How should the U.S. respond to state-sponsored cyberattacks?

It's no secret that U.S. government agencies and businesses are the target of around-the-clock cyber intrusions, many carried out by or at the behest of foreign nation-states.But how exactly should the feds respond to those incursions?Ask a random sample of Americans and you'll likely get a very different answer than if you polled the State Department.In a recent flash survey of more than 1,000 U.S. adults commissioned by the security vendor Vormetric, a quarter of the respondents said that the United States should cut off all ties to any nation responsible for compromising U.S. government data.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, July 29

Intel and Micron unveil a new class of memory with 3D XPointIntel and Micron say they’ve developed the first new kind of memory since NAND flash was introduced in 1989. The new technology, 3D XPoint, is a form of non-volatile memory that’s as much as 1,000 times faster than NAND flash, the companies say. 3D XPoint should arrive in products next year, and it could change computing as much as SSDs have by powering better speech recognition, biometrics, and gesture-based interfaces.To read this article in full or to leave a comment, please click here

Mitigate DoS Attack using TCP Intercept on Cisco Router

How does Internet work - We know what is networking

This is really cool feature on Cisco router not usually mentioned until you dig a little deeper inside Cisco IOS. But first a bit of theory… What is TCP SYN flood attack TCP 3-way handshake SYN flood DoS attack happens when many sources start to send a flood of TCP SYN packets usually with fake source IP. This attack uses TCP 3-way handshake to reserve all server available resources with fake SYN requests thus not allowing legitimate users to establish connection to the server. SYN packet is the first step in TCP 3-way handshake where client sends connection synchronization request

Mitigate DoS Attack using TCP Intercept on Cisco Router

Ink-shooting game ‘Splatoon’ helps power Nintendo to profit

Japanese gaming icon Nintendo posted a profit for the April-June quarter on Wednesday thanks in part to surging sales of a game in which players can squirt ink all over the place and transform into squids.“Splatoon” for the Wii U console launched globally in May and has since sold over 1.62 million units, Nintendo said as it notched a profit of ¥8.3 billion (US$67 million) for the three months to June 30, a reversal of a ¥9.9 billion loss a year earlier.Hardware in the Nintendo 3DS lineup saw global sales reach 1.01 million units in the quarter and associated software reached 7.92 million units. Other factors that buoyed the company’s business were the weakness of the yen and strong sales of Amiibo, which are figurines that are designed to wirelessly communicate with the Wii U and 3DS, triggering in-game benefits.To read this article in full or to leave a comment, please click here

Big Flowering Things and Lego Bricks

Matt Oswalt wrote a great blog post complaining about vendors launching ocean-boiling solutions instead of focused reusable components, and one of the comments his opinion generated was along the lines of “I thought one of the reasons people wanted SDN, is because they wanted to deal with The Network – think about The Network's Performance, Robustness and Services instead of dealing with 100s or 1000s of individual boxes.

The comment is obviously totally valid, so let me try to reiterate what Matt wrote using Lego bricks ;)

Read more ...

No building access card? No problem if you have new Def Con tools

RFID card access systems are used by most companies to let people into their buildings. But over the last few years, researchers have shown how these systems can be easily bypassed.Francis Brown, a partner at the computer security firm Bishop Fox, has been on the forefront of much of the research. In fact, he recognized some of his tools and methods being used in the TV program Mr. Robot, which has been noted for highly accurate technical detail.Lately, he’s been looking closely at breaching high- and ultra-high frequency RFID (radio-frequency identification) systems, which are increasingly being used for physical security systems.He’s due to give a presentation at this year’s Def Con Hacking Conference in Las Vegas early next month with a bevy of new and improved software and hardware goodies.To read this article in full or to leave a comment, please click here

golang up and running on CentOS7 – take two

After some great feedback and some additional learning/fixes on my end, I wanted to make an updated version of this post. 

This go around, I’ve added some plugins I found helpful as well as made a couple of tweaks that I think (not sure yet) will be helpful to me going forward.  So here is the brand new build script I came up with…

#Install dependancies and neccessary packages
yum -y install golang git vim wget python-devel cmake
yum -y groupinstall "Development Tools"

#Modify your bash_profile...
vim ~/.bash_profile
#Add this config...
export GOPATH=$HOME/go
#Source the file
source .bash_profile

#Make the golang workspace
mkdir ~/go
mkdir ~/go/bin
mkdir ~/go/pkg
mkdir ~/go/src

#Install and configure Vundle...
#Pull down Vundle
git clone https://github.com/gmarik/Vundle.vim.git ~/.vim/bundle/Vundle.vim
#Edit your .vimrc file...
vim ~/.vimrc
#Add this config...
set nocompatible
filetype off
colorscheme molokai
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#rc()
Plugin 'gmarik/Vundle.vim'
Plugin 'nsf/gocode', {'rtp': 'vim/'}
Plugin 'fatih/vim-go'
Plugin 'Valloric/YouCompleteMe'
Plugin 'scrooloose/nerdtree.git'
filetype plugin indent on
"Prevent autocomplete help from staying visisble
autocmd CursorMovedI * if pumvisible() == 0|pclose|endif
autocmd InsertLeave * if pumvisible() == 0|pclose|endif
"Quit VIM if NERDTree is last open Window
autocmd bufenter *  Continue reading

The Correct Mask for a PE’s Loopback0

As I've written about previously (The Importance of BGP NEXT_HOP in L3VPNs), the BGP NEXT_HOP attribute is key to ensuring end to end connectivity in an MPLS L3VPN. In the other article, I examine the different forwarding behavior of the network based on which of the egress PE's IP addresses is used as the NEXT_HOP. In this article I'll look at the subnet mask that's associated with the NEXT_HOP and the differences in forwarding behavior when the mask is configured to different values.

There is a lot of (mis-)information on the web stating that the PE's loopback address — which, as I explain in the previous article, should always be used as the NEXT_HOP — must have a /32 mask. This is not exactly true. I think this is an example of some information that has been passed around incorrectly, and without proper context, and is now taken as a rule. I'll explain more about this further on in the article.

Twitter surprises with a sales gain, but user growth lags

Twitter reported a higher than expected increase in revenue on Tuesday, suggesting progress in the company’s efforts to grow its ad sales.Total revenue for the second quarter ending June 30 was US$502 million, Twitter reported, up 61 percent from the same period last year, and beating estimates of $481 million from analysts polled by the Thomson Financial Network.Twitter also reported decent growth in its users, although with a caveat. For the quarter, the total number of users logging in monthly was 316 million, up 15 percent. But compared to the first quarter, the vast majority of the increase was derived from SMS Fast Followers, people who access Twitter content on mobile devices but do not have accounts on the service.To read this article in full or to leave a comment, please click here

Italian parliament drafts a declaration of Internet rights

The Italian parliament wants to have its say in the creation of an international legal framework promoting freedom, equality and access to cyberspace for all, and on Tuesday it presented a Declaration of Internet Rights that it will bring to the Internet Governance Forum in Brazil in November.“This is the first time that a parliament produces a declaration on Internet rights of constitutional inspiration and international scope,” Laura Boldrini, the speaker of the lower house of parliament and a major backer of the project, told a press conference in Rome. Boldrini said she hoped parliament would pass a motion calling on the Italian government to promote the document in national and international forums. The document was drawn up by a commission headed by Stefano Rodotà, a former politician and jurist.To read this article in full or to leave a comment, please click here

With ‘recall,’ Fiat Chrysler makes its car hack worse

After Wired showed two hackers remotely gain access and immobilize a moving Jeep by exploiting software vulnerabilities last week, Fiat Chrysler responded by patching the vulnerability in several Jeep, Dodge, and Chrysler models that were equipped with the Uconnect software that was hacked. How they went about issuing the patch, however, may just put the company's customers further at risk.Rather than simply treating the software patch as a traditional recall (i.e. requiring them to visit a service center and have an expert make the fix), Fiat Chrysler is mailing a USB thumb drive to owners of the affected cars. From there, the cars' owners can plug the USB drive into the cars' USB port to patch the software vulnerability. This seems like a convenient way to issue a recall for something that car owners can fix themselves. To read this article in full or to leave a comment, please click here

Human error to blame in fatal crash of Virgin Galactic’s spacecraft

When the co-pilot of Virgin Galactic’s SpaceshipTwo prematurely unlocked the feathering -- or braking system on the spacecraft it set off a chain of events that lead to a chain of events that brought the ship down.+MORE ON NETWORK WORLD: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+That was but one of the findings released today by the National Transportation Safety Board which has ben investigating the Virgin Galactic crash 10 months ago that killed the copilot and badly injured the pilot.To read this article in full or to leave a comment, please click here

Amazon Launchpad store will sell goods from startups

Amazon is opening a specialized storefront on its website that will sell products from startups in an effort to help the fledging companies build their businesses.Called Launchpad, the site lists approximately 200 items with an emphasis on tech gadgets, like a US$649 drone or a $150 floating Bluetooth speaker. There are also startups selling food, like gluten-free pancake mix, and wellness products, including vitamins. Each startup will get a product page for its merchandise and will get Amazon’s help with marketing and distributing. The products will ship to buyers from Amazon’s warehouses and will be eligible for Prime, the company’s expedited shipping program. Joining Launchpad is free, Amazon said.To read this article in full or to leave a comment, please click here

Obama won’t pardon Snowden, despite petition

U.S. President Barack Obama won’t pardon National Security Agency leaker Edward Snowden, despite strong public support for it, the White House said Tuesday.A petition on WhiteHouse.gov calling for Obama to pardon Snowden has nearly 168,000 signatures, but that’s not enough to sway the president, said Lisa Monaco, Obama’s advisor on homeland security and counterterrorism.Obama has pushed for surveillance reforms “since taking office,” Monaco wrote on the WhiteHouse.gov petition site. “Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it,” she added.To read this article in full or to leave a comment, please click here

Darkode cybercrime forum might be making a comeback

The former administrator of Darkode, the online cybercrime forum that was recently shut down by law enforcement agencies, is preparing to bring it back, with better security and privacy for its members.On July 15, the U.S. Department of Justice announced that the Darkode hacking forum where cybercriminals had gathered to exchange services and tools for years, was dismantled following an operation that involved agencies in 20 countries.Seventy suspected Darkode members from many countries were searched, arrested or charged after the FBI infiltrated the forum’s invitation-only membership and gathered evidence.To read this article in full or to leave a comment, please click here

1 3,391 3,392 3,393 3,394 3,395 3,853