EZ-Wave: A Z-Wave hacking tool capable of breaking bulbs, abusing Z-Wave devices

The synopsis for Breaking Bulbs Briskly by Bogus Broadcasts mentions the promise of smart energy and building automation, as well as the many unintended vulnerabilities that are introduced in the rush to bring IoT devices to market. The researchers believe “the ability to physically damage hardware by abusing network access is particularly interesting.” I agree.Frustrated by the “lack of functionality in current Z-Wave hacking tools,” ShmooCon presenters Joseph Hall and Ben Ramsey created and released a new, open source EZ-Wave tool. Not only did the duo discuss how to use the tool for pen-testing Z-Wave wireless automation networks, they also discussed “a rapid process for destroying florescent lights.” They added, “Once access is gained to an automated lighting system, regardless of the protocol used, we demonstrate how to destroy florescent lamps rated for 30K hours within a single night of abuse.”To read this article in full or to leave a comment, please click here

2016: The Tipping Point for DevOps

Jan16-Trends-blog-header.png

Ahhh, a new year.

While 2015 was certainly a big year for us as we joined the Red Hat family, in many ways we’re still right at home with our roots deeply planted in the ways of open source. That means we’re listening (as we always do) to our customers and community members about what what they see as their problems to solve and goals to achieve in the year ahead. 

Here’s a bit of what we see:

  • DevOps! It’s everywhere! If ever there was a buzzword to officially deserve the “jumped the shark” label, this might just be it. General understanding of DevOps as a practice that can potentially accelerate IT project delivery has permeated most IT departments, from the smallest of businesses to the most daunting of large enterprises, sometimes from the grassroots level, and sometimes from the top down.  

  • Thankfully, along with this recognition, people are increasingly recognizing that DevOps isn’t simply tools -- that building a healthy organizational culture is a significant part of their journey. Many organizations are beginning to recognize that it’s not a lightswitch, or a flat-out reorg. The idea that small wins can matter when bringing DevOps practices into your Continue reading

2016: The Tipping Point for DevOps

Jan16-Trends-blog-header.png

Ahhh, a new year.

While 2015 was certainly a big year for us as we joined the Red Hat family, in many ways we’re still right at home with our roots deeply planted in the ways of open source. That means we’re listening (as we always do) to our customers and community members about what what they see as their problems to solve and goals to achieve in the year ahead. 

Here’s a bit of what we see:

  • DevOps! It’s everywhere! If ever there was a buzzword to officially deserve the “jumped the shark” label, this might just be it. General understanding of DevOps as a practice that can potentially accelerate IT project delivery has permeated most IT departments, from the smallest of businesses to the most daunting of large enterprises, sometimes from the grassroots level, and sometimes from the top down.  

  • Thankfully, along with this recognition, people are increasingly recognizing that DevOps isn’t simply tools -- that building a healthy organizational culture is a significant part of their journey. Many organizations are beginning to recognize that it’s not a lightswitch, or a flat-out reorg. The idea that small wins can matter when bringing DevOps practices into your Continue reading

Linux kernel flaw endangers millions of PCs, servers and Android devices

For almost three years, a serious vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.The flaw, which stems from the kernel's keyring facility, allows applications running under a local user to execute code in the kernel. As a result, an attacker with access to only a limited account on a Linux system can escalate their privileges to root.The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.To read this article in full or to leave a comment, please click here

More Jinja – Working with YAM as an Input

 

Jinja2 Simple YAML Example

We’re now going to take a look at grabbing a file from the hard drive written in YAML syntax. YAML is arguably the most human readable data serialization format which makes it really easy for coders and non-coders alike to work with.

We’re going to build on the last Jinja2 example. Instead of creating the templates and variables directly in python. We’re going to load them instead from files on our computer.

This may seem like a small detail, but this allows us to deconstruct the building of our configurations, meaning that different people can be responsible for different components of the configuration. As with anything, if you can break a complex process down into several smalller less complex tasks, the whole thing starts to feel easier.

Loading Libraries

We’ll start by loading the required libraries

In [2]:
import yaml
from jinja2 import Environment, FileSystemLoader, Template
 

Set the Environment

Essentially, this set’s the path which will define the directory where the templates will be loaded from. In this case, I’m setting it to load from the same directory.

In [3]:
ENV = Environment(loader=FileSystemLoader('./'))
 

Printing Continue reading

Social engineering: 7 signs that something is just not right

Keep an eye out for thisImage by ThomasThe best remedies a company can put in place start with education and teaching what to look for and what not to do. Morey Haber, vice president of Technology, BeyondTrust, lists some of the gotchas that should make your employees back away from the incoming email.To read this article in full or to leave a comment, please click here

Linux zero-day affects most Androids, millions of Linux PCs

A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point."This affects all Android phones KitKat and higher," said Yevgeny Pats, co-founder and CEO at security vendor Perception Point.ALSO: A brief history of Linux malware Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit. Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world's supercomputers.To read this article in full or to leave a comment, please click here

Upcoming Events: Data Center Fabrics Workshop in Zurich

Online webinars are great, but many engineers still prefer live workshops – they’re an excellent opportunity for unrestricted 2-way communication and exchange of ideas – so I decided to turn a few of my best webinars (or webinar tracks) into workshops, and Gabi Gerber, the wonderful organizer of Data Center days in Switzerland took over the logistics, resulting in the first-ever Data Center Fabrics workshop in Zurich in late March.

Read more ...

Network Design – Where Should I Start?

After listening to a recent Packet Pushers podcast, the question was raised about network design and where the network design should start. When I first started designing IT, I believed the correct starting point was to define the required outcome through the deployment of technology. For example, the requirement from the customer could be to […]

The post Network Design – Where Should I Start? appeared first on Packet Pushers.

Network Design – Where Should I Start?

After listening to a recent Packet Pushers podcast, the question was raised about network design and where the network design should start. When I first started designing IT, I believed the correct starting point was to define the required outcome through the deployment of technology. For example, the requirement from the customer could be to […]

The post Network Design – Where Should I Start? appeared first on Packet Pushers.

Non-Blocking 1: sFlow with Peter Phaal of InMon and sFlow.org

The inaugural "Non-Blocking" podcast for ForwardingPlane.net. We discuss sFlow with one if its creators, Peter Phaal of InMon.Discuss sFlow, the protocol, it's uses, similarities to other management frameworks, how it is dissimilar from netflow and why it is worth while to take some time to learn it.

The post Non-Blocking 1: sFlow with Peter Phaal of InMon and sFlow.org appeared first on Packet Pushers.

1 3,130 3,131 3,132 3,133 3,134 3,793