Was fiddling with email from my health insurance company that came "secure" via #Cisco secure email of some sort. I followed all the instructions and could not get it to open. Finally, tried Chrome and it worked. So the problem appeared to be some compatibility w Cisco's system of encryption/authentication and #Firefox. I googled it, and found this: https://www.cisco.com/c/en/us/td/docs/security/email_encryption/CRES/recipient_guide/b_Recipient/b_Recipient_chapter_0101.pdf
Scroll down and you'll find that in order to use the thing, you have to turn on cross site scripting.
@AAKL@thehackernews
Up to now I thought that this was the standard procedure? If I look at #Chrome or #Cisco (to name just two) it seems true for me.
SCNR
A critical vulnerability, identified as CVE-2024-20356, has been found in Cisco's Integrated Management Controller (IMC). This flaw allows for command injection, potentially giving attackers the ability to gain root access to systems. The vulnerability is located in the web-based management interface of the IMC, which is used for remotely managing Cisco hardware. The issue arises from insufficient user input validation in the IMC interface, allowing an authenticated, remote attacker with administrative privileges to inject malicious commands.
Security researchers from Nettitude have developed a Proof of Concept (PoC) exploit, named "CISCown," to demonstrate this vulnerability. The exploit involves sending crafted commands through the web interface, enabling attackers to execute arbitrary code with root privileges on the underlying operating system of Cisco hardware. This PoC exploit is part of a toolkit developed by Nettitude and is available on GitHub. It uses parameters such as target IP, username, and password to automate the exploitation process and deploy a telnetd root shell service on compromised devices.
The release of this PoC exploit signifies a critical threat level for organizations using affected Cisco products. Gaining root access can lead to data theft, system downtime, and further network compromise. Cisco has responded by releasing software updates to address this vulnerability. It is strongly recommended that all affected organizations apply these updates immediately, as no known workaround mitigates this vulnerability.
The affected products include a range of Cisco servers and computing systems, such as the 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series M5, M6, and M7 Rack Servers in standalone mode, UCS E-Series Servers, and UCS S-Series Storage Servers. Users and administrators are advised to visit Cisco’s official security advisory page and the Nettitude GitHub repository hosting the exploitation toolkit for more detailed information and access to the updates.
Two footmen dressed in white approach the vehicle as it arrives. One opens the rear door. #Guo#Ping, one of #Huawei's rotating chairmen, steps forward and extends a hand as the guest emerges.
After walking a red carpet, the two men enter the magnificent marble-floored building, ascend a stairway, and pass through French doors to a palatial ballroom.
Several hundred people arise from their chairs and clap wildly.
The guest is welcomed by Huawei's founder, #Ren#Zhengfei, whose sky-blue blazer and white khakis signify that he has attained the power to wear whatever the hell he wants.
After some serious speechifying by a procession of dark-suited executives, Ren
—who is China's Bill Gates, Lee Iacocca, and Warren Buffett rolled into one
—comes to the podium.
Three young women dressed in white uniforms enter the room, swinging their arms military style as they march to the stage, then about-face in unison as one holds out a framed #gold#medal the size of a salad plate.
Embedded with a red Baccarat crystal, it depicts the Goddess of Victory and was manufactured by the Monnaie de Paris. Ren is almost glowing as he presents the medal to the visitor.
This #honored#guest is not a world leader, a billionaire magnate, nor a war hero. He is a relatively unknown Turkish academic named #Erdal#Arıkan.
Throughout the ceremony he has been sitting stiffly, frozen in his ill-fitting suit, as if he were an ordinary theatergoer suddenly thrust into the leading role on a Broadway stage.
Arıkan isn't exactly ordinary.
Ten years earlier, he'd made a major discovery in the field of information theory.
Huawei then plucked his theoretical breakthrough from academic obscurity and, with large investments and top engineering talent, fashioned it into something of value in the realm of commerce.
The company then muscled and negotiated to get that innovation into something so big it could not be denied:
the basic #5G#technology now being rolled out all over the world.
