Journalists: How hacking details matter

When I write my definitive guide for journalists covering hacking, I'm going to point out how easy it is for journalists to misunderstand the details of a story -- especially when they change the details to fit the story they want to tell.


For example, there is the notorious "CIA hacked Senate computers" scandal. In fact, the computers in question were owned by the CIA, located in a CIA facility, and managed/operated by CIA employees. You can't "hack" computers you own. Yes, the CIA overstepped the bounds of an informal agreement with the Senate committee overseeing them, but in no way did anything remotely like "hacking" occur.

This detail matter. If the CIA had truly hacked the Senate committee, that would be a constitutional crisis. A small misstep breaking an informal agreement is not.


A more recent example is this story, which mentions that AlfaBank-Trump connection, claiming the server was in Trump Tower [*]:
What about the computer server at Trump Tower?
Several news media outlets have reported that investigators last year were puzzled by data transmissions between a computer server at Trump Tower and a computer server associated with a Russian bank. Although Mr. Trump on Twitter Continue reading

How to remotely control your Windows 10 computer via Google Chrome

Google provides a free and powerful tool, Chrome Remote Desktop, that lets you connect to and control your Windows 10 computer over the internet. (It also works with Windows 7 and Windows 8.) The computer has to be running Chrome, of course, and you also need a Gmail account to sign in to Chrome in order to use this feature.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 3.6.17

New products of the weekImage by CertaOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.A10 Networks Thunder CFW, with integrated Gi/SGi firewall capabilitiesImage by a10To read this article in full or to leave a comment, please click here

New products of the week 3.6.17

New products of the weekImage by CertaOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.A10 Networks Thunder CFW, with integrated Gi/SGi firewall capabilitiesImage by a10To read this article in full or to leave a comment, please click here

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network. However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.To read this article in full or to leave a comment, please click here(Insider Story)

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network. However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored. It’s a different way of looking at security, called segmentation.To read this article in full or to leave a comment, please click here(Insider Story)

Review: vArmour flips security on its head

Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.To read this article in full or to leave a comment, please click here(Insider Story)

The Linux Migration: Other Users’ Stories, Part 2

This post is part of a series of posts sharing the stories of other users who have decided to migrate to Linux as their primary desktop OS. Each person’s migration (and their accompanying story) is unique; some people have embraced Linux only on their home computer; others are using it at work as well. I believe that sharing this information will help readers who may be considering a migration of their own, and who have questions about whether this is right for them and their particular needs.

For more information about other migrations, see part 1 or part 2 of the series.

This time around we’re sharing the story of Rynardt Spies.

Q: Why did you switch to Linux?

In short, I’ve always been at least a part-time Linux desktop user and a heavy RHEL server user. My main work machine is Windows. However, because of my work with AWS, Docker, etc., I find that being on a Linux machine with all the Linux tools at hand (especially OpenSSL and simple built-in tools like SSH) is invaluable when working in a Linux world. However, I’ve always used Linux Mint, or Ubuntu (basically Debian-derived distributions) for my desktop Continue reading

iPhone 8 Rumor Rollup: new Lightning twist; Apple getting schooled; delivery delay?

Despite the fact that Apple had no presence at the big Mobile World Congress event in Barcelona this past week, rumors about the iPhone 8 or iPhone X did not subside.Sure, Android and Windows had their week in the spotlight at MWC, but inquiring minds also wanted to know what's up with rumors about a possible new port on the next flagship iPhone.LIGHTNING FAST CHARGING The Wall Street Journal and others reported that a USB Type-C port might be coming to the iPhone 8 to deliver faster charging and data transfer speeds. But by the end of the week, in part because of commentary from KGI Securities analyst Ming-Chi Kuo (revealed by MacRumors), the consensus seemed to be that the USB Type-C connecter will indeed come to the next iPhone, but on the other end of the cord from the Lightning connector. That's similar to what you find in the 12.9-inch iPad Pro.To read this article in full or to leave a comment, please click here

