Are vendors on the wrong path where smart plant security is concerned?

As the number of smart plants that use M2M, sensors, and other ICT continue to rise, so too does the lure for attackers. Manufacturing, energy, and utilities sectors are reportedly spending a combined 206.51 billion Euros globally on ICT in 2019, says Shuba Ramkumar, senior research analyst, Frost & Sullivan. Organizations are connecting systems to the Internet that they once kept purposely siloed for safety. “Smart plants face new challenges due to the ever-expanding connectivity of their control systems as they link into and rely on business operations and remote monitoring and management,” says Graham Speake, lead trainer at the SANS Institute and a 30-year cyber security industry veteran.To read this article in full or to leave a comment, please click here(Insider Story)

Governments Want Cheap Interception and Cheap Politics

The US, UK and Australian governments have all introduced legislation that effectively co-opts Internet Providers/Carriers to become legal surveillance arms for secret services. Why are governments pushing forward to use private companies to perform activities that were previously restricted to secret services such as the NSA, GCHQ and DSD ?

The post Governments Want Cheap Interception and Cheap Politics appeared first on EtherealMind.

Get Coding!

So lets start off with I am an old dog and I am learning new tricks.  My entire career I have avoided the dreaded programing.  In college I slid by my degree requirement for a coding class by taking Visual Basic for Industrial applications.  I hated it.  Debugging drove me nuts and there is still …

A tale of two women: same birthday, same Social Security number, same big-data mess

It's a case that would seem to defy the odds many times over: Two Florida women born on the same day, in the same state, and given almost the same name. Though no one realized it at the time, it turns out they were also given the same Social Security number.Joanna Rivera and Joannie Rivera only recently discovered the problem, according to a report this week, but in the meantime it's caused no end of trouble for them. Credit applications have been denied; tax returns have been rejected.Identity theft might have been a likely assumption, but in this case, it was something different.To read this article in full or to leave a comment, please click here

IPv6 and SSL for Yandy.IO

Thanks to Digitalocean the site is now fully IPv6 capable. Also, thanks to the awesome service at Cloudflare, just because I can, Yandy.IO is also now SSL encrypted. Your browser should redirect to...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Risky Business #389 — US law: CFAA isn’t a bug, it’s a feature!

On this week's show we're chatting with computer crime lawyer extraordinaire Tor Ekeland! He's worked on a number of high profile CFAA cases. Most recently he's been defending former Reuters and LA Times journalist Matthew Keys on some pretty hefty CFAA charges. He's also the guy who got Andrew Aurenheimer out of jail so he could go and live a free life as a Nazi troll. (Is that really a win?) He also defended Lauri Love... basically if you're a hacker who's fallen foul of the CFAA, this is the guy you want on your team.

read more

sFlow Test

sFlow Test has been released on GitHub, https://github.com/sflow-rt/sflow-test. The suite of checks is intended to validate the implementation of sFlow on a data center switch. In particular, the tests are designed to verify that the sFlow agent implementation provides measurements under load with the accuracy needed to drive SDN control applications, including:
Many of the tests can be run while the switches are in production and are a useful way of verifying that a switch is configured and operating correctly.

The stress tests can be scaled to run without specialized equipment. For example, the recommended sampling rate for 10G links in production is 1-in-10,000. Driving a switch with 48x10G ports to 30% of total capacity would require a load generator capable of generating 288Gbit/s. However, dropping the sampling rate to 1-in-100 and generating a load of 2.88Gbit/s is an equivalent test of the sFlow agent's performance and can be achieved by two moderately powerful servers with 10G network adapters.

For example, using the test setup above, run an iperf server on Server2: 
iperf -su
Then run the following sequence of tests on Server1: 
#!/bin/bash
RT="10.0.0. Continue reading

Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.The flaw is located in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation. The library is used by default in multiple Java application servers and other products including Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS.The flaw is specifically in the Collections component of Apache Commons and stems from unsafe deserialization of Java objects. In programming languages, serialization is the process of converting data to a binary format for storing it in a file or memory, or for sending it over the network. Deserialization is the reverse of that process.To read this article in full or to leave a comment, please click here

Supporters and opponents of LTE-U both claim victory after collaborative testing

Recent tests to see whether LTE-U technology interferes with Wi-Fi signals prove conclusively that LTE-U poses no problems whatsoever for Wi-Fi networks, and also that LTE-U (Long-term evolution in Unlicensed spectrum) will drown out Wi-Fi, depending on which party is to be believed.Both the pro-LTE-U side of the debate, backed largely by Qualcomm, and the anti-LTE-U side, made up of a host of different tech companies under the aegis of the Wi-Fi Alliance, say that testing has vindicated their respective positions.+ MORE: LTE-U -- A quick explainer | Worries mount over upcoming LTE-U deployments hurting Wi-Fi +To read this article in full or to leave a comment, please click here

kubernetes + opencontrail install

In this post we walk through the steps required to install a 2 node cluster running kubernetes that uses opencontrail as the network provider. In addition to the 2 compute nodes, we use a master and a gateway node. The master runs both the kubernetes api server and scheduler as well as the opencontrail configuration management and control plane.

OpenContrail implements an overlay network using standards based network protocols:

This means that, in production environments, it is possible to use existing network appliances from multiple vendors that can serve as the gateway between the un-encapsulated network (a.k.a. underlay) and the network overlay. However for the purposes of a test cluster we will use an extra node (the gateway) whose job is to provide access between the underlay and overlay networks.

For this exercise, I decided to use my MacBookPro which has 16G of RAM. However all the tools used are supported on Linux also; it should be relativly simple to reproduce the same steps on a Linux machine or on a cloud such as AWS or GCE.

The first step Continue reading

What’s up with Google Fiber?

Let’s face it: when it comes to Internet connectivity, there’s no such thing as “too fast.” And optical fiber is the only choice for connectivity that exceed 1,000 Mbps, aka Gigabit Internet. Optical fiber provides higher bandwidths – download speeds 40 times faster and upload speeds more than 300 times faster than garden variety broadband – and spans much longer distances than electrical cabling. And some companies, such as Bell Labs, Cisco and Comcast are claiming that their new "fiber optic" services (when eventually installed) will be 10 times faster than Google. In the meantime, Google Fiber is the hottest ticket in town, and it's popping up in municipalities all over America. It started in Kansas City during the summer of 2012 -- followed by Austin, Texas and Provo, Utah in 2014. And on the official Google Fiber team blog, director of Fiber Expansion Jill Szuchmacher noted that Google is in the process of designing the San Antonio network, and construction has started in Atlanta, Nashville, Charlotte and Raleigh-Durham, N.C., and Salt Lake City. To read this article in full or to leave a comment, please click here

1 3,182 3,183 3,184 3,185 3,186 3,773