That “Commission on Enhancing Cybersecurity” is absurd

An Obama commission has publish a report on how to "Enhance Cybersecurity". It's promoted as having been written by neutral, bipartisan, technical experts. Instead, it's almost entirely dominated by special interests and the Democrat politics of the outgoing administration.

In this post, I'm going through a random list of some of the 53 "action items" proposed by the documents. I show how they are policy issues, not technical issues. Indeed, much of the time the technical details are warped to conform to special interests.


IoT passwords

The recommendations include such things as Action Item 2.1.4:
Initial best practices should include requirements to mandate that IoT devices be rendered unusable until users first change default usernames and passwords. 
This recommendation for changing default passwords is repeated many times. It comes from the way the Mirai worm exploits devices by using hardcoded/default passwords.

But this is a misunderstanding of how these devices work. Take, for example, the infamous Xiongmai camera. It has user accounts on the web server to control the camera. If the user forgets the password, the camera can be reset to factory defaults by pressing a button on the outside of the camera.

But here's the Continue reading

BrandPost: The WAN Is Dead, Long Live The WAN

The SD-WAN your company is building today will likely be the last you ever use. The race to move applications and services to the cloud, and the availability of high performance broadband is fueling the greatest networking revolution in a generation.Enterprises have long struggled with connecting users to applications, and until recently there were limited options to address these needs. Most businesses turned to carriers and purchased Multiprotocol Label Switching (MPLS) private links for WAN connectivity. While MPLS has been a reliable means to connect, it suffers from high costs, slow speeds and an antiquated design not built for today’s traffic. In layman’s terms it’s rapidly becoming obsolete.To read this article in full or to leave a comment, please click here

Obama’s cybersecurity plan faces uncertainty with Trump

U.S. consumers could one day see cybersecurity ratings on technology products, much like today's EnergyStar ratings, if the findings of a government-sponsored cybersecurity commission are heeded. Although like much in Washington right now, a lot depends on  incoming U.S. President Donald Trump and his views on cybersecurity are far from clear.The report, published on Friday by the Commission on Enhancing National Cybersecurity, also suggests usernames and passwords are replaced with something more secure and wants 150,000 cybersecurity experts trained over the next four years to help the U.S. defend against hacking threats.  The commission has the support of President Obama and began its work in February this year, with executives at Microsoft, IBM, Uber and former U.S. government officials. However, in releasing its findings, Obama acknowledged it’ll be up to the next president and U.S. Congress to more fully implement what the commission has recommended.  To read this article in full or to leave a comment, please click here

Obama’s cybersecurity plan faces uncertainty with Trump

U.S. consumers could one day see cybersecurity ratings on technology products, much like today's EnergyStar ratings, if the findings of a government-sponsored cybersecurity commission are heeded. Although like much in Washington right now, a lot depends on  incoming U.S. President Donald Trump and his views on cybersecurity are far from clear.The report, published on Friday by the Commission on Enhancing National Cybersecurity, also suggests usernames and passwords are replaced with something more secure and wants 150,000 cybersecurity experts trained over the next four years to help the U.S. defend against hacking threats.  The commission has the support of President Obama and began its work in February this year, with executives at Microsoft, IBM, Uber and former U.S. government officials. However, in releasing its findings, Obama acknowledged it’ll be up to the next president and U.S. Congress to more fully implement what the commission has recommended.  To read this article in full or to leave a comment, please click here

23% off iClever Backlight Bluetooth Folding Keyboard for Smartphone, PC, or Tablet – Deal Alert

This lightweight and super portable keyboard from iClever features a compact design with full standard-size keys, but folds down into ⅓ of the size. This model has a convenient backlight feature with red, blue, or green selectable at two brightness levels, so you can type in every environment from a dimly-lit classroom to a dark airplane cabin. Its Broadcom Bluetooth module has a generous operating range of 30 feet, and connects quickly with your devices when you simply unfold the keyboard. The iClever backlit folding keyboard averages 4.5 out of 5 stars on Amazon (read reviews) where its typical list price of $59.99 has been reduced 23% to $45.99. See it now on Amazon.To read this article in full or to leave a comment, please click here

NIPS conference: Google releases open-source, AI, 3D game-development project

Today, on the opening day of the marquee AI conference Neural Information Processing Systems (NIPS) conference in Barcelona, Google announced in a blog post the release of its DeepMind Lab project available to the AI community under open source licensing terms.Artificial intelligence (AI) and virtual reality (VR) are the next two computing platforms. DeepMind Lab is a 3D AI platform for building virtual games that bring these two platforms together in multiple dimensions. DeepMind Lab uses a special kind of AI, called machine learning (ML). And within the field of ML, it uses an advanced form of machine learning called deep reinforcement learning (DeepRL).To read this article in full or to leave a comment, please click here

After warehouse staff, Amazon to replace store clerks with robots

Amazon.com is still figuring out how to use robots to fill store shelves, but it's about done with clerks. Next year, the company will open a convenience store in Seattle where shoppers can walk in, take what they want -- and leave.The Amazon Go store is on the corner of 7th Avenue and Blanchard Street in Seattle, in the heart of Amazon's new campus development and a few blocks from the company's headquarters.Amazon wants people to walk in to the store and then just walk out with what they want. It's not giving the goods away, though.To read this article in full or to leave a comment, please click here

Behavior analytics tools for cybersecurity move into enterprises

Behavior analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers, according to security analysts.Behavior analytics in cybersecurity is roughly defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software. Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.To read this article in full or to leave a comment, please click here

Behavior analytics tools for cybersecurity move into enterprises

Behavior analytics is one of the more recent buzzwords in enterprise cybersecurity, with more than 35 vendors competing for customers, according to security analysts.Behavior analytics in cybersecurity is roughly defined as using software tools to detect patterns of data transmissions in a network that are out of the norm. The theory is that the analytics tool would detect the anomaly and alert IT managers, who would stop the unusual behavior or cyberattack.Enterprises use behavior analytics to detect intrusions that evade preventive technologies such as firewalls, intrusion-prevention systems and antivirus software. Those conventional tools match fingerprints or signatures identified in prior attacks, while behavior analytics tools study and report anomalies that are judged against a baseline of normal behavior. Among the users of behavior analytics is the National Security Agency, which uses the analytics to detect threats to its private cloud system.To read this article in full or to leave a comment, please click here

AWS wants to dominate beyond the public cloud with Lambda updates

Amazon Web Services' big Re:Invent conference in Las Vegas brought a plethora of new features and upgrades to its cloud platform. But there was one key set of upgrades that set the stage for Amazon's expansion outside its own public cloud data centers.Two years ago, AWS CEO Andy Jassy made a big splash at Re:Invent when he introduced Lambda, a service that lets developers write snippets of code that execute in response to event triggers. Amazon does the work to provision servers to run that code, so developers don't have to think about the infrastructure overhead.To read this article in full or to leave a comment, please click here

Microsoft’s chatbot is reborn as Zo

Earlier this year, Microsoft tried an experiment with an AI-powered chatbot called Tay. It was an interesting concept where Tay would learn from its users. Unfortunately it turned into a PR disaster very quickly as the 4chan crowd moved in and taught it all kinds of racist and homophobic comments. Red-faced, Microsoft pulled the chatbot quickly and promised to make adjustments to its AI chatbot so that it doesn’t act like a /b/tard. Fast forward a few months, and Microsoft is ready to try again. Its new chatbot has the equally odd name of Zo. For now, Zo is available only on Kik, a chat service for mobile phones, whereas Tay was on Twitter. To read this article in full or to leave a comment, please click here

Get Out While You Still Can

For years, this blog has mostly been about enterprise IT with a focus on networking. I’ll spare you the entire history because no one cares. But in short, if you dig through the archives, you’ll find content going all the way back to the beginning of 2007 when I was writing for my CCIE study blog.

Ten years, hundreds of articles, and millions of words later, I am a full-time writer and podcaster covering enterprise technology for engineers from behind a microphone and keyboard. But I don’t do that here anymore. I do that at PacketPushers.net.

Before Packet Pushers became the thing that put food in my mouth, I’d split my enterprise tech writing between this blog and that, but splitting the content just doesn’t make sense now. Thus, I’ve been putting all my enterprise tech writing under the Packet Pushers flag. Packet Pushers Interactive is my company that I co-founded, and I’m proud of it. There is no reason to straddle the fence.

So, what of this blog?

EthanCBanks.com will be where I write about…

  • General technology. For example, I’m into the Garmin & Apple ecosystems. I read a lot about alt-energy. I cover many other nerdy topics with my friend Eric Sutphen on the weekly Citizens Continue reading

Worth Reading: The Dangers of the New UK Investigatory Powers Act

There is an old adage that trust takes years to build, seconds to break, and forever to repair. When it comes to the Internet and its users, the same holds true. For average Internet users, trust in the Internet has to be built. They have to gain confidence in the safety of their private information online. When a user’s private online information is made public, they lose trust in the Internet and its services. —The Internet Society

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The Dangers of the New UK Investigatory Powers Act appeared first on 'net work.

Traffic Pattern Attacks: A Real Threat

Assume, for a moment, that you have a configuration something like this—

db-key-traffic-attack

Some host, A, is sending queries to, and receiving responses from, a database at C. An observer, B, has access to the packets on the wire, but neither the host nor the server. All the information between the host and the server is encrypted. There is nothing the observer, B, can learn about the information being carried between the client and the server? Given the traffic is encrypted, you might think… “not very much.”

A recent research paper published at CCS ’16 in Vienna argues the observer could know a lot more. In fact, based on just the patterns of traffic between the server and the client, given the database uses atomic operations and encrypts each record separately, it’s possible to infer the key used to query the database (not the cryptographic key). The paper can be found here. Specifically:

We then develop generic reconstruction attacks on any system supporting range queries where either access pattern or communication volume is leaked. These attacks are in a rather weak passive adversarial model, where the untrusted server knows only the underlying query distribution. In particular, to perform our attack Continue reading

1 2,421 2,422 2,423 2,424 2,425 3,784