Ransomware attack hit Pennsylvania Democratic senators

The Pennsylvania Senate Democratic Caucus was hit with a ransomware attack, locking 16 Democratic senators and their staff out of their computer network.The attack was discovered on Friday morning; at the time of publishing, the Pennsylvania Senate Democratic Caucus website was still down and displayed an “error establishing a database connection” message. The same error displays when trying to view each Democratic senator’s website.“Officials from the caucus have been in contact with law enforcement to investigate the incident and are working with Microsoft to restore the IT system,” according to a written statement text-messaged to reporters and obtained by The Hill. It was sent via text, since the caucus could not use its email. “There is currently no indication that the caucus system was targeted or that any data has been compromised.”To read this article in full or to leave a comment, please click here

Ransomware attack hit Pennsylvania Democratic senators

The Pennsylvania Senate Democratic Caucus was hit with a ransomware attack, locking 16 Democratic senators and their staff out of their computer network.The attack was discovered on Friday morning; at the time of publishing, the Pennsylvania Senate Democratic Caucus website was still down and displayed an “error establishing a database connection” message. The same error displays when trying to view each Democratic senator’s website.“Officials from the caucus have been in contact with law enforcement to investigate the incident and are working with Microsoft to restore the IT system,” according to a written statement text-messaged to reporters and obtained by The Hill. It was sent via text, since the caucus could not use its email. “There is currently no indication that the caucus system was targeted or that any data has been compromised.”To read this article in full or to leave a comment, please click here

Ransomware attack hit Pennsylvania Democratic Senators

The Pennsylvania Senate Democratic Caucus was hit with a ransomware attack, locking 16 Democratic senators and their staff out of their computer network.The attack was discovered on Friday morning; at the time of publishing on Sunday, the site was still down and displayed an “error establishing a database connection” message. The same error displays when trying to view each Democratic senator’s website.“Officials from the caucus have been in contact with law enforcement to investigate the incident and are working with Microsoft to restore the IT system,” according to a written statement text-messaged to reporters and obtained by The Hill. It was sent via text since the caucus could not use its email. “There is currently no indication that the caucus system was targeted or that any data has been compromised.”To read this article in full or to leave a comment, please click here

Ransomware attack hit Pennsylvania Democratic Senators

The Pennsylvania Senate Democratic Caucus was hit with a ransomware attack, locking 16 Democratic senators and their staff out of their computer network.The attack was discovered on Friday morning; at the time of publishing on Sunday, the site was still down and displayed an “error establishing a database connection” message. The same error displays when trying to view each Democratic senator’s website.“Officials from the caucus have been in contact with law enforcement to investigate the incident and are working with Microsoft to restore the IT system,” according to a written statement text-messaged to reporters and obtained by The Hill. It was sent via text since the caucus could not use its email. “There is currently no indication that the caucus system was targeted or that any data has been compromised.”To read this article in full or to leave a comment, please click here

Netops with Emacs and Org mode

Org mode is a package for Emacs to “keep notes, maintain todo lists, planning projects and authoring documents”. It can execute embedded snippets of code and capture the output (through Babel). It’s an invaluable tool for documenting your infrastructure and your operations.

Here are three (relatively) short videos exhibiting Org mode use in the context of network operations. In all of them, I am using my own junos-mode which features the following perks:

  • syntax highlighting for configuration files,
  • commit of configuration snippets to remote devices, and
  • execution of remote commands.

Since some Junos devices can be quite slow, commits and remote executions are done asynchronously1 with the help of a Python helper.

In the first video, I take some notes about configuring BGP add-path feature (RFC 7911). It demonstrates all the available features of junos-mode.

YouTube video #e9sjhbxWJNE

In the second video, I execute a planned operation to enable this feature in production. The document is a modus operandi and contains the configuration to apply and the commands to check if it works as expected. At the end, the document becomes a detailed report of the operation.

YouTube video #jCH-gO7RfFE

In the third video, a cookbook has been prepared to execute Continue reading

NSX-V 6.3: Control Plane Resiliency with CDO Mode

NSX-V 6.3, released last month, introduced many new features. In my last blog post, NSX-V 6.3: Cross-VC NSX Security Enhancements, I discussed several new Cross-VC NSX security features. In this post I’ll discuss another new feature called Controller Disconnected Operation (CDO) mode which provides additional resiliency for the NSX control plane.

The NSX Controllers already offer inherint resiliency for the control plane by design in several ways:

  • complete separation of control plane and data plane (even if entire controller cluster is down, data plane keeps forwarding)

  • controller cluster of three nodes allows for loss of controller with no disruption to NSX control plane

  • vSphere HA provides additional resiliency by recovering the respective NSX controller on another node if host it’s running on fails

For the reasons mentioned above, it’s a rare event and unlikely that communication would be lost with the entire NSX Controller Cluster. In NSX-V 6.3, this control plane resiliency is enhanced even further via CDO mode.

CDO mode targets specific scenarios where control plane connectivity is lost, for example, a host losing control plane connectivity, losing control plane connectivity to the controller cluster, or NSX controllers are down. CDO mode enhances control plane Continue reading

IDC projects Windows Phone share to be big fat goose egg by 2021

Market watcher IDC anticipates the worldwide smartphone market will bounce back over the next few years from a sluggish 2016, but Microsoft is not expected to take part in that celebration.In fact, while Android smartphone shipments are projected to edge up from 85% this year to 85.3% in 2021 and Apple iPhones are expected to slip a tad from 14.7% to 14.6%, Windows Phone's meager 0.1% share in 2017 will drop to 0% if IDC is on the mark.While Windows Phone's predecessor, Windows Mobile, led the U.S. market as recently as 10 years ago, iOS and BlackBerry blew by it before long in the United States, and Symbian ruled worldwide until its own decline beginning in 2011.To read this article in full or to leave a comment, please click here

Uber and the Terrible, Horrible, No Good, Very Bad Month

On February 19th, this year, Susan J. Fowler, a software engineer who left Uber (I don’t have to explain what Uber is, do I?) to work for Stripe (okay, I’ll outline what they are: Stripe has been described as “the PayPal of the mobile era”) blogged about her experience of working at Uber. She outlined a nightmarish corporate culture of poor management, backstabbing, dirty politics, and negligent human resources, along with apparently endemic and rampant sexual discrimination and harassment. To read this article in full or to leave a comment, please click here

Enough with “the Cyber”!

Email is great; it’s transformed business, enabled geographically dispersed families and friends to stay in touch, redefined news distribution, transformed sales pipelines … the list of good stuff about email is endless. But, as many people have discovered to their cost, keeping control of your email account requires effort, effort like not using dumb, easy-to-guess passwords, and making sure your email hosting service is reliable and not, for example, Yahoo or AOL. And these issues aren’t anything like new, recent discoveries; we’ve all known for over a decade where the risks lie … well, all of us except, apparently, for the government.I don’t know about you, but  during the 2016 election I was fairly surprised when the Democratic National Committee email system was hacked after which the email account of John Podesta, the DNC chairperson, was hacked. You’d have thought that the folks who manage IT for these people would have known the risks and done more to minimize exposure but when simple phishing and malware intrusions that should never of happened and which went undetected were successful, then you have to wonder where the disconnect lies.To read this article in full or to leave a comment, Continue reading

Enough with “the Cyber”!

Email is great; it’s transformed business, enabled geographically dispersed families and friends to stay in touch, redefined news distribution, transformed sales pipelines … the list of good stuff about email is endless. But, as many people have discovered to their cost, keeping control of your email account requires effort, effort like not using dumb, easy-to-guess passwords, and making sure your email hosting service is reliable and not, for example, Yahoo or AOL. And these issues aren’t anything like new, recent discoveries; we’ve all known for over a decade where the risks lie … well, all of us except, apparently, for the government.I don’t know about you, but  during the 2016 election I was fairly surprised when the Democratic National Committee email system was hacked after which the email account of John Podesta, the DNC chairperson, was hacked. You’d have thought that the folks who manage IT for these people would have known the risks and done more to minimize exposure but when simple phishing and malware intrusions that should never of happened and which went undetected were successful, then you have to wonder where the disconnect lies.To read this article in full or to leave a comment, Continue reading

1 2,271 2,272 2,273 2,274 2,275 3,857