Court blocks American from suing Ethiopia for infecting his computer

An appeals court has barred an Ethiopian-born U.S. citizen from filing a civil suit against the African country, which allegedly infected his computer with spyware and monitored his communications.The U.S. Court of Appeals for the District of Columbia Circuit ruled Tuesday that foreign states are immune from suit in a U.S. court unless an exception to the Foreign Sovereign Immunities Act (FSIA) applies.The person, who is referred to in court documents by the pseudonym Kidane, was born in Ethiopia and lived there for 30 years before seeking asylum in the U.S. He lives in Maryland.To read this article in full or to leave a comment, please click here

Court blocks American from suing Ethiopia for infecting his computer

An appeals court has barred an Ethiopian-born U.S. citizen from filing a civil suit against the African country, which allegedly infected his computer with spyware and monitored his communications.The U.S. Court of Appeals for the District of Columbia Circuit ruled Tuesday that foreign states are immune from suit in a U.S. court unless an exception to the Foreign Sovereign Immunities Act (FSIA) applies.The person, who is referred to in court documents by the pseudonym Kidane, was born in Ethiopia and lived there for 30 years before seeking asylum in the U.S. He lives in Maryland.To read this article in full or to leave a comment, please click here

To YANG or Not to YANG, That’s the Question

Yannis sent me an interesting challenge after reading my short “this is how I wasted my time” update:

We are very much committed in automation and use Ansible to create configuration and provision our SP and data center network. One of our principles is that we do rely solely on data available in external resources (databases and REST endpoints), and avoid fetching information/views from the network because that would create a loop.

You can almost feel a however coming in just a few seconds, right?

Read more ...

Killing idle TCP connections

Why

Let’s say you have some TCP connections to your local system that you want to kill. You could kill the process that handles the connection, but that may also kill other connections, so that’s not great. You could also put in a firewall rule that will cause the connection to be reset. But that won’t work on a connection that’s idle (also if one side is initiator then using this method the other side would not tear down its side of the connection). There’s tcpkill, but it needs to sniff the network to find the TCP sequence numbers, and again that won’t work for an idle connection.

Ideally for these long-running connections TCP keepalive would be enabled. But sometimes it’s not. (e.g. it’s not on by default for gRPC TCP connections, and they certainly can be long-running and idle).

You could also do this by attaching a debugger and calling shutdown(2) on the sockets, but having the daemon calling unexpected syscalls thus getting into an unexpected state doesn’t really make for a stable system. Also attaching a debugger hangs the daemon while you’re attached to it.

This post documents how to do this on a Debian system.

Continue reading

Wind River uses virtualization to turn M2M into IoT

Wind River, an IoT software division of Intel, wants to help industrial users bring their legacy machine-to-machine systems into the age of open source and cloud computing.On Tuesday, it introduced software to virtualize industrial applications at the edge of the network, letting enterprises gradually migrate from older M2M technology to modern systems that give them more flexibility.The platform, called Wind River Titanium Control, runs on commodity Xeon hardware and uses widely adopted cloud platforms such as OpenStack and KVM (Kernel-based Virtual Machine). The company has validated hardware systems from major manufacturers to run Titanium Control and pre-validated virtual network applications through its Titanium Cloud Ecosystem, begun in 2014. Titanium Control is targeted at industries like manufacturing, energy and health care.To read this article in full or to leave a comment, please click here

Apple downplays importance of CIA’s iPhone hacking capabilities

In a massive data dump last week, WikiLeaks released thousands upon thousands of highly secretive and sensitive CIA documents that detail the extent of the government agency's spying tools. Aside from interesting tidbits regarding the CIA attempting to eavesdrop on targets via Samsung HD-TVs, the leaked documents also reference the CIA's efforts to hack into iOS devices.In fact, the CIA even has a specialized team devoted entirely towards coming up with security exploits for iOS devices, in particular the iPhone. Even though the iPhone only accounts for less than 15 percent of global smartphone marketshare, Apple's iconic smartphone attracts a disproportionate amount of attention because it's proven to be quite popular among "social, political, diplomatic and business elites."To read this article in full or to leave a comment, please click here

Apple downplays importance of CIA’s iPhone hacking capabilities

In a massive data dump last week, Wikileaks released thousands upon thousands of highly secretive and sensitive CIA documents which detail the extent of the government agency's spying tools. Aside from interesting tidbits regarding the CIA attempting to eavesdrop on targets via Samsung HDTVs, the leaked documents also reference the CIA's efforts to hack into iOS devices.In fact, the CIA even has a specialized team devoted entirely towards coming up with security exploits for iOS devices, and in particular the iPhone. Even though the iPhone only accounts for less than 15% of global smartphone marketshare, Apple's iconic smartphone attracts a disproportionate amount of attention because it's proven to be quite popular among "social, political, diplomatic and business elites."To read this article in full or to leave a comment, please click here

Here’s how we celebrate Pi Day during a blizzard

Yes, the Blizzard of 2017 on the east coast did foil our plan to stream our inaugural Pi Day Challenge live on Facebook and YouTube (we recorded it on Monday instead), but it did not kill our creativity. I submit the Pi Day driveway snow art display. Bob Brown/NetworkWorld Pi Day snow art featuring artist exhausted from shovelingTo read this article in full or to leave a comment, please click here

Google Hangouts won’t disappear for consumers despite enterprise focus

While Google Hangouts is making a shift to serve enterprise users, it won’t be vanishing for consumers.Last week, the company announced that it would be splitting the chat and videoconferencing service into Hangouts Meet and Hangouts Chat, which raised questions about what would happen for those people who still use it in their personal lives.Consumers will still be able to access Hangouts using their personal Google accounts. Hangouts will still appear in the Gmail sidebar on the desktop, even after it splits into Chat and Meet, according to Scott Johnston, director of product management for Hangouts.To read this article in full or to leave a comment, please click here

AWS follows Google with Reserved Instance flexibility changes

Customers who have Reserved Instance contracts with Amazon Web Services will be able to subdivide some of their Linux and Unix virtual machine instances while maintaining their capacity discounts, thanks to pricing changes announced Monday.Reserved Instances allow customers to lock themselves into paying AWS for a certain amount of compute capacity with the company's Elastic Compute Cloud (EC2) in exchange for a discount off its list price. To read this article in full or to leave a comment, please click here

Microsoft stays security bulletins’ termination

Microsoft today postponed the retirement of the security bulletins that for nearly two decades have described in detail the month's slate of vulnerabilities and accompanying patches.The bulletins' last stand was originally scheduled for January, with a replacement process ready to step in Feb. 14. Rather than a set of bulletins, Microsoft was to provide a searchable database of support documents dubbed the "Security Updates Guide" or SUG.But just hours before February's security updates were to be released, Microsoft announced that it was postponing the entire collection to March 14, citing "a last-minute issue" that might impact some customers. The Redmond, Wash. company never spelled out exactly what led it to decide on the unprecedented delay.To read this article in full or to leave a comment, please click here

Microsoft stays security bulletins’ termination

Microsoft today postponed the retirement of the security bulletins that for nearly two decades have described in detail the month's slate of vulnerabilities and accompanying patches.The bulletins' last stand was originally scheduled for January, with a replacement process ready to step in Feb. 14. Rather than a set of bulletins, Microsoft was to provide a searchable database of support documents dubbed the "Security Updates Guide" or SUG.But just hours before February's security updates were to be released, Microsoft announced that it was postponing the entire collection to March 14, citing "a last-minute issue" that might impact some customers. The Redmond, Wash. company never spelled out exactly what led it to decide on the unprecedented delay.To read this article in full or to leave a comment, please click here

Thieves steal Petya ransomware then use it for free

Crooks are stealing code from the purveyors of Petya ransomware and using it to extort money from innocent victims, stiffing the creators of the malware out of the cut they are supposed to get.Rather than following the rules of licensing Petya, another criminal group is stealing and modifying the ransomware so they can use it without paying, according to the SecureList blog by researchers at Kaspersky Lab.+More on Network World: DARPA fortifies early warning system for power-grid cyber assault+To read this article in full or to leave a comment, please click here

Thieves steal Petya ransomware then use it for free

Crooks are stealing code from the purveyors of Petya ransomware and using it to extort money from innocent victims, stiffing the creators of the malware out of the cut they are supposed to get.Rather than following the rules of licensing Petya, another criminal group is stealing and modifying the ransomware so they can use it without paying, according to the SecureList blog by researchers at Kaspersky Lab.+More on Network World: DARPA fortifies early warning system for power-grid cyber assault+To read this article in full or to leave a comment, please click here

Video: “…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube

Funny and insightful. Maybe.

Jake Davis, former Anonymous and LulzSec hacker, shares his hacker journey while exploring just what makes hackers tick…

“…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube : https://www.youtube.com/watch?v=E0h_pNv1a98&app=desktop

The post Video: “…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube appeared first on EtherealMind.

Worth Reading: Fearing Facebook

I used to greatly admire Mark Zuckerberg. Now, I fear him. Here’s why. Facebook is now a supranational company. It spans the globe with about 2 billion subscribers, its 2016 revenue reached $27.6B—54% more than in 2015; it’s immensely profitable (37% of revenue) and cash-rich with $29.56 “in the bank”. Decades ago, European Communists complained about “multinationals”, companies whose spread over multiple countries allowed them to escape full accountability in any one location. —Monday Note

The post Worth Reading: Fearing Facebook appeared first on 'net work.

DOJ: No, we won’t say how much the FBI paid to hack terrorist’s iPhone

The U.S. Department of Justice yesterday argued that it should not have to reveal the maker of a tool used last year to crack an alleged terrorist's iPhone or disclose how much it paid for the hacking job, court documents showed.That tool was used last year by the FBI to access a password-protected iPhone 5C previously owned by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., in December 2015. The two died in a shootout with police later that day. Authorities quickly labeled them terrorists.In March 2016, after weeks of wrangling with Apple, which balked at a court order compelling it to assist the FBI in unlocking the iPhone, the agency announced it had found a way to access the device without Apple's help. Although the FBI acknowledged it had paid an outside group to crack the iPhone, it refused to identify the firm or how much it paid.To read this article in full or to leave a comment, please click here

DOJ: No, we won’t say how much the FBI paid to hack terrorist’s iPhone

The U.S. Department of Justice yesterday argued that it should not have to reveal the maker of a tool used last year to crack an alleged terrorist's iPhone or disclose how much it paid for the hacking job, court documents showed.That tool was used last year by the FBI to access a password-protected iPhone 5C previously owned by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., in December 2015. The two died in a shootout with police later that day. Authorities quickly labeled them terrorists.In March 2016, after weeks of wrangling with Apple, which balked at a court order compelling it to assist the FBI in unlocking the iPhone, the agency announced it had found a way to access the device without Apple's help. Although the FBI acknowledged it had paid an outside group to crack the iPhone, it refused to identify the firm or how much it paid.To read this article in full or to leave a comment, please click here

1 2,004 2,005 2,006 2,007 2,008 3,616