LWN.net: Kernel prepatch 3.19-rc1

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Linus has sent out 3.19-rc1 and closed the
merge window for this release one day earlier than some might have
expected. “Considering how much came in fairly late, I find it hard
to care about anybody who had decided to cut it even closer than some
people already did. That said, maybe there aren’t any real stragglers –
and judging by the size of rc1, there really can’t have been much.

In the end, 11,408 non-merge changesets were pulled into the mainline
during this development cycle.

SANS Internet Storm Center, InfoCON: green: Site www.nfc.usda.gov and www.usda.gov Currently Down, (Sun, Dec 21st)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

We have received a report theNational Finance Center site www.nfc.usda.gov is currently returning a 500: Server Error (thanks Melissa) and the U.S. Department of Agriculture www.usda.gov is returning an IBM HTTP WebSphere software page. We are currently investigating to get additional information.

Update 1: www.usda.gov is now back up at 02:30 GMT

———–

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Errata Security: Ask a nerd

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

One should probably consult a lawyer on legal questions. Likewise, lawyers should probably consult nerds on technical questions. I point this out because of this crappy Lawfare post. It’s on the right side of the debate (FBI’s evidence pointing to North Korea is bad), but it’s still crap.

For example, it says: “One hears a lot in cybersecurity circles that the government has “solved” the attribution problem“. That’s not true, you hear the opposite among cybersecurity experts. I suspect he gets this wrong because he’s not talking about technical experts, but government circles. What government types in Washington D.C. say about cybersecurity is wholly divorced from reality — you really ought to consult technical people.

He then says: “it is at least possible that some other nation is spoofing a North Korean attack“. This is moronic, accepting most of the FBI’s premise that a nation state sponsored the attack, and that we are only looking for which nation state this might be. In reality, the Sony hack is well within the capabilities of teenagers. The evidence is solid that Sony had essentially no internal security — it required no special sophistication by the hacker. Anybody could’ve done this.

He then talks about the FBI “admitting that it knew about the tools and signatures that North Korea used in past attacks and exploitations and yet still was either unwilling or unable to stop the attack on Sony“. Just because The Phantom leaves behind his signature glove in his cat burglaries doesn’t mean police can stop him robbing the Pink Panther diamond. It’s perfectly reasonable to find similarities in computer viruses without that information being helpful in stopping future viruses. This is one of those things that seems only plausible to those completely ignorant of technology, which is why you ought to consult a techy first to see if you are off-base.

He then says “There are many, many steps the government will need to take to keep our networks more secure“. That’s a political line by fascists, like “government needs to keep the trains running on time”. Neither is a particular need; both are justifications for police states. A cyber police states is not the appropriate response to the Sony hack.

In summary, while this Lawfare post appears to be on my side (not enough North Korea evidence), it’s actually on the opposite side. It accepts all the basic premises by the government but only disagrees with them on one point. In actuality, much more is wrong with the government’s argument than the lack of evidence.

TorrentFreak: Twitter Suspends Account of Torrent Release Group ETRG

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate-twitterThe ExtraTorrent Release Group, or ETRG for short, is one of the best known sources for pirated movies.

The group releases dozens of popular films on various torrent sites each week and has a steady following of movie fans looking for fresh content.

Some of these followers track new releases through ETRG’s Twitter account. While the group doesn’t link to any copyrighted material, it does list the titles of new releases there.

One would think that ETRG isn’t violating Twitter’s policies by merely pasting a title. However, a few days ago two tweets mentioning “The Signal” got them in trouble.

The tweets were targeted with a DMCA takedown request which led to the immediate suspension of the group’s account.

“Twitter suspended ETRG’s account with no logical or valid reason. In fact they didn’t even give the reason. All I got was a DMCA notification and next day the account was suspended,” ETRG tells TF.

ETRG-tweet
In its copyright and DMCA policy Twitter explains that it takes action against “tweets containing links to allegedly infringing materials,” but ETRG didn’t post any links, just text.

And there are more strange things happening. The takedown notice was sent on behalf of “Wild Side” and also targeted tweets from @PRoDJi and @TorrentBird. These tweets were removed as well, but interestingly enough the associated accounts haven’t been suspended.

ETRG is disappointed with Twitter’s actions and says the company is caving in to unreasonable demands from copyright holders.

“It shows how these sites are influenced by the powerful movie industry to do anything they want,” the group says.

A few years ago the group stopped posting links after it has its account suspended and at the time Twitter re-enabled it within a day. But even without links it couldn’t escape another suspension.

Hoping to get its account reinstated ETRG filed a counter-notice, but several days have passed since and they have yet to hear back from Twitter. Meanwhile, the account remains suspended.

suspended

Pirate Twitter credit

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

yovko in a nutshell: Неподредени мисли

This post was syndicated from: yovko in a nutshell and was written by: Yovko Lambrev. Original post: at yovko in a nutshell

И преди съм писал за бизнеса като партньорство, но едва ли се очаква в седмица като отминалата да пиша по точно такава тема, при положение, че поредно българско правителство, извън контекста на мнозинството, на чиято подкрепа лежи (и явно разчита на друга!), полага основите на пладнешки обир на парите на хората, заделени за старини в частни осигурителни фондове. Никога не съм предполагал, че някое българско правителство след промените би си помислило дори за такава стъпка. Уви – тя е вече факт! Под натиска на едни напълно безполезни и дори фундаментално вредни като явление през последните години “синдикати” и разбира се… сценаристите на политическото статукво. Последиците от това безумие не са само дългосрочни – по-страшни ще са краткосрочните. А държавата за пореден път бетонира представата за себе си като за брутално непочтен бизнес-партньор.

Но няма да пиша за това – от една страна, защото моето поколение и следващите го е по-добре да не разчитат на пенсионната система в тази държава, а от друга, защото макар да не съм се отчаял напълно, че има шанс за промяна тук и сега, то не вярвам, че тя е възможна еволюционно в обозрим житейски хоризонт. Критичната маса хора е малка, разединена и… намаляваща. Революцията не съществува като опция, остава да разчитаме отново на еволюцията, но след достатъчно дълго време, когато средностатистическия българин е изял още много кофи с … и е поумнял поне мъничко.

Отдавна не съм писал нищо лично. И не е, защото не искам. Текстове се раждат в главата ми и времето ги отмива още преди да започна да ги записвам, защото… напоследък ми се струва, че писането е по-лесно от четенето… Толкова много неща се пишат, че можеш да се загубиш в това, което искаш да прочетеш в краткото време, което остава за четене. Не пиша донякъде и защото процесът на писане и четене също е вид партньорство, което се гради върху крехък баланс на емоции, любопитство и споделени теми. А в пика на социалните мрежи и ежедневното споделяне този баланс е странно изместен до отсъствие или хаотични екстремуми на различни променливи.

Предстои ми обаче период, в който ще пиша за други неща – и много се надявам те да са зареждащи, променящи и позитивни. Ще търся нови теми, хора и посоки. Ще опитам да открия бизнес-партньори, каквито не съм досега. Надявам се да успея да видя под различен ъгъл първо себе си (и натрупванията, които събрах във времето) и после самите ми представи за това как би трябвало да се случват нещата на фона на това, как се случват в действителност – в бизнеса, в ежедневието… навсякъде.

Но затова по-подробно някой друг път. Скоро…

Иначе в плановете през новата година си планирайте декларацията, с която да попречите на правителството и НОИ да засмучат партидата ви от частния ви фонд и обяснявайте, обяснявайте и не спирайте да обяснявате на безразличните и инертните около вас колко важно е да направят същото.

SANS Internet Storm Center, InfoCON: green: Which NTP Servers do You Need to Patch?, (Sat, Dec 20th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

While people generally know where their real NTP servers are, all to often they dont know that theyve got a raft of accidental NTP servers – boxes that have NTP enabled without the system maintainers knowing about it. Common servers on the network like routers or switches (often when these are NTP clients, they are also NTP servers), PBXs and VOIP gateways, mail servers, certificate authorities and so on.

In these days of auto-updates, you would think that most NTP servers would be patched against the vulnerabilities found by the Google team and described in story written up by Johannes earlier this evening.

However, it only took until the second host checked to find a very out of date server. Unfortunately, its the main NTP server of a large Canadian ISP (Oops). What I also found along the way was that many servers only report 4 as a version, and that from the -sV switch, not from ntp-info. So depending on your internal servers and how they are configured, it may be time for us to start using authenticated scans using tools like Nessus to get service versions for our NTP servers. Hopefully that”>C:\”>Nmap scan report for ntp.someisp.ca (x.x.x.x)
Host is up (0.0045s latency).
rDNS record for x.x.x.x: khronos.tor.someisp.ca
PORT STATE SERVICE VERSION
123/udp open ntp NTP v4
| ntp-info:
| receive time stamp: 2014-12-20T02:47:52
|”>version: ntpd 4.1.1c-rc1@1.836 Thu Feb 13 12:17:19 EST 2003 (1)
| processor: i686
| system: Linux2.4.20-8smp
| leap: 0
| stratum: 3
| precision: -17
| rootdelay: 11.079
| rootdispersion: 33.570
| peer: 32471
| refid: x.x.x.x
| reftime: 0xd83f5fad.b46b9c30
| poll: 10
| clock: 0xd83f61d5.3a71ef30
| state: 4
| offset: -0.329
| frequency: 46.365
| jitter: 3.468
|_”>Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 180.08 seconds

This server on the other hand, doesnt report the version in the ntp-info output. -sV reports version 4, but that”>C:\ “>Nmap scan report for time.someotherserver.com (y.y.y.y)
Host is up (0.010s latency).
PORT STATE SERVICE VERSION
123/udp open ntp NTP v4
| ntp-info:
|_”>Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 143.24 seconds

But really, after this year of vulnerabilties that weve seen in basic system services, its about time that folks took the SANS Top 20 to heart – the SANS Critical Controls that you really should be looking at if its your goal to secure your network – https://www.sans.org/critical-security-controls . The top 5 in the list sum up your first line of defense against stuff like this. Know whats on your network, know whats running on that, have a formal program of patches and updates, and scan regularly for new hosts, new services and new vulnerabilities. If its your thought that a single scan for this one vulnerability is the most important thing on your plate (or scanning for heartbleed or shellshock was earlier this year), then you have already lost – it”>Quick Addendum/Update (Johannes):

CentOS and other Linux distros did release updates. However, the version string may not change. Check the Build Date. For example, on CentOS6:
Before patch:ntpd 4.2.6p5@1.2349-o Sat Nov 23 18:21:48 UTC 2013 (1)
After patch:”>”>” type=”cosymantecnisbfw”>

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Дни: Разясняващо

This post was syndicated from: Дни and was written by: Антония. Original post: at Дни

Методът работи само когато общуваш с интелигентни (пък било те и заблудени) хора, но все пак:

I thought there would be screaming. I should’ve known better. He never screamed. He just explained things in a logical, unhurried manner until he made you scream instead.

От една прилична UF поредица, което ме разсмива. Първата книга е малко груба, скълцана сякаш, но всеки следващ том става по-добър и по-добър.

TorrentFreak: BitTorrent Inc. Happy to Take on Kim Jong Un

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

theinterviewFor Sony Pictures and the creative talent behind The Interview, the past several weeks have been extraordinary. With Sony falling to a crippling hack attack reportedly at the hands of North Korea, never before has a movie resulted in so much corporate destruction.

As the dust settles, at least temporarily, Sony finds itself between a rock and a hard place. After pulling the movie this week following threats of terror attacks on theaters, Sony was criticized by President Obama yesterday who described the decision as “a mistake“.

