves AWS Security Competency Status

Press release

Company’s vulnerability management solution helps organizations manage security risk in both hybrid and cloud environments 

Boston, MA — May 7, 2019
Rapid7, Inc. (NASDAQ: RPD), a leading provider of security analytics and automation, today announced that it has achieved Amazon Web Services (AWS) Security Competency status for its flagship vulnerability management solution, InsightVM. This designation recognizes that Rapid7 has demonstrated proven technology and deep expertise that helps customers achieve their cloud security goals.
Achieving the AWS Security Competency differentiates Rapid7 as an AWS Partner Network (APN) member that offers specialized software designed to help organizations adopt, develop and deploy complex security projects on AWS. To receive the designation, APN partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.
Cloud adoption presents numerous benefits, including speed of development and cost savings. However, it also requires organizations to transform their business and assess how to advance to the cloud securely. Rapid7’s flagship vulnerability management product, InsightVM, is designed to address this by providing visibility, security analytics, orchestration, and automation to help organizations prioritize and remediate where there is the greatest risk across their hybrid and cloud environments.
“It’s no longer if, but when, organizations move all or parts of their business to the cloud,” said Lee Weiner, Chief Product Officer at Rapid7. “With that, organizations must change the way they approach security, ensuring their vulnerability management programs evolve as well. To address this, we are leveraging the power of AWS and Rapid7's vulnerability management capabilities to provide visibility across modern networks, prioritize risk using attacker analytics and contain and mitigate threats.”
AWS is enabling scalable, flexible and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify consulting and technology APN Partners with deep industry experience and expertise.
For more information about Rapid7’s InsightVM solution, visit: https://www.rapid7.com/products/insightvm/

sabato 1 giugno 2019

259 milioni di dollari a Tapestry Solution (Boeing) per il Weapons Planning Suite

Tapestry Solution, una società del gruppo Boeing, si è vista aggiudicare dal DoD americano un contratto decennale per lo sviluppo, l'evoluzione e il supporto del software della US Air Force "Weapons Planning Suite" (WPS). Il WPS è un componente del più complesso "Joint Mission Planning Software" (JMPS).
La società aggiudicataria dovrà impegnarsi per i prossimi 10 anni in tutto per tutto ciò che concerne il software (design, sviluppo, architettura, migrazione, integrazione, miglioramenti, upgrade, test e documentazione) utilizzando una metodologia flessibile (tipo Agile sprint/release process).
L'assegnazione del contratto è avvenuta attraverso una competizione aperta alle società americane, mentre la partecipazione alle società straniere era esplicitamente proibita.

Ma a cosa serve il WPS ?
Il WPS consente la pianificazione collaborativa di missioni e la condivisione di dati capacitivi tra servizi militari, con particolare riguardo al munizionamento guidato di precisione impiegato dai velivoli militari A-10, B-1, B-52, F-15E, F-16, F-22, F/A-18 ed F-35.

Alcune brevi considerazioni:
- interessante notare che la partecipazione alla gara era esplicitamente proibita alle società straniere. Niente di strano se si considera la necessità da parte del governo americano, di avere il massimo controllo possibile sia sulla società aggiudicataria sia sul personale che vi lavora. Lo sviluppo di un software di pianificazione militare necessita infatti la profonda conoscenza delle procedure operative ma anche la conoscenza dei sistemi delle piattaforme con cui deve interagire, parliamo dunque di sistemi certamente classificati. In un secondo tempo è stata concessa la possibilità di partecipare alla gara anche alle società iscritte al "Joint Certification Program" mentre le società americane della categoria FOCI (Foreign Ownership, Control or Influence) non potevano partecipare. Ciò non toglie che tale procedura sia anche indice del protezionismo americano. Mi viene da pensare alla regola di reciprocità normalmente impiegata nel mondo diplomatico ed economico...
- il contratto prevede la fornitura di tutte le attività legate al software. Tale procedura è l'unica possibile in un ambiente operativo in cui una qualunque incomprensione può causare ritardi inaccettabili. Allo stesso modo la metodologia scelta è quella "agile", considerata la più veloce per lo sviluppo del software e la correzione continua.

Alessandro Rugolo


- https://defence-point.com/2019/05/29/u-s-air-force-selects-boeing-to-provide-weapon-planning-software/;
- https://www.defenseworld.net/news/24851/USAF_Awards_Boeing__259M_Contract_for_Weapon_Planning_Software#.XPLDvvZuKas;
- https://www.govcb.com/government-bids/WEAPON-PLANNING-SOFTWARE-WPS-NBD00159557221405876.htm;
- https://www.avatarpartners.com/solutions/software-development;
- https://www.epicos.com/tender/FA8681-18-R-0006;
- https://www.dla.mil/HQ/LogisticsOperations/Services/JCP/DD2345Instructions/;




U.S. Air Force Selects Boeing to Provide Weapon Planning Software

Press release

WPS contract, awarded under competitive acquisition, is potentially valued at $259 million over a 10-year period

SAN DIEGO, May 28, 2019— Boeing [NYSE: BA], through its subsidiary Tapestry Solutions, received a 10-year contract from the U.S. Air Force to provide Weapon Planning Software (WPS) for numerous aircraft and weapons platforms used by U.S. military and allied forces. The mission planning software is designed to help military customers plan every detail of a mission, including routes, threats and points for weapons launches.

