Wednesday, October 31, 2018

China's Five Steps for Recruiting Spies in the US

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

from
https://www.wired.com/story/china-spy-recruitment-us

Tuesday, October 30, 2018

Monday, October 29, 2018

Saturday, October 27, 2018

Pittsburgh Synagogue Shooting Suspect's Gab Posts Are Part of a Pattern

It may never be clear why Robert Bowers chose to carry out a violent attack. But his social media activity mirrors an increase in anti-Semitism on the internet.

from
https://www.wired.com/story/pittsburgh-synagogue-shooting-gab-tree-of-life

Friday, October 26, 2018

How Feds Tracked Down Mail Bomb Suspect Cesar Sayoc

At a press conference Friday, officials detailed how they identified and found Cesar Sayoc, who has been arrested in connection with a series of mail bombs targeting prominent liberals and CNN.

from
https://www.wired.com/story/how-feds-tracked-mail-bomb-suspect-cesar-sayoc

Iran's New Facebook Trolls Are Using Russia's Playbook

Facebook took down another Iranian-based network of phony accounts Friday. This new campaign focused on American politics—and it was successful.

from
https://www.wired.com/story/iran-facebook-trolls-using-russia-playbook

Thursday, October 25, 2018

The Feds Just Hit Notorious Swatter Tyler Barriss With 46 New Charges. He Intends to Plead Guilty

Prosecutors in California have filed 46 new counts against Tyler Barriss for bomb threats, fraud, and swatting incidents nationwide. He’s angling to get the case transferred to Kansas and intends to plead guilty.

from
https://www.wired.com/story/feds-hit-notorious-swatter-tyler-barriss-with-46-new-charges

Trump's Personal iPhone Would Be a National Security Risk

By using a personal iPhone instead of secured lines, President Trump makes it entirely too easy for China and Russia to spy.

from
https://www.wired.com/story/trump-iphone-security-risk

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.

from
https://www.wired.com/story/i-bought-used-voting-machines-on-ebay

Wednesday, October 24, 2018

Democrat Mail Bomb Scares Are a Perfect Misinformation Storm

News of mail bombs targeting prominent Democrats and CNN on Wednesday gave way to a deluge of false reports, partisan finger pointing, and bad faith conspiracy theories online.

from
https://www.wired.com/story/mail-bomb-scares-misinformation-storm

How Mail Bombs Get Intercepted—And What Happens Next

Apparent mail bombs targeting Barack Obama, Hillary Clinton, CNN, and more all got caught before their final destination. Here's how.

from
https://www.wired.com/story/how-mail-bombs-get-intercepted-what-happens-next

Tuesday, October 23, 2018

Don't Believe Everything You See About the Migrant Caravan

A migrant caravan traveling through Mexico is the latest news event to be weaponized online.

from
https://www.wired.com/story/mexico-migrant-caravan-misinformation-alert

Russia Linked to Triton Industrial Control Malware

Like so many other internet misdeeds, the notorious Triton malware appears to have originated in Moscow.

from
https://www.wired.com/story/triton-malware-russia-industrial-controls

Paper and the Case for Going Low-Tech in the Voting Booth

When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source.

from
https://www.wired.com/story/elections-paper-ballots-low-tech-voting-booth

It Started as an Online Gaming Prank. Then It Turned Deadly

A $1.50 wager on a "Call of Duty" match led to a fake 911 call reporting a violent hostage situation in Wichita. Here’s how it all went horribly awry.

from
https://www.wired.com/story/swatting-deadly-online-gaming-prank

Forging a Relationship With Tyler Barriss, the Internet’s Most Hated Swatter

Journalist Brendan Koerner strikes up a jail-cell correspondence with a man charged with instigating a fatal shooting. “Only by peering into the abyss of human malice can we divine how we can muster the strength to forgive the truly lost," he writes.

