Archive

Category Archives for "Security"

No, Trump’s losses doesn’t allow tax avoidance

The New York Times is reporting that Tump lost nearly a billion dollars in 1995, and this would enable tax avoidance for 18 years. No, it doesn't allow "avoidance". This is not how taxes work.

Let's do a little story problem:

  • You invest in a broad basket of stocks for $100,000
  • You later sell them for $110,000
  • Capital gains rate on this is 20%
  • How much taxes do you owe?

Obviously, since you gained $10,000 net, and tax rate is 20%, you then owe $2,000 in taxes.

But this is only because losses offset gains. All the stocks in your basket didn't go up 10%. Some went up more, some actually lost money. It's not unusual that the losing stocks might go down $50,000, while the gainers go up $60,000, thus giving you the 10% net return, if you are investing in high-risk/high-reward stocks.

What if instead we change the tax code to only count the winners, ignoring the losing stocks. Now, instead of owing taxes on $10,000, you owe taxes on $60,000. At 20% tax rate, this comes out to $12,000 in taxes -- which is actually more than you earned on your investments.

Taxing only investments that Continue reading

Some technical notes on the PlayPen case

In March of 2015, the FBI took control of a Tor onion childporn website ("PlayPen"), then used an 0day exploit to upload malware to visitors's computers, to identify them. There is some controversy over the warrant they used, and government mass hacking in general. However, much of the discussion misses some technical details, which I thought I'd discuss here.

IP address

In a post on the case, Orin Kerr claims:
retrieving IP addresses is clearly a search
He is wrong, at least, in the general case. Uploading malware to gather other things (hostname, username, MAC address) is clearly a search. But discovering the IP address is a different thing.

Today's homes contain many devices behind a single router. The home has only one public IP address, that of the router. All the other devices have local IP addresses. The router then does network address translation (NAT) in order to convert outgoing traffic to all use the public IP address.

The FBI sought the public IP address of the NAT/router, not the local IP address of the perp's computer. The malware ("NIT") didn't search the computer for the IP address. Instead the NIT generated network traffic, destined to the FBI's computers. Continue reading

Beware: Attribution & Politics

tl;dr - Digital location data can be inherently wrong and it can be spoofed. Blindly assuming that it is accurate can make an ass out of you on twitter and when regulating drones.    

Guest contributor and friend of Errata Security Elizabeth Wharton (@LawyerLiz) is an attorney and host of the technology-focused weekly radio show "Buzz Off with Lawyer Liz" on America's Web Radio (listen live  each Wednesday, 2-3:00pm eastern; find  prior podcasts here or via iTunes - Lawyer Liz) This post is merely her musings and not legal advice.

Filtering through various campaign and debate analysis on social media, a tweet caught my eye. The message itself was not the concern and the underlying image has since been determined to be fake.  Rather, I was stopped by the140 character tweet's absolute certainty that internet user location data is infallible.  The author presented a data map as proof without question, caveat, or other investigation.  Boom, mic drop - attribution!

According to the tweeting pundit, "Russian trollbots" are behind the #TrumpWon hashtag trending on Twitter.
The proof? The twitter post claims that the Trendsmap showed the initial hashtag tweets as originating from accounts located in Russia. Continue reading

Industry First Micro-segmentation Cybersecurity Benchmark Released

microsegmentationThe VMware NSX Micro-segmentation Cybersecurity Benchmark report has been released! As previewed in part six of the Micro-segmentation Defined – NSX Securing Anywhere blog series , independent cyber risk management advisor and assessor Coalfire was sponsored by VMware to create an industry first Micro-segmentation Cybersecurity Benchmark report. Coalfire conducted an audit of the VMware NSX micro-segmentation capabilities to develop this benchmark report detailing the efficacy of NSX as a security platform through a detailed “micro-audit” process, testing NSX against simulated zero-day threats.

Testing included five different network design patterns, and demonstrated how NSX micro-segmentation can provide stateful, distributed,  policy-based protection in environments regardless of network topology. Topologies included –

  • Flat L2 network segments
  • L2 and L3 networks with centralized virtual or physical routers, representative of typical data center rack implementations built on hybrid physical and network virtualization platform / distributed virtual switch (dVS)
  • Networks with connection to other physical servers
  • Overlay-based networks using the Distributed Firewalls (DFW) and Distributed Logical Routers (DLR)
  • Physical VLAN and overlay-based networks using service insertion technologies running on dedicated VMs (in our case, Palo Alto Networks NextGen FW with Panorama)

five-micro-seg-design-patterns

Coalfire’s examination and testing of VMware NSX technology utilized simulated exploits that depict likely malware and Continue reading

BackConnect’s Suspicious BGP Hijacks

Earlier this month, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.”  Afterwards, Krebs noticed that vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect, which claims to be the “world’s first and leading open source based DDoS and network security provider.”

