ROCA: Encryption vulnerability and what to do about it

Researchers recently discovered a dangerous vulnerability – called ROCA – in cryptographic smartcards, security tokens, and other secure hardware chips manufactured by Infineon Technologies. These articles on Ars Technica and The Register give a good background.

Is this a serious problem?

Yes. It’s serious in practice and in principle. Infineon used a flawed key generation routine, which means those keys are easier to crack, and the routine is used in chips embedded in a wide variety of devices. It’s reckoned that the flawed routine has been in use since 2012 and has probably been used to generate tens of millions of keys. Naturally, many of those keys will have been generated precisely because someone had data or resources that they particularly wanted to secure.

It’s serious because a flawed implementation managed to get through all the development and standardisation processes without being spotted, and has been widely deployed on mass-market devices.

What’s the flaw, and why does it cause a problem?

The flaw affects keys generated for the RSA and OpenPGP algorithms, both of which are public key crypto systems. Public key cryptography is based on pairs of keys, one of which is made public and the other kept private:

Enterprise Network on GNS3 – Part 3 – Distribution and Core Layers

This is the third from the series of the articles that discuss configuration of the entire enterprise network. The article focuses on the configuration of the distribution and core switches. The distribution layer consists of two multilayer switches vEOS-DIS-I and vEOS-DIS-II. The switches are Arista vEOS version 4.17.2F Qemu appliances installed on VMware disks. Each appliance has assigned 1536 MB RAM.

The distribution switches route traffic between end user VLANs and they connect the lower layer network to a Core layer. The layer 3 (routed) interfaces connect both distribution switches to each other and to the Core switches.  The interfaces toward the Access layer are layer 2 (switchports). The OSPF routing protocol is running on the distribution switches so there is only l3 connectivity between distribution and core layer.

Picture 1 - Distribution and Core Layers of Enterprise Campus Network

Note: The configuration files of the distribution switches are: vEOS-DIS-I and  vEOS-DIS-II.

The core layer consists of the switches vIOS-Core-I and vIOS-Core-II. These are the Cisco vIOS-l2 Qemu appliances on qcow2 disks, version 15.2. Each switch has assigned 768 MB RAM by GNS3. The core layer is completely layer3. It si connected to the lower Continue reading

All Of Ethan’s Podcasts And Articles For October 2017

Here’s a catalog of all the media I produced (or helped produce) in October 2017. I’ve decided to add some content summaries so that you have good incentive to give some of the podcasts a listen if they tickle your fancy.

PACKET PUSHERS WEEKLY PODCAST

PRIORITY QUEUE PODCAST

All Of Ethan’s Podcasts And Articles For October 2017

Here’s a catalog of all the media I produced (or helped produce) in October 2017. I’ve decided to add some content summaries so that you have good incentive to give some of the podcasts a listen if they tickle your fancy.

PACKET PUSHERS WEEKLY PODCAST

PRIORITY QUEUE PODCAST

Worth Reading: Hack it back is a bad idea

If there were a prize for the worst cybersecurity policy idea that just won’t die, it would have to go to “hacking back,” or making it legal for people to attack the computers that are attacking them. This idea has been around for years, which means that for years, people have been warning that this is a very bad idea—it’s not the first time I’ve written about this topic myself. But it’s a strangely persistent piece of policy, regardless of the fact that it’s been condemned by just about everyone, including law enforcement, and openly endorsed by almost no one. —Josephine Wolff @ Slate

Cray Looks Forward To Supercomputing Rebound

The general HPC market might be growing, and the very definition of HPC is expanding thanks to the addition of advanced analytics and machine learning to the HPC toolbox. But it is tough slogging right now in the upper echelons of HPC where supercomputers roam.

There is perhaps no better barometer of the state of supercomputing than Cray, which sells a mix of processing, storage, and interconnect technologies to address the ever-widening scope of modern supercomputing. Because of a general slowdown in supercomputer sales thanks to the fact that organizations are keeping their systems around for longer than they usually

Cray Looks Forward To Supercomputing Rebound was written by Timothy Prickett Morgan at The Next Platform.

