Hackers had access to US security clearance data for a year

Hackers who breached a database containing highly personal information on government employees with security clearances had access to the system for about a year before being discovered, The Washington Post reported on Friday.The breach at the U.S. Office of Personnel Management dates back to June or July last year and was only discovered earlier this month.The database in question contains applications for security clearances, which ask for information on all aspects of a person’s life including social security numbers, passport numbers, names of former neighbors, and information on family members. It also asks about, over the past seven years, any contact with foreign nationals and problems with drug or alcohol abuse, debts or bankruptcy, imprisonment and run-ins with law enforcement.To read this article in full or to leave a comment, please click here

Twitter tests a new way to sell goods

Twitter has long positioned its site as a way to see what’s happening in the world. Now, it wants to tap into our desires as consumers.The company is testing a new way to highlight products and places on its site, bringing relevant tweets to the fore while also providing a way to purchase items. It’s a considerable expansion beyond the company’s previous forays into e-commerce.In an example, it showed a page it built for the book “The Martian,” complete with related images, tweets, and a button that says Buy on Twitter. The new pages will be promoted through people’s Twitter feeds.As well as Twitter building these pages, celebrities and brands will be able to build them too. It offered examples of pages built by Demi Lovato, Reese Witherspoon, Nike and Target, the last of which is filled with tweets promoting summer clothing, for example.To read this article in full or to leave a comment, please click here

eBay sells stake in Craigslist, which responds with Shakespeare quote

EBay has sold its 28.4 percent ownership stake in Craigslist as part of an agreement between the companies announced Friday .The financial terms of the deal were not disclosed, but eBay said the companies have also agreed to end the outstanding litigation between them. The online auction house paid $32 million in 2004 for the stake in Craigslist, which turned the classified ad market on its head.Since then, the relationship between the two firms could best be described as contentious. In 2008, eBay sued Craigslist alleging it had diluted eBay’s stake in the business and taken eBay’s board seat away. Craigslist fired back that eBay had used its position on the board to gain an unfair competitive advantage.To read this article in full or to leave a comment, please click here

PlexxiPulse—We’ve Been Busy!

PlexxiPulse—We’ve been busy in The District!

You may have seen that we announced our partnership with CloudGov Technologies last week, a leading IT provider servicing the government and commercial markets. We spent the week in Baltimore alongside our newest partner and PSSC Labs at the AFCEA Defensive Cyber Operations Symposium spreading the word on how third era solutions transform the agility and performance of federal networks. Next week, we’ll be in Washington, D.C. with CloudGov at the GEOINT 2015 Symposium. This is the first year that the Symposium is being held in the nation’s capital—we’re excited to share our vision with attendees and learn from the impressive list of conference speakers. Drop us a line on Twitter or at [email protected] if you’re in town and interested in chatting with the team or scheduling a live demo!

Below please find a few of our top picks for our favorite news articles of the week. Have a great weekend!

Forbes: Bimodal IT: A New Buzzword For Old Concepts Presents Teachable Moment
By Kurt Marko
IT analysts are like fashion designers, always searching for something new, even if that means recycling age-old concepts in new terminology. But like successful fashionistas, IT Continue reading

Show 242 – Where Have All The Good Staff Gone ?

Simple two man show this week with Ethan & Greg talking through, oh, I don't know ..... stuff like this

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Show 242 – Where Have All The Good Staff Gone ? appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Multi-datacenter Firewall Automation – Part 2

 

In my last post, I described the logical model I decided to use in order that I might be able to compute the path between endpoints using the Dijkstra shortest path algorithm. I’ve already discovered the handy Perl module module Paths::Graph that implements Dijkstra for me, so now all I need to do is to turn the network model into a data format that Paths::Graph will accept.

The Model

As a reminder, this is the model I’m using for my two-datacenter network:

Firewall - Two DCs

To model this network, I need to allocate a cost to every network link. It turns out that Paths::Graph wants me to create separate links in each direction; this is a huge pain, and makes an already risk-laden process doubly painful. After initially creating the data model directly in the code, I realized that it would be much simpler (hah!) to model the network using YAML, and to remove the requirement to include both directions of any link. In my new YAML mode, a link from A->B automatically implies a link from B->A with the same cost; this halves the number of link descriptions required, which I’ll take as a win. The format is dead simple:

 Continue reading

Packets of Interest (2015-06-19)

It’s been a while since I’ve done a POI so here we go.

The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns

https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/

Kaspersky Lab found this new variant of the Duqu malware in their own network. They wrote a paper based on their analysis of this new malware. It fascinates me how sophisticated these software packages are and how much effort the threat actors put into them.

Diffie-Hellman Key Exchange

Diffie-Hellman (DH) is the world’s first public key crypto system. It’s used in everything from secure browsing, to secure shell. This video visually demonstrates how the Diffie-Hellman key exchange works. The best part is that you don’t need to know anything about crypto to follow along.

Passphrases That You Can Memorize – But That Even the NSA Can’t Guess

https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

Use this informative guide to generate secure, human-memorizable passphrases that are suitable for protecting your private PGP key, your private SSH key, and your master key for your password safe.