Bryant Townsend, CEO of BackConnect, confirmed to Krebs that they had indeed conducted a BGP hijack on vDOS, but claimed that it was for “defensive purposes.”  In an email to the NANOG list, Townsend explained that in doing so they “were able to collect intelligence on the actors behind the botnet as well as identify the attack servers used by the booter service,” implying this was a one-time event.  Krebs then contacted Dyn for some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year.  What emerges from this analysis is that the hijack against vDOS probably wasn’t the first time BackConnect used BGP hijacks in the course of its business.  And via the use of Continue reading

Multi-site with Cross-VC NSX and Palo Alto Networks Security

In a prior post, Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites, we discussed how Cross-VC NSX provides micro-segmentation and consistent security across multiple sites. We looked at five reasons to seriously consider Cross-VC NSX for a multi-site solution in terms of security alone: centralized management, consistent security across vCenter domains/sites, security policies follow the workload(s), ease of security automation across vCenter domains/sites, and enhanced disaster recovery use case. In this post, we’ll discuss how advanced third party security services can also be leveraged in a Cross-VC NSX environment. 

Prior Cross-VC NSX Blogs:
Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites
Cross-VC NSX: Multi-site Deployments with Ease and Flexibility
NSX-V: Multi-site Options and Cross-VC NSX Design Guide
Enhanced Disaster Recovery with Cross-VC NSX and SRM
Cross-VC NSX for Multi-site Solutions

NSX provides a solid platform for security in general: inherent isolation via logical networks, micro-segmentation via distributed firewall, edge firewall capabilities, third party guest introspection services, third party network introspection services, and a robust security policy orchestration and automation framework.

With Cross-VC NSX, micro-segmentation and consistent security policies for workloads expands beyond a single vCenter boundary. Typically, customers who have multiple sites also have multiple vCenters – at least one vCenter Continue reading

Why Snowden won’t be pardoned

Edward Snowden (NSA leakerblower) won’t be pardoned. I’m not arguing that he shouldn’t be pardoned, but that he won’t be pardoned. The chances are near zero, and the pro-pardon crowd doesn't seem to be doing anything to cange this. This post lists a bunch of reasons why. If your goal is to get him pardoned, these are the sorts of things you’ll have to overcome.

The tl;dr list is this:
  • Obama hates whistleblowers
  • Obama loves the NSA
  • A pardon would be betrayal
  • Snowden leaked because he was disgruntled, not because he was a man of conscience (***)
  • Snowden hasn’t yet been convicted
  • Snowden leaked too much
  • Snowden helped Russian intelligence
  • Nothing was found to be illegal or unconstitutional


Obama hates whistleblowers

Obama campaigned promising to be the most transparent president in history. Among his campaign promises are:

Protect Whistleblowers: Often the best source of information about waste, fraud, and abuse in government is an existing government employee committed to public integrity and willing to speak out. Such acts of courage and patriotism, which can sometimes save lives and often save taxpayer dollars, should be encouraged rather than stifled as they have been during the Bush administration. We need to empower Continue reading

Docker Weekly Roundup | September 11, 2016

 

weekly-roundup.png

As we arrive at the conclusion of another week, the team at Docker wanted to take a moment to reflect on a few of the top posts you might have missed, while also highlighting a few other Docker stories from around the web. Here’s the weekly roundup for the week of September 11, 2016:

  • Docker Partner Program introducing the new tiered Docker Partner Program designed to address the growing demand by enterprise companies to adopt Containers as a Service environments with Docker Datacenter. 
  • Dockercast Episode 3 in this podcast Docker catches up with Nirmal Mehta at Booz Allen Hamilton. We discuss how large government organizations are modernizing their IT infrastructures and why these types of institutions seem to be early adopters of Docker.
  • IoT Swarm with Docker Machine the new Swarm Mode in Docker 1.12 makes it easy to build a Docker Swarm and connect different ARM devices to an IoT cluster. Instructions on how to build your own by Docker Captain Dieter Reuter.

Review: “Snowden” (2016)

tldr:

  • If you are partisan toward Snowden, you'll like the movie.
  • If you know little about Snowden, it's probably too long/slow -- you'll be missing the subtext.
  • If you are anti-Snowden, you'll hate it of course.


The movie wasn't bad. I was expecting some sort of over-dramatization, a sort of Bourne-style movie doing parkour through Hong Kong ghettos. Or, I expected a The Fifth Estate sort of movie that was based on the quirky character of Assange. But instead, the movie was just a slight dramatization of the events you (as a Snowden partisan) already know. Indeed, Snowden is a boring protagonist in the movie -- which makes the movie good. All the other characters in the movie are more interesting than the main character. Even the plot isn't all that interesting -- it's just a simple dramatization of what happens -- it's that slow build-up of tension toward the final reveal that keeps your attention.

In other words, it's clear that if you like Snowden, understand the subtext, you'll enjoy riding along on this slow buildup of tension.

Those opposed to Snowden, however, will of course gag on the one-side nature of the story. There's always two sides to Continue reading
1 139 140 141 142 143 181