WikiLeaks says it doesn’t collaborate with states

WikiLeaks claims to have many thousands of sources but does not collaborate with states in the publication of documents, its editorial board said late Sunday.The statement by the board of the whistleblowing site assumes significance after the  administration of U.S. President Barack Obama charged that it and other sites had released allegedly hacked emails under the direction of Russia. WikiLeaks has leaked mails from the Democratic National Committee that showed that the Democratic Party’s national strategy and fund-raising committee had favored Hillary Clinton over her rival Senator Bernie Sanders for the Democratic Party nomination. The website has also published mails from the account of John Podesta, chairman of Clinton's campaign for the presidential election, which could prove to be embarrassing to the candidate.To read this article in full or to leave a comment, please click here

WikiLeaks says it doesn’t collaborate with states

WikiLeaks claims to have many thousands of sources but does not collaborate with states in the publication of documents, its editorial board said late Sunday.The statement by the board of the whistleblowing site assumes significance after the  administration of U.S. President Barack Obama charged that it and other sites had released allegedly hacked emails under the direction of Russia. WikiLeaks has leaked mails from the Democratic National Committee that showed that the Democratic Party’s national strategy and fund-raising committee had favored Hillary Clinton over her rival Senator Bernie Sanders for the Democratic Party nomination. The website has also published mails from the account of John Podesta, chairman of Clinton's campaign for the presidential election, which could prove to be embarrassing to the candidate.To read this article in full or to leave a comment, please click here

AT&T will acquire Time Warner for $85.4B in content play

AT&T said it will acquire Time Warner for US$85.4 billion, reflecting a continuing trend for the consolidation of communications and media companies. The deal aims to combine content from Time Warner, which has a film studio and a vast library of entertainment, with AT&T’s distribution network of mobile services, broadband and TV in the U.S., Mexico and Latin America, AT&T said late Saturday. Under the part cash, part stock deal, Time Warner shareholders will receive $107.50 per share under the terms of the merger, consisting of $53.75 per share in cash and $53.75 per share in AT&T stock. The transaction is expected to close by the end of 2017, and is subject to approval by Time Warner shareholders and review by the U.S. Department of Justice, AT&T said. Review from the Federal Communications Commission may also be required to the extent that FCC licenses may have to be transferred to AT&T under the deal.To read this article in full or to leave a comment, please click here

Politifact: Yes we can fact check Kaine’s email

This Politifact post muddles over whether the Wikileaks leaked emails have been doctored, specifically the one about Tim Kaine being picked a year ago. The post is wrong -- we can verify this email and most of the rest.

In order to bloc spam, emails nowadays contain a form of digital signatures that verify their authenticity. This is automatic, it happens on most modern email systems, without users being aware of it.

This means we can indeed validate most of the Wikileaks leaked DNC/Clinton/Podesta emails. There are many ways to do this, but the easiest is to install the popular Thunderbird email app along with the DKIM Verifier addon. Then go to the Wikileaks site and download the raw source of the email https://wikileaks.org/podesta-emails/emailid/2986.

As you see in the screenshot below, the DKIM signature verifies as true.


If somebody doctored the email, such as changing the date, then the signature would not verify. I try this in the email below, changing the date from 2015 to 2016. This causes the signature to fail.


There are some reasons DKIM might fail, specifically if the sender uses short keys. This doesn't apply to GMail, which uses strong 2048 bit keys, Continue reading

Chinese firm admits its hacked products were behind Friday’s massive DDOS attack

A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.To read this article in full or to leave a comment, please click here

Chinese firm admits its hacked products were behind Friday’s massive DDOS attack

A Chinese electronics component manufacturer says its products inadvertently played a role in a massive cyberattack that disrupted major internet sites in the U.S. on Friday.Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.According to security researchers, malware known as Mirai has been taking advantage of these vulnerabilities by infecting the devices and using them to launch huge distributed denial-of service attacks, including Friday’s outage.To read this article in full or to leave a comment, please click here

IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating

Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here

A Brief History of the IANA

October 2016 marks a milestone in the story of the Internet. At the start of the month the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. No single government now has a unique relationship with the governance of the protocol elements of the Internet, and it is now in the hands of a community of interested parties in a so-called Multi-Stakeholder framework. This is a unique step for the Internet and not without its attendant risks. How did we get here?

IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating

Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here

Managing AWS Infrastructure with Ansible

In this post, I’m going to discuss some concepts behind managing your Amazon Web Services (AWS) infrastructure using Ansible. Ansible is a very popular tool for configuring operating system instances and software; using the concepts and examples provided in this post would allow you to expand your use of Ansible to include—when using AWS—the creation and deletion of the operating system instances themselves, as well as related infrastructure components (like security groups or other services).

