The Upload: Your tech news briefing for Thursday, May 12

Senators block vote extending NSA dragnet powersFour U.S. senators ground the chamber’s business to a halt Wednesday in an effort to prevent voting on a bill that would extend a law that’s legitimized the National Security Agency’s bulk collection of telephone and business records. The relevant section of the Patriot Act expires at the end of the month, and to stop it from being renewed, a bipartisan group took control of the Senate floor in a filibuster mid-Wednesday.Hack hits health care target, reaps data on 1.1 millionTo read this article in full or to leave a comment, please click here

Amazon adds groceries, meals to one-hour Prime Now delivery service

Amazon.com has expanded its Prime Now one-hour deliveries to include groceries, meals and baked goods from local stores in New York, in a move that will soon be extended to other cities.The deliveries will be available in some Mahattan neighborhoods starting Thursday, and then expand across the island in the coming weeks. The Prime Now website lists 11 zip codes where residents can use the service. Amazon will add local stores in other cities soon, it said.The first batch of stores are D’Agostino, Gourmet Garage and Billy’s Bakery, and Eataly and Westside Market will be the next, according to Amazon.Prime Now and the Android or iOS apps people use to shop were announced in December last year. The service is also available in Atlanta, Austin, Baltimore, Brooklyn, Dallas and Miami. It can be used from 6 a.m. to midnight, seven days a week. Two-hour delivery is free and one-hour delivery costs US$7.99. As the name implies, users first have to sign up for a regular Prime membership to use the service, which is priced at $99 a year.To read this article in full or to leave a comment, please click here

Stupidities of Switch Programming (written in June 2013)

In June 2013 I wrote a rant that got stuck in my Evernote Blog Posts notebook for almost two years. Sadly, not much has changed since I wrote it, so I decided to publish it as-is.

In the meantime, the only vendor that’s working on making generic network deployments simpler seems to be Cumulus Networks (most other vendors went down the path of building proprietary fabrics, be it ACI, DFA, IRF, QFabric, Virtual Chassis or proprietary OpenFlow extensions).

Arista used to be in the same camp (I loved all the nifty little features they were rolling out to make ops simpler), but it seems they lost their mojo after the IPO.

Read more ...

Lenovo’s profit hit by acquisitions of Motorola, IBM server business

Lenovo’s recent acquisitions have taken a bite out of the company’s earnings, with its net profit in the first quarter dropping 37 percent despite strong PC sales.The Chinese company paid US$2.9 billion for Motorola Mobility and $2.1 billion for IBM’s x86 server business. Prior to the acquisitions, Lenovo typically reported strong earnings on continued PC demand in its home market.The impact of the acquisitions was not unexpected. The Chinese PC maker has said its net profit will fall in the short-term, following the acquisitions last year.To read this article in full or to leave a comment, please click here

Lenovo’s profit hit by acquisitions of Motorola, IBM server business

Lenovo’s recent acquisitions have taken a bite out of the company’s earnings, with its net profit in the first quarter dropping 37 percent despite strong PC sales.The Chinese company paid US$2.9 billion for Motorola Mobility and $2.1 billion for IBM’s x86 server business. Prior to the acquisitions, Lenovo typically reported strong earnings on continued PC demand in its home market.The impact of the acquisitions was not unexpected. The Chinese PC maker has said its net profit will fall in the short-term, following the acquisitions last year.To read this article in full or to leave a comment, please click here

Using Check Point Identity Awareness with NAT

Check Point Identity Awareness is problematic in environments that have multiple customers, overlapping private address space, and NAT. It can be done, if you understand the traffic flows, the connections needed, and how to combine several features. Here’s how I did it.

NB: This post is not a full explanation of Check Point Identity Awareness, nor is it a discussion of the product design decisions, good or bad. It assumes that the reader understands what Identity Awareness is, and focuses on how to implement it when you also need to use NAT. It will be pretty dull reading to everyone else.

Background: Typical Check Point Management Flows

A quick reminder of the traditional flows used for Check Point firewall management:

Check Point Management FlowsCheck Point Management Clients (e.g. SmartDashboard, SmartLog) connect to the management server to configure policies, view logs, etc.

Policies are compiled and pushed from the management server to the firewall(s). Logs are sent from the firewall back to the management server. All good.

Identity Awareness: Additional Connections

Identity Awareness lets you define rules based upon user identities, rather than IP addresses. So you can say “This AD group is allowed to connect directly to the SQL Server.” Much nicer Continue reading

US proposes tighter export rules for computer security tools

The U.S. Commerce Department has proposed tighter export rules for computer security tools, a potentially controversial revision to an international agreement aimed at controlling weapons technology.On Wednesday, the department published a proposal in the Federal Register and opened a two-month comment period.The changes are proposed to the Wassenaar Arrangement, an international agreement reached in 1995, aimed at limiting the spread of “dual use” technologies that could be used for harm.To read this article in full or to leave a comment, please click here

RadioShack, US states reach agreement on sale of customer data

RadioShack has reached agreement with U.S. states over the sale of customer data, by consenting to limit the number of email addresses to be sold, and giving customers the opportunity to be removed from the list.A coalition of 38 U.S. states, led by Texas, objected to the sale of personally identifiable information by the bankrupt electronics retailer, citing its online and in-store privacy policies. The customer data, which was withdrawn from an earlier sale of assets that included RadioShack stores, was included in a second auction this month.The bulk of the consumer data will be destroyed, and no credit or debit card account numbers, social security numbers, dates of birth or phone numbers will be transferred to General Wireless Operations, the winner of both auctions, said Texas Attorney General Ken Paxton in a statement Wednesday.To read this article in full or to leave a comment, please click here

RadioShack, US states reach agreement on sale of customer data

RadioShack has reached agreement with U.S. states over the sale of customer data, by consenting to limit the number of email addresses to be sold, and giving customers the opportunity to be removed from the list.A coalition of 38 U.S. states, led by Texas, objected to the sale of personally identifiable information by the bankrupt electronics retailer, citing its online and in-store privacy policies. The customer data, which was withdrawn from an earlier sale of assets that included RadioShack stores, was included in a second auction this month.The bulk of the consumer data will be destroyed, and no credit or debit card account numbers, social security numbers, dates of birth or phone numbers will be transferred to General Wireless Operations, the winner of both auctions, said Texas Attorney General Ken Paxton in a statement Wednesday.To read this article in full or to leave a comment, please click here

Logjam: the latest TLS vulnerability explained

log-jam

Yesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography (just like FREAK).

First, let me start by saying that CloudFlare customers are not and were never affected. We don’t support non-EC Diffie-Hellman ciphersuites on either the client or origin side. We also won't touch EXPORT-grade cryptography with a 20ft stick.

But why are CloudFlare customers safe, and how does Logjam work anyway?

The image is "Logjam" as interpreted by @0xabad1dea.

Diffie-Hellman and TLS

This is a detailed technical introduction to how DH works and how it’s used in TLS—if you already know this and want to read about the attack, skip to “Enter export crypto, enter Logjam” below. If, instead, you are not interested in the nuts and bolts and want to know who’s at risk, skip to “So, what’s affected?”

To start a TLS connection, the two sides—client (the browser) and server (CloudFlare)—need to agree securely on a secret key. This process is called Continue reading

Health insurer CareFirst reveals cyberattack affecting 1.1 million

A large U.S. health insurer, CareFirst BlueCross BlueShield, has disclosed it fell victim to a cyberattack that affected about 1.1 million people.The attack, which occurred in June last year, targeted a single database that contained information about CareFirst members and others who accessed its websites and services, the company said Monday.The nonprofit has 3.4 million members, mostly around Maryland, Washington, D.C., and Northern Virginia.“We were the subject of a cyberattack,” a somber looking Chet Burrell, the company’s CEO, says in a video posted to its website.CareFirst said customer names, birth dates, user names, email addresses and subscriber ID numbers may have been stolen. The database did not contain Social Security numbers, medical claims or financial information, it said. And member passwords were encrypted and stored in a different system, CareFirst said.To read this article in full or to leave a comment, please click here

Fierce smartphone rivalry driving faster chip development, ARM CEO says

Heated competition in the smartphone and tablet markets has required chip makers to speed up the pace at which they release new processors, the CEO of ARM said in an interview this week.Following in the footsteps of Apple, rivals like Samsung and HTC are upgrading their flagship devices on a near yearly basis, adding better displays, faster chips and more memory to entice customers into buying their products.ARM designs the microprocessors used in most of those devices, and the increased competition means it’s having to push out faster, more power-efficient chips at a quicker pace, CEO Simon Segars said Tuesday.“We’re always going to be looking to deliver more performance, make the best use of manufacturing technology ... and deliver better system-wide efficiency,” he added.To read this article in full or to leave a comment, please click here

Senators stall vote to extend NSA phone records dragnet

Four U.S. senators ground the chamber’s business to a halt Wednesday in an effort to prevent lawmakers from voting on a bill to extend portions of the Patriot Act used to collect telephone and business records from the country’s residents.Time is running out for the Senate to extend the telephone records collection section of the Patriot Act before it expires at the end of the month. In an effort to block a vote, Senator Rand Paul, a Kentucky Republican, took control of the Senate floor in a filibuster mid-Wednesday, with Senators Ron Wyden, an Oregon Democrat, Mike Lee, a Utah Republican, and Martin Heinrich, a New Mexico Democrat, joining him later in the day.To read this article in full or to leave a comment, please click here

