FBI arrests an NSA contractor suspected of stealing hacking tools

The FBI has arrested a U.S. government contractor for allegedly stealing classified documents, possibly including hacking tools.Harold Thomas Martin III, 51, has been charged with stealing government materials, including top secret information, the U.S. Department of Justice said on Wednesday.Martin, who held a top-secret national security clearance, allegedly took six classified documents produced in 2014."These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues," the DOJ said. To read this article in full or to leave a comment, please click here

FBI arrests an NSA contractor suspected of stealing hacking tools

The FBI has arrested a U.S. government contractor for allegedly stealing classified documents, possibly including hacking tools.Harold Thomas Martin III, 51, has been charged with stealing government materials, including top secret information, the U.S. Department of Justice said on Wednesday.Martin, who held a top-secret national security clearance, allegedly took six classified documents produced in 2014."These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues," the DOJ said. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Many people abandon security, risky behavior surges

People are sick and tired of being told to be more secure in their use of computers and when participating in online activities. So much so that they’re simply ignoring the blitz of annoying demands and are carrying on as imprudently as they’ve always done, according to National Institute of Standards and Technology (NIST) researchers.The U.S. Department of Commerce-operated lab recently published a report (subscription) on the subject in IEEE’s IT Professional Journal.The study’s participants “expressed a sense of resignation and loss of control” when the scientists asked them about their online activity, such as shopping and banking.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Many people abandon security, risky behavior surges

People are sick and tired of being told to be more secure in their use of computers and when participating in online activities. So much so that they’re simply ignoring the blitz of annoying demands and are carrying on as imprudently as they’ve always done, according to National Institute of Standards and Technology (NIST) researchers.The U.S. Department of Commerce-operated lab recently published a report (subscription) on the subject in IEEE’s IT Professional Journal.The study’s participants “expressed a sense of resignation and loss of control” when the scientists asked them about their online activity, such as shopping and banking.To read this article in full or to leave a comment, please click here

Happy 25th once again to Linux, ‘the little OS that definitely could’

Aug. 25 may be Linux's official birthday, but Oct. 5 is in many ways the day it began to make a real mark on the world. That's when Linux creator Linus Torvalds officially released the first Linux kernel into the wild."As I mentioned a month(?) ago, I'm working on a free version of a minix-lookalike for AT-386 computers," Torvalds wrote in a newsgroup post on Oct. 5, 1991. "It has finally reached the stage where it's even usable (though may not be depending on what you want), and I am willing to put out the sources for wider distribution."To read this article in full or to leave a comment, please click here

Hacking DRBL Client PXE Boot Password

In a previous tutorial I showed installation of Clonezilla Server Edition on Ubuntu using my own Bash script. We configured PXE (Pre eXecution Environment)) password for clients so when the clients booted a password had to be entered to startup. This tutorial explains two different ways how to get and crack the PXE boot password.

picture1_pxe_drbl-_client_password_required

Picture 1 - Client Requires to Enter PXE Password During Startup

First, we should mention some facts. The PXE client password is stored in plain text in a configuration file /etc/drbl/drblpush.conf. The password is secretpassword and it can be found in a dictionary rockyout.txt.

picture2_pxe_boot_plaintext_password

Picture 2 - Plain Text PXE Client Boot Password

The same PXE client password is stored as a hash in a file /tftpboot/nbi_img/prelinux.cfg/default.

picture3_pxe_boot_password_hash

Picture 3 - PXE Client Boot SHA-1 Base64 Encoded Salted Hash

The hash is created by utility /usr/sbin/sha1pass on DRBL server. It is a Perl script which takes two arguments from STDIN - a password and salt and it creates SHA-1 base64 salted hash.

picture4_generating_password_hash

Picture 4 - Perl Script fo Generating Hash from Password and Salt

Explanation:

  • $4$ - SHA-1 base64 encoded salted hash
  • 2mNryVVj - salt
  • WIWlkNc6cA9+eQqcf9xU0d5IvVQ - hash

They are several methods how to obtain PXE boot Continue reading

Satya Nadella’s comp package slips 3% to $17.7M

Microsoft CEO Satya Nadella received a compensation package for the year ending June 30 worth approximately $17.7 million, a 3% reduction from 2015, according to security filings.A preliminary proxy statement submitted Monday to the U.S. Securities & Exchange Commission showed that Nadella's pay cut was about a third of the 9% downturn in Microsoft's revenue during the same period.The chief executive received $1.2 million in salary, the same as the year before; $4.5 in a cash performance bonus, or 3% more than in 2015; and $12 million in stock awards, or 6% less.To read this article in full or to leave a comment, please click here

Crisis planning: 6 ways to put people first

If your business is located in the southeastern U.S., you're probably bracing for hurricane Matthew, which as of this writing is headed for Florida after making landfall in Cuba. All-too-familiar with the havoc a hurricane can wreak, you likely have a battle-tested plan for dealing with such storms and their aftermath.To read this article in full or to leave a comment, please click here(Insider Story)

