Some non-lessons from WannaCry
This piece by Bruce Schneier needs debunking. I thought I'd list the things wrong with it.The NSA 0day debate
Schneier's description of the problem is deceptive:When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice.The government doesn't "discover" vulnerabilities accidentally. Instead, when the NSA has a need for something specific, it acquires the 0day, either through internal research or (more often) buying from independent researchers.
The value of something is what you are willing to pay for it. If the NSA comes across a vulnerability accidentally, then the value to them is nearly zero. Obviously such vulns should be disclosed and fixed. Conversely, if the NSA is willing to pay $1 million to acquire a specific vuln for imminent use against a target, the offensive value is much greater than the Continue reading
Scott Lowe on Getting Started with Network Automation
Learn why network automation is so crucial for the careers of networking and infrastructure professionals, and why you don't need to learn to code to effectively use automation.
Recovering a Stored Password from a Web Browser
Tony Fortunato demonstrates how he retrieved a password stored in Internet Explorer.
Packet Pushers – Network Break Network Break 138: AT&T Buys Vyatta; BA Grounded By Outage
On todays Network Break we cover AT&Ts plans to purchase Vyatta from Brocade, examine a data center outage that grounded British Airways flights, update the latest developments in Cisco and Aristas patent dispute, and much more. The post Network Break 138: AT&T Buys Vyatta; BA Grounded By Outage appeared first on Packet Pushers.
Where Do You Want to Move the Complexity?
Michael Klose left an interesting remark on my Regional Internet Exits in Large DMVPN Deployment blog post saying…
Would BGP communities work? Each regional Internet Exit announce Default Route with a Region Community and all spokes only import default route for their specific region community.
That approach would definitely work. However, you have to decide where to move the complexity.
Read more ...SDN : APIC Vv APIC-EM
Software Defined Network (SDN) is technology to allow network devices to be managed through software application, thus making configuration process automated and faster. Network devices have its own management plane, data plane and control plane. Traditional SDN decouples Control plane from all different devices and have all these control plane go live inside SDN controller […]
Better Security Conversations – Thoughts for a Series
As many PacketU readers know, I have held the role as a vendor SE for a couple of years. In this role, a primary function is to correctly position our products into customer environments. What I’ve come to realize is that many of our conversations actually start incorrectly. I think we need to change that. I will be sharing, as well as structuring, my own thoughts with an upcoming series of posts on security.
I firmly believe that products are only tools and we need to back up to better understand the problems we are trying to solve. One analogy I use on a regular basis when talking about autonomous vehicles is that “no one needs a car [they only need the transportation].” So if technology can provide autonomous cars, transportation can become a service instead of a depreciating asset in our garage.
Although it isn’t a parallel thought or analogy, no organization needs an NGFW for the sake of owning an NGFW. There is a need to provide proper tools required to enable the organization’s security program. Thinking in these terms guides the conversations to a more appropriate solution. My goal with this upcoming series is to help anyone that touches cybersecurity Continue reading
Chinese Malware ‘Fireball’ Has Infected 250 Million Devices
A malware attack dubbed Fireball has infected more than 250 million computers worldwide and is redirecting web browsers on compromised machines to generate revenue for its attackers. First discovered by cybersecurity firm Check Point Threat Intelligence, the browser-hijacking malware attack of Chinese origin has reportedly spread to 20 percent of corporate computer networks. Read: Android …Continue reading "Chinese Malware ‘Fireball’ Has Infected 250 Million Devices"
EuroDIG 2017: ISOC Speaks on Cybersecurity, Blockchain, Human Rights, IoT, Internet Shutdowns and more
How do we create a more secure and trusted Internet within the multistakeholder model of Internet governance? That will be among the many questions addressed this week at the European Dialogue on Internet Governance (EuroDIG) in Tallinn, Estonia. From June 5-7, we will have an Internet Society team on site participating in many sessions. Our EuroDIG 2017 page has all the details - including links to live video streams - but at a high level here are some of the workshops we are participating in:
War Stories: Always Check Your Inputs
The extremely irregular War Stories series returns, with an anecdote from 15 years ago, investigating a problem with a web app that only seemed to crash when one particular person used it. Ultimately a simple problem, but it took me a while to track it down. I blame Perl.
