Home Tags Network Storage

Tag: Network Storage

How the FBI will lose its iPhone fight, thanks to ‘West...

Uncle Sam can't argue against science Analysis Apple versus the FBI has generated much discussion and conjecture lately. The vast majority of it has centered on the rights and the wrongs, about the loss of privacy, and of the precedent that breaking one iPhone would create. Many are hanging on the blow-by-blow developments for an outcome, to see which side trumps: Apple – and by implication, increasingly, the tech industry – or law enforcement and the government.

But this misses the point and the ultimate outcome: victory for Apple. That's because there is a higher law beyond what FBI director James Comey sought to enforce on Apple last month. It was described by Harvard professor Larry Lessig almost 20 years ago, when he was then unknown, in a book called Code and Other Laws of Cyberspace, since updated as Code v2. Lessig called law as defined in computer code "West Coast Law." This is as opposed to "East Coast Law," which is defined by statute. Encryption is one such West Coast Law.
It was defined by Whitfield Diffie and Martin Hellman 40 years ago in a paper called "New Directions in Cryptography." Their Diffie-Hellman protocol brought us the concept of public key cryptography, messages encrypted first with a key everyone knows, then decrypted with a private key controlled by the recipient. Or vice versa. East Coast Law is analog.
It changes and it has exceptions.

Arguments can be made – on either side of a question – that define or change East Coast Law or that shift its interpretation, as happens in courts. West Coast Law, like encryption, is binary.
It's science.
It uses facts that can't be denied or altered through the relative strength or weakness of an argument.
So we have learned from that day to this. As the Diffie-Hellman paper was published, Ron Rivest, Adi Shamir, and Len Adleman created an implementation known by their initials: RSA.

They defied the wishes of the US National Security Agency and published an article on it in Scientific American in 1977. In 1991, programmer Phil Zimmermann wrote a program called Pretty Good Privacy, implementing RSA. Zimmermann launched PGP Inc in 1996, defying attempts by RSA Security (now part of EMC) to claim patent rights over the two-key method, then fighting the US government over rights to export it. The first version of the encrypted Web standard, https, also using Diffie-Hellman keys, was written into Netscape Navigator in 1994.
It evolved into a full Internet specification in 2000.

After encrypting its own traffic, Google began preferring the encrypted pages of web sites it indexed late last year. Why did Google do this? Partly in response to the revelations of Edward Snowden, whose document dump in 2013 showed that the NSA has been ignoring privacy routinely ever since 9/11.
Snowden's point was that the government's promises on this issue can't be trusted. Snowden says we can't trust government with our secrets, and we don't have to. You might as well pass a law telling glaciers not to melt. We all want our privacy and security. West Coast Law says the only way you get it is if everyone does. But, Comey says, he just wants Apple to disable PIN protection on one iPhone.

But this, too, is an encryption case.

The PIN serves as a shorter key.

This phone will self-destruct after 10 failures, just like the messages in Mission Impossible. If Apple unlocks the phone because of terrorism, the district attorney for New York County (Manhattan) alone has 175 Apple devices in his lab he wants to open, in hopes of solving crimes. And it's not just America.
If Apple broke its own phone's security because of US legal demands, China would demand that right.
So would Russia.
So would every other dictatorship. Many "crimes" being investigated in these countries are political.
If Comey gets his way, then so does Vladimir Putin. This is why Bruce Schneier, a security expert who became an IBM employee last week when his employer was bought by Big Blue, writes that "Our national security needs strong encryption." He adds: I wish I could give the good guys the access they want without also giving the bad guys access, but I can't.
If the FBI gets its way and forces companies to weaken encryption, all of us – our data, our networks, our infrastructure, our society – will be at risk. That's West Coast Law in a nutshell.
It's science.
It's binary. Resistance to it is futile. The decision by Judge James Orenstein to deny a government demand against Apple, based on the arguments used in San Bernardino, is thus theater.
So, too, with the House hearing.

Congress could pass a law, and the President could sign a law, mandating that all security have a back door, just as was sought in 1991. But even if Tim Cook was not allowed to defy such a demand, as he says he will in the case of the PIN, replacing it with something "even Apple" can't crack, unbreakable security is possible. Which means unbreakable security will exist. Will only criminals and governments have it? Or will you? Will everyone? It's all or nothing.

