0

Go Go Gadget Networking Lab!

For the last few years, if you wanted to set up a virtual network environment (for testing purposes, or setting up a lab, etc), it was more or less a manual process of installing software like the CSR 1000v from an ISO or OVA. Rinse and repeat. If you were fortunate enough to work at a company with decent virtual machine automation and infrastructure (and had access to it) then you could in theory make this a little easier, but it’s hardly portable. However, this is still much better than it was only a few short years ago, when many vendors simply did not offer a virtual machine version of their routers and firewalls.

The other day I was catching up on some Twitter feed, and I noticed a tweet from John Deatherage that caught my eye:

Updated #vsrx @vagrantup plugin to support DHCP, as well as Vagrant's new(er) insecure pubkey replacement https://t.co/WaMSAoDVIY #netdevops

— John Deatherage (@RouteLastResort) March 25, 2015

I’ve been using Vagrant for about a year, so I’ve got a bit of experience with it, but mostly with server operating systems. Seeing this tweet reference it’s use in the context of spinning up instances of a Continue reading

0

The Upload: Your tech news briefing for Friday, March 27

Twitter answers Meerkat with its own video streaming appTwo weeks after confirming it had acquired Periscope, Twitter has launched the live video streaming app to compete with buzzed-about Meerkat. Both apps post live-streamed video to your Twitter feed, but Twitter has now blocked the competitor from accessing follower/followed lists.UN to appoint privacy watchdogThe United Nations’ Human Rights Council has voted to appoint a watchdog—“special rapporteur” in UN-speak—to monitor privacy in the digital world. The post comes with mostly advisory powers, but the move, backed by Germany and Brazil, is seen as important amid concerns about surveillance by the U.S. and other countries.To read this article in full or to leave a comment, please click here

0

The Upload: Your tech news briefing for Friday, March 27

Twitter answers Meerkat with its own video streaming appTwo weeks after confirming it had acquired Periscope, Twitter has launched the live video streaming app to compete with buzzed-about Meerkat. Both apps post live-streamed video to your Twitter feed, but Twitter has now blocked the competitor from accessing follower/followed lists.UN to appoint privacy watchdogThe United Nations’ Human Rights Council has voted to appoint a watchdog—“special rapporteur” in UN-speak—to monitor privacy in the digital world. The post comes with mostly advisory powers, but the move, backed by Germany and Brazil, is seen as important amid concerns about surveillance by the U.S. and other countries.To read this article in full or to leave a comment, please click here

0

Microsoft wants to make Powerpoint more Web-friendly, buys LiveLoop

Microsoft has acquired LiveLoop and its technology for sharing PowerPoint presentations online more easily.The software giant didn’t reveal any financial details, but confirmed the deal via email saying the team from LiveLoop will help build great collaboration across Office applications, as part of the company’s strategy to reinvent productivity.Beyond that, MIcrosoft isn’t revealing what it plans to do with LiveLoop. The acquisition, however, fits well with its plan to make its applications and services available on as many devices as possible irrespective of the OS.LiveLoop’s technology converts PowerPoint files into URLs that can be viewed from computers and smartphones without installing any software, according to the company’s website.To read this article in full or to leave a comment, please click here

0

Microsegmentation in VMware NSX on Software Gone Wild

VM NIC firewalls have been around for years (they’re also the reason I got my first invitation to the awesome Troopers conference), but it sounds so much better when you call them Microsegmentation (not the one I talked about @ Troopers this year).

Marketing gimmicks aside, VMware NSX includes an interesting in-kernel stateful firewall, and Brad Hedlund was kind enough to explain the intricacies of that feature in Episode 27 of Software Gone Wild

0

UN to appoint watchdog to focus on privacy in digital age

The Human Rights Council of the United Nations has voted in favor of a resolution backed by Germany and Brazil to appoint an independent watchdog or ‘special rapporteur’ to monitor privacy rights in the digital age.The council said Thursday that the same rights that people have offline must also be protected online, including the right to privacy.The proposed appointment of the rapporteur is likely to be mainly symbolic as the official’s functions will be mainly advisory. But it reflects continuing concerns around the world about privacy in the wake of disclosures of U.S. surveillance by former National Security Agency contractor, Edward Snowden.To read this article in full or to leave a comment, please click here

