Packets of Interest (2015-07-24)

I’ve been doing a lot of reading and video watching on securing industrial control and automation systems (ICAS) (sometimes referred to as SCADA systems) so this POI has a few links related to that and ends with a link to an editorial piece about privacy and why privacy matters to us all.

SCADA and ICS for Security Experts: How to avoid Cyberdouchery (Blackhat 2010)

This is a funny but also educational and truthful presentation by James Arlen that every IT person needs to watch if they intent to work with and gain any credibility with their counterparts in Operations Technology (OT).

Digital Bond Quickdraw SCADA IDS Signatures

https://www.digitalbond.com/tools/quickdraw/

https://github.com/digitalbond/quickdraw

Quickdraw is a set of IDS/IPS signatures for Snort (and other IDS/IPS software that understands the Snort rule language) that deals specifically with ICAS protocols such as DNP3, Modbus/TCP, and EtherNet/IP. The rules appear to be generic in nature and not focused on any particular ICAS vendor equipment.

Digital Bond also wrote Snort preprocessors for DNP3, EtherNet/IP, and Modbus/TCP which some of the rules depend on. I tried browsing through Digital Bond’s diffs to Snort 2.8.5.3 but they are very hard to read because the Continue reading

The Wait is Over. Tower 2.2 Docs are Live.

While prior versions of the Ansible Tower documentation focused on a single PDF, we've gone in a different direction for this release. You will still have all of the great content available from earlier releases, but in a documentation set comprised of guides focused on getting you going, installation and reference, administration, and more. I have to say that all of the outstanding documentation that was created for prior versions gave me a strong foundation to work with for this release and I'm grateful for the hard work put in before I joined the Ansible team.

With Ansible Tower 2.2, we are ensuring that access to HTML as well as PDF versions of the Tower documents are easily available from the docs website. Our Ansible Tower HTML documents also look and feel more similar to the Ansible  documentation available online that you've come to know and love. And, they've been indexed to help you find the information you need as quickly as possible.

Docs_Landing_Page

First, we're introducing Ansible Tower to new users with our Quick Installation and Quick Setup Guides. These manuals are geared toward getting Ansible Tower installed and setup to the point of running a simple playbook. They Continue reading

Firewalls can’t protect today’s connected cars

The Chinese military strategist Sun Tzu once wrote, "What is of supreme importance in war is to attack the enemy's strategy."The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts.Instead of building firewalls to keep cyber attacks out, which industry watchers say is ultimately a futile endeavor, build systems that recognize what a security breach looks like in order to stop it before any real damage is done."If you hack into my car's head unit and change the radio station, I don't care. I can live with that," said Charlie Miller, one of the security experts who this week demonstrated they could hack into -- and remotely control -- a Chrysler Jeep.To read this article in full or to leave a comment, please click here

Gigabit Internet access grows out of its niche

Google Fiber launched in Kansas City in 2011. It offered gigabit speed at $70 per month and ignited the development of an ultrafast Internet access category that has since spread throughout the U.S. According to Michael Render, principal analyst at market researcher RVA LLC, 83 Internet access providers have joined Google to offer gigabit Internet access service (all priced in the $50-$150 per month range).Render’s data shows that new subscribers are signing up at an annualized growth rate of 480 percent each year. Between the third quarter of 2014 and the second quarter of 2015 gigabit, subscribers grew from 40,000-174,000.To read this article in full or to leave a comment, please click here

Google removes ‘porn clicker’ malware from Play Store

Google has removed dozens of apps from its Play Store that purport to be games but secretly click on advertisements on pornographic websites.Security company Eset found 51 new apps that contained the “porn clicker” component, which it first discovered in April in a fake app mimicking a video app called Dubsmash.Over the last three months, some 60 fake apps have been downloaded 210,000 times, showing how common it is for users to stumble across and download them.“Following ESET’s notification, Google has pulled the malware from the Play Store and also reports some of them as potentially harmful applications using its built-in security service,” wrote Lukas Stefanko, an Eset malware researcher.To read this article in full or to leave a comment, please click here

Downloading your LinkedIn contacts can now take all weekend

LinkedIn users now have to wait up to three days if they want a list of their contacts on the service.Previously, the social networking site provided a way for users to instantly export their contacts. It was a useful feature for people looking to manage their contacts elsewhere. Under a change made Thursday, users now must make a request to download their account data. In a page describing the new process, LinkedIn says users will receive an email within 72 hours with a link to download the archive when it is ready.A link to the instructions for the process appears in very small type on the LinkedIn export settings page. The change was reported earlier by VentureBeat.To read this article in full or to leave a comment, please click here

Packets of Interest (2015-07-24)

I've been doing a lot of reading and video watching on securing industrial control and automation systems (ICAS) (sometimes referred to as SCADA systems) so this POI has a few links related to that and ends with a link to an editorial piece about privacy and why privacy matters to us all.

