What to do if your data is taken hostage

Getting duped online by a cybercriminal is infuriating. You let your guard down for a minute and the thieves find their way in to your machine.And then the “fun” begins if ransomware is involved. Hopefully you have your data backed up, but if not now starts the dance with those who have ultimately taken you hostage. Ransomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof.Look no further for help than the Institute for Critical Infrastructure Technology report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here

What to do if your data is taken hostage

Getting duped online by a cybercriminal is infuriating. You let your guard down for a minute and the thieves find their way in to your machine.And then the “fun” begins if ransomware is involved. Hopefully you have your data backed up, but if not now starts the dance with those who have ultimately taken you hostage. Ransomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof.Look no further for help than the Institute for Critical Infrastructure Technology report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found.To read this article in full or to leave a comment, please click here

Source-Specific Multicast Configuration

How Does Internet Work - We know what is networking

In SSM, Source-Specific Multicast, things are done differently from standard multicast forwarding. SSM is specifying a group of hosts that are receiving same multicast stream using group IP address and additionally using stream unicast source IP. In this article it is shown how to configure Source Specific Multicast on Cisco and Juniper equipment. In standard multicast, forwarding is done using group IP address which is an IP from multicast dedicated range 224.0.0.0/4 (224.0.0.0 – 239.255.255.255) or FF00::/8 in IPv6. Each multicast group IP address is a single address which specifies all hosts receiving a specific stream, streamed towards that group

Source-Specific Multicast Configuration

OpenBSD on the Sixth Generation Intel NUC

Sixth Generation Intel NUC

I recently decided it would be fun to upgrade the hardware on my main OpenBSD machine at home (because, you know, geek). These Intel NUC machines are pretty interesting. They are pretty powerful, support a decent amount of RAM, certain models support internal storage, and they are very low power and low noise. Perfect for a machine that is a shell/email/development box.

IoT saves lives but infosec wants to change that

The cybersecurity industry mocks/criticizes IoT. That's because they are evil and wrong. IoT saves lives. This was demonstrated a couple weeks ago when a terrorist attempted to drive a truck through a Christmas market in German. The truck has an Internet-connected braking system. When it detected the collision, it deployed the brakes, bringing the truck to a stop. Injuries and deaths were a 10th of the similar Nice truck attack earlier in the year.

All the trucks shipped by Scania in the last five years have had mobile phone connectivity to the Internet. Scania pulls back telemetry from trucks, for the purposes of improving drivers, but also to help improve the computerized features of the trucks. They put everything under the microscope, such as how to improve air conditioning to make the trucks more environmentally friendly.

Among their features is the "Autonomous Emergency Braking" system. This is the system that saved lives in Germany.

You can read up on these features on their website, or in their annual report [*].


My point is this: the cybersecurity industry is a bunch of police-state fetishists that want to stop innovation, to solve the "security" problem first before allowing innovation Continue reading

30% off Logitech Wireless Keyboard with Touchpad for Internet-Connected TVs – Deal Alert

Logitech's K400 Wireless Keyboard for internet-enabled TVs is designed to be compact, comfortable, quiet, and easy to use from the comfort of your couch. It features a familiar key layout and a large 3.5-inch touchpad. A 33-foot range makes for a trouble free connection even in large rooms, and its battery is strong, lasting up to a year and a half without needing a charge, even with 2 hours of typing per day. The keyboard averages 4.5 out of 5 stars on Amazon from over 1,700 customers (read reviews). It's regular list price of $39.99 has been reduced by 30% to just $27.99. See the discounted K400 wireless keyboard now on Amazon.To read this article in full or to leave a comment, please click here

Critical flaw in PHPMailer library puts millions of websites at risk

A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.To read this article in full or to leave a comment, please click here

Critical flaw in PHPMailer library puts millions of websites at risk

A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.To read this article in full or to leave a comment, please click here

Using Guzzle and PHPUnit for REST API Testing

Using Guzzle and PHPUnit for REST API Testing

Using Guzzle and PHPUnit for REST API Testing

APIs are increasingly becoming the backbone of the modern internet - whether you're ordering food from an app on your phone or browsing a blog using a modern JavaScript framework, chances are those requests are flowing through an API. Given the need for APIs to evolve through refactoring and extension, having great automated tests allows you to develop fast without needing to slow down to run manual tests to work out what’s broken. Additionally, by having tests in place you’re able to firmly identify the requirements that your API should meet, your API tests effectively form a tangible and executable specification. API Testing offers an end-to-end mechanism of testing the behaviour of your API which has advantages in both reliability and also development productivity.

In this post I'll be demonstrating how you can test RESTful APIs in an automated fashion using PHP, by building a testing framework through creative use of two packages - Guzzle and PHPUnit. The resulting tests will be something you can run outside of your API as part of your deployment or CI (Continuous Integration) process.

Guzzle acts as a powerful HTTP client which we can use to simulate HTTP Requests against our API. Though PHPUnit Continue reading

Voice Gateway and Voice VRF – Caveats

Many networks leverage what is known as a VRF. These are used for traffic isolation and create separate routing instances within a router. It is important that vrf awareness is confirmed for any service (DHCP, Voice GW, etc) being locally provided for a given point in the network. One use case for such a configuration might be for voice isolation with or without MPLS. In the case that a router is providing voice gateway functionality (i.e. FXO/FXS to VOIP), the voice functions must understand the VRF construct in order to properly fulfill the role.