Sony responded with a statement from CEO Michael Lynton: “We have not caved. We have not given in. We have persevered, and we have not backed down. We have always had every desire to have the American public see this movie.”

But with theaters dropping like flies and “not been one major VOD or one major ecommerce site” stepping forward to show the film, the studio’s options are limited. Last night, however, a hero stepped forward to take on the tyranny of state-sponsored terrorism.

“Like everyone else around the world, we’ve been following this egregious hacking of Sony’s servers over the past few weeks,” BitTorrent Inc. said in a statement to VB.

“A trend has emerged among commentary in the days since Sony announced they would not release the motion picture, ‘The Interview.’ There have been calls for Sony to release the film online. And many have contacted us asking: Would they be able to release the movie using BitTorrent?

“Though we normally would not offer commentary during such a trying time for another company, the answer is yes,” the company said.

bittorrent-bundleBitTorrent Inc. believes that Sony’s best option to “take back control of their film” and not cave in to “terrorist threats” is to utilize the company’s BitTorrent Bundles.

Not only would Bundles allow everyone to view The Interview at home safe in the knowledge they aren’t going to get blown up, but this would strike “a strong note for free speech” while allowing Sony to set whatever price they like for the film, BitTorrent Inc. says.

While there is certainly a promotional aspect to BitTorrent Inc.’s offer, releasing the movie using the BitTorrent protocol would solve Sony’s initial distribution problems. The company could probably flick the switch and have this movie out by Monday, if they’re really wanted to.

Of course, any release via BitTorrent Bundles would mean that The Interview would also become available on public and private torrent sites within hours. At this point anyone could download the movie for free. There had been suggestions earlier this week that Sony should go straight to torrent sites with the movie anyway, but BitTorrent Inc. thinks this is a bad idea.

“We disagree, however, with some that have suggested that Sony should make the film available through piracy sites. That would only serve to encourage bad actors. It’s also important to make the distinction that these piracy sites are not ‘torrent sites.’ They are piracy sites that are wrongfully exploiting torrent technology,” the company said.

It seems unlikely that BitTorrent Inc. will seal the deal with Sony, but if they were successful this would not only be a major coup for the company but one steeped in irony.

As BitTorrent Inc. promises to strike a blow for freedom using BitTorrent, for the past several weeks the Sony hackers have also been using the BitTorrent protocol to distribute the very files they obtained from Sony.

Just goes to show, BitTorrent technology really can be used for anything.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Source Code in TV and Films: Second screen of this new Blackhat movie trailer. This time…

This post was syndicated from: Source Code in TV and Films and was written by: Source Code in TV and Films. Original post: at Source Code in TV and Films

Second screen of this new Blackhat movie trailer.

This time it’s way longer but sadly it’s hard to read.

It looks like a lot of variable declarations in C++, mostly int and bool. Can’t find the source tho…

SANS Internet Storm Center, InfoCON: green: Critical #NTP Vulnerability in ntpd prior to 4.2.8, (Sat, Dec 20th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

The Google security team discovered several vulnerabilities in current NTP implementations, one of whichcan lead to arbitrary code execution [1][2]. NTP servers prior to version 4.2.8 are affected.

There are some rumors about active exploitation of at least some of the vulnerabilities Google discovered.

Make sure to patch all publicly reachable NTP implementations as fast as possible.

Mitigating Circumstances:

Try to block inbound connections to ntp servers who do not have to be publicly reachable. However, be aware that simple statefull firewalls may not track UDP connections correctly and will allow access to internal NTP servers from any external IP if the NTP server recently established an outbound connection.

ntpd typically does not have to run as root. Most Unix/Linux versions will configure NTP using a lower privileged users.

According to the advisory at ntp.org, you can also:

Disable Autokey Authentication by removing, or commenting out, all configuration directives beginning with thecryptokeyword in yourntp.conf”>A few Ubuntu and CentOS systems I tested, as well as OS X systems, do not seem to use autokey.

[1]http://www.kb.cert.org/vuls/id/852879
[2]”>In the NTP code, a section of code is missing a return, and the resulting error indicates processing did not stop.

” type=”cosymantecnisbfw”>

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Errata Security: Sony hack was the work of SPECTRE

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

The problem with hacking is that people try to understand it through analogies with things they understand. They try to fit new information into old stories/tropes they are familiar with. This doesn’t work — hacking needs to be understood in its own terms.

But since you persist in doing it this way, let me use the trope of SPECTRE to explain the Sony hack. This is the evil criminal/terrosist organization in the James Bond films that is independent of all governments. Let’s imagine that it’s SPECTRE who is responsible for the Sony hack, and how that fits within the available evidence.
This trope adequately explains the FBI “evidence” pointing to North Korea. SPECTRE has done work for North Korea, selling them weapons, laundering their money, and conducting hacking for them. While North Korea is one of their many customers, they aren’t controlled by North Korea.
The FBI evidence also points to Iran, with the Sony malware similar to that used in the massive Saudi Aramco hack. That would make sense, since an evil organization like SPECTRE does business with all the evil countries. Conversely, the Iranian connection doesn’t make sense if the Sony hack were purely the work of the North Koreans.
SPECTRE’s organization is highly modular, with different groups doing different things. Indeed, different arms of SPECTRE might be working for both sides of a conflict at the same time without each knowing about it. One arm of SPETRE develops malware. Another arm uses that to break into companies and steal credit card numbers. Another arm converts those credit cards numbers to cash.
It’s quite possible that the Sony hack was the work of a single SPECTRE agent. We’ll call him #8. Certainly, #8 uses the resources of SPECTRE to carry out the attack, and other resources will be called in to profit from the attack, but it’s largely an independent operation. In other words, “Guardians of Peace” can refer to a single guy — a largely independent operator who is unaware of those parts of SPECTRE who have interacted with Iran and North Korea. Thus, once he got into Sony, other members of SPECTRE contacted their North Korean customers and said “hey, we have an opportunity, give us $1 million and we’ll shut down that film you hate”. Once they got the cash, they directed #8 to make the threat.
My story of SPECTRE better explains the evidence in the Sony case than the FBI’s story of a nation-state attack. In both cases, there are fingerprints leading to North Korea. In my story, North Korea is a customer. In the FBI’s story, North Korea is in charge. However, my story better explains how everything is in English, how there are also Iranian fingerprints, and how the threats over The Interview came more than a week after the attack. The FBI’s story is weak and full of holes, my story is rock solid.
I scan the Internet. I find compromised machines all over the place. Hackers have crappy opsec, so that often leads me to their private lairs (i.e. their servers and private IRC chat rooms). There are a lot of SPECTRE-like organizations throughout the world, in Eastern Europe, South America, the Islamic world, and Asia. At the bottom, we see idiot kids defacing websites. The talented move toward the top of the organization, which has nebulous funding likely from intelligence operations or Al Qaeda, though virtually none of their activities are related to intelligence/cyberwar/cyberterror (usually, stealing credit cards for porn sites).
My point is this. Our government has created a single story of “nation state hacking”. When that’s the only analogy that’s available, all the evidence seems to point in that direction. But hacking is more complex than that. In this post, I present a different analogy, one that better accounts for all the evidence, but one in which North Korea is no longer the perpetrator.

Krebs on Security: Staples: 6-Month Breach, 1.16 Million Cards

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.

staplesKrebsOnSecurity first reported the suspected breach on Oct. 20, 2014, after hearing from multiple banks that had identified a pattern of credit and debit card fraud suggesting that several Staples office supply locations in the Northeastern United States were dealing with a data breach. At the time, Staples would say only that it was investigating “a potential issue” and had contacted law enforcement.

In a statement issued today, Staples released a list of stores (PDF) hit with the card-stealing malware, and the stores are not limited to the Northeastern United States.

“At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014,” Staples disclosed. “At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.”

However, the company did say that during the investigation Staples also received reports of fraudulent payment card use related to four stores in Manhattan, New York at various times from April through September 2014.

Aviv Raff, chief technology officer at Seculert, said the per-store minimum time to detect and respond to the breach was an average of 40 days.

“Once again, much like previous breaches, the statistics of the Staples’ breach shows the necessity of moving from trying to prevent an attack to try and detect and respond as quickly as possible,” Raff said.

Source: Seculert

Source: Seculert

It appears that the attackers responsible for the Staples break-in are not the same group thought to have hit Target and Home Depot. In November, I post a story that cited sources close to the Staples investigation saying the breach at Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores.

[Медийно право] [Нели Огнянова] : Обществени медии: самооценка и оценка

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

Европейският съюз за радио и телевизия е разработил форма в помощ на самооценката на обществените медии.

Формата подпомага операционализирането и измерването на основни характеристики на обществените медии:

  • универсалност;
  • независимост;
  • качество;
  • многообразие;
  • отчетност;
  • иновативност.

Самооценката и оценката на обществените медии в ЕС  имат традиции. Британският регулатор публикува консултационен документ за трета поредна обществена консултация за бъдещето на обществените медии в свързаното общество. Dокладите за степента, в която се постигат целите на обществените медии, са ежегодни и следват  утвърдена методология по програми и жанрове, която се актуализира. Изготвят се и тематични доклади, както и предварителни и последващи оценки на ефективността на закона.

 

Schneier on Security: Friday Squid Blogging: Squid Beard

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Impressive.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

LWN.net: Tagged memory and minion cores in the lowRISC SoC

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The lowRISC project, which aims to create and manufacture a fully open-source system-on-chip (SoC) and development board, has released a document on its plans to incorporate tagged memory and minion cores into the SoC. Minion cores are separate I/O processors that can be used to implement various I/O protocols without requiring additional hardware in the design.
Tagged memory associates metadata with each memory location and can be used to implement
fine-grained memory access restrictions. Attacks which hijack control flow can be prevented by
using this protection to restrict writes to memory locations containing return addresses, function
pointers, and vtable pointers. Importantly, we anticipate this can be implemented with a worst-
case performance overhead of a few percent and a similarly low area cost. This fine-grained
memory protection can be used automatically by the compiler, meaning improved security is
available to existing programs without source code modifications. We intend to provide tagged
memory alongside security features which are already commonly deployed such as secure boot,
encrypted off-chip memory, and cryptographic accelerators.

LWN.net: EU to fund Free Software code review (FSFE)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

The Free Software Foundation Europe (FSFE) has commented on the most recent European Union (EU) budget—approved on December 17—that includes €1 million for auditing free-software programs that are used by the EU governmental bodies. The auditing is meant to find and fix security holes in those programs. “Even though these institutions are tightly locked into non-free file formats, much of their infrastructure is based on Free Software.

‘This is a very welcome decision,’ says FSFE’s president Karsten Gerloff. ‘Like most public bodies, the European institutions rely heavily on Free Software for their daily operations. It is good to see that the Parliament and the Commission will invest at least a little in improving the quality and the programs they use.’”

Errata Security: The FBI’s North Korea evidence is nonsense

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

The FBI has posted a press release describing why they think it’s North Korea. While there may be more things we don’t know, on its face it’s complete nonsense. It sounds like they’ve decided on a conclusion and are trying to make the evidence fit. They don’t use straight forward language, but confusing weasel words, like saying “North Korea actors” instead of simply “North Korea”. They don’t give details.

The reason it’s nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it’s own malware from scratch.

Here’s the thing with computer evidence: you don’t need to keep it secret. It wouldn’t harm Sony and wouldn’t harm the investigation. It would help anti-virus and security vendors develop signatures to stop it. It would crowd source analysis, to see who it really points to. We don’t need to take the FBI’s word for it, we should be able to see the evidence ourselves. In other words, instead of saying “IP addresses associated with North Korea”, then can tell us what those IP addresses are, like “203.131.222.102”.