0

UN to appoint watchdog to focus on privacy in digital age

The Human Rights Council of the United Nations has voted in favor of a resolution backed by Germany and Brazil to appoint an independent watchdog or ‘special rapporteur’ to monitor privacy rights in the digital age.The council said Thursday that the same rights that people have offline must also be protected online, including the right to privacy.The proposed appointment of the rapporteur is likely to be mainly symbolic as the official’s functions will be mainly advisory. But it reflects continuing concerns around the world about privacy in the wake of disclosures of U.S. surveillance by former National Security Agency contractor, Edward Snowden.To read this article in full or to leave a comment, please click here

0

Quick Example: Elasticsearch Bulk Index API with Python

A quick example that shows how to use Elasticsearch bulk indexing from the Python client. This is dramatically faster than indexing documents one at a time in a loop with the index() method.

0

Quick Example: Elasticsearch Bulk Index API with Python

A quick example that shows how to use Elasticsearch bulk indexing from the Python client. This is dramatically faster than indexing documents one at a time in a loop with the index() method.

0

At Facebook, a sharpening focus on virtual reality

In 10 years, there may be no need to check Facebook’s site to see what that friend overseas is up to. You might just pick up a pair of goggles, reach out and hold her hand at her birthday party.You won’t have to actually be there. The experience could be made possible through virtual reality.Facebook sees it as a radical and important technology that in the not-too-distant future could provide new ways to help people connect and transport them to places that are out of reach or don’t even exist. Providing those experiences is among Facebook’s ambitious long-term goals, along with providing Internet access through aerial drones and deepening its artificial intelligence technology to better understand what people want.To read this article in full or to leave a comment, please click here

0

An SDN vulnerability forced OpenDaylight to focus on security

Open-source software projects are often well intended, but security can take a back seat to making the code work.OpenDaylight, the multivendor software-defined networking (SDN) project, learned that the hard way last August after a critical vulnerability was found in its platform.It took until December for the flaw, called Netdump, to get patched, a gap in time exacerbated by the fact that the project didn’t yet have a dedicated security team. After he tried and failed to get in touch with OpenDaylight, the finder of the vulnerability, Gregory Pickett, posted it on Bugtraq, a popular mailing list for security flaws.To read this article in full or to leave a comment, please click here

0

An SDN vulnerability forced OpenDaylight to focus on security

Open-source software projects are often well intended, but security can take a back seat to making the code work. OpenDaylight, the multivendor software-defined networking (SDN) project, learned that the hard way last August after a critical vulnerability was found in its platform. It took until December for the flaw, called Netdump, to get patched, a gap in time exacerbated by the fact that the project didn’t yet have a dedicated security team. After he tried and failed to get in touch with OpenDaylight, the finder of the vulnerability, Gregory Pickett, posted it on Bugtraq, a popular mailing list for security flaws.To read this article in full or to leave a comment, please click here

0

Go Go Gadget Networking Lab!

For the last few years, if you wanted to set up a virtual network environment (for testing purposes, or setting up a lab, etc), it was more or less a manual process of installing software like the CSR 1000v from an ISO or OVA. Rinse and repeat. If you were fortunate enough to work at a company with decent virtual machine automation and infrastructure (and had access to it) then you could in theory make this a little easier, but it’s hardly portable.

0

Go Go Gadget Networking Lab!

For the last few years, if you wanted to set up a virtual network environment (for testing purposes, or setting up a lab, etc), it was more or less a manual process of installing software like the CSR 1000v from an ISO or OVA. Rinse and repeat. If you were fortunate enough to work at a company with decent virtual machine automation and infrastructure (and had access to it) then you could in theory make this a little easier, but it’s hardly portable.

0

How to boot an encrypted system safely

These are my notes on how to set up a system securely, in a way that would prevent attackers from being capable of performing an “evil maid attack”.

The threat model

You have a Linux server that you want to protect against data theft and other backdoors. The attacker can get physical access to your hardware, for example by having access to the server room that houses your rack.

Your attacker is funded, but not super well funded. This will not protect you against intelligence agencies.

The attacker can buy a new server that looks just like the one you have. You will not be able to tell the difference from physical inspection.

You want to know that it’s safe to log in to your server after a suspicious power outage or reboot.

This solution assumes that once the system is booted and you log in, you have access to the secret data. In other words, this is not a protection for gaming consoles or kiosks.