from
https://www.wired.com/story/swatting-federal-prison-pen-pal

Sunday, October 21, 2018

The Titan M Chip Powers Up Pixel 3 Security

Google's latest flagship smartphone includes the Titan M, a security-focused chip that keeps users safe against sophisticated attacks.

from
https://www.wired.com/story/google-titan-m-security-chip-pixel-3

Friday, October 19, 2018

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity.

from
https://www.wired.com/story/russia-indictment-twitter-facebook-play-both-sides

A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare

A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news.

from
https://www.wired.com/story/facebook-hack-data-spammers

Wednesday, October 17, 2018

Friday, October 12, 2018

Thursday, October 11, 2018

How the US Halted China’s Cybertheft—Using a Chinese Spy

For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.

from
https://www.wired.com/story/us-china-cybertheft-su-bin

Wednesday, October 10, 2018

Pentagon Weapons Systems Are Easy Cyberattack Targets, New Report Finds

A new report says the Department of Defense "likely has an entire generation of systems that were designed and built without adequately considering cybersecurity."

from
https://www.wired.com/story/us-weapons-systems-easy-cyberattack-targets

Sunday, October 7, 2018

Analyzing analytic offerings

In case you’ve been living under a rock recently, the calm before the 802.11ax storm seems to increasingly be around Wi-Fi Assurance and/or Analytics. In particular, how is your Wi-Fi network performing and how happy are your clients (devices, not users). Most solutions on the market leverage a healthy dose of buzzwords to accomplish answering this question – most notably Machine Learning (ML), Artificial Intelligence (AI), Big Data, and don’t forget Cloud – to make you, the consumer feel like you’re genuinely on the bleeding edge of what a health related system can give you. It struck me during the recent MFD3 event that each of these solutions has a different way to approach the Assurance/Analytics problem, and of course each touts theirs as being ‘the best’ way to get all of the data needed to give you actionable data. Here is my take on the pro’s and con’s of some of the leading/competing solutions:

1) Mist Systems

Mist Systems claims to be the the First & Only AI-Driven WLAN – a bold statement indeed! Their primary source for retrieving statistics about users performance is directly inline from AP. This ‘at the edge’ approach allows them a deep insight into the radio and first hop performance of applications on their network. With a healthy punting of metadata to the Cloud, they claim to achieve “Automation & Insight through AI”.

Pro: A great example of ‘Cloud enabled’ Analytics and they do seem to genuinely seem to be hyper-focused on WLAN performance.

Con: Requiring Mist infrastructure means rip & replace for many organizations. Being hyper-focused on WLAN hardware leaves many organizations splitting their LAN infrastructure between vendors and that certainly diminishes the ‘one throat to choke’ troubleshooting. Visibility is at the AP layer only, ultimately leading to assumptive troubleshooting when issues outside of their visibility arise. Being a nascent company (and one of the last WLAN-only players) makes me wonder how long before they’ll be acquired.

Consumption: Cloud with a premium capex spend as well as ongoing required opex.

Bold claims!

Bold claims!

2) Cisco Meraki

Since being acquired by Cisco in November 2012, Meraki has continued to deliver on bringing features to market through their flagship product, the Meraki dashboard. The closest anyone comes to a ‘single pane of glass’ management portal, Meraki continues to shine for those Cloud-friendly organizations that have hyper-value on a single point of administration for their network. Generally, these tend to be the highly distributed organizations as opposed to the campus enterprise. Meraki’s ‘Wireless Health’ feature is in beta now and was ‘automagically’ delivered to existing customers.

Pro: Meraki’s AGILE product development targets the 80/20 rule pretty squarely. It’s ‘good enough’ for a lot of folks, and it’s ‘free’ to existing customers (if you don’t consider opex an expense of course).

Con: Wireless Health is Wi-Fi only – with no end to end correlation of their switches or security appliances, and it fragments the message around full-stack solutions. While focusing on making an ‘okay for most’ product, they certainly lose out on much of the deeper technical data commonly found in some of the larger platforms.

Consumption: Cloud with a premium capex spend as well as ongoing required opex (free to existing paying customers).

