Eliana Willis

If you’re a real network administrator, you know and love open source Wireshark. For over 15-years, it’s been the tool that professionals use for network traffic protocol analysis. Nothing else even comes close. Now, Sysdig, the container and cloud security company, has hired Gerald Combs, its creator and project leader, to join its open source team. There, Combs will help them with Sysdig-related open-source projects such as  Falco, Prometheus, eBPF, and Sysdig Inspect. In addition, Sysdig will sponsor and manage the Wireshark community and extend Wireshark to monitoring and analyzing cloud networks. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

Wireshark is an open source GUI network package capturing tool for those who don’t know Wireshark yet. With it, you can monitor network traffic, learn protocols and packet basics, and troubleshoot network problems. For network admins, Wireshark is the de facto standard for checking the health and security of networks at a microscopic level. If you want to know more about how to use Wireshark, I highly recommend Chris Sander’s
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

.Besides being the open-source tool for real-time network packet capture and analysis, you can also save its findings for later viewing and analysis. Armed with this information, you can filter through that traffic to find evidence from day-to-day network problems and attacks from hackers. Wireshark can be used on almost any platform, including Windows, Linux, and macOS.Wireshark is already the world’s foremost and widely-used traffic protocol analyzer, even without a company behind it. More than 60 million downloads have been downloaded in the last 5 years.A big reason Combs is joining Sysdig is that Loris Degioanni, Sysdig’s CTO and Founder, partnered with him to launch Wireshark. While studying network analyzers and working on his Ph.D. in Italy, Loris was invited to the United States to do research, which is where he met Gerald. Gerald joined Loris at CACE Technologies in the early 2000s, where they collaborated and grew Wireshark. CACE Technologies was later acquired, and since that time, Gerald has focused on growing the tool and ensuring Wireshark and its community have the resources needed to thrive.Degioanni added, “Gerald and I have been friends for a long time, starting when Wireshark was called Ethereal. At that time, a capture library that I developed while I was a university student in Italy, WinPcap, was used to port Ethereal to Windows. That was my first contribution to the project. Since the beginning, my work at Sysdig has been heavily inspired by the “packet capture stack” that Gerald and I helped define: Wireshark, tcpdump, libpcap, BPF. One of the reasons why Sysdig’s instrumentation is universally considered the most accurate, rich, and scalable is that we built it on top of the ideas behind that stack, adapting them to the modern world of cloud and containers. Countless times, during Sysdig’s early days, we were inspired by Gerald’s work.”

Networking

“I am excited to be reunited with Loris and explore the opportunity we have to expand Wireshark to the cloud,” said Combs, now Sysdig’s Director of Open Source Projects. “My move to Sysdig and the subsequent move for Wireshark will give Wireshark the corporate sponsor it needs to continue moving forward. This is a significant milestone for Wireshark, and with Sysdig’s backing, we will have the assistance we need to continue to evolve use cases for Wireshark.””It’s amazing to see the lasting heritage of Wireshark, led by Gerald. I can guarantee most of the fortune 2000 companies are actively using Wireshark,” said Degioanni. “I am excited to be reunited with Gerald and to advance the project in the same way Sysdig supports Falco and the Sysdig open source project. This move ensures Wireshark will continue to innovate. Our goal at Sysdig is to empower Wireshark.”Looking ahead, Sysdig will back the Wireshark community, including supporting Gerald as its leader. Together they’ll make sure Wireshark has the resources it needs to operate and sponsor SharkFest, its international developer conference. Sysdig’s open-source team will also contribute to the Wireshark project. Reunited, working together again, Gerald and Loris will investigate new innovative ways to address challenges with securing the cloud. Degioanni added, Wireshark “opens up a universe of possibilities. Wireshark is an incredibly important tool. Its UI is part of the muscle memory of every software professional. Its feature set has saved our butts countless times. At the same time, the world is changing quickly. Software today runs in the cloud, orchestrated by Kubernetes. With the help of Gerald, Sysdig wants to invest in making Wireshark even more useful in modern cloud environments. We’ll work on expanding its feature set and make sure it remains the cornerstone of troubleshooting and security investigation, even when software is containerized and runs in the cloud.”Finally, another reason for this move is they both want to make sure Wireshark remains a healthy open-source project. The Log4j and OpenSSL vulnerabilities have shown that large and small organizations are relying on open-source projects and major trouble comes when critical vulnerabilities are found in these tools. Maintaining the project’s health is of the utmost importance considering Wireshark’s widespread adoption.I’m looking forward to seeing what the two friends can do together. I’ve been a Wireshark user for over a decade. The idea that I’ll soon be able to use it in cloud-native environments is an exciting one. Just as it’s made network troubleshooting very easy, I can see that it Related stories:  More

