zkLedger: privacy-preserving auditing for distributed ledgers

zkLedger: privacy-preserving auditing for distributed ledgers Narula et al., NSDI’18

Somewhat similarly to Solidus that we looked at late last year, zkLedger (presumably this stands for zero-knowledge Ledger) provides transaction privacy for participants in a permissioned blockchain setting. zkLedger also has an extra trick up its sleeve: it provides rich and fully privacy-preserving auditing capabilities. Thus a number of financial institutions can collectively use a blockchain-based settlement ledger, and an auditor can measure properties such as financial leverage, asset illiquidity, counter-party risk exposures, and market concentration, either for the system as a whole, or for individual participants. It provides a cryptographically verified level of transparency that’s a step beyond anything we have today.

The goals of zkLedger are to hide the amounts, participants, and links between transactions while maintaining a verifiable transaction ledger, and for the Auditor to receive reliable answers to its queries. Specifically, zkLedger lets banks issue hidden transfer transactions which are still publicly verifiable by all other participants; every participant can confirm a transaction conserves assets and assets are only transferred with the spending bank’s authority.

Setting the stage

A zkLedger system comprises n banks and an auditor that verifies certain operational aspects of transactions Continue reading

APNIC Labs/CloudFlare DNS 1.1.1.1 Outage: Hijack or Mistake?

At 29-05-2018 08:09:45 UTC, BGPMon (A very well known BGP monitoring system to detect prefix hijacks, route leaks and instability) detected a possible BGP hijack of 1.1.1.0/24 prefix. Cloudflare Inc has been announcing this prefix from AS 13335 since 1st April 2018 after signing an initial 5-year research agreement with APNIC Research and Development (Labs) to offer DNS services.

Shanghai Anchang Network Security Technology Co., Ltd. (AS58879) started announcing 1.1.1.0/24 at 08:09:45 UTC, which is normally announced by Cloudflare (AS13335). The possible hijack lasted only for less than 2min. The last announcement of 1.1.1.0/24 was made at 08:10:27 UTC. The BGPlay screenshot of 1.1.1.0/24 is given below:

Anchang Network (AS58879) peers with China Telecom (AS4809), PCCW Global (AS3491), Cogent Communications (AS174), NTT America, Inc. (AS2914), LG DACOM Corporation (AS3786), KINX (AS9286) and Hurricane Electric LLC (AS6939). Unfortunately, Hurricane Electric (AS6939) allowed the announcement of 1.1.1.0/24 originating from Anchang Network (AS58879). Apparently, all other peers blocked this announcement. NTT (AS2914) and Cogent (AS174) are also MANRS Participants and actively filter prefixes.

Dan Goodin (Security Editor at Ars Technica, who extensively covers malware, computer espionage, botnets, and hardware hacking) reached Continue reading

Simple, Efficient, and Modern: VMware NSX introduces new HTML5 UI

Along with the advancements in context-aware micro-segmentation and network virtualization, we are also continually raising the bar on making VMware NSX simple to deploy, manage, and operationalize at scale – and that, of course, involves a responsive and easy-to-use HTML-based UI to access VMware NSX functionality.

With VMware NSX for vSphere 6.4.1, you can now access all NSX installation and security functionality through a responsive HTML-based vSphere Client, including Distributed Firewall, Service Composer, Application Rule Manager, and more. This modern interface does not have any dependencies on browser plugins (e.g. Adobe Flash), has a more minimalistic look-and-feel, and loads so much faster! Beyond the immediate aesthetic improvements, here’s a quick look at some of the key enhancements to how we’re simplifying the NSX user experience.

 

NSX Firewall – Better Visibility and Efficient Rule Management

 

Given how feature-rich the NSX Firewall page is, our usability designers focused extra attention on streamlining the day-to-day tasks of creating, managing and troubleshooting firewall rules.

For starters, at the top of the Firewall page, we’ve introduced a new Status Bar and elevated table-level actions (like Publish and Save) to their own dedicated Toolbar. Now, at a glance, you can immediately Continue reading

Datanauts 136: ChatOps Using PoshBot With Brandon Olin

On this episode of Datanauts, we chat with Brandon Olin, the creator of PoshBot, a PowerShell based chatbot for ops teams. What does PoshBot do? How was PoshBot built? How do chatbots impact Brandon’s delivery model?

ChatBots?

Bots have been around for a long time. They re really handy, too, often being able to answer simple questions by submitting a special command that has some sort of prefix or identifier associated with them. Especially if you re on Twitch and want to know how long your favorite streamer has been online.

Maybe that isn t the most helpful thing in the world, but what if we changed the narrative to be all about operations and how talking to a bot (with your peers watching) could actually up-level your day-to-day enjoyment of IT?

That’s our conversation today.

What is PoshBot?

PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness.

For More Information About PoshBot

IDG Contributor Network: Houston, we have a networking problem

We’ve covered networking on our home planet. But what happens when we send signals where no man has gone before?Space networking is two-way communication between base stations on Earth, and unmanned space probes, planetary rovers, orbital satellites or manned spacecraft. These radio signals bring back messages, images and scientific discoveries. Someday they’ll be used to communicate between colonies on Earth and the moon or Mars.Of course, we can’t just “call” Mars. Networking in outer space is vastly different from what we experience on Earth.Communications travel at the speed of light. This means that it can take 20 minutes or more for a radio signal to reach a Martian planetary rover. It’s like going back to dial-up.To read this article in full, please click here

