Windows SSH client with TPM

I managed to get an SSH client working using an SSH pubkey protected by a TPM.

Optional: Take ownership of the TPM chip

This is not needed, since TPM operations only need well known SRK PIN, not owner PIN, to do useful stuff. I only document it here in case you want to do it. Microsoft recommends against it.

1. Set OSManagedAuthLevel to 4 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\OSManagedAuthLevel 2 -> 4

   Reboot.

2. Clear TPM

   Run tpm.msc and choose “Clear TPM”. The machine will reboot and ask you to press F12 or something for physical proof of presence to clear it.

3. Set owner password from within tpm.msc

Set up TPM for SSH

1. Create key

   tpmvscmgr.exe create /name "myhostnamehere VSC" /pin prompt /adminkey random /generate
   

   PIN must be at least 8 characters.

2. Create CSR

   Create a new text file req.inf:

   [NewRequest]
   Subject = "CN=myhostnamehere"
   Keylength = 2048
   Exportable = FALSE
   UserProtected = TRUE
   MachineKeySet = FALSE
   ProviderName = "Microsoft Base Smart Card Crypto Provider"
   ProviderType = 1
   RequestType = PKCS10
   KeyUsage = 0x80
   

   certreq -new -f req.inf myhostname.csr
   

   If you get any errors, just reboot and try again with the command that failed.

3. Get the CSR signed by any Continue reading

13% off AmazonBasics High Security 17-Sheet Micro-Cut Paper, CD, and Credit Card Shredder – Deal Alert

This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here

13% off AmazonBasics 17-Sheet Micro-Cut Paper, CD, and Credit Card Shredder – Deal Alert

This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here

13% off AmazonBasics 17-Sheet Micro-Cut Paper, CD, and Credit Card Shredder – Deal Alert

This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here

13% off AmazonBasics High Security 17-Sheet Micro-Cut Paper, CD, and Credit Card Shredder – Deal Alert

This powerful shredder from AmazonBasics micro-cuts a letter-sized sheet of paper into 2,235 useless pieces of confetti, up to 17 sheets at a time. Inserted one at a time into the designated slot, it also destroys credit cards, CDs, DVDs, and Blu Rays, rendering them completely unusable. It features a generous 7-gallon bin that pulls out for easy disposal. This micro-cut shredder averages 4.5 out of 5 stars on Amazon from over 170 people (82% rate a full 5 stars: read reviews). Its typical list price of $165 has been reduced 13% to $144.To read this article in full or to leave a comment, please click here

GitLab deleted then restored list of online stores infected with skimming software

For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code; it was far from the only store which hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here

GitLab deleted, then restored, list of online stores infected with skimming software

For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code. It was far from the only store hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here

GitLab deleted then restored list of online stores infected with skimming software

For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code; it was far from the only store which hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here

GitLab deleted, then restored, list of online stores infected with skimming software

For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code. It was far from the only store hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here

Big Black Friday prize: Virtual reality gaming systems?

A fresh infusion of virtual reality gaming systems such as Sony PlayStation VR could make these hot Black Friday 2016 shopping items, but don't expect to get off too easy on prices. Sony this month just started selling PlayStation VR, which starts at $400 just for the headset, so figure on $500 if you want the bundle of headset/camera/controllers (and you'll need a PlayStation console too). Then you're going to need some games as well. PlayStation VR joins the Oculus Rift and HTC VIVE, both of which became available earlier this year, going beyond the less elaborate VR viewers such as Google Cardboard and Samsung Gear VR.To read this article in full or to leave a comment, please click here

One of the better explanations of SDN

Stumbled upon this via HighScalability:

Every time I feel like I'm "out of touch" with the hip new thing, I take a weekend to look into it. I tend to discover that the core principles are the same [...]; or you can tell they didn't learn from the previous solution and this new one misses the mark, but it'll be three years before anyone notices (because those with experience probably aren't touching it yet, and those without experience will discover the shortcomings in time.)

Yep, that explains the whole centralized control plane ruckus ;) Read also a similar musing by Ethan Banks.

Aryaka Envisions a Lofty $1B Price for Possible IPO

It's revenues have to keep doubling though to make the numbers work.