TL;DR–This configuration sometimes does not behave as expected and, in my experience, may require a reboot after following the documented procedure.

The configuration for VRF-Aware H.323 and SIP for Voice Gateways can be found at the URL below.

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/stork.html

Notice that it makes reference to the fact that the services need to be restarted–

To configure a voice VRF, you must shut down voice services on the gateway, assign a previously defined VPN VRF to the VoIP SPI, and then restart voice services.

As one researches this particular configuration, the concept of voice “multi-vrf” will likely come up. Based on my Continue reading

25% off Samsung SmartThings Hub For Smart Homes – Deal Alert

Designed to be the heart of your smart home, the Samsung SmartThings Hub connects wirelessly to hundreds of compatible smart devices, so you can monitor, manage, and secure your home from anywhere. Simply pair other Samsung SmartThings devices with the Hub and enjoy full control and customization of all your devices via the free Samsung SmartThings app, or even with your voice via Amazon's Alexa service. The hub currently lists for $100, but Amazon has it for 25% off, so you can grab it for just $75. Check it out on Amazon.To read this article in full or to leave a comment, please click here

The products Apple discontinued in 2016

Looking back, moving forwardThe modern-day Apple isn't afraid to stop making a product. The company has its reasons to do so: outdated technology, what it contributes to the bottom line, resource allocation, whatever. And as far as Apple history goes, 2016 may be remembered more for the products Apple discontinued than what the company released.To read this article in full or to leave a comment, please click here

The products Apple discontinued in 2016

Looking back, moving forwardThe modern-day Apple isn't afraid to stop making a product. The company has its reasons to do so: outdated technology, what it contributes to the bottom line, resource allocation, whatever. And as far as Apple history goes, 2016 may be remembered more for the products Apple discontinued than what the company released.To read this article in full or to leave a comment, please click here

Thwarting cybersecurity threats with behavioral analytics in 2017

Companies are investing more money in emerging technologies that can help anticipate and detect a variety of threats, including phishing scams and advanced persistent threats, both of which are weighing heavily on the minds’ of corporate board members. For 2017 CIOs are eyeing tools that use anomaly-detecting analytics and machine learning algorithms to protect their companies’ data.“Our level of investments is increasing because of the increasing capabilities of the threat actors,” says Bob Worrall, CIO of Juniper Networks, who spent 12 percent more on cybersecurity tools in 2016 that he spent in 2015. His budget will increase more in 2017 as he purchases tools to shield Juniper’s corporate data and intellectual property. “As the bad guys get smarter we have to as well.”To read this article in full or to leave a comment, please click here

Thwarting cybersecurity threats with behavioral analytics in 2017

Companies are investing more money in emerging technologies that can help anticipate and detect a variety of threats, including phishing scams and advanced persistent threats, both of which are weighing heavily on the minds’ of corporate board members. For 2017 CIOs are eyeing tools that use anomaly-detecting analytics and machine learning algorithms to protect their companies’ data.“Our level of investments is increasing because of the increasing capabilities of the threat actors,” says Bob Worrall, CIO of Juniper Networks, who spent 12 percent more on cybersecurity tools in 2016 that he spent in 2015. His budget will increase more in 2017 as he purchases tools to shield Juniper’s corporate data and intellectual property. “As the bad guys get smarter we have to as well.”To read this article in full or to leave a comment, please click here

9 technologies that IT needed but didn’t get in 2016

Despite some significant arrivals, 2016 also failed to deliver some long-awaited technologies. And some of what we eagerly ripped the wrapping paper off proved to be a letdown.Here’s a rundown of the gifts IT didn’t get in 2016.Professional-grade 3D printing If you want to print out a stand for your phone or a model for a new product, you can easily find a 3D printer for the office that can do that — as long as you want to print them out in plastic. You can spend more and get a 3D printer that can UV cure resin and make small objects like custom-fit earplugs in about 10 minutes (I watched my ACS Custom in-ear monitor headphones get printed from digital scans of my ear canals earlier this year). Even HP’s $140,000 Multi Jet Fusion printers — promised for this year and offering multi-color printing — only just went on sale, and they still only print nylon. You can prototype a (plastic) circuit board with conductive ink circuits with the Voxel8 Developer Kit, as long as you pause the printing and add the chips by hand.To read this article in full or to leave a comment, please Continue reading

9 technologies that IT needed but didn’t get in 2016

Despite some significant arrivals, 2016 also failed to deliver some long-awaited technologies. And some of what we eagerly ripped the wrapping paper off proved to be a letdown.Here’s a rundown of the gifts IT didn’t get in 2016.Professional-grade 3D printing If you want to print out a stand for your phone or a model for a new product, you can easily find a 3D printer for the office that can do that — as long as you want to print them out in plastic. You can spend more and get a 3D printer that can UV cure resin and make small objects like custom-fit earplugs in about 10 minutes (I watched my ACS Custom in-ear monitor headphones get printed from digital scans of my ear canals earlier this year). Even HP’s $140,000 Multi Jet Fusion printers — promised for this year and offering multi-color printing — only just went on sale, and they still only print nylon. You can prototype a (plastic) circuit board with conductive ink circuits with the Voxel8 Developer Kit, as long as you pause the printing and add the chips by hand.To read this article in full or to leave a comment, please Continue reading

1 2,404 2,405 2,406 2,407 2,408 3,818