Introducing CFSSL 1.2

Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update. In the last 20 months, we have added a ton of great features, and CFSSL has attracted an active community of users and contributors. Users range from large SaaS providers (Heroku) to game companies (Riot Games) and the newest Certificate Authority (Let’s Encrypt). For them and for CloudFlare, CFSSL has become a core tool for automating certificates and TLS configurations. With added support for configuration scanning, automated provisioning via the transport package, revocation, certificate transparency and PKCS#11, CFSSL is now even more powerful.

We’re also happy to announce CFSSL’s new home: cfssl.org. From there you can try out CFSSL’s user interface, download binaries, and test some of its features.

Motivation

current efforts - google Licensing: Public Domain

This 2013 National Security Agency (NSA) slide describing how data from Google’s internal network was collected by intelligence agencies was eye-opening—and shocking—to many technology companies. The idea that an attacker could read messages passed between services wasn’t technically groundbreaking, but it Continue reading

Your Linux-based home router could succumb to a new Telnet worm, Remaiten

Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords. Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten. When scanning for new victims, Remaiten tries to connect to random IP addresses on port 23 (Telnet) and if the connection is successful, it attempts to authenticate using username and password combinations from a list of commonly used credentials, researchers from ESET said in a blog post.To read this article in full or to leave a comment, please click here

Your Linux-based home router could succumb to a new Telnet worm, Remaiten

Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords. Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten. When scanning for new victims, Remaiten tries to connect to random IP addresses on port 23 (Telnet) and if the connection is successful, it attempts to authenticate using username and password combinations from a list of commonly used credentials, researchers from ESET said in a blog post.To read this article in full or to leave a comment, please click here

Do You Really Want to Write that Book?

It’s amazing how interesting questions come in batches: within 24 hours two friends asked me what I think about writing books. Here’s a summary of my replies (as always, full of opinions and heavily biased), and if you’re a fellow book author with strong opinions, please leave them in the comments.

Read more ...

FBI already using its iPhone hack to assist other criminal investigations

Apple's widely publicized battle with the FBI came to an unceremonious end this week when the DOJ filed a motion seeking to vacate a previous court order that would have forced Apple to help the FBI hack into the iPhone used by one of the San Bernardino terrorists.The impetus for the DOJ dropping its legal suit against Apple was that the FBI, with the assistance of a third party, finally managed to access the aforementioned iPhone's data without Apple's assistance. While the identity of the third party has never been confirmed, it's believed that an Israeli software forensics company called Cellebrite provided the FBI with a way in.And with not even a week having gone by, the FBI has reportedly begun using its recently acquired iPhone hacking solution in other criminal investigations. According to a report from the Associated Press, the FBI recently agreed to access a locked iPhone and iPod where were subject to a warrant as part of a homicide investigation in Little Rock, Arkansas. Officials involved in the case indicated that they have reason to believe that the devices contain evidence of the duo's pre-meditated murder plans.To read this article in full or Continue reading

MedStar Health partially restores services after suspected ransomware attack

MedStar Health said Wednesday it is restoring computer systems following a cyberattack that reportedly involved file-encrypting malware.The not-for-profit organization, which runs 10 hospitals in the Washington, D.C., area, was hit with ransomware, the Baltimore Sun reported on Wednesday, citing two anonymous sources.MedStar Health officials could not be immediately reached for comment. The organization issued two statements Wednesday, but did not describe what type of malware infected its systems.It said in one statement that its IT team has worked continuously to restore access to three main clinical systems. It said no patient data or associate data was compromised.To read this article in full or to leave a comment, please click here

Docker Machine, OpenStack, and SSH Keys

I wanted to provide readers a quick “heads up” about some unexpected behavior regarding Docker Machine and OpenStack. It’s not a huge deal, but it could catch someone off-guard if they aren’t aware of what’s happening.

This post builds on the earlier post I published on using Docker Machine with OpenStack; specifically, the section about using Docker Machine’s native OpenStack driver to provision instances on an OpenStack cloud. As a quick recap, recall that you can provision instances on an OpenStack cloud (and have Docker Engine installed and configured on those instances) with a command like this:

docker-machine create -d openstack 
--openstack-flavor-id 3 
--openstack-image-name "Ubuntu 14.04.3 LTS x64" 
--openstack-net-name lab-net-5 
--openstack-floatingip-pool ext-net-5 
--openstack-sec-groups docker,basic-services
instance-name

(Note that I didn’t include all of the optional parameters; refer to either my earlier blog post or the Docker Machine OpenStack driver reference for more details).

One of the optional parameters for Docker Machine’s OpenStack driver is the --openstack-keypair-name parameter, which allows you to specify the name of an existing keypair to use with instances created by Docker Machine. If you omit this parameter, as I have above, then Docker Machine will auto-generate a new SSH Continue reading

Perceptions of NFV Hype and Reality

cisco-nfv-hype-vs-reality-article “There are things known and there are things unknown, and in between are the doors of perception," wrote Aldous Huxley. That could be a description of the evolving tension between the perceptions of hype and reality of the NFV market as it enters its important phase of commercialization.

Worth Reading: The end of Moore’s Law?

Moore’s Law may be nearing its end, however. Tom Simonite at the MIT Technology Review writes that Intel has declared in a regulatory filing what insiders have suspected: The company is slowing the release of new chips in a manner that doesn’t keep pace with the law. The reason is simply that fabricating small transistors, which now are at about 14 nanometers, is increasingly difficult and costly. The insiders suspect that the end is near because the next generation, which aims at 10 nm, has already been delayed. -via IT Business Edge

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: The end of Moore’s Law? appeared first on 'net work.

IDG Contributor Network: Add more antennas to base stations for 5G efficiencies, say researchers

Samsung, Huawei and others maybe barking up the wrong tree, or wrong cell tower, when it comes to 5G, if researchers at two universities in Europe are correct.The scientist there think that it might not be necessary to shift mobile networks up the frequency spectrum and into the millimeter bands to gain efficiencies, and thus serve more users with increasing speeds and bandwidth.+ MORE ON 5G 5G: A look at radios and spectrum +All you need do is create bigger antenna arrays, the scientists from the University of Bristol and Lund University believe. With a “massive antenna system,” existing microwave frequencies would work just fine for 5G, they surmise.To read this article in full or to leave a comment, please click here

Humidity, not heat, is a hard drive’s biggest threat

Having been to Orlando in August, I know the meaning of the term "It's not the heat, it's the humidity." That was the first and only time I had my glasses fog up for just stepping outside.And it turns out humidity is a greater threat to hard drive reliability than high temperatures, according to a study from Rutgers University in partnership with GoDaddy and Microsoft. In their paper titled "Environmental Conditions and Disk Reliability in Free-cooled Datacenters" (PDF), the team said the most notable result was that all other conditions aside, the effects on controllers and adapters were felt most as humidity levels rose.To read this article in full or to leave a comment, please click here

Creating a Dynamic Lab Environment with vEOS and GNS3 – Part II

SETTING UP A DHCP AND FILE SERVER FOR USE WITH ZTP

Now that we have a couple vEOS instances configured and able to communicate, and we have our out-of-band network set up, we can now begin to use ZTP to provide an initial startup config.


NOTE
Notice that we did not connect the Management1 interface of either vEOS instance to anything inside of GNS3.  If you remember when we created the VMs, their first interface is a host-only adapter connected to the vboxnet in VirtualBox, so it’s automatically connected and there’s nothing additional we need to do there, but GNS3 doesn’t know that so it considers the interface disconnected, and that’s OK.  That saves us from having to add our management server(s) to the topology and cluttering it up (Just imagine trying to have a nice clean-looking topology in GNS3 if you had to have a connection from every vEOS instance to the management server(s) ), which is distracting and ugly - we’re better than that.


ZTP is enabled as a default on the vEOS instances, but we still need to set up a server to provide DHCP and File services.  For servers, Ubuntu is my go-to and I usually Continue reading

Creating a Dynamic Lab Environment with vEOS and GNS3 – Part I

GETTING STARTED

Preliminary Installation Setup

Install GNS3
Install VirtualBox
Get ahold of the .vmdk and aboot.iso files


It is recommended to install VirtualBox AFTER you install GNS3 to avoid problems with GNS3 detecting VirtualBox.


Go to www.arista.com, and go to Support > Software Download.  The two files you’ll want are the .vmdk file as well as the Aboot .iso file:




Creating the Management Network

To simulate an out-of-band management network, we will create a vboxnet interface, similar to a loopback interface, on our laptop.  This will also allow us to interact with our virtual machines via SSH, etc.


Open VirtualBox, go to Preferences, and click Network. Select “Host-only Networks”, and then click the NIC adapter image with a plus symbol on it to add a new host-only network if there isn’t one already:




Select your newly-created vboxnet and click the screwdriver icon to configure it:




We’re going to be using ZTP to provision our switches, so select “DHCP Server”, ensure “Enable Server” is unchecked, and then click OK:




Verify you have a new interface reflecting your vboxnet configuration:




SETTING UP vEOS

Creating a Base Image

You’ll want a nice, clean base image to create clones Continue reading

Sometimes techy details matter

How terrorists use encryption is going to become central to the Cryptowars 2.0 debate. Both sides are going to cite the case of Reda Hame described in this NYTimes article. On one hand, it shows that terrorists do indeed use encryption. On the other hand, the terrorists used TrueCrypt, which can't be stopped, no matter how many "backdoor" laws the police-state tries to pass.

The problem with the NYTimes article is that the technical details are garbled. (Update: at the bottom, I correct them). Normally, that's not a problem, because we experts can fill in the details using basic assumptions. But the technique ISIS used is bizarre, using TrueCrypt containers uploaded to a file-sharing site. This is a horrible way to pass messages -- assumptions we make trying to fill in the blanks are likely flawed.

Moreover, there is good reason to distrust the NYTimes article. Small details conflict with a similar article in the French newspaper Le Monde from January 6. Both articles are based on the same confession by Reda Hame from last August.

For example, in discussing a training accident with a grenade, the NYTimes article says "Mr. Hame did not throw it far Continue reading

Rules, smules, classified, smashified: Those things don’t seem to apply to Clinton

Rules, smules...they don't seem to apply to Hillary Clinton. The Washington Post has an excellent piece about the Clinton email scandal.For “personal comfort” reasons, she wanted to use her personal unencrypted BlackBerry for all her email, despite warnings that it could be vulnerable. She even took it overseas, although she supposedly said she “gets it” being a security risk. Don’t be silly and expect her to use a PC; oh no, she was seemingly a CrackBerry fanboy. She also didn’t bother to tell officials that her BlackBerry was tied to her infamous private email server. That server was supposedly also for her comfort – for her “convenience.”To read this article in full or to leave a comment, please click here

1 3,019 3,020 3,021 3,022 3,023 3,787