Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.To read this article in full or to leave a comment, please click here

GigaSpaces Previews its Cloudify Telecom Edition

It's telecom-friendly MANO software.

On differential privacy

Over the past several weeks, there’s been a lot of talk about something called “differential privacy.” What does this mean, how does it work, and… Is it really going to be effective? The basic concept is this: the reason people can identify you, personally, from data collected off your phone, searches, web browser configuration, computer configuration, etc., is you do things just different enough from other people to create a pattern through cyber space (or rather data exhaust). Someone looking hard enough can figure out who “you” are by figuring out patterns you don’t even think about—you always install the same sorts of software/plugins, you always take the same path to work, you always make the same typing mistake, etc.

The idea behind differential security, considered here by Bruce Schneier, here, and here, is that you can inject noise into the data collection process that doesn’t impact the quality of the data for the intended use, while it does prevent any particular individual from being identified. If this nut can be cracked, it would be a major boon for online privacy—and this is a nut that deserves some serious cracking.

But I doubt it can actually be cracked Continue reading

Nokia Teams with Intel on OPNFV Testing

Lab will serve as a testbed for NFV developers.

Free Ansible ebooks

Need some summer reading for your trip to the beach? We are pleased to offer three free ebook previews from our friends at Packt Publishing featuring their most popular Ansible books.

Mastering Ansible by Jesse Keating

Design, develop, and solve real world automation and orchestration needs by unlocking the automation capabilities of Ansible

Excerpt includes:

Chapter 1 - System Architecture and Design of Ansible: A detailed in and out view of Ansible's task performance

Chapter 3 - Unlocking the Power of Jinja2 Templates: Usage of the Jinja2 templating engine within Ansible

Download Mastering Ansible by Jesse Keating

OpenStack Administration with Ansible by Walter Bentley

Design, build, and automate 10 real-world OpenStack administrative tasks with Ansible

Excerpt includes:

Chapter 1 - An Introduction to OpenStack: A level setter on OpenStack components, concepts, and verbiage

Chapter 8 - Deploying OpenStack Features: Adding Docker to OpenStack with Ansible

Download OpenStack Administration with Ansible by Walter Bentley

Extending Ansible by Rishabh Das

Discover how to efficiently deploy and customize Ansible in the way your platform demands

Excerpt includes:

Chapter 1 - Getting Started with Ansible: Introduction to Ansible as a tool

Chapter 4 - Exploring API: The Python API for Ansible

Download Extending Ansible by Rishabh Das

Cloud or on-prem? This big-data service now swings both ways

There are countless "as-a-Service" offerings on the market today, and typically they live in the cloud. Back in 2014, startup BlueData blazed a different trail by launching its EPIC Enterprise big-data-as-a-service offering on-premises instead.On Wednesday, BlueData announced that the software can now run on Amazon Web Services (AWS) and other public clouds, making it the first BDaaS platform to work both ways, the company says."The future of Big Data analytics will be neither 100 percent on-premises nor 100 percent in the cloud," said Kumar Sreekanti, CEO of BlueData. "We’re seeing more multicloud and hybrid deployments, with data both on-prem and in the cloud. BlueData provides the only solution that can meet the realities of these mixed environments in the enterprise.”To read this article in full or to leave a comment, please click here

Cloud or on-prem? This big-data service now swings both ways

There are countless "as-a-Service" offerings on the market today, and typically they live in the cloud. Back in 2014, startup BlueData blazed a different trail by launching its EPIC Enterprise big-data-as-a-service offering on-premises instead.On Wednesday, BlueData announced that the software can now run on Amazon Web Services (AWS) and other public clouds, making it the first BDaaS platform to work both ways, the company says."The future of Big Data analytics will be neither 100 percent on-premises nor 100 percent in the cloud," said Kumar Sreekanti, CEO of BlueData. "We’re seeing more multicloud and hybrid deployments, with data both on-prem and in the cloud. BlueData provides the only solution that can meet the realities of these mixed environments in the enterprise.”To read this article in full or to leave a comment, please click here

Dropbox enhances its productivity tools across the board

Dropbox just dumped a ton of new productivity features on users of its file storage and collaboration service that are all aimed at making it easier for people to get work done within its applications. Updates to the Dropbox app for iOS allow users to scan documents directly into the cloud storage service, and get started with creating Microsoft Office files from that app as well. The company also increased the ease and security of sharing files through Dropbox, and made it easier to preview and comment on files shared through the service.These launches mean that Dropbox will be more valuable to people as a productivity service, and not just a folder to hold files. It's especially important as the company tries to capture the interest of business users, who have a wide variety of competing storage services they could subscribe to instead. To read this article in full or to leave a comment, please click here

How Docker for Mac helps me sleep better at night

My name is Matt Aimonetti, I’m the co-founder and CTO of Splice. At Splice, we built a cloud platform for music producers, this platform is made of elements engineers often take for granted. We invented version control for music, a distributed collaboration flow and a subscription based marketplace for samples, loops presets and MIDI. All that without changing the creation tools musicians already know and like.

I’m a developer and an entrepreneur, the last thing I want to worry about are ops concerns.

Continue reading

Datanauts 039: The Silo Series – Resource Allocation for Virtualized Workloads

The Datanauts Silo Series explores how to determine how many resources to apply to a virtualized workload. We discuss how to properly size and configure tricky tier 1 applications and monster VMs. The post Datanauts 039: The Silo Series – Resource Allocation for Virtualized Workloads appeared first on Packet Pushers.