That's the ruling of West Coast Law. And what of Whitfield and Diffie, who launched this ship 40 years ago? They were just awarded the Turing Prize, computing's equivalent of the Nobel. Law can't defy science. ® Sponsored: Speed up incident response with actionable forensic analytics

Dell Offers BIOS Verification for Commercial PCs

The product is part of Dell's Endpoint Security Suite Enterprise, and comes after the vendor unveiled new security management for channel partners. As Dell has undergone its years-long transition from a PC box maker to a more complete enterprise IT solutions provider, officials have said that security has been a focus. The company has built up its security capabilities through such acquisitions as SecureWorks, SonicWall and Credant Technologies, and is in position to grow its portfolio even more through its planned $67 billion acquisition of EMC. The deal would include security vendor RSA, one of the companies in EMC's federated business model. John McClurg, vice president and chief security officer at Dell, has said that his company is among the top enterprise security vendors in the world. Dell officials this week made moves that move it security ambitions forward. On Feb. 4, the company announced a new post-boot BIOS verification solution that is aimed at protecting Dell's commercial PCs from malware during the boot process. The introduction of the addition to the company's Endpoint Security Suite Enterprise. Two days earlier, Dell officials unveiled a new identity and access management offering aimed at channel partners. Dell One Identity Safeguard for Privileged Passwords, available through the Dell Security channel, is designed to be a complement to partners' network security portfolios that can be offered to their customers. The goal is to offer end users—particularly midsize and smaller companies—complete network security protection from a single source, according to Dell officials. "Managing privileged passwords doesn't have to be a challenging process for organizations, and giving our global channel partners a solution that simplifies the management of highly sensitive privileged passwords complements the strong set of security solutions they already can offer," Patrick Sweeney, vice president of product management and marketing for Dell Security, said in a statement. Dell officials on Feb. 4 announced the availability of the Endpoint Security Suite Enterprise, which includes the integration of technology from Cylance that uses artificial intelligence and machine learning to more proactively prevent advanced persistent threats (APTs) and malware. Cylance's anti-virus technology can protect systems against zero-day attacks as well as targeted attacks, such a spear phishing and ransomware. Dell officials said the new offering stops 99 percent of malware and APTs, compared with a 50 percent success rate for competing solutions. The company highlighted the post-boot BIOS verification capabilities, which will be integrated onto Dell commercial PCs that come with the purchase of the Endpoint Security Suite Enterprise license. According to Dell officials, the new technology essentially enables businesses to compare and test a BIOS image from a Dell PC with one held by Dell in a BIOS lab. It's better to do the comparing and testing in a secure cloud environment rather than on an infected PC, they said. The technology initially will be available on Dell's commercial PCs that are powered by a 6th generation chipset from Intel. Those systems include Latitude PCs that were announced at the 2016 Consumer Electronics Show last month and other Precision, OptiPlex and XPS PCs and Venue Pro tablets. The new offering protects the firmware in the BIOS, which if attacked damage the performance of the PC. It's designed to make sure that the systems are secure every time users boot them up, according to Brett Hansen, executive director of data security solutions at Dell. "The growing complexity of BIOS-specific attacks, and with new malware variants possessing the ability to reinstall themselves within the BIOS, organizations need a more sophisticated way to know that their systems have not been compromised," Hansen said in a statement. The addition of the Dell One Identity Safeguard for Privileged Passwords solution for channel partners can help end users bring more protection to the vendor's SonicWall next-generation firewalls by locking down the passwords used for them, officials said. It includes an easy-to-use interface that offers support through a pre-hardened appliance to protect end users during installation and operations. Eventually the interface will be expanded to enable it to manage all Dell privileged management solutions, they said.

Yes or no: D@RE is a bonkers name for EMC’s enterprise...

