Wednesday, October 31, 2018
China's Five Steps for Recruiting Spies in the US
from
https://www.wired.com/story/china-spy-recruitment-us
Tuesday, October 30, 2018
Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics
from
https://www.wired.com/story/apple-t2-security-chip-macbook-microphone
Monday, October 29, 2018
Signal's "Sealed Sender" Is a Clever New Way to Shield Your Identity
from
https://www.wired.com/story/signal-sealed-sender-encrypted-messaging
'Fortnite' Scams Are Even Worse Than You Thought
from
https://www.wired.com/story/fortnite-scams-even-worse-than-you-thought
Saturday, October 27, 2018
Pittsburgh Synagogue Shooting Suspect's Gab Posts Are Part of a Pattern
from
https://www.wired.com/story/pittsburgh-synagogue-shooting-gab-tree-of-life
Friday, October 26, 2018
How Feds Tracked Down Mail Bomb Suspect Cesar Sayoc
from
https://www.wired.com/story/how-feds-tracked-mail-bomb-suspect-cesar-sayoc
Iran's New Facebook Trolls Are Using Russia's Playbook
from
https://www.wired.com/story/iran-facebook-trolls-using-russia-playbook
Thursday, October 25, 2018
The Feds Just Hit Notorious Swatter Tyler Barriss With 46 New Charges. He Intends to Plead Guilty
from
https://www.wired.com/story/feds-hit-notorious-swatter-tyler-barriss-with-46-new-charges
Trump's Personal iPhone Would Be a National Security Risk
from
https://www.wired.com/story/trump-iphone-security-risk
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
from
https://www.wired.com/story/i-bought-used-voting-machines-on-ebay
Wednesday, October 24, 2018
Democrat Mail Bomb Scares Are a Perfect Misinformation Storm
from
https://www.wired.com/story/mail-bomb-scares-misinformation-storm
How Mail Bombs Get Intercepted—And What Happens Next
from
https://www.wired.com/story/how-mail-bombs-get-intercepted-what-happens-next
Tuesday, October 23, 2018
Don't Believe Everything You See About the Migrant Caravan
from
https://www.wired.com/story/mexico-migrant-caravan-misinformation-alert
Russia Linked to Triton Industrial Control Malware
from
https://www.wired.com/story/triton-malware-russia-industrial-controls
Paper and the Case for Going Low-Tech in the Voting Booth
from
https://www.wired.com/story/elections-paper-ballots-low-tech-voting-booth
It Started as an Online Gaming Prank. Then It Turned Deadly
from
https://www.wired.com/story/swatting-deadly-online-gaming-prank
Forging a Relationship With Tyler Barriss, the Internet’s Most Hated Swatter
from
https://www.wired.com/story/swatting-federal-prison-pen-pal
Sunday, October 21, 2018
The Titan M Chip Powers Up Pixel 3 Security
from
https://www.wired.com/story/google-titan-m-security-chip-pixel-3
Saturday, October 20, 2018
Apple Data Downloads, A Dating App for Trump Fans, and More Security News This Week
from
https://www.wired.com/story/donald-trump-dating-app-exposed-data
To Curb Terrorist Propaganda Online, Look to YouTube. No, Really.