Overview of the solution

First of all, full disk encryption using dm-crypt. Obviously. (other FDE also acceptable, of course)

Walking up to the server and typing the passphrase every reboot is not only tedious Continue reading

0

How to boot an encrypted system safely

These are my notes on how to set up a system securely, in a way that would prevent attackers from being capable of performing an “evil maid attack”.

The threat model

You have a Linux server that you want to protect against data theft and other backdoors. The attacker can get physical access to your hardware, for example by having access to the server room that houses your rack.

Your attacker is funded, but not super well funded. This will not protect you against intelligence agencies.

The attacker can buy a new server that looks just like the one you have. You will not be able to tell the difference from physical inspection.

You want to know that it’s safe to log in to your server after a suspicious power outage or reboot.

This solution assumes that once the system is booted and you log in, you have access to the secret data. In other words, this is not a protection for gaming consoles or kiosks.

Overview of the solution

First of all, full disk encryption using dm-crypt. Obviously. (other FDE also acceptable, of course)

Walking up to the server and typing the passphrase every reboot is not only tedious Continue reading

0

BGP Optimizer Causes Thousands Of Fake Routes

Earlier today many BGPmon users received one or more alerts informing them that their autonomous system (AS) started to announce a more-specific prefix. BGPmon classified many of these alerts as possible BGP man-in-the-middle (MITM) attacks. Here is an example alert:


====================================================================
Possible BGP MITM attack (Code: 21)
====================================================================
Your prefix: 23.20.0.0/15:
Prefix Description: acxiom-online.com --- Amazon EC2 IAD prefix
Update time: 2015-03-26 11:27 (UTC)
Detected by #peers: 24
Detected prefix: 23.21.112.0/20
Announced by: AS14618 (AMAZON-AES - Amazon.com, Inc.,US)
Upstream AS: AS3257 (TINET-BACKBONE Tinet SpA,DE)
ASpath: 4608 24130 7545 6939 40633 18978 3257 14618


The alert shows the user was monitoring 23.20.0.0/15, normally announced by Amazon, Inc. (AS14618). In this case however, the detected prefix was the more specific 23.21.112.0/20. The netblock owners would have verified their BGP announcements and quickly recognized they did not originate this more-specific prefix. Further analysis pointed to the suspicion that a bad actor was impersonating Amazon. BGPmon algorithms alerted to this as well, and–within moments of the initial change–marked these events as a possible BGP MITM attack.

One reason for this classification is the way BGPmon understands and interprets AS Continue reading

0

Message to Errata employees

Dear employees,

Starting next week, Errata Security will be following RSA Conference's lead and institute a "Morality Dress Code" in order to deal with the problem of loose women on the premises.

Attire of an overly revealing or suggestive nature is not permitted. Examples of such attire may include but are not restricted to:

• Tops displaying excessive cleavage;
• Tank tops, halter tops, camisole tops or tube tops;
• Miniskirts or minidresses;
• Shorts;
• Lycra (or other Second-Skin) bodysuits;
• Objectionable or offensive costumes.

"Shalim" by Zivya - Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Shalim.JPG#/media/File:Shalim.JPG

0

Court throws out lawsuit over storage on iPhones, iPads

A federal court has dismissed a lawsuit against Apple over the amount of storage available in mobile devices that come with iOS 8.The district court in San Jose, California, threw out the proposed class-action suit on Wednesday after Apple filed a motion saying the plaintiffs failed to back up their arguments. The case was dismissed with prejudice, meaning the plaintiffs can’t sue Apple again for the same thing.In the suit, filed last December, Paul Orshan and Christopher Endara charged that Apple misled consumers about how much of the storage on iPhones and iPads was taken up by the OS. For example, they said a 16GB iPhone 6 really had just 13GB of capacity available.To read this article in full or to leave a comment, please click here

0

Court throws out lawsuit over storage on iPhones, iPads

A federal court has dismissed a lawsuit against Apple over the amount of storage available in mobile devices that come with iOS 8.The district court in San Jose, California, threw out the proposed class-action suit on Wednesday after Apple filed a motion saying the plaintiffs failed to back up their arguments. The case was dismissed with prejudice, meaning the plaintiffs can’t sue Apple again for the same thing.In the suit, filed last December, Paul Orshan and Christopher Endara charged that Apple misled consumers about how much of the storage on iPhones and iPads was taken up by the OS. For example, they said a 16GB iPhone 6 really had just 13GB of capacity available.To read this article in full or to leave a comment, please click here