Archive

Category Archives for "Security"

ENISA online training material updated and extended — ENISA

Free Training materials on IT Security incident and breach response. Looks quite good.

The new training material provides a step-by-step guide on how to address and respond to incidents, as an incident handler and investigator, teaching best practices and covering both sides of the breach. The material is technical and aims to provide a guided training both to incident handlers and investigators, while providing lifelike conditions. The training material mainly uses open source and free tools.

ENISA online training material updated and extended — ENISA : https://www.enisa.europa.eu/news/enisa-news/enisa-online-training-material-updated-and-extended

The post ENISA online training material updated and extended — ENISA appeared first on EtherealMind.

Introducing VMware NSX for vSphere 6.3 & VMware NSX-T 1.1 

This past week at VMware has been quite exciting! Pat Gelsinger, VMware CEO, reported on the Q4 2016 earnings call that VMware NSX has more than 2,400 customers exiting 2016. Today, we continue that momentum by announcing new releases of our two different VMware NSX platforms – VMware NSX™ for vSphere® 6.3 and VMware NSX-T 1.1.

These releases continue to accelerate digital transformation for organizations through the most critical IT use cases – Security, Automation, and Application Continuity – while expanding support for new application frameworks and architectures.

NSX use case projects

As more and more customers adopt NSX for vSphere, we continue to add features to make it easier for you to deploy, operate and scale-out your environment. NSX empowers customers on their cloud journey. It is driving value inside the data center today and expanding across datacenters and to the cloud via our Cloud Air Network partnerships, and soon to VMware Cloud on AWS and native public cloud workloads via VMware Cross-Cloud Services.

Let’s take a look at some of the new features in NSX for vSphere 6.3:

Security

Some of the new capabilities delivered in NSX for vSphere 6.3 are the Application Rule Manager (available in NSX Advanced Continue reading

Home products that fix/mitigate bufferbloat…

My new years resolution is to restart blogging.

Trying to steer anything the size of the Internet into a better direction is very slow and difficult at best. From the time changes in the upstream operating systems are complete to when consumers can buy new product is typically four years caused by the broken and insecure ecosystem in the embedded device market. Chip vendors, box vendors, I’m looking at you… So much of what is now finally appearing in the market is based on work that is often four years old. Market pull may do what push has not.

The fq_codel & cake work going on in the bufferbloat project is called SQM – “smart queue management.”

See What to do About Bufferbloat for general information. And the DSLReports Speedtest makes it easy to test for bufferbloat. But new commercial products are becoming increasingly available.  Here’s some of them.

Evenroute IQrouter

First up, I’d like call out the Evenroute IQrouter. DSL users have often suffered more than other broadband users, due to bad bloat in the modems compounded by minimal bandwidth, so the DSL version of the IQrouter is particularly welcome.   Often DSL ISP’s seem to have the tendency (more Continue reading

1984 is the new Bible in the age of Trump

In the age of Trump, Orwell's book 1984 is becoming the new Bible: a religious text which few read, but which many claim supports their beliefs. A good demonstration is this CNN op-ed, in which the author describes Trump as being Orwellian, but mostly just because Trump is a Republican.

Trump's populist attacks against our (classically) liberal world order is indeed cause for concern. His assault on the truth is indeed a bit Orwellian. But it's op-eds like this one at CNN that are part of the problem.

While the author of the op-ed spends much time talking about his dogs ("Winston", "Julia"), and how much he hates Trump, he spends little time on the core thesis "Orwellianism". When he does, it's mostly about old political disagreements. For example, the op-ed calls Trump's cabinet appointees Orwellian simply because they are Republicans:
He has provided us with Betsy DeVos, a secretary of education nominee who is widely believed to oppose public education, and who promotes the truly Orwellian-sounding concept of "school choice," a plan that seems well-intentioned but which critics complain actually siphons much-needed funds from public to private education institutions.
Calling school-choice "Orwellian" is absurd. Republicans want to Continue reading

NSX Growth and Success in 2016

Last week VMware hosted its Q4 2016 earnings call and shared financial results. VMware CEO Pat Gelsinger and the executive team have frequently highlighted VMware NSX growth and success on these calls. For Q4, NSX license bookings grew over 50 percent year-over-year. Annualizing our Q4 total bookings for NSX, it is now at a $1B run rate. With one month into 2017, we’d like to share more on NSX customer success in 2016.

