Lamers: the problem with bounties

In my last two posts, I pointed out that the anti-spam technique known as "DKIM" cryptographically verifies emails. This can be used to verify that some of the newsworthy emails are, indeed, correct and haven't been doctored. I offer a 1 btc (one bitcoin, around ~$600 at current exchange rates) bounty if anybody can challenge this assertion.

Unfortunately, bounties attract lamers who think they deserve the bounty. 


This guy insists he wins the bounty because he can add spaces to the email, and add fields like "Cc:" that DKIM doesn't check. Since DKIM ignores extra spaces and only checks important fields, these changes pass. The guy claims it's "doctored" because technically, he has changed things, even though he hasn't actually changed any of the important things (From, Date, Subject, and body content).

No. This doesn't qualify for the bounty. It doesn't call into question whether the Wikileaks emails say what they appear to say. It's so obvious that people have already contacted me and passed on it, Continue reading

Twitter said to plan 300 more job cuts this week

Twitter may trim its staff again by about 300 people or 8 percent of its workforce, as the company tries to cut costs in trying times.The widespread job cuts could come before the company releases its third-quarter earnings on Thursday, according to Bloomberg, which cited people familiar with the matter. It cautioned that the precise number of jobs affected could change.A Twitter spokeswoman said in an email that the company doesn’t comment on rumor or speculation.Twitter announced in October last year that it was laying off 336 employees.To read this article in full or to leave a comment, please click here

Lyft customers face potential hack from recycled phone numbers

Giving up an old cell phone number for a new one may seem harmless. But for Lyft customers, it can potentially expose their accounts to complete strangers.That's what happened to Lara Miller, a media relations specialist living in California. Earlier this month, she discovered two credit card charges made in Las Vegas, over 400 miles away."I thought it was legit fraud on my debit card," Miller said.  But in reality, another woman had accidentally taken over her old Lyft account. It happened because the phone company had recycled the cell phone number Miller had canceled back in April -- opening the door to the hack.The problem involves Lyft's login process. The ride-hailing app does away with the hassle of usernames and passwords, and instead signs up customers with their smartphone's cell number.To read this article in full or to leave a comment, please click here

Lyft customers face potential hack from recycled phone numbers

Giving up an old cell phone number for a new one may seem harmless. But for Lyft customers, it can potentially expose their accounts to complete strangers.That's what happened to Lara Miller, a media relations specialist living in California. Earlier this month, she discovered two credit card charges made in Las Vegas, over 400 miles away."I thought it was legit fraud on my debit card," Miller said.  But in reality, another woman had accidentally taken over her old Lyft account. It happened because the phone company had recycled the cell phone number Miller had canceled back in April -- opening the door to the hack.The problem involves Lyft's login process. The ride-hailing app does away with the hassle of usernames and passwords, and instead signs up customers with their smartphone's cell number.To read this article in full or to leave a comment, please click here

L3 vPC Support on Nexus 5k

So… I'm a little embarrased to admit this but I only very recently found out that there are significant differences in how Virtual Port Channels (vPC) behave on the Nexus 5k vs the Nexus 7k when it comes to forming routing adjacencies over the vPC.

Take the title literally!

I've read the vPC Best Practice whitepaper and have often referred

others to it and also referred back to it myself from time to time. What I failed to realize is that I should've been taking the title of this paper more literally: it is 100% specific to the Nexus 7k. The behaviors the paper describes, particularly around the data plane loop prevention protections for packets crossing the vPC peer-link, are specific to the n7k and are not necessarily repeated on the n5k.

White House: Small satellites bring “Moore’s Law” into space

Small satellites, sometimes called cubesats or just smallsats are a very popular way of getting inexpensive communications and surveillance into space quickly.Looking to bolster that notion, the White House recently revealed a number of program that it says will help drive the use of smallsats even further. The White House Office of Science and Technology Policy (OSTP) announced what it called the “Harnessing the Small Satellite Revolution” initiative, which basically brings together National Aeronautics and Space Administration (NASA), the Department of Defense, the Department of Commerce, and other Federal agencies, to promote and support government and private use of small satellites for remote sensing, communications, science, and the exploration of space. To read this article in full or to leave a comment, please click here

White House: Small satellites bring “Moore’s Law” into space

Small satellites, sometimes called cubesats or just smallsats are a very popular way of getting inexpensive communications and surveillance into space quickly.Looking to bolster that notion, the White House recently revealed a number of program that it says will help drive the use of smallsats even further. The White House Office of Science and Technology Policy (OSTP) announced what it called the “Harnessing the Small Satellite Revolution” initiative, which basically brings together National Aeronautics and Space Administration (NASA), the Department of Defense, the Department of Commerce, and other Federal agencies, to promote and support government and private use of small satellites for remote sensing, communications, science, and the exploration of space. To read this article in full or to leave a comment, please click here