When you set up a Windows PC for the first time, you’re required to create a user account that will serve as the administrator for the device. Depending on your Windows edition and network setup, you have a choice of up to four separate account types.On business editions (Pro, Pro for Workstations, Enterprise, and Education), the Windows Setup program asks you to choose whether you want to set the PC up for personal use or for use on a network managed by your organization, as shown below. If you choose the second option, you can set up the PC using an account in your Windows Active Directory domain or you can sign in using an Azure Active Directory account, such as the one associated with an Office 365 Business or Enterprise subscription.This choice is only available with Windows 10 Pro or EnterpriseOn Windows 10 Home edition, that choice isn’t available, and you’re limited to only the personal options: a local account or a Microsoft account. The Setup program is extremely persistent about trying to coax you into signing in with a Microsoft account. Windows 11 Home edition gives you only the option for a Microsoft account, although can add a local account (or remove the connection to the Microsoft account) after you’ve signed in for the first time.In this post, I’ll explain the pros and cons of each account type and explain why your best option might be a combination of two account types.

Windows 11 FAQ

Everything you need to know

What’s new in Windows 11? What are its minimum hardware requirements? When will your PC be eligible for the upgrade? We’ve got the answers to your questions.

Read More

Microsoft accountThis is Microsoft’s free online account for personal use, required for signing in to the company’s consumer services, including OneDrive, Xbox Live, Skype, and Microsoft 365 (formerly Office 365) Family and Personal subscriptions, among others.If you have an email account at Outlook.com or Hotmail.com (or, for old-timers, at live.com or msn.com), you already have a Microsoft account. You can also sign up for a new account anytime, choosing a new address at Outlook.com or using your own email address.Signing in to your Windows 10 or Windows 11 PC with a Microsoft account offers several distinct benefits:On PCs designed for Windows 10 or Windows 11, signing in with a Microsoft account automatically enables full-disk encryption for the system drive, even on systems running Home edition. If you turn on BitLocker encryption (Pro and Enterprise editions only), your recovery key is stored in OneDrive, allowing you to retrieve your data if you find yourself locked out.Signing in with a Microsoft account stores a record of your successful activation, allowing you to easily restore your activation (no product key required) if you ever have to reinstall Windows.Windows allows you to sync settings between PCs where you sign in using the same Microsoft account. That includes personalization settings like your desktop background, saved passwords (including Wi-Fi profiles), language and regional settings, and more. (For a full list, see “Windows 10 roaming settings reference.”)You can sign in automatically to any Microsoft consumer service using your saved Microsoft Account credentials.You can sync data and settings for preinstalled Windows apps (Mail and Calendar, for example) and easily restore apps you download from the Store.

Note that Windows telemetry data is tied to your device and isn’t associated with a Microsoft account.And, of course, you can create a Microsoft account and use it exclusively for signing in to Windows while keeping your email, cloud storage, and other services elsewhere. But if you do use a Microsoft account for services such as Office 365 and OneDrive, it makes sense to sign in to Windows using the same account. Local accountA local account is about as old school as Windows gets. You don’t need a network connection or an email address; instead, you create a username (up to 20 characters) and a password, both of which are stored on the PC where you create them and grant access only to that device.There’s no particular security or privacy advantage to signing in with a local account (indeed the lack of device encryption is a negative, in my book); but if that’s your preference, you can do so when you first set up Windows 10 (any edition) or Windows 11 Pro on a new PC.Windows 11 Home requires you to sign in with a Microsoft account during initial setup. You can do so by creating a brand-new Microsoft account, and then, after signing in for the first time, go to Settings > Accounts > Your Info. Under the Account Settings heading, choose Sign In With A Local Account Instead and follow the prompts.On Windows 10, when you reach the Sign In With Microsoft screen shown here, click the “Offline Account” option in the lower left corner; then click “No” on the Sign In With Microsoft Instead screen, which appears next.That option in the lower left corner allows you to set up a local accountAfter you get past those speed bumps, you can enter your username and password. With a Microsoft account, you have multiple options to recover if you forget your password. With local accounts, you’ve historically had no such option if you forget your password. On Windows 10, setting up a local account on Windows 10 requires that you fill in answers to three security questions, to help you recover in the event you forget your password.You can’t bypass those questions, nor can you choose alternatives other than the six predefined questions. If you’re worried that a thief with a search engine can guess those answers, do as I do and … be creative. For example, you can answer the three security questions with a three-word passphrase of your own, entered one word at a time. Or, if you’d prefer to bypass the whole feature, just mash the keyboard to create random “answers” that no one (including you) could possibly guess. If you choose either option, don’t blame me if you forget your password.You can switch at will between a local account and a Microsoft account, using options in Settings > Accounts > Your Info.Even if you prefer a local account, consider signing in first with a Microsoft account. After you confirm that your system is properly activated and the activation status is recorded with that Microsoft account, switch back to a local account and go on about your business.Likewise, if you’re fussy about the name of your default user profile folder, consider signing in with a local account first, and then attach your Microsoft account. If you follow that procedure, Windows uses the exact local username you specify as the folder name and retains that name when you switch; if you start with a Microsoft account, your user profile folder name is the first five characters of the portion of your email address to the left of the @ sign.Active Directory (domain join)On an enterprise network with a Windows server running as a domain controller, you can join a Windows 10 ow Windows 11 PC to the domain. Creating that type of account requires that a domain administrator create an Active Directory account, after which you can sign in using the credentials in the format domainusername (or username@domain, if the domain is associated with a fully qualified domain name).Ironically, before you can join a PC to a domain and sign in with your Active Directory account, you have to first create a local account.Azure Active DirectoryThis is the newest option in the lineup of Windows account types. Like a domain account, an Azure AD account is managed by an organization’s administrator, but it doesn’t require a local server. Instead, the credentials are managed in Microsoft’s Azure cloud.If your organization uses Microsoft 365 or has an Office 365 Business or Enterprise subscription, you have an Azure AD account. It behaves similarly to a Microsoft account, with the ability to sync settings across devices where you’re signed in with the same account. The big difference is that your access to the device is managed by your organization’s administrator, who can apply security settings and restrict some options.To manage Azure AD accounts, administrators use the Azure AD admin center, which also includes the option to synchronize the cloud-based directory with a local domain’s Active Directory, an option called Azure AD Connect.Administrators can manage Azure AD from this portalA basic Azure AD account is free, but like all Microsoft enterprise services, upsell options abound. Paying for Azure AD Premium (included with an Enterprise Mobility and Security E5 subscription) unlocks advanced security features.And you can mix and match account types on the same device for the sake of flexibility. You might want a local account to handle routine administrative tasks, a Microsoft account for personal use, and an Azure AD account for connecting to your organization’s servers. (To set up additional accounts after the first one, use Settings > Accounts > Family & Other Users > Add Someone Else To This PC). Just choose the right account when you first sign in to a new session.