Slap a beta logo on it, call it good!

Wireless Health from Meraki

3) nyansa

Arguably *the* pioneer in Wi-Fi Assurance and Analytics, they were founded in 2013 and have a head start on most of the players in the market. Interestingly enough, nyansa is the only player in this space that not only doesn’t manufacture hardware to pitch at you, they work with an ever-growing number of existing infrastructure providers (including most of the major ones!). Leveraging an onsite ‘crawler’ to gather the data and to punt metadata to the Cloud, the onsite components are generally lightweight and assuming you’re already a VM friendly organization, no real hardware requirements (including any ripping and replacing of APs) is needed.

Pro: They’ve been at it a longer than anyone else and are clearly ahead of the game. They accept data from a variety of network sources including your LAN infrastructure so their ability to more accurately pinpoint issues is likely to be more accurate than a Wi-Fi only solution. Being able to ‘compare’ your data to peers of your own ilk is an interesting proposition and clearly one of the premier features they hang their hats on.

Con: Having an analytics only platform that’s not tightly coupled with your infrastructure leads me to wonder about the long-term stickiness of the solution. The perceived high-cost of the solution, has lead many to ‘deploy, diagnose, then remove’ – very much defeating the long term goals of Analytics and Assurance platforms. Ongoing success when ‘all is good’ is very hard to demonstrate and the vendor neutral approach leaves them vulnerable.

Consumption: Primarily an opex play since there isn’t really a capex component to speak of (no APs or appliances to install).

That's not creepy at all.

nyansa

 

4) 7signal

7signal has been fairly quiet on the Assurance front as of late, but they’re worth a mention. Being the pioneer in sensor driven tests, hanging an ‘eye’ to connect to your network and measure/gather various statistics about how well it’s performing has been their pitch from day 1. Falling more on the ‘stats digestion’ side of the house rather than on the ML/AI side of the spectrum, 7signal is worth noting due to their synthetic testing that closely mimics what a client sees on the network.

Pro: Client first is the best way to view the network and a sensor (or embedded into a client) is the only way to get this data.

Con: Having *only* client data means that correlation has to happen in a guesswork fashion. Coupled with a difficult install and a user interface that could stand a healthy dose of sprucing up and the platform overall is feeling pretty stale.

Consumption: Capex spend for the sensors and ongoing support and maintenance. On premises deployment model with ‘lightweight-at-best’ analytics.

5) Aruba

Aruba acquired Rasa in May of 2016 to become part of the Aruba Clarity team. They’ve since changed gears and are rolling the Rasa features into NetInsight. They’ve been relatively quiet on the productization front here, opting instead to show it off at events like Aruba Atmosphere and Mobility Field Day events. They get some interesting insights out of the education campus use case they show but I’ve not seen any readily actionable insights that don’t require some level of Data Scientist level of queries. They have the potential to move the needle in the industry here, but making it easy to use is clearly something they’re struggling with.

Pro: Buying a ready made analytics company reduces their time to market and clearly Aruba is moving aggressively to get into the analytics game here. If you’re an Aruba Wi-Fi, AirWave, or Clarity/NetInsight customer, they have some big things in store.

Con: Today the data is clearly difficult to get at. Usability leaves a lot to be desired and there is some pretty unclear things about where the platform is going. Between the legacy Clarity offering, the Rasa integration, NetInsight, and don’t forget about the recent Niara acquisition on the security side. There are lots of moving pieces here and Aruba will have to bring some quick clarity (hah!) to their consumption model.

Consumption: NetInsight productization is currently TBD, but I expect it will be Cloud-first, if not Cloud-only by the time you can get your hands on a production ready solution.

Doing thoughtful things.

Thoughtful people

6) Cisco Enterprise

Cisco has been focused on DNA-Center, the successor to the APIC-EM platform. The platform runs ‘apps’ on top, and one of the flagship applications shipping today is DNA Assurance. This platform is the ‘all-in’ Cisco assurance platform that takes data from everywhere you can think of – netflow feeds from your WLC and/or switch, radio data from the AP, synthetic data from sensors, and feedback from actual clients. In short, they take the best of all worlds and attempt to lump it into one big platform without giving people the heebie-jeebies about their data being in the Cloud.

Pro: Ambitiously Cisco is taking the ‘whatever you can feed me’ approach to Analytics and Assurance. The more feeds you can send to it, the better. This allows organizations to deploy the solution components that make sense to them and add more later if they want improved fidelity. Deploying an Analytics platform that you can actually run onsite in a 1RU appliance is no small feat and will be an undoubted boon for those Cloud adverse.

Cons: All of that horsepower isn’t cheap. Coupled with Cisco’s somewhat tarnished reputation as of late around code quality makes some people nervous about ‘one box to rule them all’, but this should generally be a mitigated concern for out-of-band analytics. Of course, this all works best if you’re Cisco end to end and that could be perceived as a negative to some.

Consumption: On premises hardware appliance fed by Cloud updates for the applications. Your Cisco ONE licensing consumption model and Smart Licenses will be key to getting this off of the ground, but so far there is no ‘break if you don’t pay’ approach.

I hope that the roll-up was a useful overview to the Analytics and Assurance market as it sits today. Did I miss anyone? Let me know and I’ll try and get a summarization up for you ASAP!



from
https://sc-wifi.com/2018/10/07/analyzing-analytic-offerings/

Thursday, October 4, 2018

Why Supply Chain Hacks Are a Cybersecurity Worse Case Scenario

A blockbuster report from Bloomberg says that China has compromised servers used by major US companies. It's a problem that experts have long feared, and still don't know how to resolve.

from
https://www.wired.com/story/supply-chain-hacks-cybersecurity-worst-case-scenario

How Russian Spies Infiltrated Hotel Wi-Fi to Hack Their Victims Up Close

A new indictment details how Russian agents camped outside hotels when remote hacking efforts weren't enough.

from
https://www.wired.com/story/russian-spies-indictment-hotel-wi-fi-hacking

Wednesday, October 3, 2018

Malware Has a New Way to Hide on Your Mac

By only checking a file's code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely.

from
https://www.wired.com/story/mac-malware-hide-code-signing

How to 'Turn Off' the Presidential Emergency Text Alert Test

If you really don't want to receive today's emergency test text message, there's one pretty simple workaround.

from
https://www.wired.com/story/how-to-turn-off-presidential-emergency-text-alert-test

The Presidential Text Alert Has a Long, Strange History

While the presidential text that hits your phone Wednesday will be the first of its kind, it's part of a decades-long lineage of official government Doomsday alerts.

from
https://www.wired.com/story/presidential-text-alert-fema-emergency-history

Intra Gives Older Versions of Android Important DNS Protections

Alphabet subsidiary Jigsaw is using a new app to give DNS encryption protections to any Android smartphone from the last seven years.

from
https://www.wired.com/story/jigsaw-intra-app-dns-encryption

Tuesday, October 2, 2018

Hackers Can Stealthily Avoid Traps Set to Defend Amazon's Cloud

In the cat and mouse game of protecting cloud services, attackers find a sneaky advantage.

from
https://www.wired.com/story/aws-honeytoken-hackers-avoid

The Facebook Hack Is an Internet-Wide Failure

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse.

from
https://www.wired.com/story/facebook-hack-single-sign-on-data-exposed

How the Kavanaugh Information War Mirrors Real Warzones

Opinion: From using open source intelligence to spreading false reports to brazenly rewriting history, social media warriors on both sides of the controversy are taking a page from Russia.

from
https://www.wired.com/story/how-the-kavanaugh-information-war-mirrors-real-warzones

Monday, October 1, 2018

Why Cops Can Use Face ID to Unlock Your iPhone

For the first publicly documented time, law enforcement has used Face ID to forcibly unlock someone's iPhone. It won't be the last.

from
https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights