More notes on US-CERTs IOCs

Yet another Russian attack against the power grid, and yet more bad IOCs from the DHS US-CERT.

IOCs are "indicators of compromise", things you can look for in order to order to see if you, too, have been hacked by the same perpetrators. There are several types of IOCs, ranging from the highly specific to the uselessly generic.

A uselessly generic IOC would be like trying to identify bank robbers by the fact that their getaway car was "white" in color. It's worth documenting, so that if the police ever show up in a suspected cabin in the woods, they can note that there's a "white" car parked in front.

But if you work bank security, that doesn't mean you should be on the lookout for "white" cars. That would be silly.

This is what happens with US-CERT's IOCs. They list some potentially useful things, but they also list a lot of junk that waste's people's times, with little ability to distinguish between the useful and the useless.

An example: a few months ago was the GRIZZLEYBEAR report published by US-CERT. Among other things, it listed IP addresses used by hackers. There was no description which would be useful IP Continue reading

Security as an Enabler?

I have often wondered why the “security as an enabler” model is as unique as unicorns in the wild. I think the logic works in a vacuum and it would be great if it held true. However when humans and politics (layer 8 stuff) come into the mix, it seems that the cybersecurity team tend to be viewed as the  naysayers that block progress. Quite honestly, the “security as an enabler” mantra only seems to work for those organizations that are directly profiting from the sale of cybersecurity. Those that understand the role cybersecurity plays in a typical organization realize that this is unfortunate.

With this thought in mind, I was reading through an article about the traits of CEO’s and found identified points that I think contribute to these challenges for information security:

  • Bias toward action
  • Forward Thinking

By no means am I criticizing CEO’s for these traits—they are primary contributors to keeping a given business relevant in its industry. I’m just using these to help explain the fallacy of a “security as an enabler” mindset within a given organization.

CEO’s are the highest single point of authority within an organization. They often appoint CSO’s (Chief Security Officers) or CISO’s Continue reading

Golang Magic: Package level vars, init

Magic

Sometimes code appears to be magic. Layer up on layer of abstraction followed through with crazy names and advanced tricks. Great for the writer and a show case of knowledge, bad for readability and maintenance. This article explores removal of said magic by simplifying what packages can do.

Intro

I’m currently levelling up my learnings with Golang and keen to maintain the heat and make use of this skill. So, when Peter Bourgon posted this http://peter.bourgon.org/blog/2017/06/09/theory-of-modern-go.html, I took note. I’ve never met Peter, but I like what I read. In summary , his post is about removing the use of package level vars and the implicitly called init() function.

I am the first to admit to using package level vars and init. My first reaction to reading the article was being irked. Why irked? Because it’s easy to use package level vars and once you understand what init() is and when it’s called. Not using package level vars means you have to think about relationships and what needs to be passed what. Not using init() means you have to think about how something is instantiated and whether it’s unique and if it should be globally Continue reading

SD-WAN: What it is and why you’ll use it one day

Managing the Wide Area Network (WAN) for Redmond Inc., a supplier of industrial and commercial products – from salt that’s used to protect winter roadways to organic dairy products and health items – is an easier job today for the company’s technical project manager Aaron Gabrielson than it was a year ago.Redmond manages a phone system, point of sale and fax centrally out of headquarters in Heber City, Utah, which means each of Redmond’s 10 branch sites across the Midwest need a reliable connection back to headquarters in Utah. That’s easier for some sites, like those in Salt Lake City, than others, such as rural areas where there may only be a handful of workers on a farm.To read this article in full or to leave a comment, please click here

SD-WAN: What it is and why you’ll use it one day

Managing the Wide Area Network (WAN) for Redmond Inc., a supplier of industrial and commercial products – from salt that’s used to protect winter roadways to organic dairy products and health items – is an easier job today for the company’s technical project manager Aaron Gabrielson than it was a year ago.Redmond manages a phone system, point of sale and fax centrally out of headquarters in Heber City, Utah, which means each of Redmond’s 10 branch sites across the Midwest need a reliable connection back to headquarters in Utah. That’s easier for some sites, like those in Salt Lake City, than others, such as rural areas where there may only be a handful of workers on a farm.To read this article in full or to leave a comment, please click here

What the jot command can do for you

The jot command has been around for ages, but remains one of those interesting commands that a lot of Linux users never get around to using. It can be very handy in scripts as well as on the command line by generating number or character sequences, even pseudo-randomly.In its simplest form, the jot command generates a simple sequence of numbers from 1 to your selected maximum.$ jot 5 1 2 3 4 5 You can stick the jot command output into simply by redirecting it.$ jot 5 > five $ cat five 1 2 3 4 5 If you want to start with some number other than 1, you just use a slightly different syntax. The command “jot 5 11”, for example, would create a list of five numbers starting with 11.To read this article in full or to leave a comment, please click here

Nonblocking versus Noncontending

“We use a nonblocking fabric…”

Probably not. Nonblocking is a word that is thrown around a lot, particularly in the world of spine and leaf fabric design—but, just like calling a Clos a spine and leaf, we tend to misuse the word nonblocking in ways that are unhelpful. Hence, it is time for a short explanation of the two concepts that might help clear up the confusion. To get there, we need a network—preferably a spine and leaf like the one shown below.

Based on the design of this fabric, is it nonblocking? It would certainly seem so at first blush. Assume every link is 10g, just to make the math easy, and ignore the ToR to server links, as these are not technically a part of the fabric itself. Assume the following four 10g flows are set up—

  • B through [X1,Y1,Z2] towards A
  • C through [X1,Y2,Z2] towards A
  • D through [X1,Y3,Z2] towards A
  • E through [X1,Y4,Z2] towards A

As there are four different paths between these four servers (B through E) and Z2, which serves as the ToR for A, all 40g of traffic can be delivered through the fabric without dropping or queuing a single packet (assuming, of Continue reading

Early Benchmarks on Argonne’s New Knights Landing Supercomputer

We are heading into International Supercomputing Conference week (ISC) and as such, there are several new items of interest from the HPC side of the house.

As far as supercomputer architectures go for mid-2017, we can expect to see a lot of new machines with Intel’s Knights Landing architecture, perhaps a scattered few finally adding Nvidia K80 GPUs as an upgrade from older generation accelerators (for those who are not holding out for Volta with NVlink ala the Summit supercomputer), and of course, it all remains to be seen what happens with the Tianhe-2 and Sunway machines in China in

Early Benchmarks on Argonne’s New Knights Landing Supercomputer was written by Nicole Hemsoth at The Next Platform.

IDG Contributor Network: Rethinking Disruption: Who Are You Competing Against?

Few words are more terrifying to enterprise organizations than disruption.The reasons are obvious. Uber disrupted transportation and left traditional providers in shambles. In lodging and hospitality, Airbnb did much the same. And for on premise technology, the cloud has given way to a virtual onslaught of software-as-service (SaaS) products that continue to devour the bottom line.In short, disruption kills.Or does it?Late last month, Polycom announced a partnership with video and web conferencing service Zoom. The response has been almost universal shock. Industry observers, in particular, have called into question the sanity of partnering with a business that — at least on the surface — seems bent on taking over the very space Polycom depends on to survive.To read this article in full or to leave a comment, please click here

Skyport Systems plugs the agility, security gaps of hybrid cloud

This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.As organizations move more of their infrastructure to the cloud, they are ending up with hybrid cloud applications. Part of the application runs in the traditional data center, and part runs in a cloud infrastructure such as Amazon Web Services, Microsoft Azure or Google Cloud Platform. In addition, organizations often need to connect SaaS services to resources that continue to reside inside their datacenters.Applications that run in this mode typically use a connecting software gateway between the data center component and the cloud component, for example, Mule ESB or OneSaaS. This gateway allows the components to share data and work together seamlessly.To read this article in full or to leave a comment, please click here

Skyport Systems plugs the agility, security gaps of hybrid cloud

This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.As organizations move more of their infrastructure to the cloud, they are ending up with hybrid cloud applications. Part of the application runs in the traditional data center, and part runs in a cloud infrastructure such as Amazon Web Services, Microsoft Azure or Google Cloud Platform. In addition, organizations often need to connect SaaS services to resources that continue to reside inside their datacenters.Applications that run in this mode typically use a connecting software gateway between the data center component and the cloud component, for example, Mule ESB or OneSaaS. This gateway allows the components to share data and work together seamlessly.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Data migrations without the migraines

Whether or not you work in the IT department, you have likely experienced the pain of migrating from one system to another. When you buy a new laptop, or a new phone, you’re faced with having to backup and replicate your old data to your new system, or start from scratch with none of the files you might need on your new device.Imagine this problem at enterprise scale. Moving terabytes of data is a daunting task that also requires planning and downtime when IT has to add a new storage system,  upgrade or replacement. Just like with our smartphones, the old system likely still has some value, but since data can’t move easily from one system to the other, the equipment we’re leaving behind often remains as a backup to the backup copy.To read this article in full or to leave a comment, please click here

Worth Reading: Processing Logs in Real Time with Naiad

You have lots of components in your datacenter producing logs (about 13,000 service instances in the datacenter logs studied for this paper). The authors assume a unique Id is assigned to every request entering the system, and that this is propagated on service requests, leading to log records with metadata such as… —The Morning Paper

The post Worth Reading: Processing Logs in Real Time with Naiad appeared first on rule 11 reader.

South Korean web hosting company infected by Erebus ransomware

Nayana, a web hosting company in South Korea, suffered a ransomware attack over the weekend which resulted in more than a hundred Linux servers and thousands of websites being infected with Erebus ransomware. The initial ransom amount was astronomically high.Yesterday, I came across the news that a South Korean web hosting company had been infected by ransomware, but it was extremely short on details. The ransomware was Erebus; the attack occurred on Saturday and thousands of sites were reportedly infected.Today, Aju Business Daily provided more details. Nayana reportedly said 153 of its Linux servers were infected with Erebus. In turn, about 3,400 sites on the web hosting company’s servers were also infected.To read this article in full or to leave a comment, please click here

South Korean web hosting company infected by Erebus ransomware

Nayana, a web hosting company in South Korea, suffered a ransomware attack over the weekend which resulted in more than a hundred Linux servers and thousands of websites being infected with Erebus ransomware. The initial ransom amount was astronomically high.Yesterday, I came across the news that a South Korean web hosting company had been infected by ransomware, but it was extremely short on details. The ransomware was Erebus; the attack occurred on Saturday and thousands of sites were reportedly infected.Today, Aju Business Daily provided more details. Nayana reportedly said 153 of its Linux servers were infected with Erebus. In turn, about 3,400 sites on the web hosting company’s servers were also infected.To read this article in full or to leave a comment, please click here

1 2,041 2,042 2,043 2,044 2,045 3,861