But the FBI won’t do that. They aren’t in the business of protection but control. The idea that Americans should protect themselves and decide for themselves is anathema to the FBI.

TorrentFreak: Hollywood Tries to Crush Popcorn Time, Again

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

popcornThis year Popcorn Time became an instant hit by offering BitTorrent-powered streaming inside an easy-to-use Netflix-style interface.

The breakthrough app had Hollywood concerned but luckily for them the developers shut it down after a few weeks, saying that they wanted to move on with their lives.

It was never revealed whether Hollywood forces had threatened the developers, but an MPAA update that surfaced as part of the Sony leaks now reveals that this was indeed the case.

In the MPAA’s “first quarter update,” sent to the movie studio heads in March, the group stated that it had “scored a major victory in shutting down the key developers of Popcorn Time.”

The MPAA added that the investigative and enforcement actions required collaboration on three continents, which they hoped would prevent Popcorn Time from becoming a “major piracy threat.”

Unfortunately for Hollywood the threat didn’t go away. The Open Source project was quickly picked up by others and in recent months several popular forks gained steady user-bases.

Popcorn-Time.se, one of the most-used forks, has since turned into a bigger threat than the original application. As a result, Hollywood is trying its best to dismantle it.

Previously the fork had its domain name suspended and over the past few weeks found itself being kicked out by various hosting providers. Complaints from the Hollywood backed anti-piracy group BREIN were to blame.

The hosting troubles resulted in long periods of downtime, which isn’t good for morale among the developers.

“We had a tough two weeks with a few shut downs that came unexpectedly. We moved our service through three different hosting companies in these weeks,” the Popcorn-Time.se team tells TF.

“All caved after a few hours to a day or two, after ‘some’ copyright organization contacted them, saying suddenly that they don’t want to host our ‘illegal’ domain. We were shocked actually to see how quickly these organizations work.”

While Popcorn-Time.se might have been down, they’re not out yet. The team is determined to keep its software available and will be releasing new updates to the app today.

“BREIN is on our backs? Well, we found a new hosting company which we hope will be more cooperative, and we’re releasing updates for both Windows and Mac today to show everyone that business is as usual.”

“No one said it was gonna be easy, but what doesn’t kill you, makes you stronger, and we’re not into dying… ;-),” the Popcorn-Time.se team concludes.

Whether other Popcorn Time forks have had similar problems recently is unknown, but the above makes it clear that Hollywood is still determined to crush these popular apps.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

SANS Internet Storm Center, InfoCON: green: What’s Wrong with Bridging Datacenters together for DR?, (Fri, Dec 19th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

With two stories on the topic of bridging datacenters, youd think I was a real believer. And, yes, I guess I am, with a couple of important caveats.

The first is encapsulation overhead. As soon as you bridge using encapsulation, the maximum allowed transported packet size will shrink, then shrink again when you encrypt. If your Server OSs arent smart about this, theyll assume that since its all in the same broadcast domain, a full packet is of course OK (1500 bytes in most cases, or up to 9K if you have jumbo frames enabled). Youll need to test for this – both for replication and the failed-over configuration – as part of your design and test phase.

The second issue si that if you bridge datacenters to a DR or second (active) datacenter site, you are well positioned to fail over the entire server farm, as long as you can fail over your WAN connection and Internet uplink with them. If you dont, you end up with what Greg Ferro calls a network traffic trombone. (http://etherealmind.com/vmware-vfabric-data-centre-network-design/)

If you fail one server over, or if you fail over the farm and leave the WAN links behind, you find that the data to and from the server will traverse that inter-site link multiple times for any one customer transaction.

For instance, lets say that youve moved the active instance of your mail server to the DR Site. To check an email, a packet will arrive at the primary site, traverse to the mail server at site B, then go back to site A to find the WAN link to return to the client. Similarly, inbound email will come in on the internet link, but then have to traverse that inter-site link to find the active mail server.

Multiply that by the typical email volume in a mid-sized company, and you can see why this trombone issue can add up quickly. Even with a 100mb link, folks that were used to GB performance will now see their bandwidth cut to 50mb or likely less than that, with a comensurate impact on response times. If you draw this out, you do get a nice representation of a trombone – hence the name.

What this means is that you cant design your DR site for replication and stop there. You really need to design it for use during the emergency cases you are planning for. Consider the bandwidth impacts when you fail over a small portion of your server farm, and also what happens when your main site has been taken out (short or longer term) by a fire or electrical event – will your user community be happy with the results?

Let us know in our comment section how you have designed around this trombone issue, or if (as Ive seen at some sites), management has decided to NOT spend the money to account for this.

===============
Rob VandenBrink
Metafore

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: FBI: North Korea to Blame for Sony Hack

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The FBI today said it has determined that the North Korean government is responsible for the devastating recent hack attack against Sony Pictures Entertainment. Here’s a brief look the FBI’s statement, what experts are learning about North Korea’s cyberattack capabilities, and what this incident means for other corporations going forward.

In a statement released early Friday afternoon, the FBI said that its investigation — along with information shared by Sony and other U.S. government departments and agencies — found that the North Korean government was responsible.

The FBI said it couldn’t disclose all of its sources and methods, but that the conclusion was based, in part, on the following:

-“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

-“The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”

-“Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.”

The agency added that it was “deeply concerned” about the destructive nature of this attack on a private sector entity and the ordinary citizens who work there, and that the FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential information.

“Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States,” the FBI said. “Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”

SPE was hit with a strain of malware designed to wipe all computer hard drives within the company’s network. The attackers then began releasing huge troves of sensitive SPE internal documents, and, more recently, started threatening physical violence against anyone who viewed the Sony movie “The Interview,” a comedy that involves a plot to assassinate North Korean leader Kim Jong Un. Not long after a number of top movie theater chains said they would not show the film, Sony announced that it would cancel the movie’s theatrical release.