IDG Contributor Network: New life for residential Wi-Fi

The recent launch of two residential Wi-Fi products—from eero and Luma—is very welcome. They highlight just how stale the traditional offerings had become. But their central technical improvement should be unnecessary.The new devices apply the Nest treatment to Wi-Fi routers rather than thermostats. As with most brilliant ideas, one’s first reaction is why didn’t someone do this before, it’s so obvious?+ Also on Network World: Riding the new Wi-Fi wave (part 1) +To read this article in full or to leave a comment, please click here

Think tanks mull Geneva Convention for cybercrime

A Geneva Convention on cyberwar: That's how a panel of experts proposes to deal with the growing threat to critical infrastructure posed by the possibility of cyberattack.With control systems in dams, hospitals, power grids and industrial systems increasingly exposed online, it's possible that nation states could seek to damage or disable them electronically.But building electronic defenses to prevent such attacks is expensive -- and often ineffectual, given the myriad ways in which they can fail or be breached.That's why the Global Commission on Internet Governance recommends that in any future cyberwar, governments should pledge to restrict the list of legitimate targets for cyberattacks, to not target critical infrastructure predominantly used by civilians, and to not to use cyberweapons against core Internet infrastructure.To read this article in full or to leave a comment, please click here

Think tanks mull Geneva Convention for cybercrime

A Geneva Convention on cyberwar: That's how a panel of experts proposes to deal with the growing threat to critical infrastructure posed by the possibility of cyberattack.With control systems in dams, hospitals, power grids and industrial systems increasingly exposed online, it's possible that nation states could seek to damage or disable them electronically.But building electronic defenses to prevent such attacks is expensive -- and often ineffectual, given the myriad ways in which they can fail or be breached.That's why the Global Commission on Internet Governance recommends that in any future cyberwar, governments should pledge to restrict the list of legitimate targets for cyberattacks, to not target critical infrastructure predominantly used by civilians, and to not to use cyberweapons against core Internet infrastructure.To read this article in full or to leave a comment, please click here

‘Trojan horse’ stalks security conference

The creation pictured above, dubbed “Cyber Horse,” greets attendees of the ongoing Cyber Week 2016 conference being held at Tel Aviv University. This short video shows a time-lapse of the final assemblage with a narration devoted to a history lesson. And here’s another close-up video taken by a conference attendee: “Cyber Horse” was conceived and built by No, No, No, No, No, Yes, an agency based in New York City. Gideon Amichay, founder and chief creative officer, explains in a blog post.To read this article in full or to leave a comment, please click here

‘Trojan horse’ stalks security conference

The creation pictured above, dubbed “Cyber Horse,” greets attendees of the ongoing Cyber Week 2016 conference being held at Tel Aviv University. This short video shows a time-lapse of the final assemblage with a narration devoted to a history lesson. And here’s another close-up video taken by a conference attendee: “Cyber Horse” was conceived and built by No, No, No, No, No, Yes, an agency based in New York City. Gideon Amichay, founder and chief creative officer, explains in a blog post.To read this article in full or to leave a comment, please click here

Get ready: Mobile World Congress is coming to the US

Mobile World Congress, arguably the most important tech trade show in the world, is coming to the U.S. Trade groups GSMA and CTIA are joining forces to bring a smaller version of the event to the U.S. in 2017.GSMA Mobile World Congress Americas will debut Sept. 12 to 14, 2017, in San Francisco and will replace U.S. trade group CTIA's Super Mobility conference. Super Mobility will continue this year in Las Vegas from Sept. 7 to 9.The new conference will be the "first truly global wireless event" in the Americas, CTIA President and CEO Meredith Attwell Baker said in a press release.ALSO: 9 tips for speeding up your business Wi-Fi The new trade show, however, will apparently be more focused, spotlighting the leading innovations from the North American mobile industry, John Hofman, CEO of GSMA, said in a press release.To read this article in full or to leave a comment, please click here

Worth Reading: Three reasons to put down your cell phone

The cell phone. We’ve gotten to a point where we can’t do anything without them, and to a point where they distract us from everything. Massive amounts of research has been, and is being, done about the impact this has on our minds and our relationships. But let me mention just a few quick reasons we should put our cell phones down as it relates to our kids. -Jamie Dew

The post Worth Reading: Three reasons to put down your cell phone appeared first on 'net work.

IDG Contributor Network: Why cyber hygiene isn’t enough

In numerous discussions and forums recently, the conversation about the need for a risk management approach to cybersecurity has quickly devolved into a discussion about cyber hygiene and, ultimately, a discussion about compliance (with perhaps some simple metrics thrown in). + Also on Network World: Match security plans to your company's 'risk appetite' + This pattern of following a difficult, but business-oriented discussion of risk to a trivial oversimplification is common within government and industry circles—and even among the most sophisticated CISOs. What we really need, however, is a holistic risk framework and a solid commitment to risk-based measurements in order to accurately understand and defend against the most serious cybersecurity threats facing our country. Too often we focus solely on cyber hygiene, while important, doesn’t fully address the more severe risks organizations face with increasing frequency.To read this article in full or to leave a comment, please click here

Why cyber hygiene isn’t enough

In numerous discussions and forums recently, the conversation about the need for a risk management approach to cybersecurity has quickly devolved into a discussion about cyber hygiene and, ultimately, a discussion about compliance (with perhaps some simple metrics thrown in).+ Also on Network World: Match security plans to your company's 'risk appetite' +This pattern of following a difficult, but business-oriented discussion of risk to a trivial oversimplification is common within government and industry circles—and even among the most sophisticated CISOs. What we really need, however, is a holistic risk framework and a solid commitment to risk-based measurements in order to accurately understand and defend against the most serious cybersecurity threats facing our country. Too often we focus solely on cyber hygiene, while important, doesn’t fully address the more severe risks organizations face with increasing frequency.To read this article in full or to leave a comment, please click here