ISPY With my Little Eye
“ispy” was our custom-built system that archived SMS logs from all our SMSCs, aggregating them to one server for analysis. Message contents were kept for a short period, with CDRs stored for longer (i.e. details of sending and receiving numbers, and timestamps, but no content).
The system had a web interface that support staff could use to investigate customer reports of SMS issues. They could enter source and/or destination MSISDNs, and see when messages were sent, and potentially contents. Access to contents was restricted, and was typically only used for things like abuse investigations.
This system worked well, usually.
Except when it didn’t.
Every few weeks, we’d get reports that L2 support couldn’t access the system. We’d login, see that one process was using up 99% CPU, kill it, and it would be OK for a while. Normally the system was I/O bound, so we Continue reading
War Stories: Always Check Your Inputs
The extremely irregular War Stories series returns, with an anecdote from 15 years ago, investigating a problem with a web app that only seemed to crash when one particular person used it. Ultimately a simple problem, but it took me a while to track it down. I blame Perl.
ISPY With my Little Eye
“ispy” was our custom-built system that archived SMS logs from all our SMSCs, aggregating them to one server for analysis. Message contents were kept for a short period, with CDRs stored for longer (i.e. details of sending and receiving numbers, and timestamps, but no content).
The system had a web interface that support staff could use to investigate customer reports of SMS issues. They could enter source and/or destination MSISDNs, and see when messages were sent, and potentially contents. Access to contents was restricted, and was typically only used for things like abuse investigations.
This system worked well, usually.
Except when it didn’t.
Every few weeks, we’d get reports that L2 support couldn’t access the system. We’d login, see that one process was using up 99% CPU, kill it, and it would be OK for a while. Normally the system was I/O bound, so we Continue reading
Ultimate Go, Ardanlabs, Training Course Writeup
After being in the IT industry for a while, courses generally don’t impress or engage you for very long. If it’s something you’re interested in, you stand a better chance of hanging on in there, but even then, someone talking at you is always difficult. Those that attend conferences regularly will appreciate the shift to ‘brown bag’ lightening talks where a nervous energy fuelled speaker delivers the interesting snippets of a topic with the knowledge to guide question asking talk goers to the right info if they have beyond surface level curiosity.
Therefore, many of us don’t attend classroom based training anymore. Short webinars and self-lead courses are generally the way forward for those of us not in college or university. I need to add here, technology itself is changing too. Gone are the days where Microsoft, Oracle and Cisco lead the world. Sorry folks, they truly are gone. Technology now is ‘passing through’. I have a transformed view of technology akin to cattle herding; rope it, guide it to the right place to feed, then shoot it, eat it and make some handbags. Technology is more and more transient. It’s not about being an expert, it’s about the techniques Continue reading
How to track that annoying pop-up
In a recent update to their Office suite on Windows, Microsoft made a mistake where every hour, for a fraction of a second, a black window pops up on the screen. This leads many to fear their system has been infected by a virus. I thought I'd document how to track this down.The short answer is to use Mark Russinovich's "sysinternals.com" tools. He's Windows internals guru at Microsoft and has been maintaining a suite of tools that are critical for Windows system maintenance and security. Copy all the tools from "https://live.sysinternals.com". Also, you can copy with Microsoft Windows Networking (SMB).
Of these tools, what we want is something that looks at "processes". There are several tools that do this, but focus on processes that are currently running. What we want is something that monitors process creation.
The tool for that is "sysmon.exe". It can monitor not only process creation, but a large number of other system events that a techy can use to see what the system has been doing, and if you are infected with a virus.
Sysmon has a fairly complicated configuration file, and if you enabled everything, you'd soon be Continue reading
Open Networking for Large Scale Networks
The post Open Networking for Large Scale Networks appeared first on rule 11 reader.