Windows 10 More

Chances are unless you’re a JavaScript programmer, you’ve never heard of the open-source Javascript libraries ‘colors.js’ and ‘faker.js.” They’re simple programs that respectively let you use colored text on your node.js, a popular JavaScript runtime, console, and create fake data for testing. Faker.js is used with more than 2,500 other Node Package Manager (NPM) programs and is downloaded 2.4 million times per week. Colors.js is built into almost 19,000 other NPM packages and is downloaded 23 million times a week. In short, they’re everywhere. And, when their creator, JavaScript developer Marak Squires, fouled them up, tens of thousands of JavaScript programs blew up.

Thanks, guy.This isn’t the first time a developer deliberately sabotaged their own open-source code. Back in 2016, Azer Koçulu deleted a 17-line npm package called ‘left-pad, ‘which killed thousands of Node.js programs that relied on it to function. Both then and now the actual code was trivial, but because it’s used in so many other programs its effects were far greater than users would ever have expected.  Why did Squires do it? We don’t really know. In faker.js’s GitHub README file, Squires said, “What really happened with Aaron Swartz?” This is a reference to hacker activist Aaron Swartz who committed suicide in 2013 when he faced criminal charges for allegedly trying to make MIT academic journal articles public.Your guess is as good as mine as to what this has to do with anything.What’s more likely to be the reason behind his putting an infinite loop into his libraries is that he wanted money. In a since-deleted GitHub post, Squires said, “Respectfully, I am no longer going to support Fortune 500s ( and other smaller-sized companies ) with my free work. There isn’t much else to say. Take this as an opportunity to send me a six-figure yearly contract or fork the project and have someone else work on it.”Excuse me. While open-source developers should be fairly compensated for their work, wrecking your code isn’t the way to persuade others to pay you. 

This is a black eye for open-source and its developers. We don’t need programmers who crap on their work when they’re ticked off at the world.Another problem behind the problem is that too many developers simply automatically download and deploy code without ever looking at it. This kind of deliberate blindness is just asking for trouble. Just because a software package was made by an open-source programmer doesn’t mean that it’s flawless. Open-source developers make as many mistakes as any other kind of programmer. It’s just that in open source’s case, you have the opportunity to check it out first for problems. If you choose to not look before you deploy, what happens next is on you.