The enterprise wish-list for the hybrid cloud

If you know how to drive one car, you know how to drive pretty much any car. The gas pedal is always on the right and brake on the left. Push the turn signal up to go right and down to go left. Whether it’s a Ford or a Toyota, you don’t need to relearn how to drive each car.Public cloud should be the same way, argues Bob Wysocki, CTO of Digital Infrastructure for General Electric and a member of the Open Networking User Group (ONUG). This week at ONUG’s annual fall meeting in New York a key theme is making it easier for enterprises to use public IaaS cloud services. Earlier this year ONUG created a new Hybrid Cloud Working Group that has created a sort of wish-list of what enterprise customers from GE, Pfizer, Citigroup and Gap would like to see from public cloud vendors to achieve easier usability.To read this article in full or to leave a comment, please click here

Answers to ‘Is the internet broken?’ and other Dyn DDoS questions

The massive DDoS attacks that took down internet address-translation service Dyn and its customers last week raise a lot of need-to-know questions about the overall security of online infrastructure and its performance.While the attacks were ultimately mitigated and have subsided, the means for carrying out others are still viable and could crop up at any time with other targets. Here are some questions and answers that address what happened, how it happened, whether it could happen again and what the consequences might be.Is the internet broken?No, or at least not any more than it was before. It’s made up of a system of independent vendors and institutions working cooperatively to provide access to sites around the world. Each works in its own best interests but also cooperates with the others to make the system work for everybody. Like any such system, it’s got flaws and weaknesses. The Dyn attackers targeted some of these vulnerabilities and exploited them for maximum effect.To read this article in full or to leave a comment, please click here

Answers to ‘Is the internet broken?’ and other Dyn DDoS questions

The massive DDoS attacks that took down internet address-translation service Dyn and its customers last week raise a lot of need-to-know questions about the overall security of online infrastructure and its performance.While the attacks were ultimately mitigated and have subsided, the means for carrying out others are still viable and could crop up at any time with other targets. Here are some questions and answers that address what happened, how it happened, whether it could happen again and what the consequences might be.Is the internet broken?No, or at least not any more than it was before. It’s made up of a system of independent vendors and institutions working cooperatively to provide access to sites around the world. Each works in its own best interests but also cooperates with the others to make the system work for everybody. Like any such system, it’s got flaws and weaknesses. The Dyn attackers targeted some of these vulnerabilities and exploited them for maximum effect.To read this article in full or to leave a comment, please click here

Annual Security Survey – Call for Participation

It’s that time again! Arbor Networks is opening its 12th annual Worldwide Infrastructure Security Report survey. Findings from this survey are compiled and analyzed to provide insights on a comprehensive range of issues from threat detection and incident response to staffing, budgets and partner relationships.  A copy of the report will be sent to all participants. We […]

Worth Reading: Some notes on today’s DDoS

As a techy, I want to know the composition of the traffic. Is it blindly overflowing incoming links with junk traffic? Or is it cleverly sending valid DNS requests, overloading the ability of servers to respond, and overflowing outgoing link (as responses are five times or more as big as requests). Such techy details and more make a big difference. Was Dyn the only target? Why were non-Dyn customers effected? —Errata Security

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Some notes on today’s DDoS appeared first on 'net work.

LEGO builds on its Mac project

The old way of doing IT at The LEGO Group was very much “we decide how you work,” said Michael Loft Mikkelsen. But things are changing at the family-owned company based in Billund, Denmark. One big change is the growing number of Mac users among the 17,000 worldwide LEGO employees. Driving the change is LEGO’s corporate mission.“We have one overarching mission: to inspire and develop the builders of tomorrow. That’s our single most important goal,” said Loft Mikkelsen, infrastructure engineer at LEGO. “To create these fantastic products, we need an IT infrastructure that’s agile, scalable and robust enough to keep up with our development and growth.”To read this article in full or to leave a comment, please click here

The Lost Year: Back to Work

2015 was tough just no getting around it.  I started the year working with an amazing team as the CTO of a company I really believed in and the COO of the company that was supposed to be my future.  By the end of 2015 I had been through 3 jobs (all of my own …

Physical RAM attack can root Android and possibly other devices

Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead of taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based devices and computers.The attack stems from the push over the past decade to pack more DRAM (dynamic random-access memory) capacity onto increasingly smaller chips, which can lead to memory cells on adjacent rows leaking electric charges to one another under certain conditions.For example, repeated and rapid accessing of physical memory locations -- an action now dubbed "hammering" -- can cause the bit values from adjacent locations to flip from 0 to 1 or the other way around.To read this article in full or to leave a comment, please click here

Physical RAM attack can root Android and possibly other devices

Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based devices and computers. The attack stems from the push over the past decade to pack more DRAM (dynamic random-access memory) capacity onto increasingly smaller chips, which can lead to memory cells on adjacent rows leaking electric charges to one another under certain conditions. For example, repeated and rapid accessing of physical memory locations -- an action now dubbed "hammering" -- can cause the bit values from adjacent locations to flip from 0 to 1 or the other way around.To read this article in full or to leave a comment, please click here

1 2,498 2,499 2,500 2,501 2,502 3,763