Networking

Cisco has disclosed a critical security vulnerability in Cisco Data Center Network Manager (DCNM), a key piece of Cisco’s data-center automation software for its widely used MDS and Nexus line of networking hardware.  
During internal testing, Cisco discovered that a bug in the REST application protocol interface (API) of DCNM could allow anyone on the internet to skip over the web interface’s log in and carry out actions as if they were an administrator of the device. 

Networking

The newly disclosed bug, tagged as CVE-2020-3382, is similar to the static encryption key flaw in DCNM that an external researcher discovered earlier this year. 
SEE: IT Data Center Green Energy Policy (TechRepublic Premium)
The static key lets attackers use it to generate a valid session token on an affected device and do whatever they want through the REST API with administrative privileges.  

“The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges,” explains Cisco in the advisory. 
Admins need to install the latest versions of Cisco’s DCNM software releases to shut down the bug since there are no workarounds. However, Cisco notes it is not aware of attackers using this flaw yet. 
The bug has a severity rating of 9.8 out of a possible 10, and affects DCNM software releases 11.0(1), 11.1(1), 11.2(1), and 11.3(1).
Cisco also reported a critical flaw with a severity rating of 9.9 in the web interface of its Cisco SD-WAN vManage software. 
The bug, tracked as CVE-2020-3374, lets a person on the internet with the right credentials attack a system after bypassing authorization. From there, attackers could reconfigure a system and knock it offline or access sensitive information.  
“The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system,” explained Cisco.  
“A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.”
SEE: Cisco releases security fixes for critical VPN, router vulnerabilities
Again, there are no workarounds, so admins need to install fixed releases from various software trains of Cisco SD-WAN vManage. Devices using releases 18.3 or prior will need to migrate to fixed releases from newer trains.
Fortunately, this bug was also discovered during a Cisco investigation with a customer. The company is not aware of public exploits for the vulnerability.  
More on Cisco and network security More

Comcast added 340,000 high-speed residential broadband customers at a rapid clip in the second quarter to offset video losses and weakness in its media business. 
The results highlight how broadband has become like electric and water as an essential service amid remote work and education. The COVID-19 pandemic is accelerating shifts in cable consumption. 
Comcast reported second quarter net income of $2.99 billion, or 65 cents a share, on revenue of $23.72 billion, down nearly 12% from a year ago. Non-GAAP earnings were 69 cents a share. Wall Street was expecting non-GAAP earnings of 55 cents a share on revenue of $23.58 billion. As companies have withdrawn guidance estimates have been off by a wide margin during the second quarter earnings season.
Overall, the resilience in Comcast’s business comes from the cable unit. Comcast added 217,000 cable customer relationships and 323,000 high speed internet net additions. The breakdown, which doesn’t include more than 600,000 high risk or free Internet Essentials accounts, include:
Net adds of 340,000 net residential broadband subscribers.
A net loss of 17,000 business broadband subscribers.
427,000 net video customers lost.
A gain of 126,000 net wireless lines.
Add it up and Comcast is adding one product subscribers as its bundles drop off.
Comcast

In Comcast’s media unit, NBCUniversal saw revenue fall 25.4% and adjusted EBITDA fell 29.5%. Cable networks, films and theme parks all had double-digit percentage revenue declines. Broadcast television revenue was down 1.6%. Sky revenue was down 12.9%.   More

Brazilians have seen recent improvements in fixed broadband latency as demand for online gaming rises during the Covid-19 outbreak, a new study has found.
Latency – the reaction time of a connection – varies between countries across Latin America, particularly when it comes to fixed broadband. Latency is a key metric in gaming and determines much of the user’s experience in terms of the absence of lags during gameplay. Gamers ideally aim for a latency of less than 50 milliseconds and preferably less than 30ms.
According to the data from Ookla’s Speedtest Intelligence, gamers in Brazil had the lowest mean latency on fixed broadband, relevant for games played on PC and console games, at 19 ms during Q2 2020, down from 23 ms in the same period in 2019. By comparison, Colombia had the highest fixed broadband latency at 43 ms. The study noted investments in fiber contributed to the recent improvements.

