Adjusting log timestamps to localtime on Cisco IOS devices

Correlating Log files are an important aspect when responding to incidents/attacks/outages regarding your Cisco devices.

However I have noticed for a while that my logging timestamps are off an hour from the actual clock synced by NTP.

After some digging I realized that Cisco devices use
service timestamps log datetime
as a default. You can check the default values using the command:
sh run all | inc timestamp
In order for your logs to use the local clock time you need to issue the command
device(config)# service timestamp log datetime localtime
From now on, your logging timestamp should be identical to your local time on the device.

Let’s Encrypt – bringing crypto to the masses

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

The key principles behind Let’s Encrypt are:

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
  • Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
  • Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

There was a talk at 31c3, which you can find here

Crypto 101

Crypto for everyone:

Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.

Reddit Post

Crypto 101: the presentation

Crypto 101 started as a presentation at PyCon 2013. It tries to go through all of the major dramatis personae of cryptography to make TLS work in 45 minutes. This book is the natural extension of that, with an extensive focus on breaking cryptography.



Turkey Citizens respond to Twitter censorship (via DNS)

Internet censorship is bad – especially when it is abused to censor media reports about potentially corrupt government officials. Luckily a lot of incompetent people try to implement censorship via DNS.

Censorship via DNS is a method which is pretty easy to bypass and some people have responded to this this:

And no, I will not go into detail here on how to do it right – for obvious reasons….