Thoughts On Encryption

encryption

The debate on encryption has heated up significantly in the last couple of months. Most of the recent discussion has revolved around a particular device in a specific case but encryption is older than that. Modern encryption systems represent the culmination of centuries of development of making sure things aren’t seen.

Encryption As A Weapon

Did you know that twenty years ago the U.S. Government classified encryption as a munition? Data encryption was classified as a military asset and placed on the U.S. Munitions List as an auxiliary asset. The control of encryption as a military asset meant that exporting strong encryption to foreign countries was against the law. For a number of years the only thing that could be exported without fear of legal impact was regular old Data Encryption Standard (DES) methods. Even 3DES, which is theoretically much stronger but practically not much better than it’s older counterpart, was restricted for export to foreign countries.

While the rules around encryption export have been relaxed since the early 2000s, there are still some restrictions in place. Those rules are for countries that are on U.S. Government watch lists for terror states or governments deemed “rogue” states. Continue reading

AT&T wants the world to see its software for spinning up services

AT&T has revealed details of a software platform that makes it easier for customers to order new services, and the company may release the code as open source for other service providers to use.The massive U.S. carrier has been on a full-tilt push to put its network under software control for the past several years, aiming to slash the time and effort required to deliver new services and change settings like the speed of a customer's connections. It's starting to offer subscribers a way to set up or modify services instantly through a Web portal. The effort is also helping AT&T save money, partly by using generic "white box" hardware.To read this article in full or to leave a comment, please click here

AI is not as remarkable as it sounds

Artificial intelligence (AI) may conjure up far-fetched ideas of robot assistants, or perhaps an all-seeing presence like HAL 9000, the sentient machine in the movie 2001. But the likelier truth is that AI will come in the form of software running in your data center.And it will be coming very soon: Research firm Gartner predicts that "smart machines" will have a widespread impact on business within the next four years.In general terms it's likely that AI will be able to help IT departments do their job - and help businesses be more productive – by ensuring that "processes get applied, stuff is accurate, errors are eliminated, and compliance is met," according to Dr Stuart Anderson, a research fellow at the Future of Humanity Institute at the University of Oxford.To read this article in full or to leave a comment, please click here

A scheme in India to help the poor raises privacy concerns

India’s legislators are on Wednesday debating a law that would allow the government to collect biometric and demographic information from people in return for distributing to them government benefits and subsidies.A number of legislators and civil rights activists are concerned about the absence of strong privacy safeguards in the legislation and a provision in the law that allows the government to access the data collected for national security reasons. There is also concern that such a large centralized database of personal information could be hacked and critical information leaked.Activists are also wary that the program could be extended by the government to make it a mandatory digital ID card for people in the country. Already some telecommunications services and financial services companies use the biometric identity as an optional way for verifying customers.To read this article in full or to leave a comment, please click here

Table Sizes in OpenFlow Switches

This article was initially sent to my SDN mailing list. To register for SDN tips, updates, and special offers, click here.

Usman asked a few questions in his comment on my blog, including:

At the moment, local RIB gets downloaded to FIB and we get packet forwarding on a router. If we start evaluating too many fields (PBR) and (assume) are able to push these policies to the FIB - what would become of the FIB table size?

Short answer: It would explode ;)

Read more ...

General – How to Build a Network Pt.1

Building a strong network of people is very important in creating a successful career in IT. In these posts we will start first look at why building a network is important and in the other posts we will look at how to actually build the network and how to make sure that you are also contributing to the network and not only exploiting it.

If you came here to read about connecting cables or routing protocols, sorry, this is not that kind of post. This post is about how to build a network of people.

People often understimate the power of having a big reach in the industry through a network of people. I often hear in my role that I’m almost too effective sometimes. Part of that is because I have a very good network of people that I trust and rely on. In this blog we will look at WHY you want to build a network of people.

The Borg Mind – Have you heard of Star Trek? No? Are you sure you work in IT? ? Jokes aside, there is species called the Borg in the series which do not so nice things. What it is nice about Continue reading

Large advertising-based cyberattack hit BBC, New York Times, MSN

Major websites including the BBC, Newsweek, The New York Times and MSN ran malicious online advertisements on Sunday that attacked users' computers, a campaign that one expert said was the largest seen in two years.The websites weren't at fault. Instead, they are unwitting victims of malvertising, a scheme where cyberattackers upload harmful ads to online advertising companies, which are then distributed to top-tier publishers.Tens of thousands of computers could have been exposed to the harmful advertisements on Sunday, which means some running vulnerable software may have been infected with malware or file-encrypting ransomware.Some bad ads were still appearing on some websites including the BBC on Monday, said Jerome Segura, a senior security researcher with Malwarebytes, in a phone interview Tuesday.To read this article in full or to leave a comment, please click here

Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

  • It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
    • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
  • The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
  • Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
  • I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
  • Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
  • I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

Ubiquity gear replacing BT HomeHub router

These are my notes from setting up Ubiquity wifi access point and router to replace the horrible BT HomeHub 5.

What’s wrong with BT HomeHub?

  • It can’t hand out non-BT DNS servers (and BT’s DNS servers MITM your queries and spoof NXDOMAIN if the reply has rfc1918 addresses in them. This is known and they “can’t” turn this off)
    • This means that I had to turn off the DHCP server and run my own on a raspberry pi. So I’m actually replacing two devices. It was already not a all-in-one-box solution.
  • The port forwarding database is not using unique key constraints, so you have to try and re-try adding port forwardings until you’re lucky and don’t hit a key collision.
  • Only one wifi network. I want untrusted things (IoT) to be firewalled from the rest.
  • I want to deny Internet access to some IoT things. I don’t need them to be able to connect anywhere. HomeHub doesn’t support that.
  • Wifi range is not great. Not terrible, but bad enough that it doesn’t cover my home.
  • I don’t know if it’s to blame, but I did not have a good experience trying to set up a second AP to automatically roam Continue reading

Managing Cisco IOS Upgrades with Ansible

upgradesI was recently asked to automate the way a client handles Cisco IOS upgrades. As I’ve been using Ansible a lot lately I decided to start there. Basically the steps required to do the upgrade can be broken down into parts which map quite nicely to tasks in an Ansible playbook. Even if you aren’t using IOS you might find it interesting to see how different Ansible modules can be combined in order to complete a set of tasks.

Continue reading

Managing Cisco IOS Upgrades with Ansible

upgradesI was recently asked to automate the way a client handles Cisco IOS upgrades. As I’ve been using Ansible a lot lately I decided to start there. Basically the steps required to do the upgrade can be broken down into parts which map quite nicely to tasks in an Ansible playbook. Even if you aren’t using IOS you might find it interesting to see how different Ansible modules can be combined in order to complete a set of tasks.
Continue reading

Privacy issues hit all branches of government at once

In a rare confluence of events, all three branches of the federal government are weighing changes that would affect when and how personal data is accessed.The approaches are somewhat contradictory: Some moves would protect citizen privacy, while others could result in more access by government agencies to records kept by businesses and smartphone users about personal information. Encryption technology is usually at the center of the discussions, with intelligence officials eager to find ways to detect communications on smartphones used by criminals and terrorists.Various actions are taking place in the federal judiciary, before Congress, as well as the executive branch.To read this article in full or to leave a comment, please click here

Defense Dept. wants your help in imagining the worst

Uncle Sam wants your brain power, technical expertise and imagination to help defend the U.S. No enlistment required.The Department of Defense says it needs to understand how everyday objects and available technologies can be used by terrorists.The range of technologies is so vast that the military's main scientific agency, the Defense Advanced Research Projects Agency (DARPA), says it needs input from as many technical people as possible.The agency has put out an open call for anyone from a credentialed professional to "skilled hobbyist" in all technical areas, including IT.INSIDER: 5 ways to prepare for Internet of Things security threats DARPA, in its announcement, wants people to show it "how easily-accessed hardware, software, processes and methods might be used to create products or systems that could pose a future threat."To read this article in full or to leave a comment, please click here

How far have we come with HTTPS? Google turns on the spotlight

HTTPS is widely considered one of the keys to a safer Internet, but only if it's broadly implemented. Aiming to shed some light on how much progress has been made so far, Google on Tuesday launched a new section of its transparency report dedicated to encryption.Included in the new section is data highlighting the progress of encryption efforts both at Google and on popular third-party sites."Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the Web even safer for everyone," wrote HTTPS evangelists Rutledge Chin Feman and Tim Willis on the Google Security Blog.To read this article in full or to leave a comment, please click here

1 3,093 3,094 3,095 3,096 3,097 3,842