The award, potentially valued at $259 million, includes the development, enhancement and support of the WPS suite – a core component of the Joint Mission Planning System (JMPS) architecture, which enables collaborative mission planning and data sharing capabilities between military services. The WPS suite supports JMPS requirements related to precision-guided munition planning for A-10, B-1, B-2, B-52, F-15E, F-16, F-22, F/A-18 and F-35 operational units worldwide.

“We are looking forward on building on our partnership with the U.S. Air Force as we help to fulfill their mission planning needs with the WPS suite,” said Debbie Churchill, vice president, Mission Products and Services, Tapestry Solutions. “It will ensure our customers have the critical data they need to get from mission plan to execution more efficiently with the use of faster, more powerful and intuitive weapons planning capabilities.”

Tapestry, which is part of Boeing’s services business, brings decades of experience developing mission planning software solutions for military aircraft including the F-15, F/A-18, F-22 and T-38, as well as weapons systems software for the Tomahawk missile and Boeing’s Joint Direct Attack Munition (JDAM) program.

Boeing is the world’s largest aerospace company and leading provider of commercial airplanes, defense, space and security systems, and global services. As the top U.S. exporter, the company supports commercial and government customers in more than 150 countries. Boeing employs more than 150,000 people worldwide and leverages the talents of a global supplier base. Building on a legacy of aerospace leadership, Boeing continues to lead in technology and innovation, deliver for its customers and invest in its people and future growth.

Poste Italiane and Microsoft: a digital alliance to support the sustainable growth of the Group

Press release 29 gennaio 2019

Expanded collaboration with Microsoft to evolve the customer experience through a digital platform, which enables a more integrated and tailored Customer Relationship Management and turns information into strategic insights.

Poste Italiane Group expands its collaboration with Microsoft to support its Digital Transformation plan – both in the Retail and Business space - and adopts Microsoft's Customer Relationship Management cloud platform with the aim of improving their customer experience. Consistently with Poste’s attention towards the integration of the physical and digital channels, the project aims at the unification of the CRM platform for the enterprise, SMB and retail areas and merges with the broader plan Deliver 2022 in order to maximize the value of the largest Italian distribution network for a sustainable growth.
In order to strengthen its positioning in an increasingly competitive and constantly evolving market, Poste Italiane aims at offering a better service to customers, thanks to a more integrated and customized relationship management, regardless of the branch of activity, whether it is mail and parcel delivery, financial and insurance services, payment systems and mobile telephony. Poste Italiane has developed a broad digital transformation project and, thanks to the strategic partnership with Microsoft, which primarily leverages the flexibility of the Dynamics 365 cloud platform, it will address a complete and always up-to-date view of users and in progress activities, in order to improve the experience and offer more and more integrated services.
Therefore, with the CRM solution Dynamics 365, Poste Italiane will leverage advanced business applications and intuitive graphical reports, all with maximum security and privacy guarantees compliant with the highest international standards and GDPR. Thanks to smarter processes and ability to turn information into strategic insights, the Group aims not only at increasing penetration and cross-selling opportunities, but also to streamline the work organization, with the ultimate goal of improving the customer experience.
Very attentive in exploiting the entire potential of Digital, Poste Italiane is looking with interest also at Artificial Intelligence developments and, in the future, the project in collaboration with Microsoft will evolve including the development of a chatbot as a further communication channel addressed to customers, in order to answer their requests in a more efficient and timely manner. 
“We’re going to play an important role in Italy’s digital transformation and we want to be equipped with solutions that enable us to enhance our physical network, bringing it even closer to the needs and demands of our 34 million customers. The collaboration with Microsoft is therefore fully in line with our Deliver 2022 strategic plan because by optimizing the relationship with our customers we can better understand the changing needs of consumers and businesses, building on and consolidating our leadership and positioning for the country’s growth”, Matteo Del Fante, CEO and GM at Poste Italiane, stated.
"Poste Italiane is a key part of the social and productive fabric of the Country and we are proud to put our expertise at the service of their digital transformation path. This is the largest cloud adoption project of Customer Relationship Management on Microsoft technology in Italy and we are sure it will contribute to the efficiency and sustainable growth of the Group, with a positive impact on the 13,000 post offices, 134,000 Employees and 34 million customers on the territory. Thanks to new technologies, it will be possible to improve the work organization, streamline processes and manage the relationship with customers in an effective way, in order to offer a service more tailored to citizens. In the future, artificial intelligence will also play a key role in this scenario”, Silvia Candiani, CEO at Microsoft Italia, claimed.


https://www.posteitaliane.it/en/press-releases/posteitalianeandm-1476489782680.html

giovedì 30 maggio 2019

Northrop Grumman Launches New Research Consortium for Artificial Intelligence and Machine Learning

Press release

The research consortium, known as Research in Applications for Learning Machines (REALM), was established to foster collaboration between leading universities with strong machine learning and artificial intelligence programs. 

