Patch Tuesday: Microsoft has critical fixes for Exchange Server

Network World – Businesses will want to jump on patches that fix vulnerabilities to the gamut of Microsoft Exchange Server versions that are   flagged in next week’s Patch Tuesday alerts.

“This month’s remediation is all about the Exchange servers,” says Tommy Chin, a technical support engineer at CORE Security.   The critical alert affects all supported versions of Exchange Server – Exchange Server 2007 Service Pack 3, Exchange Server   2010 SP 2 and 3, and Exchange Server 2013, cumulative updates 1 and 2.

Chin says Exchange’s reliability is generally taken for granted. “However, what if all e-mail communications suddenly became   compromised?” he says. “For most organizations, this scenario is simply unacceptable due to the sensitive information contained   within today’s e-mail conversations.”

Ross Barrett, senior manager of security engineering at Rapid7, agrees. “If this is truly a remotely exploitable issue that   does not require user interaction, then it’s a potentially wormable issue and definitely should be put at the top of the patching   priority list,” Barrett says. Another critical alert, Bulletin 1, affects current versions of operating systems Windows 8 (and Windows RT) and Windows Server   2012, as well as earlier versions back through Windows XP and Windows Server 2003.

There are no details on what the exact vulnerabilities are but being ranked critical means they could allow code execution   even if the user doesn’t interact with the attack. Self-propagating malware and code execution without warnings or prompts   are exploits that fit this category. Examples include browsing an infected Web page or opening a malicious email.

“To me, Bulletin 1 is most critical,” says Ken Pickering, the director of engineering at CORE Security. “The last time I saw   an IE Remote Code execution of this caliber, I saw live malware exploiting it not too long after. People are getting good   at turning these IE vulnerabilities into web-based attacks.”

Bulletin 1 affects Internet Explorer from Version 6 to Version 10 as deployed on all Windows client operating systems from   Windows XP to Windows 8 including its ARM version, Windows RT. It also affects Windows Server 2003, 2008, 2008 RR2 and 2012.

Three out of eight bulletins this month are critical, possibly facilitating remote code execution on victim machines. The   rest of the bulletins are ranked important, two allowing elevation of privileges by attackers, two threatening denial of service   and one that could allow disclosure of information on the attacked machine.

Paul Henry, a security and forensics analyst at Lumension, notes that the bulleting count for this year so far is up seven   over last year at this time, but this year so far there are 10 fewer critical ones.

Barry Hesk
Intrinsic Network Solutions

UK average broadband speed rises

Repost of Computer Weekly article

Full Article Here

The average speed of broadband connections in the UK has reached 14.7Mbps, according to the latest report from Ofcom.

The telecoms regulator has published its bi-annual survey into fixed-line residential broadband speeds, which showed the figure had risen by 2.7Mbps in the six months to May 2013 and by 5.7Mbps when compared with the same period last year.

It also revealed that the number – which represents download speed – had more than quadrupled since the report began in November 2008, when it stood at just 3.6Mbps.

“With the average household now owning more than three types of internet-connected devices, consumers are demanding more than ever from their broadband service,” said Claudio Pollack, consumer group director at Ofcom.

“Internet providers have responded by upgrading customers to higher-speed services and launching new superfast packages. To help consumers make informed purchasing decisions, our report offers a useful insight into the actual speeds and level of reliability delivered by many of the broadband packages available on the market today.”

Measurement period
Average speed

November 2008

April 2009

May 2010

November/December 2010

May 2011

November 2011

May 2012

November 2012

May 2013

Source: Ofcom

Superfast broadband connections slow to rise

Although the adoption of superfast broadband packages, which Ofcom defines as connections over 30Mbps, rose during the period, it still stood at just 19% of all connections – up from 14% in November 2012 – despite the regulator revealing in March that at least 65% of the UK population had access.

The vast majority of broadband subscribers are on packages with speeds of up to 10Mbps – 86%, up from 76% six months ago.

Ofcom claimed the move to higher speeds was partly down to network upgrades by Virgin Media, which saw the speeds available over its cable connections double from 18Mbps to 34.9Mbps. But there was evidence consumers are choosing to move to speedier connections, with BT saying it had more than doubled its fibre customers in a year from 550,000 to 1.3 million.

Virgin Media was found to offer the fastest connection of the 14 internet service providers Ofcom examined, with its 120Mbps service providing an average speed of 112.6Mbps. Its 100Mbps offering brought in average download speeds of 88.8Mbps.

BT’s superfast 76Mbps package offered an average speed of 62.1Mbps, while PlusNet’s 76Mbps service delivered 61Mbps on average

Rural broadband gains speed

The report also showed the differences between speeds in urban, suburban and rural areas. Although there was a clear difference in the averages – 26.4Mbps, 17.9Mbps and 9.9Mbps respectively – rural areas showed the largest percentage increase to speed in the past two years, up by 141% compared to 103% for suburban areas and 95% for urban locations.

But Ofcom highlighted the difference between urban and rural had grown from 9.5Mbps to 16.5Mbps in the same period, due to the lower availability of superfast broadband connections in remote areas and the fact that homes were often farther from exchanges.

“We are yet to see the full effect of government measures to improve broadband availability in rural areas, which should also help to boost speeds,” added Pollack. “We also anticipate 4G mobile to have a positive effect on mobile broadband availability across the UK.”