Customer Success

2,400+

Exiting 2016, we shared our latest customer count at more than 2,400, which is almost double the customer count from last year. In Q4 we also had the largest NSX-only deal, more than $10M. For every customer I meet with or hear about from my team, I am continued to be impressed how they choose to go about using NSX. We love to share these success stories, whether we’re talking about all the customers we had speaking at VMworld last year, or the many videos and case studies the team publishes regularly. These stories go into details on the significant NSX wins across multiple verticals and every major geography.

Customer Deployments & Expansion

Success for our team is when customers expand their use of Continue reading

Uber was right to disable surge pricing at JFK

Yesterday, the NYC taxi union had a one-hour strike protesting Trump's "Muslim Ban", refusing to pick up passengers at the JFK airport. Uber responded by disabling surge pricing at the airport. This has widely been interpreted as a bad thing, so the hashtag "#DeleteUber" has been trending, encouraging people to delete their Uber accounts/app.

These people are wrong, obviously so.

Surge Pricing

Uber's "Surge Pricing" isn't price gouging, as many assume. Instead, the additional money goes directly to the drivers, to encourage them come to the area surging and pick up riders. Uber isn't a taxi company. It can't direct drivers to go anywhere. All it can do is provide incentives. "Surge Pricing" for customers means "Surge Income" for the drivers, giving them an incentive. Drivers have a map showing which areas of the city are surging, so they can drive there.

Another way of thinking about it is "Demand Pricing". It's simply the economic Law of Supply and Demand. If demand increases, then prices increase, and then supply increases chasing the higher profits. It's why famously you can't get a taxi cab on New Years Eve, but you can get an Uber driver. Taxi drivers can't charge more Continue reading

Is ‘aqenbpuu’ a bad password?

Press secretary Sean Spicer has twice tweeted a random string, leading people to suspect he's accidentally tweeted his Twitter password. One of these was 'aqenbpuu', which some have described as a "shitty password". Is is actually bad?

No. It's adequate. Not the best, perhaps, but not "shitty".


It depends upon your threat model. The common threats are password reuse and phishing, where the strength doesn't matter. When the strength does matter is when Twitter gets hacked and the password hashes stolen.

Twitter uses the bcrypt password hashing technique, which is designed to be slow. A typical desktop with a GPU can only crack bcrypt passwords at a rate of around 321 hashes-per-second. Doing the math (26 to the power of 8, divided by 321, divided by one day) it will take 20 years for this desktop to crack the password.

That's not a good password. A botnet with thousands of desktops, or a somebody willing to invest thousands of dollars on a supercomputer or cluster like Amazon's, can crack that password in a few days.

But, it's not a bad password, either. A hack of a Twitter account like this would be a minor event. It's not Continue reading

Dispersing a DDoS: Initial thoughts on DDoS protection

Distributed Denial of Service is a big deal—huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, “tonight my network will not be impacted by a DDoS attack.” There are tools and services that deploy various mechanisms that will do the engineering and work for you, but there is no solution for DDoS attacks.

One such reaction tool is spreading the attack. In the network below, the network under attack has six entry points.

Assume the attacker has IoT devices scattered throughout AS65002 which they are using to launch an attack. Due to policies within AS65002, the DDoS attack streams are being forwarded into AS65001, and thence to A and B. It would be easy to shut these two links down, forcing the traffic to disperse across five entries rather than two (B, C, D, E, and F). By splitting the Continue reading

The command-line, for cybersec

On Twitter I made the mistake of asking people about command-line basics for cybersec professionals. A got a lot of useful responses, which I summarize in this long (5k words) post. It’s mostly driven by the tools I use, with a bit of input from the tweets I got in response to my query.

bash

By command-line this document really means bash.

There are many types of command-line shells. Windows has two, 'cmd.exe' and 'PowerShell'. Unix started with the Bourne shell ‘sh’, and there have been many variations of this over the years, ‘csh’, ‘ksh’, ‘zsh’, ‘tcsh’, etc. When GNU rewrote Unix user-mode software independently, they called their shell “Bourne Again Shell” or “bash” (queue "JSON Bourne" shell jokes here).

Bash is the default shell for Linux and macOS. It’s also available on Windows, as part of their special “Windows Subsystem for Linux”. The windows version of ‘bash’ has become my most used shell.

For Linux IoT devices, BusyBox is the most popular shell. It’s easy to clear, as it includes feature-reduced versions of popular commands.


man

‘Man’ is the command you should not run if you want help for a command.

Man pages are designed to drive away Continue reading
1 131 132 133 134 135 181