Some notes on the eDellRoot key

It was discovered this weekend that new Dell computers, as well as old ones with updates, come with a CA certificate ("eDellRoot") that includes the private key. This means hackers can eavesdrop on the SSL communications of Dell computers. I explain how in this blog post, just replace the "ca.key" with "eDellRoot.key".

If I were a black-hat hacker, I'd immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone's encrypted communications. I suggest "international first class", because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking.

I point this out in order to describe the severity of Dell's mistake. It's not a simple bug that needs to be fixed, it's a drop-everything and panic sort of bug. Dell needs to panic. Dell's corporate customers need to panic.

Note that Dell's spinning of this issue has started, saying that they aren't like Lenovo, because they didn't install bloatware like Superfish. This doesn't matter. The problem with Superfish wasn't the software, but the private key. In this respect, Dell's error is exactly as bad as the Superfish error.

Microsoft CEO takes a collaborative approach to cybersecurity

Satya Nadella will have you know that cybersecurity takes a village.The Microsoft CEO took to the stage this week in the nation's capital to describe a new, collaborative approach the company is taking as it deals with an evolving set of digital threats targeting an increasingly distributed tangle of users, devices and systems.[ Related: CISOs learn 5 tough lessons about conveying security risks ]Nadella positions the cyber challenge as the latest entry on a continuum of threats that have emerged with new methods of communication, recalling the emergence of mail fraud and wire fraud, and calling cyber "one of the most pressing issues of [our] time."To read this article in full or to leave a comment, please click here

Adware program Vonteera blocks security products with simple Windows UAC trick

A well-known adware program is preventing users from installing antivirus products by leveraging a Windows feature that was designed for security.The program, known as Vonteera, abuses the digital signature check performed by the Windows User Access Control (UAC) for executable files.UAC prompts users for confirmation whenever a program wants to make a system change that requires administrator-level privileges. It therefore prevents malware from silently gaining full system access if executed from a limited user account.Depending on whether an executed file is digitally signed by a trusted publisher, the UAC displays confirmation prompts indicating different levels of risk. For example, if the file is unsigned, or is signed with a self-generated certificate that Windows can't link back to a trusted certificate authority, the UAC prompt will have a yellow exclamation mark.To read this article in full or to leave a comment, please click here

FAA to drone owners: Get ready to register to fly

While an actual rule could be months away, drones weighing about 9 ounces or more will apparently need to be registered with the Federal Aviation Administration going forward.The registration requirement and other details came form the government’s UAS Task Force which was created by the FAA in last month and featured all manner of associates from Google, the Academy of Model Aeronautics and Air Line Pilots Association to Walmart, GoPro and Amazon.+More on Network World: Hot stuff: The coolest drones+Other proposed requirements were to offer a simple, free online registration system and a requirement that unmanned aircraft would need to fly with an visible registration number tying the aircraft to the owner.To read this article in full or to leave a comment, please click here

How Wistia Handles Millions of Requests Per Hour and Processes Rich Video Analytics

This is a guest repost from Christophe Limpalair of his interview with Max Schnur, Web Developer at  Wistia.

Wistia is video hosting for business. They offer video analytics like heatmaps, and they give you the ability to add calls to action, for example. I was really interested in learning how all the different components work and how they’re able to stream so much video content, so that’s what this episode focuses on.

What does Wistia’s stack look like?

As you will see, Wistia is made up of different parts. Here are some of the technologies powering these different parts:

What scale are you running at?

Worth Reading: God-like powers

In short, the intersection of the real world and the virtual one is constant, powerful and dangerous. Equipped with the latest in phones smarter than we are, we have all become the media. But we lack the common sense to sort through what we’ve learned. We’re going to uncover every flaw of one another – probably with accompanying video. Let’s just hope we learn to forgive … and forget. via townhall

The post Worth Reading: God-like powers appeared first on 'net work.

Using Raspberry Pi for holiday light shows

Depending upon your line of work, you might be looking at a long holiday weekend. If you like to tinker with code and hardware, and also like holiday light shows, then instead of purchasing some pre-made kit, you might consider LightShow Pi.To read this article in full or to leave a comment, please click here

Passenger puts black powder in checked bag: How’d that decision play out?

Let’s say for the sake of discussion that the guy – anyone think it’s a woman? – did not place the 10 tubes of black powder in his checked luggage as part of a terrorist plot or amateur sting operation against TSA screeners. The TSA mentions neither in its blog post that notes the incident.Instead, this adult human being awakened one morning recently, began packing for a trip, realized he needed to transport 10 tubes of an explosive from his home in Utah through Salt Lake City International Airport, and decided the best way to do that would be to place the tubes in his suitcase alongside his shaving kit and underwear.To read this article in full or to leave a comment, please click here

Worth Reading Roundup: Security and Privacy

“If I haven’t done anything wrong, then I don’t have anything to hide.” This is one of those bits of nonsense that never seems to lose it’s power regardless of how many times it’s been proven wrong in history. Privacy is one of the most important freedoms we enjoy — the privacy to try, the privacy to work things out among friends, and even the privacy to fail.

So what does the ‘net say about privacy this week?

One of the most disturbing things is the growing tendency to engineer people for greater efficiency. This trend started more than a hundred years ago — remember this?

But there is something fundamentally dehumanizing about people like machines out of whom you can squeeze infinite amounts of bandwidth — but it seems to be something we’re pushing towards almost as fast as we can, in both the corporate world and in government.

Digging into personal information in order to manipulate the environment for greater profit and productivity just seems a bit slimy. And I used the word manipulate (and slimy) on purpose. fistful of talent

Many countries are in the throes of a debate about the amount of surveillance a government Continue reading

New products of the week 11.23.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Actiance Supervisory Capabilities for Alcatraz Key features: Actiance released expanded supervisory review capabilities for Alcatraz, its cloud-based archive. The expanded supervisory capabilities employ advanced analytics to enable greater insight into conversations occurring across 70+ communication channels. More info.To read this article in full or to leave a comment, please click here

Can You Afford to Reformat Your Data Center?

I love listening to the Datanauts podcast (Ethan and Chris are fantastic hosts), starting from the very first episode (hyper-converged infrastructure) in which Chris made a very valid comment along the lines of “with the hyper-converged infrastructure it’s possible to get so many things done without knowing too much about any individual thing…” and I immediately thought “… and what happens when it fails?

Read more ...

RIPE 71 Meeting Report

The RIPE 71 meeting took place in Bucharest, Romania in November. Here are my impressions from a number of the sessions I attended that I thought were of interest. It was a relatively packed meeting held over 5 days so this is by no means all that was presented through the week.

IWAN: Why EIGRP or BGP Over the DMVPN Tunnel?

IWAN (Intelligent Wide Area Network) and Why EIGRP or BGP over the DMVPN Tunnel.

In this YouTube “playing in the lab” IWAN fun we are going to drill down between 2 sites – Branch 3 and the Hub site.   Branch 3 will be in “hybrid” mode (1 MPLS link and 1 Internet Link) – in the past using the MPLS link as a primary and the internet link as backup only.  Now, however, taking advantage of IWAN’s Intelligent Path Control.

We will design the implementation such that should we need to fall back from Intelligent Path Control to normal routing…  we fallback to what is (for many customers’) today’s norm in this situation – MPLS as the Primary and Internet as the backup.  For this to happen….there will only be 1 entry in the RIB (via the MPLS)  How, then you ask, would you ever send any traffic at all out of the Internet link (tunnel 20) if that path is not in the routing table?  :)

PfRv3 can read the EIGRP topo table and the BGP table…. we can still do intelligent decision making at the WAN edge and only send out the Internet path Continue reading

1 3,013 3,014 3,015 3,016 3,017 3,616