English Language
German Language
John Oliver on Encryption
Baidu hijacking traffic to DDos Github
Analysis of a DDos attack on Github by hijacking traffic (jquery) on Baidu.com (biggest search engine in China)
Main Article: http://insight-labs.org/?p=1682
Good news everyone:
EFF’s Game Plan for Ending Global Mass Surveillance
The Guardian – Mass surveillance is fundamental threat to human rights
Would you like to know more?
http://www.reddit.com/r/privacy
Let’s Encrypt – bringing crypto to the masses
https://letsencrypt.org
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
There was a talk at 31c3, which you can find here
United States of Secrets Documentary
Great PBS documentary on the NSA surveillance “program”
Part 1 mainly focuses on the NSA program post 9/11 and the events that lead people like Thomas Drake, William Binney and Edward Snowden to blow the whistle.
Part 2 covers the ties between the US government and Data Mining companies like Google, Facebook and Apple.
XKCD on Heartbleed :)
CVE-2014-0092: GnuTLS Certificate verification issue
A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.
Source: http://gnutls.org/security.html
goto fail, anyone? 🙂
Cisco ACL resequencing
Managing Access Lists on Cisco IOS devices can be a real headache. Copying ACLs and Editing them in a Text Editor was a widely spread method until extended ACLs implemented Named Access Lists (nacls) with featured sequence numbers.
Extended IP access list my_acl_in 2 permit icmp ..... (1234 matches) 3 permit ip any host x.x.x.x 10 permit ip .... 11 permit ip .... 12 permit ip .... 13 permit ip .... 14 permit tcp any host ...... eq 443 15 permit tcp any host ...... eq www
Btw. the IPv6 Access list sequence numbers are placed at the end
permit tcp host 2001:DB8:1::32 host 2001:DB8:2::32 eq ssh sequence 1
Sequence Numbers allow for quick changes to an ACL without the copy&paste foo. A growing and ever changing ACL however can post a challange to your sequencing once the gaps are filled. In order to realign your Access Control Entries you can use the resequence command to put your ACEs in order again.
r1(config)#ip access-list resequence ? <1-99> Standard IP access-list number <100-199> Extended IP access-list number <1300-1999> Standard IP access-list number (expanded range) <2000-2699> Extended IP access list number (expanded range) WORD Access-list name r1(config)#ip access-list resequence my_acl_in ? <1-2147483647> Starting Sequence Number r1(config)#ip access-list resequence my_acl_in 5 ? <1-2147483647> Step to increment the sequence number r1(config)#ip access-list resequence my_acl_in 5 5
will resequence your ACEs to look something like this:
Extended IP access list my_acl_in 5 permit icmp ..... (1234 matches) 10 permit ip any host x.x.x.x 15 permit ip .... 20 permit ip .... 25 permit ip .... 30 permit ip .... 35 permit tcp any host ...... eq 443 40 permit tcp any host ...... eq www
This feature will definitely help to keep your sanity.
I find it quite a bit strange that this fuction is not mentioned on neither the 640-802 CCNA nor the 640-554 CCNA Security Cert Guides.
For more infos, check out the Cisco ACL sequence numbering guide
Visualizing the Diffie-Hellman key exchange
If you just want to watch so the video, here you go. But this article also contains some more information below.
In 2010 I blogged about Khan Academy featuring free video lectures. Seems like the site is growing quite well with topics covering a large spectrum of science.
One of the most interesting video series I found there was Journey into Cryptography
It offers a great oversight of encryption methods, historical relevance and most importantly, emerging patterns that offer an attack vector due to lack of entropy which leads to a low key-strength. This video is a great way to get into the principles of cryptography.
The series can also be watch directly on youtube via this playlist: