Analysis of a DDos attack on Github by hijacking traffic (jquery) on Baidu.com (biggest search engine in China)
Main Article: http://insight-labs.org/?p=1682
Quick and dirty – but effective
Adjusting log timestamps to localtime on Cisco IOS devices
Correlating Log files are an important aspect when responding to incidents/attacks/outages regarding your Cisco devices.
However I have noticed for a while that my logging timestamps are off an hour from the actual clock synced by NTP.
After some digging I realized that Cisco devices use
service timestamps log datetime
as a default. You can check the default values using the command:
sh run all | inc timestamp
In order for your logs to use the local clock time you need to issue the command
device(config)# service timestamp log datetime localtime
From now on, your logging timestamp should be identical to your local time on the device.
Good news everyone:
EFF’s Game Plan for Ending Global Mass Surveillance
The Guardian – Mass surveillance is fundamental threat to human rights
Would you like to know more?
http://www.reddit.com/r/privacy
Let’s Encrypt – bringing crypto to the masses
https://letsencrypt.org
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
There was a talk at 31c3, which you can find here
Reconstructing narratives – 31c3
Great and Inspiring talk by Laura Poitras and Jacob Applebaum.
All talks from 31c3 can be found here http://media.ccc.de/browse/congress/2014/index.html
https://www.youtube.com/watch?v=0SgGMj3Mf88
United States of Secrets Documentary
Great PBS documentary on the NSA surveillance “program”
Part 1 mainly focuses on the NSA program post 9/11 and the events that lead people like Thomas Drake, William Binney and Edward Snowden to blow the whistle.
Part 2 covers the ties between the US government and Data Mining companies like Google, Facebook and Apple.
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices
Free CCNA Study Video Series
The CCNA training videos from this Kickstarter Project are now available.