from
https://www.wired.com/story/to-curb-terrorist-propaganda-online-look-to-youtube-no-really
Friday, October 19, 2018
Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe
from
https://www.wired.com/story/russia-indictment-twitter-facebook-play-both-sides
A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare
from
https://www.wired.com/story/facebook-hack-data-spammers
Wednesday, October 17, 2018
The Mysterious Return of Years-Old APT1 Malware
from
https://www.wired.com/story/mysterious-return-of-years-old-chinese-malware-apt1
Helm Wants You to Control Your Own Data Again
from
https://www.wired.com/story/helm-server-data-privacy
Saturday, October 13, 2018
Robert Mueller Has Already Told You Everything You Need To Know
from
https://www.wired.com/story/wired25-robert-mueller
Kanye's Password, a WhatsApp Bug, and More Security News This Week
from
https://www.wired.com/story/kanye-bad-password-security-roundup
Friday, October 12, 2018
Fake Adobe Flash Installers Come With a Little Malware Bonus
from
https://www.wired.com/story/fake-adobe-flash-installers-cryptomining-malware-bonus
How Facebook Hackers Compromised 30 Million Accounts
from
https://www.wired.com/story/how-facebook-hackers-compromised-30-million-accounts
How to Check If Your Facebook Account Got Hacked—And How Badly
from
https://www.wired.com/story/facebook-hack-check-if-account-affected
No One Can Get Cybersecurity Disclosure Just Right
from
https://www.wired.com/story/cybersecurity-disclosure-gdpr-facebook-google
Thursday, October 11, 2018
How the US Halted China’s Cybertheft—Using a Chinese Spy
from
https://www.wired.com/story/us-china-cybertheft-su-bin
Wednesday, October 10, 2018
Pentagon Weapons Systems Are Easy Cyberattack Targets, New Report Finds
from
https://www.wired.com/story/us-weapons-systems-easy-cyberattack-targets
Monday, October 8, 2018
Google's Privacy Whiplash Shows Big Tech's Inherent Contradictions
from
https://www.wired.com/story/googles-privacy-whiplash-shows-big-techs-inherent-contradictions
Sunday, October 7, 2018
Analyzing analytic offerings
In case you’ve been living under a rock recently, the calm before the 802.11ax storm seems to increasingly be around Wi-Fi Assurance and/or Analytics. In particular, how is your Wi-Fi network performing and how happy are your clients (devices, not users). Most solutions on the market leverage a healthy dose of buzzwords to accomplish answering this question – most notably Machine Learning (ML), Artificial Intelligence (AI), Big Data, and don’t forget Cloud – to make you, the consumer feel like you’re genuinely on the bleeding edge of what a health related system can give you. It struck me during the recent MFD3 event that each of these solutions has a different way to approach the Assurance/Analytics problem, and of course each touts theirs as being ‘the best’ way to get all of the data needed to give you actionable data. Here is my take on the pro’s and con’s of some of the leading/competing solutions:
1) Mist Systems
Mist Systems claims to be the the First & Only AI-Driven WLAN – a bold statement indeed! Their primary source for retrieving statistics about users performance is directly inline from AP. This ‘at the edge’ approach allows them a deep insight into the radio and first hop performance of applications on their network. With a healthy punting of metadata to the Cloud, they claim to achieve “Automation & Insight through AI”.
Pro: A great example of ‘Cloud enabled’ Analytics and they do seem to genuinely seem to be hyper-focused on WLAN performance.
Con: Requiring Mist infrastructure means rip & replace for many organizations. Being hyper-focused on WLAN hardware leaves many organizations splitting their LAN infrastructure between vendors and that certainly diminishes the ‘one throat to choke’ troubleshooting. Visibility is at the AP layer only, ultimately leading to assumptive troubleshooting when issues outside of their visibility arise. Being a nascent company (and one of the last WLAN-only players) makes me wonder how long before they’ll be acquired.
Consumption: Cloud with a premium capex spend as well as ongoing required opex.
2) Cisco Meraki
Since being acquired by Cisco in November 2012, Meraki has continued to deliver on bringing features to market through their flagship product, the Meraki dashboard. The closest anyone comes to a ‘single pane of glass’ management portal, Meraki continues to shine for those Cloud-friendly organizations that have hyper-value on a single point of administration for their network. Generally, these tend to be the highly distributed organizations as opposed to the campus enterprise. Meraki’s ‘Wireless Health’ feature is in beta now and was ‘automagically’ delivered to existing customers.
Pro: Meraki’s AGILE product development targets the 80/20 rule pretty squarely. It’s ‘good enough’ for a lot of folks, and it’s ‘free’ to existing customers (if you don’t consider opex an expense of course).