With ECS v2.2, EMC has improved its storage efficiency, searchability and security, we're told. EMC's ECS (elastic cloud storage) is a software-defined, object-based cloud storage platform that can scale up to exabyte levels. The company launched ECS, previously known as Project Nile, in May, 2014. ECS 2.2 adds three things: Ability to search metadata across objects without a dedicated database. Increased storage density 33 per cent and storage efficiency 10 per cent. Data-at-rest-encryption (D@RE). ECS D@RE supports FIPS-140-2 Level 1 compliance using an AES 256-bit encryption algorithm. D@RE can be applied at the bucket or namespace level in the ECS portal or with the ECS Management API. Support at the object level is also available using the Amazon S3 SSE constructs. D@RE provides automated key management and encrypts inline and then stores the encrypted data on ECS storage media. Keys are segregated at the namespace level. User-supplied keys can be used with the S3 API. EMC pre-sales director Antonio Romeo says that searching an object store can often require developers to write their own search functions and insert them into the object store's fabric. This means "essentially using an external DB, maintain it, backup it, [and] keep it in sync with the object storage platform." With ECS v2.2, users can search metadata across potentially exabytes of unstructured data in the object store without a dedicated database. The developers enable user-defined metadata to be searched "via rest APIs especially suited for Internet of Things, mobile app and geo-distributed datasets." This is how it is done: in ECS 2.2, the ECS S3-compatible protocol automatically associates system metadata with an object and allows users to associate custom metadata with an object. The metadata is in the form of name-value pairs. The metadata search facility enables ECS to maintain an index of the objects in a bucket, based on their associated metadata, and allows S3 object clients to search for objects within buckets based on the indexed metadata, using a rich query language. The metadata fields for which search indexes will be maintained (search keys) are configured for a bucket from the ECS Portal, the ECS Management REST API, or the S3 REST API. ECS dashboard Another new feature is a single-pane-of-glass view that provides what EMC claims is a complete system health check. Romeo says "there are dozens of other updates in our latest release," but doesn't detail them. A v2.2 ECS Planning Guide [PDF] does, and here are some of them: Cold storage archives with less object storage overhead, meaning greater storage efficiency. HDFS – ECS HDFS is certified against Hadoop 2.7. Certified applications/components include HDFS, MapReduce, Yarn, Hbase, Hive, Pig and ZooKeeper. ECS supports SEC Rule 17a-4(f) standard for electronic record storage. The CAS query API is now automatically available for all CAS buckets. Tags in the form of name-value pairs can be assigned to a bucket using the ECS Portal or the ECS Management REST API, enabling object data stored in the bucket to be categorized. ECS object data is stored in chunks and chunks are broken into fragments based on an erasure coding (EC) scheme in order to improve storage efficiency. Geo copy to all sites. Read an ECS overview and architecture guide here [PDF]. ® Sponsored: Are you risking security with the cloud?

VU#751328: QNAP QTS is vulnerable to a path traversal attack when...

QNAP QTS is a Network-Attached Storage(NAS)system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X.

VU#551972: Synology Cloud Station sync client for OS X allows regular...

The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files.

VU#581276: EMC AutoStart is vulnerable to remote code execution via specially...

EMC AutoStart,version 5.5.0 and earlier,is vulnerable to remote command execution via specially crafted packets.

VU#315340: EMC Documentum products contain multiple vulnerabilities

EMC Documentum products including Content Server,D2,and Web Development Kit(WDK)contain multiple vulnerabilities.

Worm exploits nasty Shellshock bug to commandeer network storage systems

Compromised systems carry out click fraud, patched to prevent further attacks.

Hacker infects Synology storage devices, makes off with $620,000 in Dogecoin

Mining cryptocurrencies is expensive. One hacker passed the cost on to NAS users.

How to implement PXE with Synology NAS

 Overview Equipped with TFTP support and Synology's DHCP Server package, DiskStation can serve as an integral part of your Preboot Execution Environment (PXE) setup. With...

How to set up the Synology NAS as the VPN Server

Overview A VPN (virtual private network) is a private network that uses a public network infrastructure (usually the Internet) to provide secure and encrypted connections...

How to set up Link Aggregation on Synology NAS

Overview Link aggregation is a method of using two Ethernet ports in parallel to provide trunking and network fault tolerance. Link aggregation with trunking feature...