BALTIMORE – April 30, 2019 – Northrop Grumman Corporation (NYSE: NOC) launched a new research consortium with universities to advance machine learning and artificial intelligence programs. The REALM consortium is an industry-academia partnership to advance research, foster collaboration and address technological challenges due to advances in machine learning, cognition and artificial intelligence.
As part of the consortium, Northrop Grumman has selected three research teams to collaborate on applied research that addresses key customer applications including multiple sensor track classification, identification and correlation; situational knowledge on demand; and quantitative dynamic adaptive planning.

Each team is comprised of multiple universities. All three teams, including researchers from Carnegie Mellon University; Johns Hopkins University; Massachusetts Institute of Technology, Purdue University; Stanford University; University of Illinois at Chicago; University of Massachusetts Amherst and the University of Maryland, College Park received a total of $1.2 million research funding from Northrop Grumman.

“In today’s environment, machine learning, cognition and artificial intelligence are dramatically reshaping the way machines support customers in their mission,” said Eric Reinke, vice president and chief scientist, mission systems, Northrop Grumman. “The highly complex and dynamic nature of the mission demands an integrated set of technologies and we are excited to partner with academia to enhance our customers mission.”

Northrop Grumman is a leading global security company providing innovative systems, products and solutions in autonomous systems, cyber, C4ISR, space, strike, and logistics and modernization to customers worldwide. Please visit news.northropgrumman.com and follow us on Twitter, @NGCNews, for more information.

Palo Alto Networks Introduces Prisma: The Secure Way to Cloud

Press release
By PR Newswire,  May 29, 2019, 08:00:00 AM EDT 

The Industry's Most Complete and Comprehensive Cloud Security Suite


SANTA CLARA, Calif., May 29, 2019 /PRNewswire/ -- Palo Alto Networks (NYSE: PANW) today announced Prisma™, a new cloud security suite designed to help its customers lead a more secure digital life. The world needs cloud security that is simpler, more secure, and more complete than ever before. It's the new benchmark in cloud security, transforming the cloud journey by simplifying access, data protection, and application security. Prisma builds on the tremendous success of Palo Alto Networks cloud security products and delivers new experiences only possible with the Prisma suite. With approximately 9,000 enterprise customers, Prisma has quickly become the largest cloud security business in the world.

 "Our approach to cloud security is aimed at delivering the best security while embracing the unique needs of the cloud. We provide customers with complete visibility as well as recommended configurations across their entire cloud environment to ensure a strong security posture from the start and consistently prevent attacks," said Lee Klarich, chief product officer at Palo Alto Networks. "With Prisma, organizations can securely connect office branches and mobile users to the cloud, confidently embrace the use of SaaS applications, and rapidly develop and deploy cloud applications."

Prisma Delivers What Customers Need

Prisma gives customers what they need to consistently govern access, protect data, and secure applications. The suite consists of four key components:

  • Prisma Access1 secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture, blending enterprise-grade security with a globally scalable network. It will soon run on Google Cloud Platform (GCP™), extending the service to more than 100 locations for an even faster and more localized experience. Customers will also have access to a streamlined cloud management user interface (UI) that enables rapid onboarding of branches and users. In addition, Prisma Access will include capabilities specifically designed for service providers to enable the rapid provisioning of secure outbound internet connectivity for their customers.
  • Prisma Public Cloud2 provides continuous visibility, security, and compliance monitoring across public multi-cloud deployments. Powered by machine learning, it correlates data and assesses risk across the cloud environment. Starting today, customers can further reduce their attack surface early in the development cycle through a "shift left" approach to security. With the ability to detect vulnerabilities and fix improper configurations in customers' infrastructure-as-code templates, developers can reduce risk without sacrificing agility. 
  • Prisma SaaS3 is a multi-mode cloud access security broker (CASB) service that safely enables SaaS application adoption. It provides advanced capabilities in risk discovery, adaptive access control, data loss prevention, compliance assurance, data governance, user behavior monitoring, and advanced threat prevention. New integrations will bring improved administration experience across IT-sanctioned and IT-unsanctioned SaaS applications with unified visibility and management.
  • VM-Series is the virtualized form factor of the Palo Alto Networks Next-Generation Firewall that can be deployed in private and public cloud computing environments, including Amazon Web Services (AWS®), GCP, Microsoft Azure®, Oracle Cloud®, Alibaba Cloud®, and VMware NSX®. The VM-Series is also enhanced through infrastructure-as-code automation for deployment and configuration, which reduces complexity for customers.

Prisma Access, Prisma Public Cloud, Prisma SaaS, and the VM-Series are all available now. For organizations interested in learning more about accelerating their cloud journey with Prisma, please visit www.paloaltonetworks.com/prisma.