Researchers trick ‘CEO’ email scammer into giving up identity

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.To read this article in full or to leave a comment, please click here

Researchers trick ‘CEO’ email scammer into giving up identity

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.To read this article in full or to leave a comment, please click here

CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier

Ixia Vision ONE – Tap the Planet

Whenever I start talking about network visibility and aggreagation taps I can’t help but think of The Matrix. Millions of packets flowing through your network every minute of every day, tapping into that can be a daunting exercise. Luckily we have some new blood in this space, at least in my view, Ixia Vision ONE. For those of you that recognize the name, yes I’m talking about that Ixia.. previously one of the leaders in the load testing market, they’ve moved into the network packet broker space.

Vision ONE is Ixia’s all-in-one product attempts to provide assurance that the network traffic you want to reach your monitoring and security tools is actually reaching your tools. Vision ONE is able to take the input from your device, and send it out in several directions, applying filters to the traffic as needed. This means that you can filter out specific traffic and send it to a monitoring / security tool with traffic it doesn’t need to process. All of this is managed through a clean, easy to user interface that displays the connections between the TAP’s physical ports, filters, and tool ports.

Take a look at the Vision One demo here.

My Continue reading

Python – Kirk Byers Course Week 2 Part 2

This post will describe the exercises and solutions for week two of Kirk Byers Python for Network Engineers.

The second exercise of week two is the following:

II. Create an IP address converter (dotted decimal to binary):

    A. Prompt a user for an IP address in dotted decimal format.

    B. Convert this IP address to binary and display the binary result on the screen (a binary string for each octet).

    Example output:
    first_octet    second_octet     third_octet    fourth_octet
    0b1010         0b1011000        0b1010         0b10011

We already have the knowledge to achieve this and the previous post went through all of the concepts needed to finish this task so I won’t bee too verbose with the code here.

The first part is to ask the user for an IP address using the “input()” function.

ip_add = input("\n\nPlease enter an IP address: ")

The next step is to split the IP address into octets using “split()”.

octets = ip_add.split(".")

After that each octet is converted into binary with the following code:

first_octet_bin = bin(int(octets[0]))
second_octet_bin = bin(int(octets[1]))
third_octet_bin = bin(int(octets[2]))
fourth_octet_bin = bin(int(octets[3]))

Like in the previous post we have to convert the strings to integers before we can use “bin()” on them. We Continue reading

A Baker’s Dozen, 2016 Edition

As is our annual tradition, this blog provides a year-end review of how the Internet providers at the top of our Internet Intelligence – Transit global rankings fared over the previous year.  The structure, performance and security of the Internet remains a huge blind spot for most enterprises, even those critically dependent on it for business operations.  These are familiar topics that we’ve covered over the years in this blog and our Twitter feed, and 2016 was no different.  We saw bogus routing and subsequent grossly misdirected traffic from Ukraine and Iran, for just two examples.  We saw cable breaks, new cable activations, censorship and crippling attacks.  And much, much more.  Dyn provides such critical insight into the structure and performance of the Internet, both real-time and historical, and uses this data set to make 40 billion traffic steering decisions daily for customers.

Back in 2008, we chose to look at the 13 providers that spent at least some time in the Top Ten that year, hence the name “Baker’s Dozen“.  We repeated that exercise in 2009, 2010, 2011, 2012, 2013 Continue reading

RSA: Watch out for a new weapon – your own data

As tens of thousands of the world’s top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,” he says.He calls this corruption “data landmines,” which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here

RSA: Watch out for a new weapon – your own data

As tens of thousands of the world’s top security pros gather at RSA Conference 2017 they are being called upon to watch out for a new threat: their own data.By corrupting data that is used for making decisions, attackers can cause all kinds of problems, says Chris Young, general manager of Intel Security. “Now data is manipulated and used against us to affect the decisions we make,” he says.He calls this corruption “data landmines,” which when factored into decision making, can result in bad choices, missed opportunities and economic losses.He says stolen and manipulated data combined to disrupt the 2016 presidential election, for example, and the consequences of similar manipulations could be high for businesses whose big-data analysis is undermined by altered small data that makes it up. With inaccurate input to draw on, the outcomes will be faulty, he says.To read this article in full or to leave a comment, please click here

Sponsor: FutureWAN – a virtual conference on SD-WAN

A couple of months Packet Pushers hosted an open format, non-boring, live discussion about the reality of operating a SD-WAN with people who have lived through it. This was part of the Future WAN Virtual Summit series from Viptela which are now available online.

The session format was live questions & answers from the audience (via chat window)  we answered them live, on air.

Packet Pushers Open Mic Live: Real SD-WAN Challenges Live Q&A

Ethan Banks & Greg Ferro, Analysts, Packet Pushers Date: Jan 17 2017, 0900PST Duration: 45 mins

Direct link to Access 

On a separate note, I would welcome any feedback about the “Virtual Summit” idea. The sessions were recorded and now available for anyone to watch.

Which has me thinking about the potential of running a “virtual conference”.

Could that work ? Drop a note in the comments or email me I would love to hear what you think.

The post Sponsor: FutureWAN – a virtual conference on SD-WAN appeared first on EtherealMind.