Apparently emboldened by Sony’s capitulation, the attackers are now making even more demands. According to CNN, Sony executives on Thursday received an email apparently from the attackers said they would no longer release additional stolen Sony Pictures data if the company announced that it would also cancel any plans to release the movie on DVD, Netflix or elsewhere. The attackers also reportedly demanded that any teasers and trailers about The Interview online be removed from the Internet.

A ‘MAGIC WEAPON’

Little is publicly known about North Korea’s cyber warfare and hacking capabilities, but experts say North Korean leaders view cyber warfare capabilities as an important asymmetric asset in the face of its perceived enemies — the United States and South Korea. An in-depth report (PDF) released earlier this year by HP Security Research notes that in November 2013, North Korea’s “dear leader” Kim Jong Un referred to cyber warfare capabilities as a “magic weapon” in conjunction with nuclear weapons and missiles.

“Although North Korea’s limited online presence makes a thorough analysis of their cyber warfare capabilities a difficult task, it must be noted that what is known of those capabilities closely mirrors their kinetic warfare tactics,” HP notes. “Cyber warfare is simply the modern chapter in North Korea’s long history of asymmetrical warfare. North Korea has used various unconventional tactics in the past, such as guerilla warfare, strategic use of terrain, and psychological operations. The regime also aspires to create viable nuclear weapons.”

Sources familiar with the investigation tell KrebsOnSecurity that the investigators believe there may have been as many as several dozen individuals involved in the attack, the bulk of whom hail from North Korea. Nearly a dozen of them are believed to reside in Japan.

Headquarters of the Chongryon in Japan.

Headquarters of the Chongryon in Japan.

According to HP, a group of ethnic North Koreans residing in Japan known as the Chongryon are critical to North Korea’s cyber and intelligence programs, and help generate hard currency for the regime. The report quotes Japanese intelligence officials stating that “the Chongryon are vital to North Korea’s military budget, raising funds via weapons trafficking, drug trafficking, and other black market activities.” HP today published much more detail about specific North Korean hacking groups that may have played a key role in the Sony incident given previous such attacks.

While the United States government seems convinced by technical analysis and intelligence sources that the North Koreans were behind the attack, skeptics could be forgiven for having doubts about this conclusion. It is interesting to note that the attackers initially made no mention of The Interview, and instead demanded payment from Sony to forestall the release of sensitive corporate data. It wasn’t until well after the news media pounced on the idea that the attack was in apparent retribution for The Interview that we saw the attackers begin to mention the Sony movie.

In any case, it’s unlikely that U.S. officials relish the conclusion that North Korea is the aggressor in this attack, because it forces the government to respond in some way and few of the options are particularly palatable. The top story on the front page of the The Wall Street Journal today is an examination of what the U.S. response to this incident might look like, and it seems that few of the options on the table are appealing to policymakers and intelligence agencies alike.

The WSJ story notes that North Korea’s only connections to the Internet run through China, but that pressuring China to severe or severely restrict those connections is unlikely to work.

Likewise, engaging in a counter-attack could prove fruitless, or even backfire, the Journal observed, “in part because the U.S. is able to spy on North Korea by maintaining a foothold on some of its computer systems. A retaliatory cyberstrike could wind up damaging Washington’s ability to spy on Pyongyang…Another former U.S. official said policy makers remain squeamish about deploying cyberweapons against foreign targets.”

IMPLICATIONS FOR US FIRMS

If this incident isn’t a giant wake-up call for U.S. corporations to get serious about cybersecurity, I don’t know what is. I’ve done more than two dozen speaking engagements around the world this year, and one point I always try to drive home is that far too few organizations recognize how much they have riding on their technology and IT operations until it is too late. The message is that if the security breaks down, the technology stops working — and if that happens the business can quickly grind to a halt. But you would be hard-pressed to witness signs that most organizations have heard and internalized that message, based on their investments in cybersecurity relative to their overall reliance on it.

A critical step that many organizations fail to take is keeping a basic but comprehensive and ongoing inventory of the all of the organization’s IT assets. Identifying where the most sensitive and mission-critical data resides (identifying the organization’s “crown jewels”) is another essential exercise, but too many organizations fail to take the critical step of encrypting this vital information.

Over the past several years, we’ve seen a remarkable shift toward more destructive attacks. Most organizations are accustomed to tackling malware infestations within their IT environments, but few are prepared to handle fast-moving threats designed to completely wipe data from storage drives across the network.

As I note in my book Spam Nation, miscreants who were once content to steal banking information and blast out unsolicited commercial email increasingly are using their skills to hold data for ransom using malware tools such as ransomware. I’m afraid that as these attackers become better at situational awareness — that is, gaining a better understanding of who their victims are and the value of the assets the intruders have under their control — these attacks and ransom demands will become more aggressive and costly in the months ahead.

Schneier on Security: Lessons from the Sony Hack

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment’s computer systems and began revealing many of the Hollywood studio’s best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama’s presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of “The Interview,” a satire targeting that country’s dictator, after the hackers made some ridiculous threats about terrorist violence.

Your reaction to the massive hacking of such a prominent company will depend on whether you’re fluent in information-technology security. If you’re not, you’re probably wondering how in the world this could happen. If you are, you’re aware that this could happen to any company (though it is still amazing that Sony made it so easy).

To understand any given episode of hacking, you need to understand who your adversary is. I’ve spent decades dealing with Internet hackers (as I do now at my current firm), and I’ve learned to separate opportunistic attacks from targeted ones.

You can characterize attackers along two axes: skill and focus. Most attacks are low-skill and low-focus­people using common hacking tools against thousands of networks world-wide. These low-end attacks include sending spam out to millions of email addresses, hoping that someone will fall for it and click on a poisoned link. I think of them as the background radiation of the Internet.