Huawei's rise over the past 30 years has been heralded in China as a triumph of smarts, sweat, and grit. Perhaps no company is more beloved at home
—and more vilified by the United States.
That's at least in part because Huawei's ascent also bears the fingerprints of China's nationalistic industrial policy and an alleged penchant for intellectual property theft;
the US Department of Justice has charged the company with a sweeping conspiracy of misappropriation, infringement, obstruction, and lies.
As of press time, Ren Zhengfei's #daughter was under house arrest in Vancouver, fighting extradition to the US for allegedly violating a ban against trading with Iran.
The US government has banned Huawei's 5G products and has been lobbying other countries to do the same. Huawei denies the charges; Ren calls them political.
Huawei is settling the score in its own way. One of the world's great technology powers, it nonetheless suffers from an inferiority complex.
Despite spending billions on research and science, it can't get the respect and recognition of its Western peers. Much like China itself.
So when Ren handed the solid-gold medal
—crafted by the French mint!
—to Erdal Arıkan, he was sticking his thumb in their eye.
IN 1987, AROUND the time Arıkan returned to Turkey, #Ren#Zhengfei, a 44-year-old former military engineer, began a company that traded telecom equipment.
He called it #Huawei, which translates roughly to “China has a promising future.”
Ren tried to distinguish his company by maintaining a fanatical devotion to customer service.
Frustrated with the unreliability of suppliers, Ren decided that Huawei would manufacture its own systems. Thus began a long process of building Huawei into a company that built and sold telecom equipment all along the chain, from base stations to handsets, and did so not only inside China but across the globe.
The rise of Huawei is painstakingly rendered in a small library of self-aggrandizing literature that the company publishes, including several volumes of quotes from its founder.
The theme of this opus is hard to miss, expressed in a variety of fighting analogies. In one such description, Tian Tao, the company's authorized Boswell, quotes Ren on how the company competed against the powerful international “elephants” that once dominated the field.
“Of course, Huawei is no match for an elephant, so it has to adopt the qualities of wolves:
a keen sense of smell, a strong competitive nature, a pack mentality, and a spirit of sacrifice.”
The hagiographies omit some key details about how the wolf got along.
For one, they dramatically underplay the role of the #Chinese#government, which in the 1990s offered loans and other financial support, in addition to policies that favored Chinese telecom companies over foreign ones.
(In a rare moment of candor on this issue, Ren himself admitted in an interview that Huawei would not exist if not for government support.)
With the government behind them, Chinese companies like Huawei and its domestic rival #ZTE came to dominate the national telecom equipment market.
Huawei had become the elephant.
Another subject one does not encounter in the company's library is the alleged use of #stolen#intellectual#property,
a charge the company denies.
“If you read the Western media about Huawei, you will find plenty of people who say that everything from Huawei was begged, borrowed, or stolen. And there is absolutely no truth in that,” says Brian Chamberlin, an executive adviser for Huawei's carrier group.
But in one notorious 2003 case, Huawei admitted using router software copied from #Cisco, though it insisted the use was very limited, and the sides negotiated a settlement that was “mutually beneficial.”
More recently, in February, the US #Department of #Justice filed a suit against the company charging it with “grow[ing] the worldwide business of Huawei … through the deliberate and repeated misappropriation of intellectual property.”
The indictment alleges Huawei has been engaging in these practices since at least 2000.
The Chinese government also provided support to help Huawei gain a foothold overseas, offering loans to customers that made Huawei's products more appealing.
One of Huawei's biggest foreign competitors was #Nortel, the dominant North American telecom company based in Canada.
But Nortel's business was struggling just at a time when competition from Chinese products was intensifying.
Then, in 2004, a Nortel security specialist named Brian Shields discovered that computers based in China, using passwords of Nortel executives, had been #downloading hundreds of #documents from the company.
“There's nothing they couldn't have gotten at,” Shields says.
