Amarjit Singh

Since the WannaCry ransomware ripped through the internet late last week, infecting hundreds of thousands of machines and locking up critical systems from health care to transportation, cryptographers have searched for a cure. Finding a flaw in WannaCry’s encryption scheme, after all, could decrypt all those systems without any ransom.

Now one French researcher says he’s found at least a hint of a very limited remedy. The fix still seems too buggy, and far from the panacea WannaCry victims have hoped for. But if Adrien Guinet’s claims hold up, his tool could unlock some infected computers running Windows XP, the aging, largely unsupported version of Microsoft’s operating system, which analysts believe accounts for some portion of the WannaCry plague.

"Does not erase the prime numbers from memory before freeing the associated memory," says Guinet.

Based on this finding, Guinet released a WannaCry ransomware decryption tool, named WannaKey

"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory." says Guinet

So, that means, this method will work only if:

1. The affected computer has not been rebooted after being infected.
2. The associated memory has not been allocated and erased by some other process.

"In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!," Guinet says.

Download Tool here @ https://github.com/gentilkiwi/wanakiwi/releases

What is Ransomware?
Ransomware is a family of computer bugs that are programmed to lock up an endpoint, such as a PC, server, or mobile device, in various ways and then asks the victim to pay a ransom to regain control of the data or the endpoint. A Ransomware attack can affect an individual or organization anywhere in the world. According to the FBI, ransomware attacks cost victims in the US a total of $209 million in the first three months of 2016. That’s a 771% increase for the $24 million reported in all of 2015.

How does it attack?
Cybercriminals typically use social engineering such as unsolicited email, or spam, to lure victims into opening a malicious attachment. The attachment attempts to exploit a vulnerability in productivity software the user likely possesses in order to allow file execution, in this case Ransomware. The Ransomware code is designed to scan the file system on the endpoint and find all the locations where the victim keeps files, including shadow copies and backup files and including network repositories and even external drives attached to the endpoint. The files are then encrypted and users are prevented from accessing them. The key to unlocking the files remains in the cybercriminal’s hands until the victim pays a ransom to obtain the key and attempts to restore the files.

Your MONEY or your DATA?
Victims all around the globe have been receiving on-screen ransom requests averaging $500USD, demanded most often in the form of cryptocurrency. Businesses are now seeing larger-scale ransomware attacks on their servers and networks, along with demands for 4- to 5-digit ransom payments, all the way up to millions demanded in some cases.

What can consumer do to lower the Ransomware risk?

What can Business do to lower the ransomeware risk?


We strongly encourage you to read X-Force research report (https://securityintelligence.com/media/ransomware-report/) to get a deeper insight on Ransomware.We urge you to take necessary and sensible precautions and encourage safe practices within your team. 

Rashtrapati Bhavan would be transformed into a smart township with the help of IBM Smart City Solutions.IBM on Thursday announced that its smart city solutions have been deployed for the digital transformation of the Presidential Estate. “Spread across 330 acres of land and home to over 5,000 residents, the self-sustained Presidential Estate is adopting IBM’s technology and solutions to become future ready.

The Intelligent Operations Center addresses challenges that are inherent to townships - water supply, security, electrical infrastructure and solid waste management,” said an IBM statement.“The transformation of the estate into a smart township is customized to further enhance the efficiency of critical infrastructure and utilities,” it added.The partnership to reimagine the Rashtrapati Bhavan in the digital age was announced at an event graced by President Pranab Mukherjee. A citizens mobile app, created by IBM Intelligent Operations Center (IOC), was also launched, which allows residents to report issues using the web and mobile. “Rashtrapati Bhavan is an iconic representation of India’s smart city vision. It is a proud moment for all of us and the beginning of a great journey. We are honored to be their partner in enabling this transformation,” said Vanitha Narayanan, MD, IBM India.

Juniper Network Operating System (JUNOS) maintains different types of routing tables for clear separation of different types of routes. Each routing table populates a portion of forwarding table and thus the forwarding table is partitioned based on routing table. The routing table in Juniper Network Operating System or JUNOS contains all the information known by that router and routing protocol puts the different routes in the routing table for single destination. Further the routing table places the best route in the packet forwarding engine (PFE).

Below is the list of different types of routing tables created by Junos. They are as follows:
1. Inet.0: This table stores the IPv4 unicast routes. This is equivalent to global routing table in CISCO.

2. Inet.1: This table stores the multicast routes. This table stores the (S,G) entries. This is equivalent to mroute table of CISCO.

3. Inet.2: This table is used for unicast RPF (Reverse Path Forwarding). For subsequent address family indicator (SAFI) 2 routes, when multiprotocol BGP (MBGP) is enabled. This table stores unicast routes that are used for multicast reverse-path-forwarding (RPF) lookup. The routes in this table can be used by the Distance Vector Multicast Routing Protocol (DVMRP), which requires a specific RPF table. In contrast, Protocol Independent Multicast (PIM) does not need this table because it can perform RPF checks against the inet.0 table. You can import routes from inet.0 into inet.2 using routing information base (RIB) groups, or install routes directly into inet.2 from a multicast routing protocol.