Encrypting Your Laptop Like You Mean It

https://firstlook.org/theintercept/2015/04/27/encrypting-laptop-like-mean/

A well written article about encrypting one’s laptop. Covers topics such as what disk encryption does and does not protect against, attacks against disk encryption, and Continue reading

Worth Reading 06:19

Much as I’ve been trying to keep up on interesting stuff to read on the right column, I still seem to have built a long list of bookmarks! Having nothing better to do on a Friday morning, I’m dumping them on your.

So there! :-)

I’ve posted in the past on the problems of the IT job market. Primarily I think it’s too much about “what narrow set of skills do you have,” rather than, “are you a good engineer,” and I think we engineers are as much to blame as anyone else for this. “Yeah, but do you know about the latest gobberfubble embedded fingernail pick API??” we say with pride, trying to find something we know about the person we’re interviewing does. Interviews shouldn’t be about making yourself feel better about your technical skill — they should be about finding a good engineer for your team. Okay, I’ve ranted long enough — it’s time for Infoworld to take over on this score with more practical advice.

The Midyear State of the IT Job Market.

By the way, I know my response to the esoteric game won’t work for everyone, but whenever someone gets me into this position of Continue reading

The Upload: Your tech news briefing for Friday, June 19

Google’s data centers grow so fast it has to build its own networksGoogle has been building its own software-defined data-center networks for 10 years because traditional gear can’t handle the scale of what are essentially warehouse-sized computers. The company hasn’t said much before about that homegrown infrastructure, but one of its networking chiefs provided some details this week about the current network design that powers all of Google’s data centers and has a maximum capacity of a whopping 1.13 petabits per second.To read this article in full or to leave a comment, please click here

Enterprises hesitant on SDNs

SANTA CLARA -- Even though service providers are well on their way with SDNs, enterprise adoption of the technology is slowed by a host of issues. Chief among them is cultural inertia. Large enterprises in particular are loathe to change anything, be it technology, operational processes or organizational structure, especially if the need to do so is unclear or viewed as potentially risky.To read this article in full or to leave a comment, please click here

EFF, CloudFlare Ask Federal Court Not To Force Internet Companies To Enforce Music Labels’ Trademarks

This blog was originally posted by the Electronic Frontier Foundation who is represents CloudFlare in this case.

alt

JUNE 18, 2015 | BY MITCH STOLTZ

This month, CloudFlare and EFF pushed back against major music labels’ latest strategy to force Internet infrastructure companies like CloudFlare to become trademark and copyright enforcers, by challenging a broad court order that the labels obtained in secret. Unfortunately, the court denied CloudFlare’s challenge and ruled that the secretly-obtained order applied to CloudFlare. This decision, and the strategy that led to it, present a serious problem for Internet infrastructure companies of all sorts, and for Internet users, because they lay out a blueprint for quick, easy, potentially long-lasting censorship of expressive websites with little or no court review. The fight’s not over for CloudFlare, though. Yesterday, CloudFlare filed a motion with the federal court in Manhattan, asking Judge Alison J. Nathan to modify the order and put the responsibility of identifying infringing domain names back on the music labels.

We’ve reported recently about major entertainment companies’ quest to make websites disappear from the Internet at their say-so. The Internet blacklist bills SOPA and PIPA were part of that strategy, along with the Department of Homeland Security’s Continue reading

Build your own network simulator using open-source DevOps tools

Open-source DevOps tools are used to deploy applications and services in datacenter server networks, but they may also enable researchers or students to simulate networks. In this post, we will survey popular open-source DevOps tools and provide links to information that shows how to use them to create network simulation scenarios.

Most open-source network simulators simplify the setup and configuration of virtual machines and the networking connections between virtual machines. DevOps tools such as OpenStack do the same things, although they expose more of the complexities of the virtualized infrastructure to the user.

If you are already using DevOps tools for other activities you may find it useful to also use them when you need to create a simulated network instead of learning to use a network simulator.

Comparing simulators to DevOps tools

Both open-source network simulators and a coordinated set of DevOps tools perform the same role: they orchestrate the setup, interconnection, and configuration of virtual nodes in a virtual network.

Open-source simulators are built to support small-scale simulation scenarios on one computer, although some can run in a distributed mode across multiple computers. DevOps tools are designed to work in datacenters composed of hundred or thousands of servers, Continue reading

iOS gets a first in Microsoft’s OneNote: New to-do list feature

Microsoft has rolled out a new OneNote feature to the iPhone first before any other platform, showing off the company’s interest in promoting cross-platform use of its note-taking system.OneNote users with Apple’s smartphones will now be able to convert notes with checklists in them into a special list mode that will organize items based on whether they’re checked off or not. A note formatted as a list also includes an “add item” button at the top that will create a new blank to-do.The feature is designed to make it easier for people to quickly interact with their checklists on touch devices without having to deftly pick out a single checkbox in a long column of little boxes. At any time, notes that have been converted to the new checklist format can be converted back without much fuss, and the notes will still be readable by other versions of OneNote as long checklists.To read this article in full or to leave a comment, please click here

Packets of Interest (2015-06-19)

It's been a while since I've done a POI so here we go. The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/ Kaspersky Lab found this new variant of the Duqu malware in their own network. They wrote a paper based on their analysis of this new malware. It fascinates me how sophisticated these software packages are and how much effort the threat actors put into them. Diffie-Hellman Key Exchange Diffie-Hellman (DH) is the world's first public key crypto system.
1 3,379 3,380 3,381 3,382 3,383 3,791