Beam me up and over — test-driving telepresence technology

Telepresence has become a very intelligent business strategy, especially for companies that are spread across multiple sites or for those that have clients in many locations that they need to deal with on a fairly regular basis. Using what is in essence a fairly simple robot, anyone can transport himself to another location, move around through offices and interact face to face with people they might not otherwise ever meet. Granted they’re going to look something like large iPads held up by a couple metal rods riding on top of self-propelled vacuum cleaners, but the experience is still surprisingly effective.I recently had a chance to transport myself using one of the Beam presence systems built by Suitable Technologies. I sat in my office in the mountains in Virginia while being transported to an office suite in Palo Alto, California, and interacted with two members of the staff. I had previously spoken with one of the same company’s customers at yet another location to get a feel for how they were using their Beams.To read this article in full or to leave a comment, please click here

Beam me up and over — test-driving telepresence technology

Telepresence has become a very intelligent business strategy, especially for companies that are spread across multiple sites or for those that have clients in many locations that they need to deal with on a fairly regular basis. Using what is in essence a fairly simple robot, anyone can transport himself to another location, move around through offices and interact face to face with people they might not otherwise ever meet. Granted they’re going to look something like large iPads held up by a couple metal rods riding on top of self-propelled vacuum cleaners, but the experience is still surprisingly effective.I recently had a chance to transport myself using one of the Beam presence systems built by Suitable Technologies. I sat in my office in the mountains in Virginia while being transported to an office suite in Palo Alto, California, and interacted with two members of the staff. I had previously spoken with one of the same company’s customers at yet another location to get a feel for how they were using their Beams.To read this article in full or to leave a comment, please click here

Beam me up and over – test driving telepresence technology

Telepresence has become a very intelligent business strategy, especially for companies that are spread across multiple sites or those with clients in many locations that they need to deal with on a fairly regular basis. Using what is in essence a fairly simple robot, anyone can transport himself to another location, move around through offices and interact face-to-face with people they might not otherwise ever meet. Granted they’re going to look something like large iPads held up by a couple metal rods riding on top of self-propelled vacuum cleaners, the experience is still surprisingly effective.I’ve recently had a chance to transport myself using one of the Beam presence systems built by Suitable Technologies. I sat in my office in the mountains in Virginia while being transported to an office suite in Palo Alto, California and interacted with two members of the staff. I had previously spoken with one of the same company’s customers at yet another location to get a feel for how they were using their Beams.To read this article in full or to leave a comment, please click here

Beam me up and over – test driving telepresence technology

Telepresence has become a very intelligent business strategy, especially for companies that are spread across multiple sites or those with clients in many locations that they need to deal with on a fairly regular basis. Using what is in essence a fairly simple robot, anyone can transport himself to another location, move around through offices and interact face-to-face with people they might not otherwise ever meet. Granted they’re going to look something like large iPads held up by a couple metal rods riding on top of self-propelled vacuum cleaners, the experience is still surprisingly effective.I’ve recently had a chance to transport myself using one of the Beam presence systems built by Suitable Technologies. I sat in my office in the mountains in Virginia while being transported to an office suite in Palo Alto, California and interacted with two members of the staff. I had previously spoken with one of the same company’s customers at yet another location to get a feel for how they were using their Beams.To read this article in full or to leave a comment, please click here

Beam me up and over – test driving telepresence technology

Telepresence has become a very intelligent business strategy, especially for companies that are spread across multiple sites or those with clients in many locations that they need to deal with on a fairly regular basis. Using what is in essence a fairly simple robot, anyone can transport himself to another location, move around through offices and interact face-to-face with people they might not otherwise ever meet. Granted they’re going to look something like large iPads held up by a couple metal rods riding on top of self-propelled vacuum cleaners, the experience is still surprisingly effective.I’ve recently had a chance to transport myself using one of the Beam presence systems built by Suitable Technologies. I sat in my office in the mountains in Virginia while being transported to an office suite in Palo Alto, California and interacted with two members of the staff. I had previously spoken with one of the same company’s customers at yet another location to get a feel for how they were using their Beams.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Don’t get caught in an IoT security nightmare

Developing an IoT security competency and implementing an IoT risk assessment program should be an important strategic focus for any company implementing an IoT strategy.A great race is underway among companies in the industrial sectors to be leaders in the Internet of Things (IoT) realm. Companies are off and running in their plans to execute IoT strategies, and many are already connecting all manner of “things” to gather and analyze data about product usage and performance, factory output, maintenance issues, etc.The proof is in the spending. A June 2017 report by research firm International Data Corp. (IDC) said spending on IoT in 2017 was expected to grow 17% compared with the previous year, reaching more than $800 billion. By 2021, IDC said, global IoT spending is expected to reach about $1.4 trillion, including hardware, software, services, and connectivity that enable IoT.To read this article in full or to leave a comment, please click here

1 1,838 1,839 1,840 1,841 1,842 3,836