4. Inet.3: For IPv4 MPLS. This table stores the egress address of an MPLS label-swiched path (LSP), the LSP name, and the outgoing interface name. This routing table is used only when the local device is the ingress node to an LSP.

5. Inet6.0: This table stores the IPv6 Unicast routes.

6. Bgp.l2vpn.0: This table stores the L2VPN learned routes.

7. Bgp.l3vpn.0: This table stores the L3VPN learned routes.

8. Mpls.0: For MPLS label switching operations. This table is used when the local device is a transit router.

9. Iso.0: For IS-IS routes. When you are using IS-IS to support IP routing, this table contains only the local device’s network entity title (NET).

10. Juniper_Private: For Junos OS to communicate internally between the Routing Engine and PIC hardware.

Source: http://www.mplsvpn.info/ 

JET is a framework which means all the features ties together that enables JUNOS to be more open and programmable.

There are four big components of JET
1.  Python: Python 2.7.8 is supported on all JUNOS devices. By using Python users can develop and execute Python scripts on JUNOS.

2.  JSON: JSON is popular data exchange program because of it’s simplicity, light weight and rich native support in several programming languages. Most of the python programmers use JSON as data exchange program. With this help now JUNOS operational show commands can display data in JSON format also along with XML format. JUNOS configuration can be provided directly in JSON format which can help programmer to write code in python and push configuration on box without having worry of XML.

3. Fast Programmatic Configuration Database : It is fast programmatic configuration database used by JUNOS and gives access to controller’s applications which are pushing fast state changes onto JUNOS. SDN applications can make the changes at very high rate with 1000 of configuration changes per second with no configuration validation. The onus of configuration validation will be taken care by the external SDN controllers and applications.

4. JET API: SDN requires programmable interface for fast rate of configuration changes with multiple instance of databases without the contention of database resources. JET APIs are AVATAR of JUNOS SDK which enables APP developer to program the JUNOS control and data plane. JET APIs constitutes of 5 things as mentioned below
a. Route
b. Interface
c. Firewall
d. Management APIs
e. Notifications

JET APIs framework is language and Operating System agnostic which means APP developer can use any of the language and OS of their own choice. The APPS which are written will be binary compatible and decoupled from the JUNOS releases. All the APIs exposed externally by JET will be used internally as well.

Source:  http://www.mplsvpn.info/ 

EVRY has enticed IBM to invest several billion kroners in a super center at Fet. Hence, Norway is connected to the world’s sole global cloud infrastructure.

- This is an extremely important partnership for us, says Matt Milton, responsible for the EVRY partnership in IBM.

This is the first time IBM builds a data center that is part of the IT giant ’s global cloud infrastructure together with a partner. IBM has built t he remaining 46 data centers by themselves , and are strategically located in all corners of t he world .

The global cloud platform is based on technology from SoftLayer that IBM bought for almost 2 billion dollars in 2013.
- To gather we invest several billion dollars, continues Milton. EVRY’s contribution is 500 million kroners, the rest of the bill is picked up by IBM. It would probably not be a SoftLayer center on Norwegian or Nordic soil if EVRY had not contributed.


In 2012 while EVRY’s core customers struggled with unstable IT platforms and the IT corporation struggled to give the shareholders value as sto ck exchange listed companies, t he CEO at the time Terje Mjøs launched the concept “Future Proof”.

Mjøs planned a data centre of the future, built at Fet outside of Oslo with modern, standardised, virtualised and automated infrastructure.

The new IT platform should easily be able to connect to the customers’ data centres and to commercial clou d platforms such as Microsoft Azure and Amazon Web Services.

However, it has taken longer to complete Future Proof than planned.

- We do this to more rapidly achieve our goal with Future Proof, says CTO Bjørnar Engebretsen in EVRY.


- Why did you choose IBM’s technology?
- We looked at different models. The determining factor was that we would get all technology and all services that we needed from one service provider if we chose IBM, replies Engebretsen.
It is the Digiplex building that is to house the new center. The actual content will gradually be built during the spring, and the data center will be in full production this autumn.

Engebretsen says that it will initially be set up 10,000 servers at Fet. The CTO underlines that it is e asy to double the amount if need be.

To be able to industrialize and automise the IT deliveries, all SoftLayer centers are identical on the inside. The interior in the data center at Fet has therefore gone through minor modifications in order to become identical to the other 46 data centers.

IT operation for 6 billion 
Engebretsen says that EVRY is in the process to prepare 200 customers for the new SoftLayer platform.

