Archive for June 22, 2020

Accenture’s Technology Vision Has Insights On Robots In The Wild

Posted in Commentary with tags on June 22, 2020 by itnerd

The pandemic has spurred a massive innovation effort, accelerating the adoption of robots in everyday operations. According to Accenture’s Technology Vision perspective released today, robots are taking on new responsibilities during the pandemic, joining our frontline workers and helping to fight the virus. Robots are disinfecting cities, cooking hospital food, delivering packages… They’re helping businesses do even more, while simultaneously demonstrating new use cases to regulators, workers, and the public. The pandemic is showing robots in their best light and the impact won’t be forgotten.

As the pandemic strengthens the case for automation, the entire industry will move faster than ever. The need for human workers to maintain and control robots remotely will also grow, increasing demand for data scientists and engineers. And, taking robotics out into the open world will also force companies to consider how the public is affected by their products and services.

Accenture’s Technology Vision perspective is worth taking some time to read as it will provide you with some valuable insights. You can also watch the video below:

Netgear Has 79 Router Models Out There With A Zero Day Exploit That Allows Complete Takeover Of Said Router…. Yikes!!

Posted in Commentary with tags on June 22, 2020 by itnerd

Netgear has a massive problem on its hands. There is an unpatched zero-day vulnerability exists in 79 Netgear router models that allow an attacker to take full control over vulnerable devices remotely. That makes this a non-trivial issue. Especially in this day and age as most of us are working from home. This was discovered by Adam Nichols of cybersecurity firm Grimm and d4rkn3ss from Vietnam’s VNPT ISC (through Zero Day Initiative). Now Nichols has released a detailed explanation of the vulnerability, a PoC exploit, and scripts to find vulnerable routers. Which means that the bad guys will be using these tools to launch attacks. In fact, it’s a safe bet that this is already happening

Here’s the list of routers that are affected by this exploit:

AC1450
D6220
D6300
D6400
D7000v2
D8500
DC112A
DGN2200
DGN2200v4
DGN2200M
DGND3700
EX3700
EX3800
EX3920
EX6000
EX6100
EX6120
EX6130
EX6150
EX6200
EX6920
EX7000
LG2200D
MBM621
MBR624GU
MBR1200
MBR1515
MBR1516
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6250
R6300
R6300v2
R6400
R6400v2
R6700
R6700v3
R6900
R6900P
R7000
R7000P
R7100LG
R7300
R7850
R7900
R8000
R8300
R8500
RS400
WGR614v8
WGR614v9
WGR614v10
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3100RP
WN3500RP
WNCE3001
WNDR3300
WNDR3300v2
WNDR3400
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR834Bv2
WNR1000v3
WNR2000v2
WNR3500
WNR3500v2
WNR3500L
WNR3500Lv2
XR300

What’s important to note is that I can find no mitigations for this exploit. None. That’ makes this exploit really dangerous. Also, Netgear isn’t planning on patching this entire list of routers that are affected by this. Which means that if you have any of these routers, you are on your own. Which of course is not a good situation. And really reflects poorly on Netgear as they should really not only have better security for their routers, but they should make much more of an effort to better care for their customer base when security issues arise.

Given the scale of the issues, and Netgear’s response to it, I would recommend that you take immediate action by replacing your Netgear router with something other brand of router from a vendor who considers security to be top of mind. That’s what I am doing as I have an R8500 which is on the list. And you should do the same thing. This is not a trivial exploit and it requires a non-trivial response in order to ensure that you are secure.

UPDATE: Thanks for everyone who alerted me that Netgear has just sent out emails to customers. In it it has a a security advisory that details this exploit. And the fact that only TWO of their routers have fixes for this exploit. Netgear says that they will “continue to work on hotfixes for the remaining vulnerabilities and models, which we will release on a rolling basis as they become available.” Whatever that means.