Cisco exits Unified Comms Market Place for SME customers

Cisco exits Unified Comms Market Place for SME customers

24 July 2013

Buried in a a plethora of end of sale announcements issued by Cisco on the 22 July 2013, were a tranche of highly significant ones. Shuffling towards an ignominious exit are the UC540 and UC560 platforms, and also the Business Edition 3000 system.

Despite investing millions of dollars in product development of these platforms, Cisco have failed to achieve any significant market penetration. High cost, poor code quality and lack of user features have prevented these systems from being adopted in their targeted customer base of 100 seats or less.

Cisco’s own end of life statements for these products suggest that customers below 25 seats should effectively jettison Cisco and move to hosted providers. This strikes us as being another example of Cisco refocussing on its core Enterprise markets, and leaving resellers who were only a few months ago heavily encouraged by Cisco to target SMEs, in the lurch.

This is not an unexpected move by Cisco, however it will hugely disappoint customers and partners who have invested in these platforms and the associated certifications. It follows other products launched by Cisco with great fanfare being dropped soon afterwards.Any new products should therefore be looked at with care before being adopted.Like IBM in the 1990s, no longer is a Cisco badge on the front of a piece of equipment a guarantee of longevity.

For customers larger than 25 seats, Cisco recommends the Business Edition 6000. Not a truly integrated system in its own right, the BE6K simply bundles Communications Manager call control, Unity Connection voicemail, and optionally Presence and Contact Center Express all running on top of VMware. The price point is radically different (for different read higher, much higher), as is the complexity of the deployment.

With the spectre of Microsoft Lync haunting Cisco at every step, the future for Cisco’s entire UC platform seems under ever increasing amount of focus. Interesting times lie ahead definitely

Barry Hesk

Intrinsic Network Solutions

10 Must-Have WordPress Plugins For Your Business Website


According to WordPress, there are over 60 million people who have chosen WordPress as the platform for their website. WordPress is a very customizable CMS software, which means you can accomplish almost anything you want with it. It also has a lot of developer support so there are many plugins available, most of which are free. I’m going to share the 10 most essential WordPress plugins for your business website in this article.

10 Must-Have WordPress Plugins For Your Business Website
Haris Bacic
Mon, 15 Jul 2013 14:44:00 GMT

Barry Hesk

Intrinsic Network Solutions

New Gaping Security Holes Found Exposing Servers


A widely deployed protocol and controller used in servers and workstations both contain serious vulnerabilities that, in effect, give attackers near-physical access to the machines, a pair of renowned researchers said recently.

HD Moore, chief research officer at Rapid7 and creator of Metasploit, and security researcher Dan Farmer announced findings of their research on major flaws in the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMC) packaged with most servers for remote management purposes.

As part of his ongoing Internet scanning research, Moore found more than 100,000 servers and workstations online that are vulnerable to one or more of six flaws in IPMI and BMC — some of which were bugs Farmer revealed earlier this year — which Moore says is just the tip of the iceberg of potential servers in danger on the Net. The bugs could allow an attacker to compromise BMCs in the affected servers and siphon data from attached storage devices, make changes to the operating system, install a permanent backdoor, sniff credentials sent through the server, launch a denial-of-service attack, or wipe the hard drives.

New Gaping Security Holes Found Exposing Servers
Mon, 08 Jul 2013 13:21:00 GMT


Barry Hesk

Intrinsic Network Solutions

Catalyst 6800 Series Switches Announced

25 June 2013

Cisco have today announced a range of new high end Catalyst switches designed to placate customers who have invested in the 6500 series. Described as a “game changer” by Cisco the 6800 series feature a set of fixed an modular chassis systems with some backwards compatibility to the 6500.

The full announcement is here

Game changer? Not really. Just more of the same, and according to Cisco, at a lower price point. Same OS, same restrictions with back plane speed.

How does this compare to Nexus? According to Cisco, the new models will be cheaper (which is not hard, Nexus systems should come with gold plated power supplies for how much they cost) and have the same set of features that is supported in the 6500 series. This presumably means that like in most 6500 deployments, 99% of them won’t be used by most customers.

However, for customers with an installed based of 6500s who are looking for some investment protection, the 6800 series could be something to look at.

The models:

  • 6807 – 7 slot modular switch 
  • 6880 – 3 slot modular switch with 16 fixed 10 Gbps ports
  • 6800ia – 1 RU “instant access” switch – provides similar features as the Nexus 2000 FEX and acts as a “remote line card” switch when attached to a core 6800.

The 6800s are expected to be shipping by the end of the year.

Barry Hesk
Intrinsic Network Solutions

Cisco 2960X Switch Range Announced

As of 4th June 2013, Cisco have announced the 2960X range of switches. Building on the existing 2960 and 2960S ranges, the 2960X is a fixed configuration gigabit switch available in both PoE and non PoE models.

The 2960X offers a number of configuration options including:

Flex Stack Plus modules (compatible with existing Flex Stack modules in 2960S switches)

A range of software options including LAN Lite, LAN Base and IP Lite.

IP Lite provides basic L3 IP connectivity including unicast routing, and other features such as PIM, HSRP, OSPF and PBR. Redundant power supplies are available for some of the models.

A data sheet on the 2960X is available here.

The 2960X is also meant to be Cisco’s first production switch to support the Cisco ONE API which will allow the unit to be integrated into SDN networks. SDN is the hot buzz word at the present time, and brings Wireless Controller-like architectures and topologies to wired infrastructures.


Barry Hesk

Intrinsic Network Solutions