Should We Stop Encryption? Can We?

It’s not like they’re asking for a back door for every device.
If the world goes dark through encryption, we’ll be back to the wild west!
After all, if it were your daughter who had been killed in a terrorist attack, you’d want the government to get to that information, too.

While sitting on a panel this last week, I heard all three reactions to the Apple versus FBI case. But none of these reactions ring true to me. security-net

Let’s take the first one: no, they’re not asking for a back door for every device. Under the time tested balance between privacy and government power, the specific point is that people have a reasonable expectation of privacy until they come under suspicion of wrongdoing. However, it’s very difficult to trust that, in the current environment, that such power, once granted, won’t be broadened to every case, all the time. The division between privacy and justice before the law was supposed to be at the point of suspicion. That wall, however, has already been breached, so the argument now moves to “what information should the government be able to trawl through in order to find crimes?” They are asking for Continue reading

Paris terrorists resorted to using burner phones, not encryption, to avoid detection

Oh the Paris terrorists must have used encryption to evade detection we’ve heard again and again since the attacks; come to find out, the attackers resorted to using burner phones.Having gotten its hands on a 55-page report prepared by French police and given to France’s Interior Ministry, The New York Times reported that disposable phones played a big part in how the Paris terrorist avoided detection. “They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.”To read this article in full or to leave a comment, please click here

IRS: Top 10 2015 identity theft busts

The IRS faces an uphill battle in fighting identity theft, but that doesn’t mean it isn’t trying. In fiscal year 2015, the IRS said it started 776 identity theft related investigations, which resulted in 774 sentencings through its Criminal Investigation enforcement efforts. The courts continue to impose significant jail time with the average penalty in 2015 at 38 months in jail— the longest sentencing being over 27 years.+More on Network World: IRS Scam: 5,000 victims cheated out of $26.5 million since 2013+To read this article in full or to leave a comment, please click here

Chuck Robbins rewires Cisco

When Chuck Robbins took over the CEO position at Cisco from the popular and iconic John Chambers there was a tremendous amount of speculation as to whether Robbins would just continue the path that Chambers was going or would he run Cisco his way. After less than a year, Robbins is coming out of Chambers shadow much the same way Steve Young did when he took over the QB position in the post Joe Montana era. This week Robbins restructured Cisco’s enormous engineering unit to better align with market trends. In an email to the company Robbins outlined his plan to create four engineering groups. Bob Brown covered the basic structure of the reorganization in this post, but I’ll go into a bit more detail.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hundreds of cloud apps still vulnerable to DROWN

If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 protocol, this flaw makes it possible for an attacker to eavesdrop on a TLS session.Because we use SSL and TLS encryption to shop, send messages, and send emails online, DROWN potentially allows attackers to access our messages, passwords, credit card details, and other sensitive data.To read this article in full or to leave a comment, please click here

Label Switched Multicast – Configuration

In the previous post (Label Switched Multicast – An Introduction) in this series on Label Switched Multicast (LSM) I introduced the concepts behind LSM and draft-rosen, the two most poplar methods for transporting multicast traffic through MPLS Layer 3 VPNs.

In this article I will talk through the configuration of LSM on the PE and P routers and get to the point where two CEs are successfully passing multicast traffic via the MPLS network. All of the configuration examples will be relevant to Cisco IOS.

As was the case in the introduction article in the series, it’s best if you already have a good understanding of multicast and MPLS before reading this article.

At the end of this article you’ll be able to start configuring your own LSM environment using the configuration samples here as a template.

To the CLI!

Configuring the Provider Network

In order to keep this post on point, I’m going to start on the basis that basic routing, LDP and MP-BGP are already configured and that unicast traffic is successfully flowing between all CEs.

The basic topology being used here is the same as the one in the introduction post:

Sample LSM Topology
Sample LSM Topology

Within the Continue reading

Google warns of Android flaw used to gain root access to devices

An application that allows users to gain full control -- root access -- over their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.The bug was originally fixed in the Linux kernel in April 2014, but wasn't flagged as a vulnerability until February 2015 when its security implications were understood and it received the CVE-2015-1805 identifier. Even then, the fix did not get ported to Android, which is based on the Linux kernel.It wasn't until Feb. 19 that researchers from a security outfit called C0RE Team notified Google that the vulnerability could be exploited on Android in order to achieve privilege escalation -- the execution of code with the privileges of the root account.To read this article in full or to leave a comment, please click here

Google to bring Internet to unconnected Cuba

Google has set a deal to bring Wi-Fi and broadband connectivity to Cuba, but some are already wondering how much information and access will freely flow to the Cuban people.President Obama and his family are in Cuba this week. It's the first time a U.S. president has visited Cuba in 88 years.In an interview with ABC News anchor David Muir that aired on Monday, the president addressed the fact that only 5% of homes in Cuba have access to the Internet, one of the lowest rates in the world.To read this article in full or to leave a comment, please click here

There’s no conspiracy behind the FBI-v-Apple postponement

The FBI says it may have found another way to get data off an iPhone, and thus asked to postpone a hearing about whether Apple can be forced to do it. I thought I'd write a couple of comments. Specifically, people are looking for reasons to believe that the FBI, or Apple, or both are acting in bad faith, and that everything that happens is some sort of conspiracy. As far as I can tell, all evidence is that they are acting in good faith.