IDG Contributor Network: Houston, we have a networking problem

We’ve covered networking on our home planet. But what happens when we send signals where no man has gone before?Space networking is two-way communication between base stations on Earth, and unmanned space probes, planetary rovers, orbital satellites or manned spacecraft. These radio signals bring back messages, images and scientific discoveries. Someday they’ll be used to communicate between colonies on Earth and the moon or Mars.Of course, we can’t just “call” Mars. Networking in outer space is vastly different from what we experience on Earth.Communications travel at the speed of light. This means that it can take 20 minutes or more for a radio signal to reach a Martian planetary rover. It’s like going back to dial-up.To read this article in full, please click here

New Features of Docker Enterprise Edition 2.0 – Top 12 Questions from the Docker Virtual Event

In the recent Docker Virtual Event, Unveiling Docker Enterprise Edition 2.0, we demonstrated some of the key new capabilities of the Docker Enterprise Edition – the enterprise-ready container platform that enables IT leaders to choose how to cost-effectively build and manage their entire application portfolio at their own pace, without fear of architecture and infrastructure lock-in. Designed to address enterprise customers’ needs, these net-new features extend across both Swarm and Kubernetes (Part 1 of this blog) and across Windows and Linux applications (Part 2 of this blog).

In this blog post, we’ll go over some of the most common questions about these new features as well as some of the common questions that were asked about how Docker Enterprise Edition is packaged and deployed.

If you missed the live event, don’t worry! You can still catch the recording on-demand here.

Docker Enterprise Edition 2.0 Features

 Secure Application Zones

Q: Can I connect my corporate directory to permissions inside Docker Enterprise Edition?

A: Yes! You can integrate your corporate LDAP or Active Directory to Docker Enterprise Edition. Permissions can be mapped to one of the 5 built-in roles or administrators can create very granular and flexible Continue reading

Extending the Power of NSX to Bare-metal Workloads

Authors – Sridhar Subramanian and Geoff Wilmington

 

VMware NSX Data Center was built with the goal of consistent networking and security services independent of changing application frameworks or physical infrastructure. In the last couple of years, NSX Data Center has focused on delivering network and security abstractions for applications on any compute platform. In our journey, we have handled VM’s, containers, cloud, and now we are also looking to help our customers with scenarios where they need a unified experience for bare-metal workloads.  The goal being to maintain a consistent security experience regardless of location or platform the workload is running on.

This experience means being able to take any workload, add it to an NSX Data Center Security Group and through the NSX Data Center Distributed Firewall have a consistent policy applied regardless of location and workload type.  This consistent approach leverages the NSX DFW capabilities with stateful firewalling for the workloads.  This is accomplished outside of using native OS capabilities like IP Tables or Windows Firewall so security admins only need to understand how to apply security through NSX DFW, and not have to understand the myriad of native OS approaches and complexity.  By centralizing Continue reading

To Tackle the VPNFilter Botnet, It’s Going to Take Help from You and Me

If you’ve been reading the news lately, you might have seen headlines like “FBI to America: Reboot Your Routers, Right Now” or “F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware”. These headlines can be pretty alarming, and you may find yourself thinking, “things must be pretty bad if the FBI is putting out such an urgent warning.”

Cyber threats are not uncommon, but the good news is that the security community is working around the clock to tackle these threats as early and quickly as possible. Most of the time we do not see all this hard work, nor are we often asked to play a large part in taking down a botnet. But this time, by rebooting our routers, we can help the law enforcement and information security communities to identify infected routers so they can be cleaned up, moving us closer to a permanent fix for a particular kind of malware – VPNFilter.

Here is what happened …

From Discovery to Takedown

On 23 May, 2018, researchers at Cisco’s Talos publicly shared their findings about a large botnet of infected networking devices (home routers) they called “VPNFilter” because of concerns that the Continue reading

Worth Reading: A hard rain is going to fall in public cloud

The public cloud, like Internet service and Internet hosting, is a rich person’s game. If you can’t pony up billions of dollars for infrastructure design, manufacturing, and installation each quarter, then you probably are not going to get the kind of low infrastructure costs that AWS, Google, Microsoft, IBM, and Alibaba can, and therefore you are going to be priced out of the infrastructure cloud. —Timothy Prickett Morgan @The Next Platform

BrandPost: How to Future-proof Your Storage Investments

The emergence of data-heavy applications such as artificial intelligence (AI), machine learning, and the Internet of Things (IoT) has upped the enterprise storage ante. Combined with the data in apps used daily to run the business, the limits of storage are being stretched.Yet having to continually procure storage capacity doesn’t make sense; forward-looking CIOs and IT decision makers must future-proof their investments. Here’s what to consider. Performance Digital business will constantly evolve, meaning organizations will need to deploy applications and services as business needs change or new objectives emerge.To read this article in full, please click here

Connecting the Unconnected: The Land of Zero Connect

As we move to a more digitally-connected world, the need for Internet access has never been greater. In many parts of the world, the Internet has firmly established itself as a core part of everyday life – and this holds true for everyone from kids to adults to senior citizens. Yet, there remain communities and places around the world that are still offline. In some instances, these are probably the hardest locations to connect. And there are many reasons for this – geography and terrain could be one reason, commercial viability of service provision is another, as is affordability – the capacity of the community to pay for devices and Internet connectivity.

In 2010, the Internet Society Asia-Pacific Bureau launched the award-winning Wireless for Communities Programme. This was a pioneering effort that placed the local community front and centre, with its catchphrase – “for the community, with the community, by the community”.

The focus of the programme is to provide Internet access and connectivity to underserved and unserved rural areas in a holistic manner that leads to socioeconomic empowerment. A key component involves developing communities’ capacity to build and operate the wireless network, and at the same time, empowering them Continue reading

1 1,539 1,540 1,541 1,542 1,543 3,791