LastPass phishing attack could have scooped up passwords

A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research. Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday. Cassidy, who is CTO of Praesido Inc., notified LastPass of the issues. In a blog post, LastPass said it has made improvements that should make such an attack harder to pull off without a user knowing.To read this article in full or to leave a comment, please click here

Building an OpenStack home lab – The Lab

I’ve recently started to play around with OpenStack and decided the best way to do so would be in my home lab.  During my first attempt, I ran into quite a couple of hiccups that I thought were worth documenting.  In this post, I want to talk about the prep work I needed to do before I began the OpenStack install.

For the initial build, I wanted something simple so I opted for a 3 node build.  The logical topology looks like this…

image

The physical topology looks like this…

image
It’s one of my home lab boxes.  A 1u Supermicro with 8 gigs of RAM and a 4 core Intel Xeon (X3210) processor.  The hard drive is relatively tiny as well coming in at 200 gig.  To run all of the OpenStack nodes on 1 server, I needed a virtualization layer so I chose ProxMox (KVM) for this.

However, running a virtualized OpenStack environment presented some interesting challenges that I didn’t fully appreciate until I was almost done with the first build…

Nested Virtualization
You’re running a virtualization platform on a virtualized platform.  While this doesn’t seem like a huge deal in a home Continue reading

Some notes C in 2016

On r/programming was this post called "How to C (as of 2016)". It has some useful advice, but also some bad advice. I thought I'd write up comments on the topic. As somebody mentioned while I was writing this, only responsible programmers should be writing in C. Irresponsible programmers should write other languages that have more training wheels. These are the sorts of things responsible programmers do.


Use a debugger


The #1 thing you aren't doing, that you should be doing, is stepping through each line of code in a source level debugger as soon as you write it. If you only pull out the debugger to solve particularly difficult problems, then you are doing it wrong.

That means using an IDE like Visual Studio, XCode, or Eclipse. If you are only using an editor (without debugging capabilities), you are doing it wrong. I mention this because so many people are coding in editors that don't have debuggers. I don't even.

It's a concern for all language, but especially with C. When memory gets corrupted, you need to be able to dump structures and memory in order to see that. Why is x some weird value like 37653? Continue reading

The Schelling Game

At the Shmoocon conference, a vendor ("Breach Intelligence") is putting a card in ever schwag bag with an "IoC". The game works by giving everyone a different IoC, in pairs. If you find your matching IoC and come to their booth, they'll give you a free quadcopter.

This is like the "Schelling Point", a question in game theory. You are supposed to meet somebody New York City, but neither of you have been told where to meet. So where do you go? The trick is to estimate the most logical place that the other person, using the same information as you, would make. Most people agree that the answer is the "information booth at Grand Central Station".

So how do you find your matching IoC to win the prize? One guy is walking around asking strangers to match cards. That's useful, because a lot of people who don't want to play the game simply give him their cards, so he's got an ever expanding list of possible matches.

My solution is to tweet the IoC, and of course, blog about it:

If my partner searches Twitter, they will Continue reading

FidSafe: A cloud service for important documents (and the price is right)

FidSafe is a new online repository for storing digital copies of your important documents such as wills, bank statements, tax returns, etc., so that “the critical files you need are available to you and your family whenever and wherever you need them, even after you’re gone.” And by “gone”  XTRAC LLC (a Fidelity Investments company), that offers FidSafe doesn’t mean that you’ve just popped out to get ice cream, they mean “gone” as in having joined the choir invisible.To read this article in full or to leave a comment, please click here

Brocade Services Director 2.3 released

The Brocade Services Director (formerly known as SteelApp Services Controller) lets you automatically provision, deploy, license and manage the inventory of thousands of ADCs in an “as-a-service” model, using the Brocade Virtual Traffic Manager as the core application delivery platform. The solution also enables a new consumption model for customers deploying ADC services. This allows ADC services... Read more →

Enterprise WLAN market is hot, but it’s all relative

Wireless LAN purchases aren't exactly going gangbusters these days, but relative to other enterprise infrastructure product sales, WLANs are where it's at.Synergy Research Group's latest figures show that WLAN sales grew 5% over the last 4 quarters vs. 2.3% for 7 segments measured overall (the others being data center servers, Ethernet switches, unified communications apps, routers and the slowest-growers -- voice systems and telepresence).Synergy Res Synergy Research Group While you might think that the general availability of faster and more flexible 802.11ac Wave 2 products from WLAN market leader Cisco, #2 HP/Aruba and others has sparked WLAN purchases, Synergy Chief Analyst and Managing Director John Dinsdale says that isn't necessarily the case.To read this article in full or to leave a comment, please click here

PlexxiPulse—Our CEO on “Cloud Builders”

The future of IT is rapidly changing. The transition to private and public clouds is forcing the need for integrated and elastic infrastructure. These changes are the impetus of a new role (and customer) called the Cloud Builder or Cloud Architect. Cloud Builders look at applications and data requirements from the perspective of business goals, not static technology silos. CEO Rich Napolitano details the parameters and implications of this new role in a blog post, and also outlines how Plexxi’s tools enable Cloud Builders to drive agility and workflow integration across what were once disparate compute, storage and network domains. Give it a read.

Below please find a few of our top picks for our favorite news articles of the week.

ITBusinessEdge: Converging Your Way to a New Data Center
By Arthur Cole
Vested interests in the IT industry have a lot riding on the hope that the enterprise will want to keep some of its infrastructure in-house rather than push everything onto the cloud as the decade unfolds. But this is only likely to happen if on-premises hardware is low-cost, highly scalable and maintains a tight footprint. This is why so many designers are touting converged and hyper-converged Continue reading

Network Security Sandboxes Driving Next-Generation Endpoint Security

Remember advanced persistent threats (APTs)? This term originated within the United States Air Force around 2006.  In my opinion, it gained more widespread recognition after the Google “Operation Aurora” data breach first disclosed in 2010.  This cyber-attack is attributed to groups associated with China’s People’s Liberation Army and impacted organizations like Adobe Systems, Juniper Networks, Northrop Grumman, Symantec, and Yahoo in addition to Google.APT visibility got another boost in 2013 when Mandiant released its now famous APT1 report documenting several cyber-attacks emanating from a PLA group known as Unit 61398.To read this article in full or to leave a comment, please click here

1 3,176 3,177 3,178 3,179 3,180 3,837