Mobile latency, which is relevant to games played through devices such as smartphones, did not vary as much: Argentina had the best latency on mobile at 40 ms, followed closely by Chile at 41 ms. Brazil had mobile latency at 46 ms and Colombia had the highest latency during this period at 47 ms.
As well as latency during the pandemic, the report also brought data on internet performance, which is also important to gamers. While some countries experienced a dip in speeds in March, the study noted that on the whole, internet speeds on fixed broadband have increased in Argentina, Brazil, Chile, Colombia and Mexico since the week of March 2, 2020.

In addition, the report noted that apart from Chile, the largest Latin American economies have also experienced an increase in mobile speeds, ranging from a 2% increase in Colombia to a 19% increase in Mexico.
According to a separate study by Comscore, Brazil is the world’s fourth-largest market for games after India, United States and China. The report estimates there are 84 million gamers in Brazil – this is equivalent to 70% of the country’s online population, currently estimated at 120 million. Of that total, 64.3 million only use mobile devices to play games. More

Juniper Networks on Wednesday announced it’s extending AI-driven insights to WAN and branch networks with a new cloud-based service called Juniper Mist WAN Assurance. Additionally, the company is introducing a new conversational interface to networking operations, enabling either IT teams or end users to more easily communicate with Marvis, Juniper’s virtual network assistant. 

The new capabilities are a part of Juniper’s growing focus on AI-driven operations, which it stepped up last year with its acquisition of Mist Systems. Mist and Juniper have already delivered AI-driven networking operations to the enterprise with wi-fi, wired and security services. With the addition of WAN, Juniper says it can provide customers with end-to-end AI-enhanced visibility. 
Ultimately, the goal is to use AI to shift the focus from network and application behavior to the actual user experience. 
The new Juniper Mist WAN Assurance service streams key telemetry data from Juniper SRX devices to the cloud-based Mist AI engine. This enables customizable WAN service levels, and it allows for a proactive response to anomaly detections. The service works with Marvis to correlate events across the LAN, WLAN and WAN for rapid fault isolation and resolution. 
“Today when large enterprises have a problem, they don’t know where to look,” Sujai Hajela, Mist co-founder and Juniper SVP, said to ZDNet. Juniper Mist WAN Assurance aims to solve that problem. 

Meanwhile, with the new conversational interface for Marvis, customers will be able to learn about their networks with natural language questions such as, “What was wrong with Bob’s Zoom call yesterday?”
With the new interface, Marvis can provide answers to questions based on its access to a large knowledge base, with interactive queries for further help. It leverages reinforcement learning to get better at answering questions over time. 
Since the Mist acquisition, Juniper has started rearranging its enterprise business unit around the notion of “AI-driven enterprise,” Hajela said. The reformatted business unit, led by Hajela, brings wired access, wireless access and WAN under common leadership with dedicated sales, marketing and engineering. 
“The only way to quantify end user experience is to use AI,” he said, with a “cloud stack built from the ground up built to handle AI. We are now extending that paradigm across Juniper.” More

What a so-called 50Mbps plan now delivers.
Image: Telstra
Anyone with a passing knowledge of how networking layers work, combined with a tiny amount of experience on how capitalism and marketing operates, could see that NBN overprovisioning would lead to a hell of a lot of spin from Australia’s telcos.
Last year, the Australian Competition and Consumer Commission (ACCC) decided NBN needed to provide extra layer 2 capacity so that tests the ACCC runs at layer 7 would match the speeds claimed by telcos.
It is a true apples and oranges comparison, but the ACCC has previously told ZDNet it is happy with its decision.
The end result was NBN deciding to overprovision its plans by 15%, except for the plans where it doesn’t, which is currently its gigabit options.
So Australia has overprovisioning of NBN because the ACCC thinks TCP/IP headers get in the way of the results of its tests, and most plans do, but not all. Remember, this is all meant to be easy for consumers to understand.

As the overprovisioning appears on the NBN, the spin from the telcos have kicked in. Telstra was promoting the overprovisioning as a 15% speed boost.
“We want to give our customers the best NBN experience possible so we’re rolling out changes that NBN Co has made available to help more customers get faster speeds,” Telstra said on Wednesday.
“When data is carried across the internet, bandwidth is used to carry that data to its intended destination (known as ‘overheads’) which reduces the speeds available to you.
“As part of changes to the way NBN Co manages speeds over its network, more bandwidth (or speed) has been made available to compensate for these overheads by allowing services to run up to 15% faster (excluding Fixed Wireless).”
Presumably selling consumers on the idea of a speed boost, rather than a network-wide knob that NBN had to turn at the behest of the ACCC, is an easier sell.
And telcos will very likely get away with it. In fact, consumers are going to embrace this “speed boost”.
The frugal warriors over at OzBargain picked up on the new provisioning last week, and it certainly was not cast in a negative light.
“Free Speed Boost for NBN Fixed Line Customers,” said an entry from a user called tightarse.
“From the outset, please note this may not work for everyone but has certainly worked for me and a few others I’ve asked to test … Not sure what the ‘15% overprovisioning’ really means.”
Far be it from me to criticise people being excited about a faster internet connection, bandwidth is bandwidth after all.
Thanks to the ACCC, 50Mbps layer 2 plan in Australia could be up to 55Mbps on the fixed line footprint. But it’s definitely not going beyond somewhere around 47Mbps on fixed wireless, if you are lucky, and on satellite, you cannot get that speed at all.  
Breathe in the simplicity. How good is making things easier to understand?
Related Coverage More

The New Zealand Commerce Commission (ComCom) has fined MyRepublic NZ$2,000 for breaching its obligations to provide annual financial information to the agency.
Only after being “pursued” for several months did MyRepublic hand over the information, the commission said. This is the second breach in two years.
ComCom uses fiscal information from the nation’s telcos that book more than NZ$10 million in revenue to apportion New Zealand’s Telecommunications Development Levy (TDL). The levy is put towards services such as the relay service for the deaf and hearing-impaired, broadband for rural areas, and improvements to 111 emergency calling services.
Should MyRepublic make it three breaches in three years, the commission said it would consider hauling the Singaporean telco to New Zealand High Court, where it could be fined NZ$300,000 for each breach.
“MyRepublic has now breached its TDL obligations for two years in a row,” said Telecommunications Commissioner Tristan Gilbertson.

“This is unacceptable — it undermines the integrity of the system and is unfair on the New Zealanders who depend on the critical infrastructure and services supported by TDL funds.”
MyRepublic was warned in August 2017 for breaching the Fair Trading Act, when it promoted its 1Gbps plan for two months before it was available, claimed its “gamer” service would not lag, and made incorrect representations of consumer rights.
At the end of last year, MyRepublic was the most complained about telco in Australia.
In broadband speed reports issued by the Australian Competition and Consumer Commission, MyRepublic has been a consistent laggard in recent times.
Related Coverage More

Juniper Networks and A10 Networks on Tuesday both reported slightly better-than-expected second quarter financial results. Despite an uncertain macro environment, demand has held steady, the companies reported, arguing the long-term outlook looks more promising. 
Juniper’s second quarter non-GAAP net income was $116.3 million, a decrease of 17 percent year-over-year. Non-GAAP diluted earnings per share came to 35 cents. Net revenues were $1.086 billion, a decrease of 1 percent year-over-year, 
Analysts were expecting earnings of 34 cents per share on revenue of $1.05 billion. 
“We experienced solid demand during the June quarter, as our combination of technological differentiation and go- to-market execution drove a second consecutive quarter of positive order growth,” Juniper CEO Rami Rahim said in a statement. “While the global macro environment remains uncertain, the strategic importance of the global network has never been clearer and we remain confident regarding the long-term outlook for our business.”
For the third quarter, Juniper expects non-GAAP net income per share will be approximately 43 cents, plus or minus 5 cents. It expects revenue of approximately $1.125 billion, plus or minus $50 million.

The company expects to see sequential revenue and earnings growth thanks in part to strength within its service provider and cloud verticals — which could help offset uncertainty within the enterprise market. Juniper has a “healthy backlog,” according to CFO Ken Miller, and is “optimistic regarding our ability to navigate COVID-19 related supply chain challenges.”
Juniper also reported that its board of directors has declared a cash dividend of 20 cents per share to be paid on September 22.
A10 Networks also reported second quarter financial results coming in slightly ahead of estimates. 
Q2 non-GAAP net income per share came to 9 cents. Revenue was $52.5 million, up 7 percent year-over-year.
Analysts were expecting earnings of 8 cents on revenue of $52.1 million. 
“A10 continues to make progress on our business model transformation, resulting in improved earnings power, amidst an uncertain environment,” A10 CEO Dhrupad Trivedi said in a statement. “To date, we have successfully navigated the challenges related to the pandemic and associated economic disruptions. Demand remains strong, though sales cycles, particularly in Asia, have been elongated. Increasingly, our global footprint and customer mix serve as important and durable competitive advantages.”
The company was able to offset revenue declines from the Japan and Asia Pacific regions with improvements in North America and EMEA, Trivedi said. 
“We maintain a strong market position with service providers and their investment cycles which can last multiple years and result in variable demand levels within a 90-day period,” the CEO said. 

Tech Earnings More

The latest report by the Telecommunications Industry Ombudsman (TIO) has revealed that there was a direct correlation between the coronavirus pandemic, and the complaints it received between March and June 2020.
The TIO’s systemic investigation report uncovered how there was an increase in complaints from mid-March by consumers about not being able to contact their providers. By early April, the average number of daily complaints by consumers being unable to reach their providers peaked at 130.
The TIO said its investigation showed it was around the same time when several providers with offshore operations were significantly affected by COVID-19 lockdown restrictions, which resulted in consumers experiencing delays.
The TIO also saw from late March, a rise in complaints around faults and connections, specifically around slow internet speeds and dropouts, technicians missing their appointments, and delays in receiving equipment, such as modems. By mid-April, TIO received an average of 360 complaints about faults and connections a day.
“The rise in fault and connection complaints for internet services was steeper and longer than for mobile and landline services. The rise aligned with increased demand for internet services during the shift to home-based work and study,” the report stated.

Additionally, the TIO report highlighted how temporary relief measures by providers resulted in fewer complaints about debt-related issues, including financial hardship and repayment arrangement, between March and May 2020.
However, when debt-related complaints were received, the TIO said it was because consumers could not contact their provider, or when they could, they were informed that their provider was not prioritising billing enquiries and it resulted in consumers suffering financially.
The TIO also took the opportunity to acknowledged how there was a timely response by telecommunications providers, NBN, the government, and industry regulators when it came to providing temporary financial relief for consumers and businesses.
Some of these relief measures included NBN offering internet providers up to 40% of additional capacity at no cost until August 19, the Australian Competition and Consumer Commission (ACCC) pausing its NBN entry-level access pricing and wholesale service standards inquiries, and NBN limiting the amount of maintenance it would do on its network.
The ACCC also recently granted NBN and five retailers — Telstra, Optus, TPG, Vodafone, and Vocus — authorisation to create a working group to handle network congestion and coordinate financial support for consumers and small businesses during the coronavirus pandemic.
“The pandemic has thrown the telecommunications industry and its consumers into a perfect storm. The delivery of reliable phone and internet services was challenged by the closure of overseas call centres and the move of telco operations staff to a work-from-home environment. This collided with our need to remain connected through reliable phone and internet services at a time of heightened uncertainty,” Ombudsman Judi Jones said. 
“The pandemic has stress-tested the industry and government relief measures and stretched the capacity of telco providers. It is encouraging to see the industry’s extension of the telecommunications hardship principles until the end of September and the steps providers have taken so far to respond to the financial impact on consumers.”
The Australian Communications Consumer Action Network CEO Teresa Corbin acknowledged how the report provided insight into the impact COVID-19 had on the telco sector, adding it also signalled the need for telcos to implement backup procedures to resolve problems quickly. 
“The TIO’s report shows the serious negative impacts that consumers can face when telco services fail and providers are slow to respond. Our phone and internet connections are essential services in these times and we need to ensure that providers treat them as such,” she said.
Related Coverage
NBN stumps up for AU$150 million COVID-19 relief fund
Money to be directed to low-income households with children at school and struggling small and medium-sized businesses.
Canberra amends laws allowing telcos to deploy cells on wheels during emergencies
Meanwhile, Labor has proposed that free internet access be given to students so they can learn online during the coronavirus pandemic.
Coronavirus response sees Telstra pause job cuts for six months
Telco to hire 1,000 temporary call centre workers in Australia and bring forward AU$500 million of 5G network spend.
Telstra makes all home broadband plans unlimited in response to coronavirus
Until the end of April, Telstra home broadband customers are without a data quota.
Telstra extends unlimited home broadband offer until the end of June
With the aim of supporting customers through COVID-19. More