Con: Wireless Health is Wi-Fi only – with no end to end correlation of their switches or security appliances, and it fragments the message around full-stack solutions. While focusing on making an ‘okay for most’ product, they certainly lose out on much of the deeper technical data commonly found in some of the larger platforms.
Consumption: Cloud with a premium capex spend as well as ongoing required opex (free to existing paying customers).
3) nyansa
Arguably *the* pioneer in Wi-Fi Assurance and Analytics, they were founded in 2013 and have a head start on most of the players in the market. Interestingly enough, nyansa is the only player in this space that not only doesn’t manufacture hardware to pitch at you, they work with an ever-growing number of existing infrastructure providers (including most of the major ones!). Leveraging an onsite ‘crawler’ to gather the data and to punt metadata to the Cloud, the onsite components are generally lightweight and assuming you’re already a VM friendly organization, no real hardware requirements (including any ripping and replacing of APs) is needed.
Pro: They’ve been at it a longer than anyone else and are clearly ahead of the game. They accept data from a variety of network sources including your LAN infrastructure so their ability to more accurately pinpoint issues is likely to be more accurate than a Wi-Fi only solution. Being able to ‘compare’ your data to peers of your own ilk is an interesting proposition and clearly one of the premier features they hang their hats on.
Con: Having an analytics only platform that’s not tightly coupled with your infrastructure leads me to wonder about the long-term stickiness of the solution. The perceived high-cost of the solution, has lead many to ‘deploy, diagnose, then remove’ – very much defeating the long term goals of Analytics and Assurance platforms. Ongoing success when ‘all is good’ is very hard to demonstrate and the vendor neutral approach leaves them vulnerable.
Consumption: Primarily an opex play since there isn’t really a capex component to speak of (no APs or appliances to install).
4) 7signal
7signal has been fairly quiet on the Assurance front as of late, but they’re worth a mention. Being the pioneer in sensor driven tests, hanging an ‘eye’ to connect to your network and measure/gather various statistics about how well it’s performing has been their pitch from day 1. Falling more on the ‘stats digestion’ side of the house rather than on the ML/AI side of the spectrum, 7signal is worth noting due to their synthetic testing that closely mimics what a client sees on the network.
Pro: Client first is the best way to view the network and a sensor (or embedded into a client) is the only way to get this data.
Con: Having *only* client data means that correlation has to happen in a guesswork fashion. Coupled with a difficult install and a user interface that could stand a healthy dose of sprucing up and the platform overall is feeling pretty stale.
Consumption: Capex spend for the sensors and ongoing support and maintenance. On premises deployment model with ‘lightweight-at-best’ analytics.
5) Aruba
Aruba acquired Rasa in May of 2016 to become part of the Aruba Clarity team. They’ve since changed gears and are rolling the Rasa features into NetInsight. They’ve been relatively quiet on the productization front here, opting instead to show it off at events like Aruba Atmosphere and Mobility Field Day events. They get some interesting insights out of the education campus use case they show but I’ve not seen any readily actionable insights that don’t require some level of Data Scientist level of queries. They have the potential to move the needle in the industry here, but making it easy to use is clearly something they’re struggling with.
Pro: Buying a ready made analytics company reduces their time to market and clearly Aruba is moving aggressively to get into the analytics game here. If you’re an Aruba Wi-Fi, AirWave, or Clarity/NetInsight customer, they have some big things in store.
Con: Today the data is clearly difficult to get at. Usability leaves a lot to be desired and there is some pretty unclear things about where the platform is going. Between the legacy Clarity offering, the Rasa integration, NetInsight, and don’t forget about the recent Niara acquisition on the security side. There are lots of moving pieces here and Aruba will have to bring some quick clarity (hah!) to their consumption model.
Consumption: NetInsight productization is currently TBD, but I expect it will be Cloud-first, if not Cloud-only by the time you can get your hands on a production ready solution.
