Decrypt SSL traffic to detect hidden threats

The percentage of encrypted Internet traffic continues to grow creating a space where not only private information but also criminals can travel about undetected. In the last five years, the advent of SSL traffic from major companies like Google, YouTube, and Twitter has spawned an expansive movement toward encrypting Internet traffic for enterprises as well. The risk in taking this security measure, though, is that while the exchange of information via the Internet is secured, bad guys can also linger unnoticed. Criminals, of course, know this and use it to their advantage, cloaking their attacks within Transport Layer Security (TLS) or Secure Sockets Layer (SSL) traffic.To read this article in full or to leave a comment, please click here

Survey: Average successful hack nets less than $15,000

The majority of cyber attackers are motivated by money, but make less than $15,000 per successful attack, according to a survey of hackers in the U.S., U.K. and Germany released yesterday by the Ponemon Institute.The hackers, who were promised anonymity, netted, on average, less than $29,000 a year."In the more established countries, that is not a lot of money," said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study. "They're making a quarter of what a cybersecurity professional makes."To read this article in full or to leave a comment, please click here

Debug Generator – Fortigate Flow Trace

I’ve found that when working with Fortigate firewalls and needing to be able to use the debug flow command set, it takes a bit too long to manually type out the commands. If you’re in a pressurised environment saving a few seconds here and there can be valuable. First we need to grab the script […]

The post Debug Generator – Fortigate Flow Trace appeared first on Packet Pushers.

Debug Generator – Fortigate Flow Trace

I’ve found that when working with Fortigate firewalls and needing to be able to use the debug flow command set, it takes a bit too long to manually type out the commands. If you’re in a pressurised environment saving a few seconds here and there can be valuable. First we need to grab the script […]

The post Debug Generator – Fortigate Flow Trace appeared first on Packet Pushers.

Should Firewalls Track TCP Sequence Numbers?

It all started with a tweet by Stephane Clavel:

Trying to fit my response into the huge Twitter reply field I wrote “Tracking Seq# on FW should be mostly irrelevant with modern TCP stacks” and when Gal Sagie asked for more elaboration, I decided it’s time to write a blog post.

Read more ...

Some notes on the Norse collapse

Recently, cybersec company "Norse Security" imploded. Their leaders and most the employees were fired, and their website is no longer available. I thought I'd write up some notes on this.

All VC-funded startups are a scam

Here's how VCs think. They see that there is a lot of industry buzz around "threat intel". They'll therefore fund a company in that space. This company will spend a 5% of that money to create a cool prototype, and 95% in marketing and sales. They'll have fancy booths at trade shows. They'll have a PR blitz to all the reporters who cover the industry. They'll bribe Gartner to be named a Cool Vendor or Magic Quadrant Leader. They'll win industry kudos. They have some early sales 'wins' with some major customers. These customers will give glowing reviews of the product they bought -- even before turning it on.

In other words, it's a perfect "Emperor Has No Clothes" story, where neither customers, nor Gartner, nor the press is competent to realize the Emperor is not wearing clothes.

VCs know it's a scam, but they are hoping it'll become real. As a well-known leader in this space, employees with the needed expertise will flock Continue reading

FireEye acquires Invotas for faster incident response

FireEye said Monday it has acquired Invotas, a company that develops a platform that helps administrators respond faster to security incidents.The deal closed on Monday, but terms were not disclosed.FireEye, which started out with an end-point protection product, has been seeking to expand the range of security products and services it offers as cybersecurity has become a growing concern for companies.Invotas, based in Alexandria, Virginia, has a single product, its Security Orchestrator. The platform is designed to take in information from a range of security products from different vendors and automate responses when an incident is detected.To read this article in full or to leave a comment, please click here

Data Center Networking – Openstack Neutron networking terms demystified!

