0

Some notes on NSA’s 0day handling process

The EFF got (via FOIA) the government's official policy on handling/buying 0days. I thought I'd write up some notes on this, based on my experience. The tl;dr version of this post is (1) the bits they redacted are the expected offensive use of 0days, and (2) there's nothing surprising in the redacted bits.


Before 2008, you could sell 0days to the government many times, to different departments ranging from the NSA to Army to everybody else. These government orgs would compete against each other to see who had the biggest/best cyber-arsenal.

In 2008, there came an executive order to put a stop to all this nonsense. Vuln sellers now only sold 0days once to the government, and then the NSA would coordinate them with everyone else.

That's what this "VEP" (Vuln Equities Process) document discusses -- how the NSA distributes vulnerability information to all the other "stakeholders".

I use "stakeholders" loosely, because there are a lot of government organizations who feel entitled to being part of the 0day gravy train, but who really shouldn't be. I have the impression the NSA has two processes, the real one that is tightly focused on buying vulns and deploying them in the field, Continue reading

0

Intent-Based Networking Seeks Network Effect

What's the latest on intent-based networking--the hot new topic in SDN.

0

SDxCentral Weekly News Roundup — September 18, 2015

Intel boosts IoT for cars; former Cisco and Time Warner CTOs intersect; Khosla Ventures funds Gitlab.

0

iPexpert’s Newest “CCIE Wall of Fame” Additions 9/18/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

• Ajay Edara, CCIE #36424 (R&S & Wireless)
• Shiv Shankar, CCIE #43675 (Routing & Switching)
• Andy Harrison, CCIE #50052 (Routing & Switching)
• Mike Burk, CCIE #50207 (Wireless)
• Tony Ilorah, CCIE #50210 (Security)
• Ahmad Nawid Azizi, CCIE #50254 (Routing & Switching)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

0

Starbucks On Dune, WiFi Allergies: This Week On The Internet

From pumpkin spice on Dune to WiFi allergies to a giant robot fight and more, here's some interesting stories that crossed my browser this week.

The post Starbucks On Dune, WiFi Allergies: This Week On The Internet appeared first on Packet Pushers.

0

Featured Interview: Brocade’s Jon Hudson on the Current & Future State of SDN, NFV, & DevOps

Brocade's Jon Hudson sat down with SDxCentral to discuss the current and future state of SDN, NFV, and DevOps.

0

Optimize Open NX-OS with Cisco’s Network Programmability Tools

Join the September 25th Cisco DemoFriday and learn how you can benefit from network programmability as you transition from legacy systems to open standard interfaces.

0

F5 Certification Path – How to become F5 Certified

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
The F5 certification path is a series of exams administered by pearsonvue where you start of by passing 2 exams to become an F5 Certified Administrator and then depending on your specialist area you can add to that by becoming an F5 Certified Technology Specialist. The certification cost is $135 per exam which would be $170 […]

Post taken from CCIE Blog

Original post F5 Certification Path – How to become F5 Certified

0

Docker Global Hack Day #3: How to Submit Hacks

Thank you to everyone who already submitted awesome Docker hacks for Docker Global Hack Day #3 – we’re super excited to see the final submissions! Still looking for a project to join? Head to the Docker Global Hack Day #3 … Continued

0

Why DevOps Is the Imperative Companion to SDN & NFV

Achieve the “big bang” transformation.

0

Startup Cato Networks Calls SD-WAN ‘Short-Sighted’

Is it the end for MPLS? Cato claims it's got a way to give MPLS-like performance to Internet links.

