Sunday, March 26, 2017

Monday, March 20, 2017

Russia? Nah. The House GOP Goes After Leakers Instead

Russia? Nah. The House GOP Goes After Leakers Instead
After FBI Director James Comey confirmed an investigation into the Trump campaign's ties to Russia, the GOP focused instead on leaks. The post Russia? Nah. The House GOP Goes After Leakers Instead appeared first on WIRED.

from
https://www.wired.com/2017/03/hey-house-gop-leakers-arent-enemy/

Cisco Wave2 site survey how-to

So, you have a shiny new Cisco 802.11ac wave 2 Access Point and you went to go grab the autonomous code for it to do an APoS survey – but then realized there isn’t autonomous code for the 2802 or 3802 (or any other wave 2) Cisco AP, huh? You may have noticed that there is a new product called Mobility Express. You can use this ‘controller on an AP’. Here is a guide I co-authored for doing just this.

-Sam

Summary:

Cisco 802.11ac Wave 2 APs do not run IOS like previous platforms. This presents a challenge when trying to perform an AP on a Stick site survey with only a battery pack. The standalone mode for these Access Points is achieved using Mobility Express – or the function to use the integrated WLC on the Access Point to control the radio functionality in a standalone fashion.

Prerequisites:

  • 8.3MR1 code supporting Mobility Express for your Access Point
  • Local power source for your Access Point (AIR-PWR-C or site survey battery with sufficient power)
  • Operational Standalone or Virtual Wireless Lan Controller running 8.2MR2 or 8.3 for configuring the Access Point mode and moving the images
  • TFTP server
  • 802.11ac Wave 2 Access Point (Please note, the 1810 platform is not supported at the time of this writing)
  • A serial console cable to watch/configure your AP

Process:

Step 1) Join your Access Point to your local WLC as you would during a normal deployment.

For the 2800/3800 platforms, you must be running a minimum of 8.2MR2 or 8.3 for step 1. For 1830/1850, there is no similar requirement aside from running a release that supports those platforms. Please note that this is not the above referenced ME image version which will be used in step 2.

Step 2) Convert the Access Point to Mobility Express mode using the correct image.

This is accomplished by going to the console of the AP and logging in, then enabling, then using the ap-type command to convert the AP over to Mobility Express and download the new image from your TFTP server. To get the correct AP image file, you will need to decompress the image bundle and use the correct image for your AP platform. For example:

  • 1830/1850 you should use ap1g4
  • 2800/3800 you should use ap3g3

Note: You can also use the platform specific ME image from CCO if you have that available. If you’re using a Universal SKU AP, you should wait for it to regulatory prime before trying to convert the image to make sure you don’t incur a reboot mid-code change.

Once your AP goes down for a reboot, disconnect the LAN cable and ensure its powered by local power or your survey battery pack:

Step 3) Wait for your Access Point to boot completely.

At this point your Access Point will do several things. It will boot and you will see about 2 minutes of the following messages:

Once these timeout, the Access Point will boot the Mobility Express WLC automatically:

Step 4) Configure the WLC using the following values:

Would you like to terminate autoinstall? [yes]: yes
Enter Administrative User Name (24 characters max): admin
Enter Administrative Password (3 to 24 characters): Cisco123
Re-enter Administrative Password : Cisco123
System Name [Cisco_11:aa:1a] (31 characters max): ME_WLC
Enter Country Code list (enter ‘help’ for a list of countries) [US]: US
Configure a NTP server now? [YES][no]: no
Configure the system time now? [YES][no]: yes
Enter the date in MM/DD/YY format: <date>
Enter the time in HH:MM:SS format: <time>
Enter timezone location index (enter ‘help’ for a list of timezones): 7
Management Interface IP Address: 192.168.1.2
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.1.1
Create Management DHCP Scope? [yes][NO]: yes
DHCP Network : 192.168.1.0
DHCP Netmask : 255.255.255.0
Router IP: 192.168.1.1
Start DHCP IP address: 192.168.1.10
Stop DHCP IP address: 192.168.1.200
DomainName : me.local
DNS Server : [OPENDNS][user DNS] OPENDNS
Create Employee Network? [YES][no]: yes
Employee Network Name (SSID)?: survey_ME
NOTE, USE YOUR INITIALS INSTEAD OF ‘ME’ TO DIFFERENTIATE YOUR SSID
Employee VLAN Identifier? [MGMT][1-4095]: MGMT
Employee Network Security? [PSK][enterprise]: PSK
Employee PSK Passphrase (8-38 characters)?: <temp key>
Re-enter Employee PSK Passphrase: <temp key>
Create Guest Network? [yes][NO]: no
Enable RF Parameter Optimization? [YES][no]: no
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

It is highly recommended to use the values above. Once the Access Point reboots continue on.

Step 5) Clean up the AP

Some of the defaults are not completely friendly. We’ll clean those up now. Discover the name of the Access Point using ‘show ap summary’ and rename it to something more friendly like ‘ap’. It should be noted that renaming your Access Point to ‘ap’ will make configurations easier and in line with the examples below, but if you’re part of a larger team and require unique Access Point names, this is where you would set them, making note to use your defined Access Point name instead of the shortened name ‘ap’ as described in the rest of this document.

Next we want to disable the PSK security on the WLAN for easier association and testing and enable Aironet Extensions to include the AP name in beacons. This step is optional, but recommended. You must first disable the WLAN, the disable the PSK, then re-enable the WLAN:

(Cisco Controller) >config wlan disable 1
(Cisco Controller) >config wlan security wpa disable 1
(Cisco Controller) >config wlan ccx aironetIeSupport enable 1
(Cisco Controller) >config wlan enable 1
(Cisco Controller) >save config
Are you sure you want to save? (y/n) y

Once you’ve made these changes, perform a ‘save config’ as shown on the WLC to ensure the changes aren’t overwritten.

Step 6) Configure your radios for site survey specifics including channel and TX power.

To set these values, you must admin disable the radio, make the change, then re-enable it. Remember, these are the same commands you’d use on a production, bare-metal WLC and are not new. Here are a few examples:

To change the 2.4GHz radio to channel 6:
(Cisco Controller) >config 802.11b disable ap
(Cisco Controller) >config 802.11b channel ap ap 6
(Cisco Controller) >config 802.11b enable ap

To change the 2.4GHz radio to power level 3:
(Cisco Controller) >config 802.11b disable ap
(Cisco Controller) >config 802.11b txPower ap ap 3
(Cisco Controller) >config 802.11b enable ap

To change the 5GHz radio to channel 44:
(Cisco Controller) >config 802.11a disable ap
(Cisco Controller) >config 802.11a channel ap ap 44
(Cisco Controller) >config 802.11a enable ap

To change the 5GHz radio to power level 5:
(Cisco Controller) >config 802.11a disable ap
(Cisco Controller) >config 802.11a txpower ap ap 5
(Cisco Controller) >config 802.11a enable ap

To change the 5GHz radio width to 40MHz:
(Cisco Controller) >config 802.11a disable ap
(Cisco Controller) >config 802.11a chan_width ap 40
(Cisco Controller) >config 802.11a enable ap

Of course, you can couple all of these commands together to reduce the number of times you’re disabling your radio if you’re doing an initial configuration. Here is an example of setting the radios both to power level 2 and the 2.4GHz radio to channel 11, and the 5GHz channel to 100@40MHz all in one script:

(Cisco Controller) >config 802.11b disable ap
(Cisco Controller) >config 802.11a disable ap
(Cisco Controller) >config 802.11b channel ap ap 11
(Cisco Controller) >config 802.11b txPower ap ap 2
(Cisco Controller) >config 802.11a channel ap ap 100
(Cisco Controller) >config 802.11a txpower ap ap 2
(Cisco Controller) >config 802.11a chan_width ap 40
(Cisco Controller) >config 802.11b enable ap
(Cisco Controller) >config 802.11a enable ap

To see the channel of the Access Point currently configured, use the ‘show ap channel ap’ command:

To see the power level of the Access Point currently configured, use the ‘show ap config slot 0 ap’ (for 2.4GHz) or ‘show ap config slot 1 ap’ (for 5GHz’ command and look for the following data:

Alternatively, use the grep command to just pick out the data you’re interested in:

Step 7) Alternative management via the WLC GUI

If you’ve followed this guide up till now, you can also access the management interface of the WLC by using your PC and joining your open survey SSID. Then open a web browser and navigate to https://192.168.1.2/ .

Step 8) Putting it all back the way you found it

To convert the AP back to capwap mode and undo this configuration, you must goto the AP console using ‘apciscoshell’ and perform the ‘ap-type’ command again:

Addendum:

Dual role radio notes:

The AP2800 and AP3800 both include the ability to change the slot 0 radios personality from 2.4GHz to 5GHz. This presents some unique configuration considerations as follows:

To convert the XOR radio from the default 2.4GHz to 5GHz and change its channel to 40 @ 40MHz wide use:
(Cisco Controller) >config 802.11-abgn disable ap
(Cisco Controller) >config 802.11-abgn role ap manual client-serving
(Cisco Controller) >config 802.11-abgn band ap ap 5GHz
(Cisco Controller) >config 802.11-abgn channel ap ap 40
(Cisco Controller) >config 802.11-abgn chan_width ap 40
(Cisco Controller) >config 802.11-abgn enable ap

The following should be noted for this configuration:

When you convert the XOR radio into 5GHz mode, you must use a channel that is 100MHz apart from the slot 1 radio in the Access Point. When you configure the XOR radio into 5GHz mode on an ‘e’ model of AP, you must have an external antenna plugged into the DART connector or this configuration will fail. When you configure the XOR radio into 5GHz mode on an ‘i’ model of AP, the tx power will be fixed and not modifiable (by design) to its lowest possible value to retain micro-cell integrity.

To change the XOR radio from a configured 5GHz to 2.4GHz and change its channel to 6 use:

(Cisco Controller) >config 802.11-abgn disable ap
(Cisco Controller) >config 802.11-abgn band ap ap 2.4GHz
(Cisco Controller) >config 802.11-abgn channel ap ap 6
(Cisco Controller) >config 802.11-abgn enable ap




from
https://sc-wifi.com/2017/03/20/cisco-wave2-site-survey-how-to/

Trump’s TSA Budget Fails to Cut the Obvious: Air Marshals

Trump’s TSA Budget Fails to Cut the Obvious: Air Marshals
Opinion: The Trump administration should direct more funding to TSA programs that prevent actually terrorism---not the air marshals. The post Trump’s TSA Budget Fails to Cut the Obvious: Air Marshals appeared first on WIRED.

from
https://www.wired.com/2017/03/trumps-tsa-budget-fails-cut-obvious-air-marshals/

The FBI Began Investigating Trump’s Potential Russia Ties Last Summer

The FBI Began Investigating Trump’s Potential Russia Ties Last Summer
Breaking with DOJ tradition, Comey makes official the Russia investigation Trump has long decried as "fake news." The post The FBI Began Investigating Trump’s Potential Russia Ties Last Summer appeared first on WIRED.

from
https://www.wired.com/2017/03/fbi-director-comey-confirms-investigation-trump-campaigns-russia-ties/

Friday, March 17, 2017

Thursday, March 16, 2017

Wednesday, March 15, 2017

WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It

WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It
We found out about a potential exposure of some of our internal data ... so we fixed it. The post WIRED Had a Potential Infosecurity Problem. Here's What We Did About It appeared first on WIRED.

from
https://www.wired.com/2017/03/wired-potential-infosecurity-problem-heres/

Russian Spies Helped Hack Yahoo, As If Tensions Weren’t High Enough

Russian Spies Helped Hack Yahoo, As If Tensions Weren’t High Enough
The Department of Justice pinned a major Yahoo hack on Russia, adding to cyber-tensions between the two companies. The post Russian Spies Helped Hack Yahoo, As If Tensions Weren't High Enough appeared first on WIRED.

from
https://www.wired.com/2017/03/yahoo-hack-russia-indictment/

WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser

WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser
Web-based vulnerabilities in end-to-end messengers demonstrate why it may be safest to stick with the mobile versions of messaging apps. The post WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser appeared first on WIRED.

from
https://www.wired.com/2017/03/whatsapp-hack-shows-even-encryption-apps-vulnerable-browser/

Hack Brief: High-Profile Twitter Accounts Overrun With Swastikas

Hack Brief: High-Profile Twitter Accounts Overrun With Swastikas
The inevitable social media fallout when Turkey and the Netherlands fight. The post Hack Brief: High-Profile Twitter Accounts Overrun With Swastikas appeared first on WIRED.

from
https://www.wired.com/2017/03/hack-brief-high-profile-twitter-accounts-overrun-swastikas/

Sunday, March 12, 2017

Como Audio Solo Wireless Speaker keeps all your music at the ready

We have several different sources from which we get our music. There’s Internet radio, the actual radio, music downloaded on our phones, and computers. When you’re at home, you have access to all of these options, but the manner in which you listen to them is normally stuck to specific devices. We want our world to be as connected as possible, so it would make sense that we would want a speaker system that will let us access whichever option we want, whenever we want.

The Como Audio Solo Speaker could be classified as a radio, but it is far more than that. This is a smart speaker that has a wooden case that’s nearly a half-inch thick with a 3/4” soft dome tweeter and a custom 3” long-throw, 4-layer voice coil woofer with an oversize magnet. There is also a 2.8” TFT color display so you can always see the album art, artist, and song information regardless of what channel you’re listening through.

There are two versions of this speaker, with this $299 version being the smaller of the two. The Duetto does the same, but more of it, and has a $399 price tag. This is available in piano black, white, hickory/black, or walnut/black, and yes, the color does affect the price. If you’re feeling saucy, you can buy multiples and sync them so that you can have the same music playing all over your house during parties.

Available for purchase on Amazon
[ Como Audio Solo Wireless Speaker keeps all your music at the ready copyright by Coolest Gadgets ]



from
http://www.coolest-gadgets.com/20170309/como-audio-solo-wireless-speaker-music-ready/

The Easiest Way To Protect Your Devices From Hacks? Keep Them Updated

The Easiest Way To Protect Your Devices From Hacks? Keep Them Updated
The simplest thing you can do to make yourself just a little bit safer: Keep your firmware up to date. The post The Easiest Way To Protect Your Devices From Hacks? Keep Them Updated appeared first on WIRED.

from
https://www.wired.com/2017/03/easiest-way-protect-devices-hacks-keep-updated/

Hacker Lexicon: What Is an Attack Surface?

Hacker Lexicon: What Is an Attack Surface?
Whenever there's a hack, one of the first questions is how the attackers got in. For the answer, look to the attack surface. The post Hacker Lexicon: What Is an Attack Surface? appeared first on WIRED.

from
https://www.wired.com/2017/03/hacker-lexicon-attack-surface/