Though no one ever publicly identified the hackers, and Ren denied any Huawei involvement, the episode added to the suspicion in the West that Huawei's success was not always achieved on the up and up.
It had failed to adapt, disappointed its customers, and was ill-prepared to respond to new Chinese competition.
And there was that hack.
Huawei seized the moment.
Nortel's most valuable asset was the unmatched talent in its Ottawa research lab, known as the Canadian equivalent of the legendary Bell Labs.
For years, Huawei had been building up its research capacity, trying to shed its reputation as a low-cost provider whose tech came from purloining the discoveries of others. It had a number of R&D labs around the world.
Now, with Nortel's demise, it could pursue a bigger prize than market share:
technical mastery. And respect.
The head of research at Nortel's lab in Ottawa, #Wen#Tong, grew up in China and joined Nortel's wireless lab in 1995 after earning a doctorate at Concordia University in Montreal.
He had contributed to every generation of mobile technology and held 470 patents in the US.
If telecommunications companies staged a research scientist draft in 2009, Wen Tong would have been a first-round pick.
Now he was a free agent, and Google, Intel, and others courted him.
Tong picked Huawei. He wanted to keep his networking scientists together, and the team didn't want to leave Canada.
The Chinese company was happy to recruit the group and let them stay in place.
Huawei also promised them freedom to attack the signature challenge for networking science in the 21st century:
creating the infrastructure for #5G.
In this iteration of mobile platforms, billions of mobile devices would seamlessly connect to networks. It promised to transform the world in ways even the scientists could not imagine, and it would mean vast fortunes for those who produced the technology.
The race for #patents would be intense, a matter not only of profit but also national pride.
Not long after Tong joined Huawei, in 2009, a research paper came to his attention.
Tong had helped produce the technology that provided the radio-transmission error correction for the current standard, known as turbo codes.
He thought the polar codes concept could be its replacement in 5G.
But the obstacles were considerable, and Tong originally couldn't interest his Canadian researchers in attacking the problem.
Then, in 2012, Huawei asked Tong to restructure its communications lab in China.
He took the opportunity to assign several smart young engineers to work on polar codes.
It involved the none-too-certain process of taking a mathematical theory and making it actually work in practical design, but they made progress and the team grew.
With each innovation, Huawei rushed to the patent office.
In 2013, Wen Tong asked Huawei's investment board for $600 million for 5G research.
“Very simple,” Tong says. “20 minutes, and they decided.”
The answer was yes, and a good deal of that money went into polar codes.
After Huawei came up with software that implemented the theory, the work shifted to testing and iterating. Eventually hundreds of engineers were involved.
Tong was not the only information scientist who had seen Arıkan's paper. #Alexander#Vardy of the Jacobs School of Engineering at UC San Diego says the paper achieved “something that people were trying to do for 60 years.”
The challenge was that polar codes were not suited for 5G's short blocklengths
—the amount of 0s and 1s strung together.
Vardy and his postdoc, #Ido#Tal of the #Technion-Israel Institute of Technology, modified the error-correcting technology so it outperformed other state-of-the-art codes when applied to 5G's short blocklengths.
Vardy says he presented his findings in a conference in 2011.
“Huawei was there in the audience, and right after that they ran with it,” he says, seemingly without rancor.
(UC San Diego owns Vardy and Tal's patent and has licensed it to Samsung on a nonexclusive basis.)
Today Huawei holds more than two-thirds of the polar code patent “families”
—10 times as many as its nearest competitor.
The general feeling in the field, Vardy said, was that Huawei “invested a lot of research time and effort into developing this idea.”
It seemed “all the other companies were at least a few years behind.”
But all that work and all those patents would be wasted if the technology didn't fit into the 5G platform.
“It has to be adopted by everybody,” Tong says.
“You have to convince the entire industry that this is good for 5G.”
If polar codes were to be the symbol of Huawei's superiority, there was one more hurdle:
“I had the responsibility,” Wen Tong says, “to make it a standard.”