Senators stall vote to extend NSA phone records dragnet

Four U.S. senators ground the chamber’s business to a halt Wednesday in an effort to prevent lawmakers from voting on a bill to extend portions of the Patriot Act used to collect telephone and business records from the country’s residents.Time is running out for the Senate to extend the telephone records collection section of the Patriot Act before it expires at the end of the month. In an effort to block a vote, Senator Rand Paul, a Kentucky Republican, took control of the Senate floor in a filibuster mid-Wednesday, with Senators Ron Wyden, an Oregon Democrat, Mike Lee, a Utah Republican, and Martin Heinrich, a New Mexico Democrat, joining him later in the day.To read this article in full or to leave a comment, please click here

Senators stall vote to extend NSA phone records dragnet

U.S. Senator Rand Paul spoke on the chamber's floor for more than nine hours Wednesday during a filibuster to prevent lawmakers from voting on a bill to extend portions of the law used by the National Security Agency to collect telephone and business records from the country's residents.Paul, a Kentucky Republican, continued to talk on the Senate floor at 10:25 p.m. EST, after taking control of the chamber earlier in the day. Nine other senators joined him for short stretches throughout the day, including Ron Wyden, an Oregon Democrat, Mike Lee, a Utah Republican, and Martin Heinrich, a New Mexico Democrat.Time is running out for the Senate to extend the section of the Patriot Act that the NSA uses as authorization to collect telephone and other business records. Section 215 of the Patriot Act expires at the end of the month, and lawmakers are scheduled to take an extended Memorial Day break next week.To read this article in full or to leave a comment, please click here

Senators stall vote to extend NSA phone records dragnet

U.S. Senator Rand Paul spoke on the chamber's floor for more than nine hours Wednesday during a filibuster to prevent lawmakers from voting on a bill to extend portions of the law used by the National Security Agency to collect telephone and business records from the country's residents.Paul, a Kentucky Republican, continued to talk on the Senate floor at 10:25 p.m. EST, after taking control of the chamber earlier in the day. Nine other senators joined him for short stretches throughout the day, including Ron Wyden, an Oregon Democrat, Mike Lee, a Utah Republican, and Martin Heinrich, a New Mexico Democrat.Time is running out for the Senate to extend the section of the Patriot Act that the NSA uses as authorization to collect telephone and other business records. Section 215 of the Patriot Act expires at the end of the month, and lawmakers are scheduled to take an extended Memorial Day break next week.To read this article in full or to leave a comment, please click here

Racist query terms in Google Maps trigger the White House in results

Google Maps lists the White House among top search results for certain queries containing racist terms against African-Americans.The Washington Post first reported the issue after a reader alerted the newspaper that entering a well-known racial slur while Google Maps is focused on the nation’s capital yielded the White House as the first result. The result comes up when using Google’s mobile Maps app, as well as its Maps website.Regardless of the user’s location within Maps, a search for another racially insulting term against blacks listed the Underground Railroad TV station in Chicago as the top result, with the White House coming in second. Other similarly racist query terms also gave the White House as the top result, along with the Jim Crow Museum of Racist Memorabilia in Big Rapids, Michigan.To read this article in full or to leave a comment, please click here

Bigger, better, faster: What does Wave 2 of 802.11ac have in store?

"Bigger, better, faster" is a mantra with which many of us are now familiar. Even if it isn't something we have printed on a t-shirt, it can be how we strive to live without often realizing it. Improvement is a part of life. You don't have to look hard to see examples of certain things that have already realized their great potential for improvement. But what about things we take for granted, like wireless?  Wireless is all around us, but it's something we take for granted. Sometimes it’s harder to find a business or public location without Wi-Fi than it is to find one with it. So can wireless actually advance? Whether it's in the boardroom or the living room, we have expectations of buttery-smooth audio and video. As the number of wireless devices grows at a profound rate, how can we shore up the wireless network to provide service to all that’s connected? Wireless AC may be the light at the end of the tunnel. With Wave 1 speeds of 1.3Gbps (your mileage may vary) we're offered a chance to handle the larger amount of requests constantly bombarding our access points (APs). Still, the struggle in dense environments Continue reading

Building a Fully Automated Ubuntu Installation Process

Recently on Twitter, I mentioned that I had managed to successfully create a fully automated process for installing Ubuntu Server 14.04.2, along with a method for bootstrapping Ansible. In this post, I’m going to describe the installation process I built and the components that went into making it work. I’ll discuss the Ansible bootstrap process in a separate post. I significantly doubt that there is anything new or unique here, but hopefully this information will prove helpful to others facing similar challenges.

Before I continue, allow me to briefly discuss why I didn’t use a system like Cobbler instead of putting together my own system. Cobbler is a great tool. For me, though, this was also about deepening my own knowledge. I wanted to better understand the various components involved and how they interacted, and I didn’t feel I would really be able to do that with a “prebuilt” system like Cobbler. If you are more interested in getting something up and running as opposed to learning more about how it works (and that’s OK), then I’d recommend you skip this post and go download Cobbler. If, on the other hand, you want to make this into more Continue reading