Amazon posts a profit as AWS sales nearly double

Cloud services continue to grow by leaps and bounds for Amazon.com.The company reported that Amazon Web Services generated $1.8 billion in sales in the second quarter, up about 80 percent from the $1 billion it brought in a year earlier.That helped Amazon achieve a profit of $92 million, a turnaround from its loss of $126 million in last year’s second quarter.Overall revenue grew by 20 percent, reaching $23.18 billion.Amazon offers an increasingly broad range of products and services, including an e-commerce site, video streaming, cloud computing, ebook readers, tablets and phones.The company continues to briskly roll out new online services. During this last quarter, it launched Amazon Business, an e-commerce portal for businesses, as well as Amazon Mexico, a version of its e-commerce site specifically for that country. It also introduced the Amazon Echo, a voice-controlled device for ordering Amazon products or playing music and audio news.To read this article in full or to leave a comment, please click here

HTIRW: NOG World

NOGs and other NOGs, they sit on logs… Looking at the Internet from the outside, it might almost seem like it runs just on standards bodies, vendors, and providers. But these three groups, as important as they are, really only scratch the surface of the sinews that keep the Internet operating. At the core of […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, LinkedIn, and his author page on Amazon.
TwitterGoogle+LinkedIn

The post HTIRW: NOG World appeared first on Packet Pushers Podcast and was written by Russ White.

HP study finds smartwatches could do more to keep user data safe

Smartwatches are failing people at keeping their data safe and protecting them from hackers.Those are the findings of a study from Hewlett-Packard, whose Fortify on Demand security division tested 10 popular smartwatches. The company is in the process of alerting vendors about the flaws and can’t disclose the watches it tested, said Daniel Miessler, practice principal at HP.HP also examined the security around the Web interfaces and mobile apps that accompany smartwatches and allow a person to access the device as well as how data gathered by watch apps is protected and used.The study found vulnerabilities with each of the watches and raised concerns over user authentication methods, data encryption and data privacy, among other issues.To read this article in full or to leave a comment, please click here

Datanauts 004 – The Silo Series – Provisioning Perspectives

Chris Wahl and Ethan Banks bust IT silos by walking through a service request at a fictional corporation. They outline the steps required from network and server domains, providing context to help each group understand what the other is trying to accomplish. The result? A more effective team.

The post Datanauts 004 – The Silo Series – Provisioning Perspectives appeared first on Packet Pushers.

YouTube cofounder endorses paid version

As Google prepares to launch a subscription version of YouTube, the move has been endorsed by at least one interested party: YouTube cofounder Chad Hurley.YouTube has grown massively since its launch in 2005 and its acquisition a year later by Google. But to support its continued growth, the site needs to provide the right tools for people to create and post videos, even if that might result in a cost to users, Hurley said.“You have different forms of [video on demand],” he said, suggesting that some might be worth paying for. YouTube needs tools to help people create better content, determine how to make money from their video, and charge subscribers, he said.To read this article in full or to leave a comment, please click here

Blackberry delves deeper into security with AtHoc purchase

BlackBerry continues to shift its focus from selling mobile phones to securing them—as well as other portable devices, and increasingly connected items that are part of the Internet of things.“All of our investments and acquisitions go to one thing, to make the most secure mobile platform that the industry has to offer,” said John Chen, BlackBerry executive chairman and CEO, kicking off a morning of presentations at the company-sponsored BlackBerry Security Summit, held Thursday in New York.BlackBerry still sells handsets, but, to judge from the day’s presentations, it clearly sees a brighter future now in enterprise mobile security, where it can best leverage its remaining strengths in the market.To read this article in full or to leave a comment, please click here

Datanauts 004 – The Silo Series – Provisioning Perspectives

Chris Wahl and Ethan Banks bust IT silos by walking through a service request at a fictional corporation. They outline the steps required from network and server domains, providing context to help each group understand what the other is trying to accomplish. The result? A more effective team.

Author information

Drew Conry-Murray

I'm a tech journalist, editor, and content director with 17 years' experience covering the IT industry. I'm author of the book "The Symantec Guide To Home Internet Security" and co-author of the post-apocalyptic novel "Wasteland Blues," available at Amazon.
TwitterLinkedIn

The post Datanauts 004 – The Silo Series – Provisioning Perspectives appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.

Threat or menace?: Gaging electromagnetic risks to the electric grid

The United States is sorely unprepared for electromagnetic threats – which could originate in space from the Sun or a terrorist nuclear device exploded in the atmosphere -- to the nation’s electric grid.That was the main conclusion from a number of experts testifying before a Senate committee hearing entitled “Protecting the Electric Grid from the Potential Threats of Solar Storms and Electromagnetic Pulse” this week.+More on Network World: NASA’s cool, radical and visionary concepts+To read this article in full or to leave a comment, please click here

1 3,155 3,156 3,157 3,158 3,159 3,611