Preface

Before I continue, I’d like to first discuss the “fit” of using Ansible for this particular purpose. Ansible doesn’t store the state of managed systems. Perhaps this is due to the agentless architecture; I don’t know. What that means in this particular use case is that you must take other steps to store information you’ll absolutely need like instance IDs, security group IDs, and the like because Ansible itself doesn’t. In my mind, this makes Ansible a less-than-ideal tool for this particular use case. That doesn’t mean Ansible isn’t a good tool; it just means that Ansible may not be the best tool for this particular purpose. (Think of it like this: Yes, you can sometimes unscrew something using a knife, but a screwdriver Continue reading

Float Shelf: An elegant way for Apple users to clean up their desktops

I love my iMac. There’s something so elegant and practical about the design and, as a result, many companies have attempted to come up with products that fit the Apple aesthetic but, sadly, most fail. Now, way back in 2012 in a roundup of Kickstarter projects I wanted to get my hands on, I covered the Hand Stylus, a beautifully designed pen-style stylus for tablets that is still my favorite tool for drawing on an iPad. Designed by Steve King, the Hand Stylus was the first of a series of products from his company, Prism Designs, and the company’s latest product, the Float Shelf, echoes the whole Apple look and feel as well as being really useful. To read this article in full or to leave a comment, please click here

dweet.io: A simple, effective messaging service for the Internet of Things

In my last post I discussed Freeboard, a powerful, polished, open source Web dashboard and mentioned that Bug Labs, the creators of Freeboard, also offer a very interesting Internet of Things messaging service called dweet which we’ll look at today.Now, there are many messaging services (for example MQTT) that can be used by IoT applications but few that are really simple and free as well; dweet is, indeed, simple and free though there is also an inexpensive enhanced level of dweet service we’ll get to later.To read this article in full or to leave a comment, please click here

Yes, we can validate the Wikileaks emails

Recently, WikiLeaks has released emails from Democrats. Many have repeatedly claimed that some of these emails are fake or have been modified, that there's no way to validate each and every one of them as being true. Actually, there is, using a mechanism called DKIM.

DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.

Hillary's team uses "hillaryclinton.com", which as DKIM enabled. Thus, we can verify whether some of these emails are true.

Recently, in response to a leaked email suggesting Donna Brazile gave Hillary's team early access to debate questions, she defended herself by suggesting the email had been "doctored" or "falsified". That's not true. We can use DKIM to verify it.

You can see the email in question at the WikiLeaks site: https://wikileaks.org/podesta-emails/emailid/5205. The title suggests they have early access to debate questions, and includes one specifically on the death penalty, with the text:
since 1973, 156 people have been on death row and later set free. Since 1976, 1,414 people have been executed in the U.S

TDWR 5 GHz Weather Radar Locations and Frequencies

Is your Wi-Fi network close to TDWR weather radar that may impact your deployment?

 

Use this list to know: 

Source: Cisco and WISPA

 http://www.wispa.org/Resources/Industry-Resources/TDWR-Resources/TDWR-Locations-and-Frequencies

 http://www.cisco.com/c/en/us/products/collateral/routers/3200-series-rugged-integrated-services-routers-isr/data_sheet_c78-647116.html

PDF version: 

 http://www.cisco.com/c/en/us/products/collateral/routers/3200-series-rugged-integrated-services-routers-isr/data_sheet_c78-647116.pdf

IMG_3879.PNG

Deep Dive- Contrail Data Center Interconnect

In previous blog we discussed high level for  Juniper Contrail Data Center Interconnect and how to connect physical servers with servers deployed inside SDN environment. In this blog we will have deep dive for both scenarios. We will discuss in detail configuration options ,  control plane and data plane operations involved in both options:-

picture1

Following component are included in reference topology:-

  1. 1 x MX-5 will be configured as Data Center Edge Router
  2. Contrail Control Node
  3. Compute 51 (which has 1 x vRouter)
  4. Compute 52 (Which has 1 x vRouter)
  5. MP-iBGP will be configured by Contrail Control Node between itself and all vRouters.
  6. Contrail node will act as Route Reflector (RR) and all vRouter will act as client to RR.
  7. vRouter will establish GRE tunnel (for data plane forwarding) with all other vRouter .
  8. MX-5 (Data Center Edge Router) will also establish MP-iBGP  peer-ship with Contrail Control node and will establish GRE tunnel with all vRouters.

Now if we recall iBGP forwarding rules and co-relate to our environment:-

  1. All vRouter which are RR  clients will transmit routes only to RR.
  2. RR will receive the routes from any of the client and will transmit received routes to all clients (except the vRouter from where the Continue reading

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

1 2,526 2,527 2,528 2,529 2,530 3,787