Review: Samsung SmartCam PT network camera

The home security camera market has taken a big hit in recent months, becoming the poster child for “bad security behavior” when people talk about the security (or lack thereof) of Internet of Things. Last year’s highly publicized DDoS attack on Dyn highlighted insecure cameras being used as part of a botnet; vulnerabilities were also found in Chinese-based security cameras and at least one Samsung SmartCam product. In the U.S., the FTC filed a complaint against D-Link over claims that their webcams were “secure”.To read this article in full, please click here

AARP award program to honor innovation in caregiving

The AARP, a nonprofit organization that advocates for Americans over 50 years of age, has launched its search for nominees for its Innovation Champion Awards to recognize providers of technology-powered products and services that focus on caregivers.Submissions will be accepted in six categories: daily essential activities; caregiver quality of life; health and safety awareness; care coordination; social well-being; and transition support. AARP judges will select five finalists in each category, then invite the public to select winners. MORE: Cisco names winners of Innovate Everywhere ChallengeTo read this article in full or to leave a comment, please click here

Review: Samsung SmartCam PT network camera

The home security camera market has taken a big hit in recent months, becoming the poster child for “bad security behavior” when people talk about the security (or lack thereof) of Internet of Things. Last year’s highly publicized DDoS attack on Dyn highlighted insecure cameras being used as part of a botnet; vulnerabilities were also found in Chinese-based security cameras and at least one Samsung SmartCam product. In the U.S., the FTC filed a complaint against D-Link over claims that their webcams were “secure”.To read this article in full or to leave a comment, please click here

Review: Samsung SmartCam PT network camera

The home security camera market has taken a big hit in recent months, becoming the poster child for “bad security behavior” when people talk about the security (or lack thereof) of Internet of Things. Last year’s highly publicized DDoS attack on Dyn highlighted insecure cameras being used as part of a botnet; vulnerabilities were also found in Chinese-based security cameras and at least one Samsung SmartCam product. In the U.S., the FTC filed a complaint against D-Link over claims that their webcams were “secure”.To read this article in full or to leave a comment, please click here

47% off Earth Pak Waterproof Dry Bag Compression Sack And Phone Case – Deal Alert

Whether you are Kayaking, Beaching, Rafting, Boating, Hiking, Camping or Fishing, Earth Pak believes they have created the best dry bag on the market for any adventure. Toss in your gear, roll it down, and don't be afraid to toss this bag around. It's designed to last for years and will keep your phone, gadgets and gear dry and protected. It comes in 10L, 20L and 30L size, and all models feature 24-42 inch adjustable shoulder straps. Included is Earth Pak's IPX8 certified waterproof phone case that can fit even the largest phones, with simple snap and lock access and clear windows that allow for picture taking without removing from the case. This bag is currently discounted 47% from $45 down to just $24, and averages 5 out of 5 stars from over 1,500 customers (91% rates a full 5 stars -- read all recent reviews here). To read this article in full or to leave a comment, please click here

Culture key to attracting and retaining tech talent

For IT leaders, it's a bit of déja vú: for the fifth straight year, the Tech Hiring and Retention Survey from executive search and technology firm Harris Allied shows that management's top concern is finding and hiring elite tech talent.To read this article in full or to leave a comment, please click here(Insider Story)

Smackdown: Office 365 vs. G Suite productivity

Google has been trying for years to get businesses to abandon Microsoft Office in favor of what it now calls G Suite, the collaboration-oriented trio of Google Docs, Sheets, and Slides, plus companion apps Gmail and Drive. Microsoft has long been the productivity standard-bearer, with Word, Excel, and PowerPoint, supplemented by Outlook and most recently OneDrive.Office 365 vs. G Suite: DocumentsOffice 365 vs. G Suite: SpreadsheetsOffice 365 vs. G Suite: PresentationsTo read this article in full or to leave a comment, please click here(Insider Story)

3 enterprise-strength file sync services to check out

This should be the year your organization looks to dump its consumer file-sharing software. Don't get me wrong -- many of those services are great for individuals, but they're not really suitable for enterprises. There are other products, however, that offer the file sync that Dropbox and Box and others do so well and so seamlessly, while also providing enterprise-level controls around access, encryption, identity, and more.To read this article in full or to leave a comment, please click here(Insider Story)

Experts warn businesses not to over-buy on unlimited data plans

Unlimited data plans, like the one announced this week by Verizon, are mostly irrelevant to large businesses that negotiate lower prices with carriers for large pools of data, voice and text for hundreds of workers.But smaller businesses -- say, those with fewer than 50 workers -- could benefit from an unlimited plan, especially if they don't have an assigned telecom manager who manages wireless contracts."Smaller organizations that don't have the staff or capacity to manage their mobility budgets could benefit" from an unlimited plan, said Michael Nziolek, vice president of strategic consulting at Tangoe, a telecom expense management consultancy.To read this article in full or to leave a comment, please click here

Too many victims say yes to ransomware

If you are a victim of ransomware, don’t pay!That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation’s highest-profile security bloggers – Brian Krebs – in a recent post.But based on the statistics, either a lot of people aren’t listening, or it’s a bit more complicated than that. The reality is that the success of ransomware isn’t just increasing. It’s exploding.To read this article in full or to leave a comment, please click here

Too many victims say yes to ransomware

If you are a victim of ransomware, don’t pay!That has been the mantra of the FBI for several years now – one that was forcefully echoed by one of the nation’s highest-profile security bloggers – Brian Krebs – in a recent post.But based on the statistics, either a lot of people aren’t listening, or it’s a bit more complicated than that. The reality is that the success of ransomware isn’t just increasing. It’s exploding.To read this article in full or to leave a comment, please click here