With a center on Norwegian soil , EVRY is able to offer cloud ser vices to customers that due to regulatory reasons require that the data is located in Norway. This applies especially to customers in the public sector and in the bank and finance sector, which comprises one half and approximately one third of the revenue respectively. 

EVRY ’s total revenue today is 12 billion kroners in Norway, where approximately half of this is operations.
When Fet is connected to the global SoftLayer cloud, EVRY’s service offerings to companies with a global presence will increase. Now they can store data in centers relatively close to their local offices no matter where it is in the world.

- The goal with the new data center is to become a more important IT partner for our customers, says Engebretsen.
In addition to delivering operation services from a cloud platform, EVRY has developed its own user portal customized to the individual customer as a part of Future Proof. Now IBM takes over the production of this service, and will develop new services for the cloud platform.

EVRY’s customers will in addition get access to IBM’s services and applications collected under the Bluemix umbrella. This includes access to solutions that builds on the self - learning super - machine Watson. 

As a par t of the IBM - EVRY contract, IBM acquired 332 employees from EVRY on the 1 st of December last year. The former EVRY employees are gathered in the newly created IBM Services.

Emails should be sent to [email protected] 

Please bcc us at [email protected] & [email protected] 

We will try to ensure that your response is acknowledged by TRAI. 

Click Here for Email Format 

The purpose is to assist supporters of strong net neutrality in articulating their own views on the matter in a legally precise manner, in order to submit a response to the TRAI before the deadline on 24 April 2015.


We appeal to parliamentarians and political leaders to keep this campaign apolitical. Citizens: demand a free and open internet. Contact your MP now. 

Hi folks.  I'm delighted to report that Nmap has been accepted by Google to participate in this year's Summer of Code internship program.  This innovative and extraordinarily generous program provides $5,500 stipends to college and graduate students anywhere in the world who spend the summer improving Nmap from home! They gain valuable experience, get paid, strengthen their résumés, and write code for millions of users.  We're one of the few orgs which have participated every year since the program began, and we're quite excited for our eleventh year!

Previous SoC students helped create the Nmap Scripting Engine, Zenmap GUI, and the handy Ncat and Nping utilities.  Several of them became top developers!  We're hoping for the same this year, but we need your help to get the word out! If you know any college/grad students (or are one) who
might be interested, please point them to our project ideas page:

http://nmap.org/soc/ 

You must hurry though, as applications are due this Friday at 19:00 UTC. We're absolutely forbidden from accepting any late applications.  You can start an application now though and improve it up until the deadline.

Applications can be submitted using the orange "Log in" button (under "Students", not "Mentors and Administrators") at https://www.google-melange.com/gsoc/homepage/google/gsoc2015

Cheers,
Fyodor

The first work around is the split horizon technique which says not to send the updates to the interfaces from it has been received. It looks like send update information (Number of interfaces – Receiving Interface Updates).
Next one is route poisoning, when the router detects link down, the attached router sends the update to its neighbors. But in this case, the receiving router can send back the received information to the same interface from where it received by setting the route metric to maximum. Definitely this is the violation of split horizon rule but it helps router to understand about that particular network is down or inaccessible which actually help the convergence of routing. Now 10.4.0.0 is poisoned route which is having the maximum metric assigned as the route is not reachable. When the neighbor send the route back to the originator, it becomes reverse poisoned.

What does route poisoning do?
1. Set the hop count to an unreachable state as soon as the failed network is detected
2. Route remains poisoned until the hold-down timer expires.
3. Hold timer depends on the routing protocol; Every protocol is having different hold-down timer.
4. Only uni direction traffic flow.
5. If the route is not back up during the hold down time period expires, that route is removed from the routing table and added in the garbage table.

The last one is Hold Down timers. What does hold-timers do?
1. A router receives an update from a neighbor indicating that a network that previously was accessible is now no longer accessible.
2. The receiving router marks that route possibly down and starts the hold-down timer.
3. If an update with a better metric for that network is received from any neighboring router during the hold-down period, the network is reinstated and the hold-down timer is removed.
4. If an update from any other neighbor is received during the hold-down period with the same or worse metric for that network, that update is ignored. Thus, more time is allowed for the information about the change to be propagated.
5. Routers still forward packets to destination networks that are marked as possibly down. This allows the router to overcome any issues associated with intermittent connectivity. If the destination network truly is unavailable and the packets are forwarded, black hole routing is created and lasts until the hold-down timer expires. (Very Important Point). This could be the reason, administrators look forward to reduce the hold-down timers to increase the convergence time. Definitely if the network is not stable these timers generates lot of messages.

As per section 2.2.2, RFC 1058 explicitly says that “Split horizon with poisoned reverse will prevent any routing loops that involve only two gateways. However, it is still possible to end up with patterns in which three gateways are engaged in mutual deception.” Definitely this could be the case of broadcast of multi-access networks.