High-skill, low-focus attacks are more serious. These include the more sophisticated attacks using newly discovered “zero-day” vulnerabilities in software, systems and networks. This is the sort of attack that affected Target, J.P. Morgan Chase and most of the other commercial networks that you’ve heard about in the past year or so.

But even scarier are the high-skill, high-focus attacks­the type that hit Sony. This includes sophisticated attacks seemingly run by national intelligence agencies, using such spying tools as Regin and Flame, which many in the IT world suspect were created by the U.S.; Turla, a piece of malware that many blame on the Russian government; and a huge snooping effort called GhostNet, which spied on the Dalai Lama and Asian governments, leading many of my colleagues to blame China. (We’re mostly guessing about the origins of these attacks; governments refuse to comment on such issues.) China has also been accused of trying to hack into the New York Times in 2010, and in May, Attorney General Eric Holder announced the indictment of five Chinese military officials for cyberattacks against U.S. corporations.

This category also includes private actors, including the hacker group known as Anonymous, which mounted a Sony-style attack against the Internet-security firm HBGary Federal, and the unknown hackers who stole racy celebrity photos from Apple’s iCloud and posted them. If you’ve heard the IT-security buzz phrase “advanced persistent threat,” this is it.

There is a key difference among these kinds of hacking. In the first two categories, the attacker is an opportunist. The hackers who penetrated Home Depot’s networks didn’t seem to care much about Home Depot; they just wanted a large database of credit-card numbers. Any large retailer would do.

But a skilled, determined attacker wants to attack a specific victim. The reasons may be political: to hurt a government or leader enmeshed in a geopolitical battle. Or ethical: to punish an industry that the hacker abhors, like big oil or big pharma. Or maybe the victim is just a company that hackers love to hate. (Sony falls into this category: It has been infuriating hackers since 2005, when the company put malicious software on its CDs in a failed attempt to prevent copying.)

Low-focus attacks are easier to defend against: If Home Depot’s systems had been better protected, the hackers would have just moved on to an easier target. With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company’s security is superior to the attacker’s skills, not just to the security measures of other companies. Often, it isn’t. We’re much better at such relative security than we are at absolute security.

That is why security experts aren’t surprised by the Sony story. We know people who do penetration testing for a living­real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker­and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable. But good security makes many kinds of attack harder, costlier and riskier. Against attackers who aren’t sufficiently skilled, good security may protect you completely.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won’t end up posted online somewhere, but Sony clearly failed here. Its security turned out to be subpar. They didn’t have to leave so much information exposed. And they didn’t have to be so slow detecting the breach, giving the attackers free rein to wander about and take so much stuff.

For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.

The time to start is before the attack hits: Sony would have fared much better if its executives simply hadn’t made racist jokes about Mr. Obama or insulted its stars­or if their response systems had been agile enough to kick the hackers out before they grabbed everything.

My second piece of advice is for individuals. The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations­gossip, medical conditions, love lives­exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now.

This could be any of us. We have no choice but to entrust companies with our intimate conversations: on email, on Facebook, by text and so on. We have no choice but to entrust the retailers that we use with our financial details. And we have little choice but to use cloud services such as iCloud and Google Docs.

So be smart: Understand the risks. Know that your data are vulnerable. Opt out when you can. And agitate for government intervention to ensure that organizations protect your data as well as you would. Like many areas of our hyper-technical world, this isn’t something markets can fix.

This essay previously appeared on the Wall Street Journal CIO Journal.

SANS Internet Storm Center, InfoCON: green: Bridging Datacenters for Disaster Recovery – Virtually, (Fri, Dec 19th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Its been a while since we talked about Disaster Recovery issues – the last diary I posted on this was on using L2TPv3 to bridge your Datacenter / Server VLAN to the same VLAN at a DR site, over an arbitrary Layer 3 network (https://isc.sans.edu/diary/8704)

Since then, things have changed. Theres a real push to move DR sites from a rack in a remote office location to recognized IaaS cloud locations. With that change comes new issues. If you are using your own servers in a colocation facility, or using IaaS VM instances, rack space for a physical router may either come with a price tag, or if its all virtual, there might be no rack space at all.

In my situation, I had two clients in this position. The first customer simply wanted to move their DR site from a branch office to a colocation facility. The second customer is a Backup-as-a-Service Cloud Service Provider, who is creating a DR as a service product. In the first situation, there was no rack space to be had. In the second situation, the last thing a CSP wants is to have to give up physical rack space for every customer, and then deploy CSP owned hardware to the client site – that simply does not scale. In both cases, a VM running a router instance was clearly the preferred (or only) choice.

Virtual routers with enterprise features have been around for a while – back in the day we might have looked at quagga or zebra, but those have been folded into more mature products these days. In our case, we were looking at Vyatta (now owned by Brocade), or the open-source (free as in beer) fork of Vyatta – Vyos (vyos.net). Cisco is also in the game, their 1000V product supports IOS XE – their bridge L2 over L3 approach uses OTV rather than L2TPv3 or GRE. Youll find that most router vendors now have a virtual product.