0

Stuff The Internet Says On Scalability For September 18th, 2015

Hey, it's HighScalability time:

• terabits: Facebook's network capacity; 56.2 Gbps: largest extortion DDoS attack seen by Akamai; 220: minutes spent usings apps per day; $33 billion: 2015 in-app purchases; 2334: web servers running in containers on a Raspberry Pi 2; 121: startups valued over $1 billion


• Quotable Quotes:
  • A Beautiful Question: Finding Nature's Deep Design: Two obsessions are the hallmarks of Nature’s artistic style: Symmetry—a love of harmony, balance, and proportion Economy—satisfaction in producing an abundance of effects from very limited means
  • @Carnage4Life: ad blocking Apple has done to Google what Google did to MSFT. Added a feature they can't compete with without breaking their biz model
  • @shellen: FWIW - Dreamforce is a localized weather system that strikes downtown SF every year causing widespread panic & bad slacks. 
  • @KentBeck: first you learn the value of abstraction, then you learn the cost of abstraction, then you're ready to engineer
  • @doctorow: Arab-looking man of Syrian descent found in garage building what looks like a bomb 
  • @kixxauth: Idempotency is not something you take a pill for. -- ZeroMQ
  • Continue reading

0

What Does It Mean When A Project Has Been Forked?

Open source projects that involve lots of folks sometimes run into conflicts. Should the project go in direction X, or direction Y? Is feature A more important, or feature B? And so on. Sometimes the concerns around an open source project are more pragmatic than pedantic. Should we, as a commercial entity, continue to use this open source project as is, or go in our own direction with it? The keyword to look for in these circumstances is fork.

0

Moving to GitHub Pages

I've moved this blog to GitHub Pages.

The RSS feed is here.

0

Cyber Supply Chain Security Is Increasingly Difficult for Critical Infrastructure Organizations

As the old cybersecurity adage states, ‘the cybersecurity chain is only as strong as its weakest link.’  Smart CISOs also understand that the proverbial weak link may actually be out of their control. U.S. retailer Target certainly experienced this lack of cybersecurity control in 2013.  The now infamous Target data breach that exposed the personal information of 110 million people began with a spear phishing attack on one of the company’s HVAC contractors, Fazio Mechanical of Sharpsburg, PA.  Cyber-criminals compromised a Fazio Mechanical system, gained credentialed access to Target, and proceeded to wreak havoc on Target’s data, customers, and reputation.To read this article in full or to leave a comment, please click here

0

PlexxiPulse—A Funding Frenzy

This week, we announced that we have raised a $35 million round of financing. The round was led by a new investor with participation from our existing investors (Lightspeed Venture Partners, Matrix Partners and North Bridge Venture Partners) bringing our total funding to $83 million. The capital raised will fuel the expansion of our sales, marketing, customer support, and research and development efforts. We’re so proud of what we’ve accomplished in this year and are eager to see what the rest of 2015 has in store for us. Take a look at this week’s blog post from our CEO Rich Napolitano on Plexxi’s continued momentum on the heels of our funding announcement.

Social media has been buzzing this week, see below! Have a great weekend.

The post PlexxiPulse—A Funding Frenzy appeared first on Plexxi.

0

When in Mexico, don’t use the ATMs

Security expert Brian Krebs, who has made a specialty of exposing ATM scams over the years, has a doozy of a three-part series this week uncovering a widespread scheme in Mexico based on sophisticated Bluetooth technology and old-fashioned cash bribes.In part one, Krebs describes being tipped off by an employee of a Mexican ATM company, explains how the scam works – bribe-enabled physical access to the machines is key -- and embarks on a trip to Cancun to attempt to gauge the scope of the illegal operation first-hand.Part two reads like a detective novel as Krebs moves about Mexican tourist establishments checking for a telltale Bluetooth signal emanating from ATMs. He has no trouble finding them.To read this article in full or to leave a comment, please click here

0

The real concerns about artificial intelligence

Speakers at the DARPA Wait What? Future Technology Forum discuss their concerns with artificial intelligence - software bugs and other security issues top the list, rather than AI robots becoming sentient and taking over the world.

0

Worth Reading: SD-WAN and MPLS Networks

To hear the press tell it, the MPLS network is all but dead. The Internet is the future of wide area networks (WANs) in what’s been called a software-defined WAN (SD-WAN). The reality, though, is a bit more complex to say the least. via mpls-experts

The post Worth Reading: SD-WAN and MPLS Networks appeared first on 'net work.

0

QOTW: Brilliance

Stupid people can cause problems, but it usually takes brilliant people to create a real catastrophe.Thomas Sowell

The post QOTW: Brilliance appeared first on 'net work.