Archive

Category Archives for "Networking"

Happy 25th once again to Linux, ‘the little OS that definitely could’

Aug. 25 may be Linux's official birthday, but Oct. 5 is in many ways the day it began to make a real mark on the world. That's when Linux creator Linus Torvalds officially released the first Linux kernel into the wild."As I mentioned a month(?) ago, I'm working on a free version of a minix-lookalike for AT-386 computers," Torvalds wrote in a newsgroup post on Oct. 5, 1991. "It has finally reached the stage where it's even usable (though may not be depending on what you want), and I am willing to put out the sources for wider distribution."To read this article in full or to leave a comment, please click here

Hacking DRBL Client PXE Boot Password

In a previous tutorial I showed installation of Clonezilla Server Edition on Ubuntu using my own Bash script. We configured PXE (Pre eXecution Environment)) password for clients so when the clients booted a password had to be entered to startup. This tutorial explains two different ways how to get and crack the PXE boot password.

picture1_pxe_drbl-_client_password_required

Picture 1 - Client Requires to Enter PXE Password During Startup

First, we should mention some facts. The PXE client password is stored in plain text in a configuration file /etc/drbl/drblpush.conf. The password is secretpassword and it can be found in a dictionary rockyout.txt.

picture2_pxe_boot_plaintext_password

Picture 2 - Plain Text PXE Client Boot Password

The same PXE client password is stored as a hash in a file /tftpboot/nbi_img/prelinux.cfg/default.

picture3_pxe_boot_password_hash

Picture 3 - PXE Client Boot SHA-1 Base64 Encoded Salted Hash

The hash is created by utility /usr/sbin/sha1pass on DRBL server. It is a Perl script which takes two arguments from STDIN - a password and salt and it creates SHA-1 base64 salted hash.

picture4_generating_password_hash

Picture 4 - Perl Script fo Generating Hash from Password and Salt

Explanation:

  • $4$ - SHA-1 base64 encoded salted hash
  • 2mNryVVj - salt
  • WIWlkNc6cA9+eQqcf9xU0d5IvVQ - hash

They are several methods how to obtain PXE boot Continue reading

Satya Nadella’s comp package slips 3% to $17.7M

Microsoft CEO Satya Nadella received a compensation package for the year ending June 30 worth approximately $17.7 million, a 3% reduction from 2015, according to security filings.A preliminary proxy statement submitted Monday to the U.S. Securities & Exchange Commission showed that Nadella's pay cut was about a third of the 9% downturn in Microsoft's revenue during the same period.The chief executive received $1.2 million in salary, the same as the year before; $4.5 in a cash performance bonus, or 3% more than in 2015; and $12 million in stock awards, or 6% less.To read this article in full or to leave a comment, please click here

Crisis planning: 6 ways to put people first

If your business is located in the southeastern U.S., you're probably bracing for hurricane Matthew, which as of this writing is headed for Florida after making landfall in Cuba. All-too-familiar with the havoc a hurricane can wreak, you likely have a battle-tested plan for dealing with such storms and their aftermath.To read this article in full or to leave a comment, please click here(Insider Story)

The ever expanding menu…

A short note reminding the gentle readers who wander in to this site of the riches of information available in the main menu to the left of this post…

rule 11 reader takes you to a subscription form for the mailing list. The format and frequency of the mailing list is a little messed up right now, and I always mean to do more with it, but never seem to get around to it.

culture-eats-technologysixty books takes you to a list of books I’ve found particularly helpful or useful over the years. The title isn’t the number of books, strictly speaking, but rather a challenge to read sixty books this year. Not all of these are related to network engineering.

worth visiting is something of a blog role and interesting sites, not all related to network engineering.

author page takes you to a page listing all of my works. Right now this is on Amazon, but as not all my works are available on Amazon, I need to fix this. Yes, it’s already on my list of things to do.

network icons is a set of icons I use in public presentations not tied to a company, etc. These are Continue reading

Creepy clown craze actually addressed at White House press conference

It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that the New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here