Anyway, Working with Vyatta/Vyos configs isnt like Cisco at all – their configs look a whole lot more like you might see in JunOS. While Vyos supports the L2TPv3 protocol we know and love, its a brand new feature, and it comes with a note from the developer if you find any bugs, send me an email (confidence inspiring, that). Vyatta doesnt yet have that feature implemented. So I decided to use GRE tunnels, and bridge them to an ethernet interface. Since this tunnel was going to run over the public internet, I encrypted/encapsulated the whole thing using a standard site-to-site IPSEC tunnel.font-family:” times=””>The relevant configs look like the one below (just one end is shown) Note that this is not the entire config, and all IP”>Please – use our comment form and let us know if youve used a different method ofline-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>First, define the bridge interface. Not that STP (Spanning Tree Protocol) is disabled. You likely want this disabled unless youline-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>The ETH0 interface is on the server VLAN (or port group if you are using standard ESXi vSwitches) this is the VLAN that you are bridging to the DR site.line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>The GRE tunnel is also bridged, and also doesnt have an IP address. The encapsulation of GRE-bridge is the same as GRE (IP protocol 47), but the gre-bridgeline-height:
normal”>This stuff is all important for your security posture, but is not relevant to the tunneling or bridging, so Iline-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”> line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”> line-height:
normal”>line-height:
normal”>line-height:
normal”>line-height:
normal”>mso-bidi-font-family:Symbol”> Note that the peer IP is the public / NATmso-bidi-font-family:Symbol”>
IDs have to be created for each end – these routers use XAUTH when you define a pre-shared key, so to avoid having them use the FQDN, itmso-bidi-font-family:Symbol”>
The traffic match for encryption is defined by the source prefix+destination prefix+protocol. In our case, its the management IP of the customer router AND the matching IP on the cloud router AND GREmso-bidi-font-family:Symbol”>mso-bidi-font-family:Symbol”> Take some care in defining the pre-shared key. If a word occurs on your corporate website, facebook page, or linkedin (or in a dictionary), its a bad choice, LEET-speak or no.mso-bidi-font-family:Symbol”> We set both ends to initiate, which enables both init and respond. This allows either end to start the tunnel

===============
Rob VandenBrink
Metafore

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[Медийно право] [Нели Огнянова] : ЕС: политика по отношение на интернет и управлението му

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

В Официален вестник на ЕС:

Становище на Европейския икономически и социален комитет относно  Съобщението на Комисията  “Политиката по отношение на интернет и управлението му — Ролята на Европа за определяне на бъдещото управление на интернет“

 

Комитетът казва, освен другото, следното:

Управлението на интернет повече не може да остане в ръцете на американското правителство, но трябва да се определи прецизно режимът на участие на множество заинтересовани страни, така че да бъде наистина представителен. Трябва да се постигне правилният баланс между държавните институции, големите компании, които защитават интересите на акционерите, и неправителствените организации, които представляват пряко гражданите.

Създаването на новаторски ИТ инструменти като Световната обсерватория за политиките по отношение на интернет GIPO се подкрепя   като важен ресурс на разположение на международната общност за наблюдение на регулаторните политики в областта на интернет и новите технологии, който да улеснява обмена между различните форуми. Това е от полза най-вече за представителите на гражданското общество, които разполагат с ограничени ресурси.

Що се отнася до Интернет корпорацията за присвоени имена и адреси (ICANN), и функциите на Службата за присвояване на имена и адреси в интернет (IANA),  техническият орган най-сетне обяви започването на процес на глобално управление на възложените му технически функции с участието на множество заинтересовани страни от септември 2015 г., когато изтича договорът с правителството на САЩ за управление на националните домейни от първо ниво.

Комитетът отправя искане към Комисията да определи ясно каква да бъде ролята на Европейския съюз в бъдещия транснационален орган и да поиска по един технически и един политически представител в борда на новата ICANN.

Raspberry Pi: Pi HomeGuard: helping people stay independent longer

This post was syndicated from: Raspberry Pi and was written by: Helen Lynn. Original post: at Raspberry Pi

Several people have mentioned the idea of using the Pi to help relatives and carers support older people in their own homes by monitoring aspects of their daily routine as well as things like the indoor temperature, but until now, we hadn’t seen anyone write up a system they’d implemented. So we were very interested when we received an email from Jamie Grant, telling us how he had used a Raspberry Pi-based home monitoring system to help him support his late mother in maintaining her independence.

HomeCare Guardian screenshot from 2012

An early Pi adopter, one of Jamie’s first projects was home power monitoring. After installing a system to plot electricity usage in his own home using CurrentCost hardware and a Raspberry Pi, he was struck by the “kettle spike”, a power spike that shows clearly that someone is up and making tea. His mother was very elderly, was living alone and had a worsening serious illness, and it occurred to him that the kettle spike would provide a useful indication that she was OK. He decided to install the system at her house, adding some wireless PiR (passive infrared) motion and door sensors. Jamie called this first version HomeCare Guardian; power and sensor data were displayed in a simple webpage. Here’s another screenshot, showing the system in 2013, after about a year of development:

HomeCare Guardian screenshot, 2013

From this single page, Jamie could see whether his mum was OK and going about her usual daily routine, and a sensor at the front door indicated when she took a taxi journey to visit her friends and when she returned. He says,

I found Homecare Guardian a great comfort and my sister and I used it daily to check on her condition. Near the end mum was more forgetful and sometimes left her front door open, we could see whenever this happened and I would call round and check she was alright.

Mum managed to stay totally independent and was only admitted to our local hospital for her last week where she got the best possible care.

Jamie has continued working on the wireless sensors and their power requirements: his latest PiR motion sensor is powered by just two AA batteries and has a battery life of over a year, and his new door sensor has an estimated battery life of over three years. With sensors for motion, door opening, indoor temperature and water (to provide flood alerts) ready to go, he hopes to add a humidity sensor soon. The same system, he observes, could also be used for checking an unoccupied property for flood or frost risk as well as other aspects of security. Very recently he has been working with an Android app developer, and they’re hoping to add an alerts app facility soon.

The system has been renamed as Pi HomeGuard, and you can see a working live site, all running off a Raspberry Pi, at www.pihomeguard.com. Jamie is interested in taking this prototype further and making it more widely available, and would be glad to make contact with people who’d like to become involved; if this describes you, say so in the comments, and we’ll put you in touch.

Darknet - The Darkside: Acunetix OVS Review (Online Vulnerability Scanner)

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Introduction It’s been a while since we’ve looked at any Acunetix products in depth, they’ve always had a solid Web Vulnerability Scanner as we found in our reviews of Acunetix WVS 6 and Acunetix WVS 7. Version 9.5 of the Web Vulnerability Scanner was released earlier this year and late last year Acunetix also announced…

Read the full post at darknet.org.uk