ManagedMethods brings shadow IT and shadow data into the light

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  At the recent Gartner Security & Risk Management Summit, Gartner VP Neil MacDonald spoke about the technology trends for 2016 that provide the most effective business support and risk management. Cloud Access Security Brokers (CASBs) are number one on the list. According to Gartner, companies' use of Software as a Service (SaaS) applications create new challenges to security teams due to limited visibility and control options. CASBs enable businesses to apply much-needed security policies across multiple cloud services.To read this article in full or to leave a comment, please click here

Best Deals of the Week, October 10th – October 14th – Deal Alert

Best Deals of the Week, October 10th - October 14th - Deal AlertCheck out this roundup of the best deals on gadgets, gear and other cool stuff we have found this week, the week of October 10th. All items are highly rated, and dramatically discounted.27% off SanDisk Connect Wireless Stick 200GBThe SanDisk Connect wireless stick is a flash drive with a unique twist -- you can access it wirelessly. Whether it's in your pants pocket, in your bag, or on the picnic table at your campsite, the Connect wireless stick lets you stream media or move files wirelessly with up to three computers, phones or tablets simultaneously. Connections are made via built-in wifi (think "hotspot"), so no external wireless or internet services are needed. A USB connection is also available, if desired. Storage on this model is a generous 200GB. Reviewers on Amazon report at least 8-10 hours of battery life on one charge. This model is currently discounted 27%, from $119.99 down to $87.56. See it now on Amazon.To read this article in full or to leave a comment, please click here

Blade Chassis to End of Row Swithces Connectivity & High Availability Options

Spanning Tree Protocol (STP) free network inside Data Centre is main focus for network vendors and many technologies have been introduced in recent past to resolve STP issues in data centre and ensure optimal link utilization. Advent of switching modules inside blade enclosures coupled with the requirements for optimal link utilization starting right from blade server has made today’s Data Centre network more complex.

In this blog , we will discuss how traditional model of network switches placement (End of Row) can be coupled with blade chassis with different options available for end to end connectivity / high availability.

Network Switches are placed in End of Row and in order to remove STP Multi-Chassis Link Aggregation (MC-LAG) is deployed. Please see one of my earlier blog for understanding of MC-LAG.

Option 1: Rack mounted servers for computing machines, servers have installed multiple NICs in Pass-Though module and Virtual Machines hosted inside servers require Active/Active NIC Teaming.

Option 2 : Blade Chassis has multiple blade servers and each blade servers has more than 1 NIC (which are connected with blade chassis switches through internal fabric link). Virtul Machines hosted inside blade servers require active/active NIC teaming.

Option 3 : Blade Chassis Continue reading

Secret Service IT security lambasted by Homeland Security inspector general

For now, the US Secret Service has no reasonable assurance that its information systems are properly secured to protect Law Enforcement Sensitive case management information.That was but one of the conclusions laid at the feet of the US Secret Service today by the Department of Homeland Security’s Inspector General, John Roth in a scathing report on the agency tasked with protecting the President and other important government officials.+More on Network World: Federal cyber incidents grew an astounding 1,300% between 2006 and 2015+To read this article in full or to leave a comment, please click here

Secret Service IT security lambasted by Homeland Security inspector general

For now, the US Secret Service has no reasonable assurance that its information systems are properly secured to protect Law Enforcement Sensitive case management information.That was but one of the conclusions laid at the feet of the US Secret Service today by the Department of Homeland Security’s Inspector General, John Roth in a scathing report on the agency tasked with protecting the President and other important government officials.+More on Network World: Federal cyber incidents grew an astounding 1,300% between 2006 and 2015+To read this article in full or to leave a comment, please click here

Secret Service IT security lambasted by Homeland Security inspector general

For now, the US Secret Service has no reasonable assurance that its information systems are properly secured to protect Law Enforcement Sensitive case management information.That was but one of the conclusions laid at the feet of the US Secret Service today by the Department of Homeland Security’s Inspector General, John Roth in a scathing report on the agency tasked with protecting the President and other important government officials.+More on Network World: Federal cyber incidents grew an astounding 1,300% between 2006 and 2015+To read this article in full or to leave a comment, please click here

Show 310: High-Stakes OpenStack Networking

Todays show looks at OpenStack networking in a high-stakes production environment: Paddy Power Betfair, a publicly-traded betting and gaming exchange. The post Show 310: High-Stakes OpenStack Networking appeared first on Packet Pushers.

Worth Reading: Building the LinkedIn Knowledge Graph

At LinkedIn, we use machine learning technology widely to optimize our products: for instance, ranking search results, advertisements, and updates in the news feed, or recommending people, jobs, articles, and learning opportunities to members. An important component of this technology stack is a knowledge graph that provides input signals to machine learning models and data insight pipelines to power LinkedIn products. This post gives an overview of how we build this knowledge graph. —LinkedIn Engineering Blog

The post Worth Reading: Building the LinkedIn Knowledge Graph appeared first on 'net work.