Orin Kerr writes:
If that happens, neither side will look good in the short term. The FBI won’t look good because it went to court and claimed it had no alternatives when an alternative existed. The whole case was for nothing, which will raise suspicions about why the government filed the case and the timing of this new discovery. But Apple won’t look good either. Apple claimed that the sky would fall if it had to create the code in light of the risk outsiders might steal it and threaten the privacy of everyone. If outsiders already have a way in without Apple’s help, then the sky has already fallen. Apple just didn’t know Continue reading

FBI says it may have found a way to unlock shooter’s iPhone

The FBI says it may have discovered a way to break into the iPhone used by one of the San Bernardino mass shooters, and an important court hearing in the case that was scheduled for Tuesday has been postponed. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone," lawyers for the government said in a court filing Monday afternoon, referring to the shooter Syed Farook. "Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case," the government lawyers wrote.To read this article in full or to leave a comment, please click here

Tor Project says it can quickly catch spying code

The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.To read this article in full or to leave a comment, please click here

Cisco reorganizes engineering in a big way; veteran Ahuja out

Cisco, which kicked off 2016 with news that the leader of its engineering troops would soon be leaving the company, has now undertaken a major reorganization of that same group and disclosed another high-profile departure.The company announced internally that the moves, designed to better align engineering with Cisco business priorities under new-ish CEO Chuck Robbins, include the exit of 18-year veteran and Service Provider leader Kelly Ahuja. Cisco did not say where Ahuja might be headed, but did say he will be replaced by Yvette Kanouff, who will lead an expanded Service Provider organization. Kanouff joined Cisco in 2014 from Cablevision and has been Cisco's SVP and GM, Cloud Solutions.To read this article in full or to leave a comment, please click here

Cisco reorganizes engineering in a big way; veteran Ahuja out

Cisco, which kicked off 2016 with news that the leader of its engineering troops would soon be leaving the company, has now undertaken a major reorganization of that same group and disclosed another high-profile departure.The company announced internally that the moves, designed to better align engineering with Cisco business priorities under new-ish CEO Chuck Robbins, include the exit of 18-year veteran and Service Provider leader Kelly Ahuja. Cisco did not say where Ahuja might be headed, but did say he will be replaced by Yvette Kanouff, who will lead an expanded Service Provider organization. Kanouff joined Cisco in 2014 from Cablevision and has been Cisco's SVP and GM, Cloud Solutions.To read this article in full or to leave a comment, please click here

Label Switched Multicast — Configuration

In the previous post (Label Switched Multicast - An Introduction) in this series on Label Switched Multicast (LSM) I introduced the concepts behind LSM and draft-rosen, the two most poplar methods for transporting multicast traffic through MPLS Layer 3 VPNs.

In this article I will talk through the configuration of LSM on the PE and P routers and get to the point where two CEs are successfully passing multicast traffic via the MPLS network. All of the configuration examples will be relevant to Cisco IOS.

As was the case in the introduction article in the series, it's best if you already have a good understanding of multicast and MPLS before reading this article.

At the end of this article you'll be able to start configuring your own LSM environment using the configuration samples here as a template.

To the CLI!

Using Docker Machine with AWS

As part of a broader effort (see the post on my 2016 projects) to leverage public cloud resources more than I have in the past, some Docker Engine-related testing I’ve been conducting recently has been done using AWS EC2 instances instead of VMs in my home lab. Along the way, I’ve found Docker Machine to be quite a handy tool, and in this post I’ll share how to use Docker Machine with AWS.

By and large, using Docker Machine with AWS is pretty straightforward. You can get an idea of what information Docker Machine needs by running docker-machine create -d amazonec2 --help. (You can also view the documentation for the AWS driver specifically.) The key pieces of information you need are:

  • --amazonec2-access-key: This is your AWS access key. Docker Machine can read it from the $AWS_ACCESS_KEY_ID environment variable, or—if you have the AWS CLI installed—Docker Machine can read it from there.
  • --amazonec2-secret-key: This is your AWS secret key. As with the AWS access key, Docker Machine can read this from an environment variable ($AWS_SECRET_ACCESS_KEY) or from the AWS CLI credentials file (by default, found in ~/.aws/credentials).
  • --amazonec2-region: The AWS driver defaults to Continue reading
1 2,942 2,943 2,944 2,945 2,946 3,696