Creepy clown craze actually addressed at White House press conference

It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that The New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here

What #MadeByGoogle really means

Google announced some cool consumer electronics devices at its San Francisco event yesterday hashtagged #MadeByGoogle: Google Home personal digital assistant, two new flagship phones under the new Pixel brand, Chromecast Ultra (capable of 4K video), Google Wi-Fi, and a VR headset for the Pixel phones. The usual sales channels—Verizon, Best Buy and Google Play—will distribute them.It sounds like the consumer electronics business, but it is not.To read this article in full or to leave a comment, please click here

Up To $50 off Various Amazon Kindle Models, Limited Time Discount for Prime Members Only – Deal Alert

Amazon has quietly released a good deal on its popular Kindle series of e-readers, but it's available only to Prime Members, or anyone who has an active 30-day free trial. For a limited time, Kindle's price sinks from $80 to $50, Kindle Paperwhite from $120 down to $90, and the Kindle Voyage drops from $200 to just $150. Which dovetails with the new "Prime Reading" benefit they just announced (See: "Prime Members Now Get Unlimited Reading On Any Device, Amazon Announces - Deal Alert" @ Techconnect.com). Kindle discounts applied during checkout.To read this article in full or to leave a comment, please click here

Worth Reading: a troubling new chapter for the ‘net

For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. —Ars Technica

LinkedInTwitterGoogle+Facebook

The post Worth Reading: a troubling new chapter for the ‘net appeared first on 'net work.

Guccifer 2.0 claims to have hacked the Clinton Foundation

Hacker Guccifer 2.0 now claims to have hacked the Clinton Foundation, but the documents posted show Democratic campaign data from organizations already compromised.Guccifer 2.0, believed by some security experts to be a Russian team of  hackers, posted several documents Tuesday that he claims to have taken from servers at the Clinton Foundation, the charity founded by former U.S. President Bill Clinton, husband of Democratic presidential candidate Hillary Clinton.Earlier this year, Guccifer 2.0 claimed to have hacked both the Democratic National Committee and the Democratic Congressional Campaign Committee (DCCC), and the new documents appear to be more of the same. To read this article in full or to leave a comment, please click here

Guccifer 2.0 claims to have hacked the Clinton Foundation

Hacker Guccifer 2.0 now claims to have hacked the Clinton Foundation, but the documents posted show Democratic campaign data from organizations already compromised.Guccifer 2.0, believed by some security experts to be a Russian team of  hackers, posted several documents Tuesday that he claims to have taken from servers at the Clinton Foundation, the charity founded by former U.S. President Bill Clinton, husband of Democratic presidential candidate Hillary Clinton.Earlier this year, Guccifer 2.0 claimed to have hacked both the Democratic National Committee and the Democratic Congressional Campaign Committee (DCCC), and the new documents appear to be more of the same. To read this article in full or to leave a comment, please click here

Avaya takes network management to the cloud

Historically, most non-networking professionals have considered the network to be the “pipes” or “plumbing” of the organization—something you needed, but low value.Over time, though, the network has steadily increased in value. In today’s digital era, where everything is connected and more applications and services are moving to the cloud, the network has increased significantly in value. It connects employees, customers and guests, and it is the last line of defense for securing the business.Because of the increased business value, how networks are managed must change. The legacy process of touching every device in every location is laborious and filled with errors. The 2016 ZK Research Network Purchase Intention Study showed that the highest cause (35 percent) of network downtime is due to human error from manual configuration. Traditional management is also very slow. Turning up a new location or even making simple changes often required a network engineer to be on site.To read this article in full or to leave a comment, please click here

Yahoo calls report of secret email scanning ‘misleading’

Yahoo has called a Reuters article about a secret email scanning program "misleading," and said no such system exists. On Tuesday, the Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here

Yahoo calls report of secret email scanning ‘misleading’

Yahoo has called a Reuters article about a secret email scanning program "misleading," and said no such system exists. On Tuesday, the Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here

1 2,297 2,298 2,299 2,300 2,301 3,444