A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.
Edward Snowden has given us an unprecedented window into the NSA’s surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, this talk describes the sorts of surveillance the NSA conducts and how it conducts it. The emphasis will be on the technical capabilities of the NSA, and not the politics or legality of their actions. I will then discuss what sorts of countermeasures are likely to frustrate any nation-state adversary with these sorts of capabilities. These will be techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: ubiquitous encryption, target dispersal, anonymity tools, and so on.
Managing Access Lists on Cisco IOS devices can be a real headache. Copying ACLs and Editing them in a Text Editor was a widely spread method until extended ACLs implemented Named Access Lists (nacls) with featured sequence numbers.
Extended IP access list my_acl_in
2 permit icmp ..... (1234 matches)
3 permit ip any host x.x.x.x
10 permit ip ....
11 permit ip ....
12 permit ip ....
13 permit ip ....
14 permit tcp any host ...... eq 443
15 permit tcp any host ...... eq www
Btw. the IPv6 Access list sequence numbers are placed at the end
Sequence Numbers allow for quick changes to an ACL without the copy&paste foo. A growing and ever changing ACL however can post a challange to your sequencing once the gaps are filled. In order to realign your Access Control Entries you can use the resequence command to put your ACEs in order again.
r1(config)#ip access-list resequence ?
<1-99> Standard IP access-list number
<100-199> Extended IP access-list number
<1300-1999> Standard IP access-list number (expanded range)
<2000-2699> Extended IP access list number (expanded range)
WORD Access-list name
r1(config)#ip access-list resequence my_acl_in ?
<1-2147483647> Starting Sequence Number
r1(config)#ip access-list resequence my_acl_in 5 ?
<1-2147483647> Step to increment the sequence number
r1(config)#ip access-list resequence my_acl_in 5 5
will resequence your ACEs to look something like this:
Extended IP access list my_acl_in
5 permit icmp ..... (1234 matches)
10 permit ip any host x.x.x.x
15 permit ip ....
20 permit ip ....
25 permit ip ....
30 permit ip ....
35 permit tcp any host ...... eq 443
40 permit tcp any host ...... eq www
This feature will definitely help to keep your sanity.
I find it quite a bit strange that this fuction is not mentioned on neither the 640-802 CCNA nor the 640-554 CCNA Security Cert Guides.
It offers a great oversight of encryption methods, historical relevance and most importantly, emerging patterns that offer an attack vector due to lack of entropy which leads to a low key-strength. This video is a great way to get into the principles of cryptography.
The series can also be watch directly on youtube via this playlist:
I have always wanted to get myself a reef aquarium… A complete ecosystem enclosed in a glass/acrylic tank with beautiful coral and interesting livestock…. The only question I ask myself now is “What took you so long?”
Dealing with space restraints can be an issue when setting up an aquarium. Nowadays a lot of Nano sized aquariums are available on the market and with some limitation to the selection of livestock/corals will allow you to set up a small marine environment.
I had to make a decision on whether I wanted a freshwater or marine aquarium – both of them have their pros and cons. Unable to decide I purchased both and decided to start of with the freshwater shrimp aquarium. A marine aquarium can be harder to maintain but rewards you with beautiful colors and very bizarre creatures…
Before I made the purchase I had some reading to do, so I took about six weeks and consumed any literature I could find on the topics. The requirements to successfully maintain an Aquarium (especially a Nano aquarium) boil down to a few facts:
- maintaining biological stability (water quality, waste): If you know basic chemistry and have some common sense the basics should not be a problem and small mistakes (and mistakes will be made) should not have a too ciritcal impact
- maintaining livestock: This is probably the most fun part in the process. Get the facts/data of your livestock and analyze their behavior. If you have an analytical mindset – be prepared to explore a whole new world with plenty of interesting stuff to learn. Questions like “What food do species x prefer” and “Do species x and y” get along and how can I scape my reef to give my corals a healthy environment will come up here.
- equipment choice: This is a large industry and products are flooding the market, find what works best for you and your livestock or better yet…. build it yourself…
With High Power LEDs, Micro controllers and compact computers like a Raspberry Pi will allow you to bring your tech experience into the whole aquarium spectrum.
Also, if you love photography (especially Macro Photography) you will love owning a reef tank.
Coming up will be a series of Blogs about setting up, maintaining, enjoying and improving my reef aquarium.
The unofficial third party repository Debian Multimedia stopped using the domain debian-multimedia.org some months ago. The domain expired and it is now registered again by someone unknown to Debian. (If we’re wrong on this point, please sent us an email so we can take over the domain! )
This means that the repository is no longer safe to use, and you should remove the related entries from your sources.list file.