Coming from a networking background I am used to the various TLAs (ironically: Three Letter Acronyms) and terms that sometime mean the same but completely different otherwise. Networking in the data-center is no different. People have now slowly moved away from a leaf-spine topology where an advanced pricey piece of equipment sits in the spine and relatively cheaper leaf devices connect the hosts and servers. We now have an old architecture that was used during telephony in a new form with new terms. Terms such as "Clos topology" where the the leaf-spine architecture is replaced by layers or levels of similar cheaper hardware allowing flexibility in its configuration forming a sort of mesh making it both scalable and reliable; and special protocols such as DCTCP (Data Center TCP) being interspersed in technical papers and company technology presentations. An outlook of these technologies is big enough to be a completely separate read and so I will not venture into it here.

Google's datacenter - Clos Topology research & implementation
Facebooks' datacenter  architecture - 5 stage clos topology

With all these changes in the data center we now also see administrators isolating a complete data center/s or carving them Continue reading

This bird could be a drone’s worst enemy

When it comes to the problem of stopping errant drones, there's been a number of high-tech solutions -- from radio jamming to laser beams to nets launched by other drones  --  but a group in The Netherlands is proposing a low-tech solution that's much more elegant.Guard From Above says it is training birds of prey to attack drones, taking advantage of their natural predatory instincts and precision in the sky.A video posted by the company on YouTube shows a bird attacking a DJI Phantom drone as it hovers, grabbing the drone with its feet and flying away with it.To read this article in full or to leave a comment, please click here

This bird could be a drone’s worst enemy

When it comes to the problem of stopping errant drones, there's been a number of high-tech solutions -- from radio jamming to laser beams to nets launched by other drones  --  but a group in The Netherlands is proposing a low-tech solution that's much more elegant. Guard From Above says it is training birds of prey to attack drones, taking advantage of their natural predatory instincts and precision in the sky. A video posted by the company on YouTube shows a bird attacking a DJI Phantom drone as it hovers, grabbing the drone with its feet and flying away with it.To read this article in full or to leave a comment, please click here

Microsoft Edge InPrivate browsing mode is full of fail and not private

Microsoft’s InPrivate browsing is supposed to help you “surf the web without leaving a trail” and InPrivate browsing mode can be used in Edge. Microsoft says, “When you use Microsoft Edge in InPrivate mode, your browsing information, such as cookies, history, or temporary files, aren’t saved on your device after your browsing session has ended. Microsoft Edge clears all temporary data from your device.” Yet InPrivate browsing with Edge is a fail as it is not private and instead keeps browsing history.To read this article in full or to leave a comment, please click here

8 hot technologies the CIA wants

Of interest to the CIAThe CIA has been investing in startups since 1999 through its not-for-profit arm called In-Q-Tel, hoping to accelerate development of technologies the agency might find useful. It currently lists about 100 firms in its portfolio. The agency doesn’t say why it might be interested in the technologies these companies represent, but with a little imagination it’s not that hard to figure out possibilities. Here is a sample of what they’ve been interested in lately.To read this article in full or to leave a comment, please click here

Your Docker Agenda for February

This month is packed with plenty of great events to learn about all things Docker! From webinars to workshops, meetups to conference talks, check out our list of events that are coming up in February.   Official Docker Training Courses … Continued

Law professor: T-Mobile’s Binge On program violates Net neutrality

A T-Mobile service called Binge On that allows subscribers to consume as much data as they want while streaming video from selected providers violates Net neutrality rules, according to a published analysis from Stanford University legal scholar Barbara van Schewick.Net neutrality’s core tenet is that service providers shouldn’t be allowed to discriminate between different types of traffic they’re asked to carry. By offering some video services – including Netflix, Hulu and HBO – and not others as “free” streaming options, and not counting mobile data consumed from those services toward a user’s monthly cap, T-Mobile is essentially favoring some kinds of video content over others, van Schewick wrote.To read this article in full or to leave a comment, please click here

1 3,151 3,152 3,153 3,154 3,155 3,835