They also have a mitigation for this exploit which is turning off remote management. Here’s how you do it:

  1. On a computer that is part of your home network, type http://www.routerlogin.net in the address bar of your browser and press Enter.
  2. Enter your admin user name and password and click OK. If you never changed your user name and password after setting up your router, the user name is admin and the password is password.
  3. Once you have logged in successfully, select the ADVANCED tab on the browser screen.
  4. Click on Advanced Setup
  5. Click on Remote Management.
    Note: on some products you may need to click on Web Services Management instead
  6. If the check box for Turn Remote Management On is checked, click on it so that the box is unchecked. Then click Apply to save your changes. 
  7. If the check box for Turn Remote Management On is unchecked, then click Cancel to leave the page as Remote Management is already turned off.

UPDATE #2: Netgear saw my story and sent me this this tweet:

UPDATE #3: Netgear has begun to roll out fixes for this fiasco. More details here.

Dell Technologies Brings IT Infrastructure & Cloud Capabilities To Edge Environments

Posted in Commentary on June 22, 2020 by itnerd

Dell Technologie, the leader in hyperconverged infrastructure (HCI), announces two new VxRail systems—including the first ruggedized model and introduction of AMD EPYC processors—bringing the power and simplicity of HCI to the most challenging and space-constrained edge environments.

Smallest, toughest VxRail takes HCI to harsh edge environments 

The new ruggedized VxRail D Series brings VxRail’s simplicity and lifecycle management capabilities to a compact and durable form factor, designed to withstand remote and harsh environments. The system is 20 inches deep—the smallest and lightest VxRail yet—and can withstand extreme temperatures, sustain 40G of operational shock and operate at up to 15,000 feet.

It brings IT support to edge locations where resilient infrastructure is critical, such as the implementation of a data center at remote sites, onboard ships at sea or equipped in aircrafts. The VxRail D Series is an ideal solution for manufacturing, industrial, and oil and gas environments where conditions create a technical challenge or space is at a premium.

VxRail brings AMD EPYC processors to edge ready, single-socket system

For the first time on VxRail, 2nd Gen AMD EPYC processors are now available in a new, efficient E Series platform. The VxRail E Series with AMD EPYC processors offers customers a new option, with up to 64 high performance cores and support for PCIe® 4, that can be deployed at the edge or in data centers. Coupled with high-efficiency power supply, these compact 1U systems are ideal for customers that need high-performance computing power, in a single socket platform for edge environments.

The new VxRail E665 system—available in NVMe, all-flash, or hybrid storage configurations—offers high performance in a single-socket model and is ideal for database, unstructured data, virtual desktop infrastructure and HPC workloads. 

VxRail software updates support latest VMware releases and streamline upgrades

As the only jointly engineered HCI system with VMware, VxRail delivers a hybrid cloud approach that is simple to deploy and manage, no matter where data and applications reside.

As recently announced, Dell Technologies Cloud Platform—VMware Cloud Foundation on VxRail—now supports configurations with as few as four compute nodes, enabling customers to begin. Customers like Atlantis the Palm can now explore their hybrid cloud journey at approximately half the cost, with a smaller footprint, and scale their infrastructure over time.

The latest version of VxRail HCI System Software helps streamline updates with the ability to run pre-upgrade health checks on demand and cloud-based management and orchestration, ensuring every VxRail cluster is maintained throughout its lifecycle, regardless of location. 

Persistent memory and GPU capabilities support data-intensive applications

With the introduction of new platform enhancements, VxRail can support even more power-demanding applications, such as in-memory databases like SAP HANA and artificial intelligence/machine learning applications, with support of new powerful GPUs. VxRail will now support:

  • Intel® Optane™ DC Persistent Memory, which maintains data integrity even when power is lost, now can enable quicker recovery and less downtime, with 90% lower latency. With support for Intel Optane DC persistent memory, VxRail customers can expand in-memory intensive workloads and use cases such as SAP HANA.
  • NVIDIA® Quadro RTX™ GPUs: Designers and artists can create graphics using deep learning and visual computing workloads without compromising CPU performance. 

Availability

  • VxRail D Series and E Series with 2nd Gen AMD EPYC processors are available globally on June 23, 2020.
  • VxRail HCI System Software latest update is now globally available.
  • NVIDIA Quadro RTX GPUs and Intel Optane DC Persistent Memory options are now globally available.