The ever expanding menu…

A short note reminding the gentle readers who wander in to this site of the riches of information available in the main menu to the left of this post…

rule 11 reader takes you to a subscription form for the mailing list. The format and frequency of the mailing list is a little messed up right now, and I always mean to do more with it, but never seem to get around to it.

culture-eats-technologysixty books takes you to a list of books I’ve found particularly helpful or useful over the years. The title isn’t the number of books, strictly speaking, but rather a challenge to read sixty books this year. Not all of these are related to network engineering.

worth visiting is something of a blog role and interesting sites, not all related to network engineering.

author page takes you to a page listing all of my works. Right now this is on Amazon, but as not all my works are available on Amazon, I need to fix this. Yes, it’s already on my list of things to do.

network icons is a set of icons I use in public presentations not tied to a company, etc. These are Continue reading

Creepy clown craze actually addressed at White House press conference

It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that The New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here

Creepy clown craze actually addressed at White House press conference

It’s been a week since we looked at the clown hysteria sweeping the nation, including a sheriff consulting with the FBI and Homeland Security over the clown threat, and now creepy clowns have even been addressed during a White House press conference.On Tuesday, Bloomberg’s Justin Sink asked White House press secretary Josh Earnest about the creepy clown craze. Sink mentioned that the New York Times reported 12 people have been arrested for either making fake clown reports, threats, or chasing people, and law enforcement is seeking clown advise from DHS and the FBI. He asked if President Obama was keeping tabs on the creepy clown phenomena and if the White House had any comments to discourage clown pranks.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For October 7th, 2016

Hey, it's HighScalability time:

 

The worlds oldest analog computer, from 87 BC, the otherworldly Antikythera mechanism.

 

If you like this sort of Stuff then please support me on Patreon.

  • 70 billion: facts in Google's knowledge graph; 80 million: monthly visitors to walmart.com; 50%: lower cost for sending a container from Shanghai to Europe; 6 billion: Docker Hub pulls per 6 weeks; 5x: impact reduction using new airbag helmet; 400: node Cassandra + Spark Cluster in Azure; 66%: loss of installs when apps > 100MB; 223GB: Udacity open sources self-driving car data; 

  • Quotable Quotes:
    • rfrey: The success of many companies, and probably all of the unicorns, has nothing to do with technology. The tech is necessary, of course, but so are desks and an accounting department. Internalizing that has been difficult for me as an engineer.
    • @mza: 72 new features/services released last month on #AWS. 706 so far this year (up 42.9% YoY).
    • Marc Andreessen: To me the problem is clear: The problem is insufficient technological adoption, innovation, and disruption in these high-escalating price sectors of the economy. My thesis is that we're not in a tech bubble — Continue reading

How To Dockerize Vendor Apps like Confluence

Docker Datacenter customer, Shawn Bower of Cornell University recently shared their experiences in containerizing Confluence as being the start of their Docker journey.

Through that project they were able to demonstrate a 10X savings in application maintenance, reduce the time to build a disaster recovery plan from days to 30 minutes and improve the security profile of their Confluence deployment. This change allowed the Cloudification team that Shawn leads to start spending the majority of their time helping Cornelians to use technology to be innovative.

Since the original blog was posted, there’s been a lot of requests to get the pragmatic info on how Cornell actually did this project.  In the post below, Shawn provides detailed instructions on how Confluence is containerized and how the Docker workflow is integrated with Puppet.

Written by Shawn Bower

As we started our Journey to move Confluence to the cloud using Docker we were emboldened by the following post from Atlassian. We use many of the Atlassian products and love how well integrated they are.  In this post I will walk you through the process we used to get Confluence in a container and running.

First we needed to craft a Dockerfile.  At Cornell Continue reading

What #MadeByGoogle really means

Google announced some cool consumer electronics devices at its San Francisco event yesterday hashtagged #MadeByGoogle: Google Home personal digital assistant, two new flagship phones under the new Pixel brand, Chromecast Ultra (capable of 4K video), Google Wi-Fi, and a VR headset for the Pixel phones. The usual sales channels—Verizon, Best Buy and Google Play—will distribute them.It sounds like the consumer electronics business, but it is not.To read this article in full or to leave a comment, please click here

Up To $50 off Various Amazon Kindle Models, Limited Time Discount for Prime Members Only – Deal Alert

Amazon has quietly released a good deal on its popular Kindle series of e-readers, but it's available only to Prime Members, or anyone who has an active 30-day free trial. For a limited time, Kindle's price sinks from $80 to $50, Kindle Paperwhite from $120 down to $90, and the Kindle Voyage drops from $200 to just $150. Which dovetails with the new "Prime Reading" benefit they just announced (See: "Prime Members Now Get Unlimited Reading On Any Device, Amazon Announces - Deal Alert" @ Techconnect.com). Kindle discounts applied during checkout.To read this article in full or to leave a comment, please click here

1 2,543 2,544 2,545 2,546 2,547 3,763