Cisco has been focused on DNA-Center, the successor to the APIC-EM platform. The platform runs ‘apps’ on top, and one of the flagship applications shipping today is DNA Assurance. This platform is the ‘all-in’ Cisco assurance platform that takes data from everywhere you can think of – netflow feeds from your WLC and/or switch, radio data from the AP, synthetic data from sensors, and feedback from actual clients. In short, they take the best of all worlds and attempt to lump it into one big platform without giving people the heebie-jeebies about their data being in the Cloud.
Pro: Ambitiously Cisco is taking the ‘whatever you can feed me’ approach to Analytics and Assurance. The more feeds you can send to it, the better. This allows organizations to deploy the solution components that make sense to them and add more later if they want improved fidelity. Deploying an Analytics platform that you can actually run onsite in a 1RU appliance is no small feat and will be an undoubted boon for those Cloud adverse.
Cons: All of that horsepower isn’t cheap. Coupled with Cisco’s somewhat tarnished reputation as of late around code quality makes some people nervous about ‘one box to rule them all’, but this should generally be a mitigated concern for out-of-band analytics. Of course, this all works best if you’re Cisco end to end and that could be perceived as a negative to some.
Consumption: On premises hardware appliance fed by Cloud updates for the applications. Your Cisco ONE licensing consumption model and Smart Licenses will be key to getting this off of the ground, but so far there is no ‘break if you don’t pay’ approach.
I hope that the roll-up was a useful overview to the Analytics and Assurance market as it sits today. Did I miss anyone? Let me know and I’ll try and get a summarization up for you ASAP!
from
https://sc-wifi.com/2018/10/07/analyzing-analytic-offerings/
Saturday, October 6, 2018
A Good Password Law, Hardware Hacks, and More Security News This Week
from
https://www.wired.com/story/security-news-this-week-good-news-california-bans-bad-default-passwords
Don't Buy the Trump Administration's China Misdirection
from
https://www.wired.com/story/dont-buy-trump-administration-china-misdirection
Friday, October 5, 2018
A 'Scarily Simple' Bug Put Millions of Cox Cable Customer Accounts at Risk
from
https://www.wired.com/story/cox-communications-vulnerability
The Apollo Breach Included Billions of Data Points
from
https://www.wired.com/story/apollo-breach-linkedin-salesforce-data
Thursday, October 4, 2018
Why Supply Chain Hacks Are a Cybersecurity Worse Case Scenario
from
https://www.wired.com/story/supply-chain-hacks-cybersecurity-worst-case-scenario
How Russian Spies Infiltrated Hotel Wi-Fi to Hack Their Victims Up Close
from
https://www.wired.com/story/russian-spies-indictment-hotel-wi-fi-hacking
Wednesday, October 3, 2018
Malware Has a New Way to Hide on Your Mac
from
https://www.wired.com/story/mac-malware-hide-code-signing
How to 'Turn Off' the Presidential Emergency Text Alert Test
from
https://www.wired.com/story/how-to-turn-off-presidential-emergency-text-alert-test
The Presidential Text Alert Has a Long, Strange History
from
https://www.wired.com/story/presidential-text-alert-fema-emergency-history
Intra Gives Older Versions of Android Important DNS Protections
from
https://www.wired.com/story/jigsaw-intra-app-dns-encryption
Tuesday, October 2, 2018
Hackers Can Stealthily Avoid Traps Set to Defend Amazon's Cloud
from
https://www.wired.com/story/aws-honeytoken-hackers-avoid
The Facebook Hack Is an Internet-Wide Failure
from
https://www.wired.com/story/facebook-hack-single-sign-on-data-exposed
How the Kavanaugh Information War Mirrors Real Warzones
from
https://www.wired.com/story/how-the-kavanaugh-information-war-mirrors-real-warzones
Monday, October 1, 2018
Why Cops Can Use Face ID to Unlock Your iPhone
from
https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights