Henry Ford and Incident Response

In the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so, he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to reduce consumer prices. Ford solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. While incident response is a bit different from automobile manufacturing, I believe that CISOs should assess their IR processes and take Ford’s four principles to heart. Here’s how I translate each one for IR purposes: Interchangeable parts. In Ford’s world, interchangeable parts meant that components like steering wheels and bumpers could be used to assemble all types of cars and thus keep the line moving. In IR, interchangeable parts mean that all detection tools should be based on published APIs so that each one can interoperate with all others. It also means embracing standards like STIX and TAXII for threat intelligence exchange so data can be easily consumed or shared. Finally, interchangeable IR parts calls for the creation and adoption of cybersecurity middleware that acts as a higher-level abstraction layer for Continue reading

Pwn2Own contest puts $75,000 bounty on VMware Workstation bypass

The Pwn2Own hacking contest will return in March, pitting researchers against the most popular browsers and operating systems. The novelty: Contestants can win a $75,00 prize for escaping a VMware virtual machine.Contestants will be able to exploit Microsoft Edge or Google Chrome on fully patched versions of 64-bit Windows 10 and Apple Safari on OS X El Capitan. System or root-level privilege escalation pays extra, as does escaping from the virtual machine.Every year, Pwn2Own, at the CanSecWest security conference, has slightly modified rules, and 2016 is no different. Adobe Reader, Mozilla Firefox and Internet Explorer are no longer on the contest's target list. Adobe Flash remains, but only the version that comes bundled with Microsoft Edge.To read this article in full or to leave a comment, please click here

Brocade @ MWC Barcelona 2016

Brocade Mobile CTO, Kevin Shatzkamer, recently provided a radio show preview of what to expect at Mobile World Congress this year in Barcelona.  One of the big themes is expected to be 5G along with the services and new business models it will enable for the mobile industry. We are all familiar with the existing... Read more →

Padding oracles and the decline of CBC-mode cipher suites

Padding oracles and the decline of CBC-mode cipher suites

At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. Improving the cryptography used by the majority requires a coordinated effort between the organizations building web browsers and API clients and those working on web services like CloudFlare. Cryptography is a two-way street. Even if we support the most secure cryptographic algorithms for our customers, web visitors won’t get the benefit unless their web client supports the same algorithms.

In this blog post we explore the history of one widely used cryptographic mode that continues to cause problems: cipher block chaining (CBC). We’ll explain why CBC has proven difficult to use safely, and how recent trends in the adoption of secure ciphers by web clients have helped reduce the web’s reliance on this technology. From CloudFlare’s own data, we’ve seen the percentage of web clients that support safer cipher modes (such as AEAD) rise from under 50% to over 70% in six months, a good sign for the Internet.

What’s in a block cipher?

Ciphers Continue reading

3 Reasons Why Your Security Strategy is not Mobile-Cloud Era Ready (Webcast)

Geoff Huang, VMware

Geoff Huang, VMware

As technology evolves, companies adapt and grow. We are no longer confined to conducting business within brick and mortar offices. We can hold a meeting on our tablet in a coffee shop or organize our schedules in our smartphones at the grocery store. Even storage has travelled from overflowing file cabinets into a vast, expansive cloud that can be reached from portable devices wherever, whenever. As businesses go mobile, security is more vital than ever, and it’s important that we enhance it while remaining productive. But how can we be certain that our valuable, business-critical resources are protected?

Geoff Huang, VMware’s Director of Product Marketing, Networking and Security, will host this half-hour webcast on February 18th at 11:00 am PST on why yesterday’s security measurements have become inadequate with the rise of network virtualization, and how NSX can offer a remedy in the modern, mobile workspace.

The truth is, the mobile cloud’s increased efficiency also comes with increased security threats. Before, security was created by building a moat around a network to guard company resources against outsiders trying to break-in. Once that network transitions into a mobile workspace, however, its borders can no longer be tangibly defined, so Continue reading

Risky business? Online dating fraud dips during Valentine’s Day

Good news, singletons. According to research from device intelligence and fraud prevention company iovation, fraud on online dating sites is lower leading up to Valentine's Day.In February 2015, 1.23 percent of all online dating transactions were fraudulent, compared to 1.39 percent during all of 2015, according to iovation.This doesn't mean that fraudsters are less active around Valentine's day, but rather that there are more legitimate fish in the online dating sea. "The reason that online fraud rates dip at Valentine's Day is simply because there is a disproportionately high volume of legitimate dating site traffic during that time," said iovation’s VP of Operations Molly O’Hearn. "So it's not that the fraudsters are taking a breather, it's that the legitimate users of data services ramp up, causing the ratio of fraud in the mix to temporarily decline."To read this article in full or to leave a comment, please click here(Insider Story)

ENCRYPT Act co-sponsor learned tech ropes at Microsoft

One of four congressional sponsors of the ENCRYPT Act of 2016, which would preempt state and local laws banning encryption on smartphones, cut her teeth in mobile communications for Microsoft.U.S. Rep. Suzan DelBene (D-Wash.) worked as vice president of mobile communications at Microsoft from 2004 to 2007. That was her second stint at Microsoft; her first was from 1989 to 1998 after receiving an MBA when she worked on Windows 95, email and embedded systems. In between, she helped start Drugstore.com.To read this article in full or to leave a comment, please click here

7 Android tools that can help your personal security

This isn't your typical Android security story.Most articles about Android security tools focus on malware-scanning suites like Lookout, Norton and AVG. But with the layers of protection already built into the platform, those sorts of apps are arguably unnecessary and often counterproductive -- or even needlessly expensive.INSIDER: 5 ways to prepare for Internet of Things security threats For most Android users, the seven tools below should cover all the important bases of device and data security. Some are third-party apps, while others are native parts of the Android operating system. They all, however, will protect your personal info in meaningful ways -- and without compromising your phone's performance. Plus, all but two of them are free.To read this article in full or to leave a comment, please click here

CCDE – Introduction to GET VPN and GET VPN Design Considerations

Introduction to GET VPN

GET VPN is a Cisco proprietary technology aimed for private WAN designs where there is a need to encrypt the traffic. This may be due to regulatory requirements or just a need to keep traffic private. GET VPN is common deployed over private WAN topologies such as MPLS VPN or VPLS.

GET VPN uses IPSec to encrypt the traffic but the main concept of GET VPN is to use group security association (SA) as opposed to the standard LAN to LAN tunnels where the SA is created in a point to point fashion.

Technologies such as DMVPN requires overlaying a secondary routing infrastructure through the tunnels while GET VPN can use the underlying routing infrastructure. Traditional point to point IPSec tunneling solutions suffer from multicast replication issues because the replication must be performed before tunnel encapsulation and encryption at the router closest to the source. The provider will see all traffic as unicasts due to the overlay which means that replication can not performed in the provider network.

In GET VPN, all group members (GMs) share a common SA which is also known as the group SA. A GM can then decrypt traffic that was encrypted Continue reading

The Cure for Network Downtime is Not Just Technology

Design and tune your network all you want. But if your company doesn’t also have a culture of high availability, your High Availability and Fast Convergence is not complete.

**This blog is a formatting cleanup and update to a previous blog I posted in 2011 on NetworkWorld.

You just finished watching a CiscoLive session from the online CiscoLive On Demand Library and now you want to run and start figuring out the alphabet soup of choices and decisions that is High Availability (HA) and Fast Convergence (FC) – NSR, NSF, GR, BFD, SSO…

Happens all the time whether it be from reading, classes, discussions with fellow engineers, or in my backyard in the Cisco Customer Proof of Concept lab (CPOC)… You take the proverbial magnifying glass and pair it up with your new found knowledge and proceed to give your network a good looking at while asking the question:

“What can be done with this network so that when a failure occurs the transition from failure to recovery happens as quickly as possible?” 

 

So once you figure that out for your network, and implement changes, you are done.  Right?  My opinion?  No, no, no and Continue reading

Building an OpenStack home lab – Installing OpenStack

If you’ve made it this far, hopefully you’ve already completed steps similar to those outlined in my previous two posts…

The Lab
Prepping the VMs

If you have, we’re now ready to start installing OpenStack itself.  To do this, I’ve built a set of installation scripts.  All of the files are out on Github…

https://github.com/jonlangemak/openstackbuild

I suggest you pull them from there into a local directory you can work off of.  There is a folder for each VM that needs to be built and each folder has a file called ‘install’.  This file contains all of the steps required to build each on one of the three nodes.  The remaining files are all of the configuration files that need to change in order for OpenStack to work in our build.  We’ll be copying these files over to the VMs as part of the install.

A couple of notes before we start…

-The beginning of each each install file lists all of the packages that need to be installed for this to work.  I suggest you start the package install on each VM at the same time as it can take some time Continue reading

Hackers of two Ukrainian utilities probably hit mining and railroad targets, too

The attackers who crippled Ukrainian power operators in December probably committed attacks shortly before against a mining company and a railway operator, Trend Micro said Thursday.The security company said its latest technical research shows that the same malware -- dubbed BlackEnergy and KillDisk -- were probably used in the earlier actions. It didn't name the targets of those attacks, which took place in November and December."There is remarkable overlap between the malware used, infrastructure, naming conventions, and to some degree, the timing of use for this malware," wrote Kyle Wilhoit, a senior threat researcher.To read this article in full or to leave a comment, please click here

1 3,074 3,075 3,076 3,077 3,078 3,773