Some criminal developers are already using people’s blind trust to sneak malware into their programs. For example, the DevOps security firm JFrog recently discovered 17 new JavaScript malicious packages in the NPM repository that deliberately attack and steal a user’s Discord tokens. These can then be used on the Discord communications and digital distribution platform.Is that a lot of work? You bet it is. But, there are tools such as NPM audit, GitHub’s DependendaBot, and OWASP Dependency-Check that can help make it easier. In addition, you can simply make sure that before any code goes into production, you simply run a sanity check on it in your continuous integration/continuous distribution (CI/CD) before deploying it to production. I mean, seriously, if you’d simply run either of these libraries in the lab they would have blown up during testing and never, ever make it into the real world. It’s not that hard!In the meantime, GitHub suggests you revert back to older, safer versions. To be exact, that’s colors.js 1.40 and faker.js 5.5.3. As CodeNotary, a software supply chain company, pointed out in a recent blog post, “Software is never complete and the code base including its dependencies is an always updating document. That automatically means you need to track it, good and bad, keeping in mind that something good can turn bad.” Exactly!Therefore, they continued, “The only real solution here is to be on top of the dependency usage and deployment. Software Bill of Materials (SBOMs) can be a solution to that issue, but they need to be tamper-proof, queryable in a fast and scalable manner, and versioned.CodeNotary suggests, of course, you use their software, Codenotary Cloud and the vcn command-line tool, for this job. There are other companies and projects that address SBOM as well. If you want to stay safe, moving forward you must — I repeat must — use an SBOM. Supply chain attacks, both from within projects and without, are rapidly becoming one of the main security problems of our day.Related Stories: More

There are really only a few ways to make money from cryptocurrency. You can buy it, making a profit when you eventually sell it. You can mine it and make enough coins to make a profit when you eventually sell it. 

You can run a cryptocurrency exchange and make a profit from every transaction. You can even invent your own cryptocurrency and make money when your idea eventually grows big enough to make a profit. What have I left out? Ah, yes. The risks and the costs. You can buy cryptocurrency, but you’ll only make a profit if the currency’s value goes up — and goes up enough to exceed the fees involved in buying and selling. Whether or not that happens is anyone’s guess. It’s very similar to buying stocks. Safe bets don’t necessarily net big returns, but high-risk bets can cause you to lose your shirt.See also: Cryptocurrency comes with one colossal caveat: Remember the tulips.You can mine cryptocurrency, but there’s a cost to the mining rigs and an even greater cost in electricity and cooling. If you’re just using a spare computer during its idle time, you’re never going to make enough for it to be worth the time and effort. But if you dedicate machines or an entire facility, the cost in hardware and power may exceed the value of the coin you mine. You can set up an exchange, but there’s an enormous level of effort to build in the infrastructure and security, as well as the marketing necessary to be accepted as the crypto equivalent of a bank. It’s not an easy task.

You could create your own coin and hope investors jump on it as a bandwagon. Generally, unless you have someone as high profile as Elon Musk touting it, you’re probably not going to reach critical mass. But what if there was a risk-free way to make big crypto profits? Scammers and criminals, it turns out, have figured out a way. They’ve created malware that does crypto mining when placed on an unsuspecting user’s computer. The scammers don’t have to spend on energy or gear. All that is paid for by their victims. The criminals need to rake in the profits from selling coins they spent nothing to gather. Fortunately, antivirus and anti-malware products like Norton 360 scan for crypto-mining malware. So if you don’t want your machine’s cycles sucked away by a criminal enterprise, invest in a subscription to Norton’s service, and your PC will be crypto-mining free… or… wait… what? We’re about to split some very ugly hairs here

We covered this last summer. When you install Norton 360, you also install a program called NCrypt.exe in the program’s Windows directory. Recently, the Verge did a deep dive on how this works. NCrypt is an Ethereum crypto-mining application. Fortunately, and we can give slim kudos to NortonLifeLock (the company behind the software), the crypto-mining application is not automatically turned on. Instead, the installer presents a big green nag screen promising you can “Turn your PC’s idle time into cash.” This leads to the switch that enables the crypto-miner. So while Norton isn’t running a crypto-miner without your permission, it is installing the software automatically and without prior permission. It’s definitely a step up from malware vendors because you can turn the feature on and off. That said, there’s an element of “the house always wins” at work here, and Norton 360 users are definitely not “the house.” Norton’s cynical bet When Bitcoin was first introduced, its shadowy creator came up with a scheme for creating value. The idea was that as more and more coin was “mined” using complex computer algorithms, the computer overhead would increase. In other words, it took more computer work and power to mine the 100th Bitcoin than the 10th. Today, mining popular currencies like Bitcoin and Ethereum takes tremendous processing power. You could take all the spare cycles of your desktop computer and run it every night for a year and make less than $250. While an extra $250 is nothing to sneeze at, the gotcha is that it will cost at least that much in electricity. In fact, the Verge did a mining test using NCrypt.exe. Their testing showed, “In real numbers, a night of mining on an RTX 3060 Ti netted $0.66 worth of Ethereum and cost $0.66 in off-peak electricity.” The thing is, Norton takes 15% of all the cryptocurrency that users mine using Norton 360. I reached out to Norton’s PR team to ask what percentage of Norton 360 users turn on crypto but have not yet received a response. We can assume there’s a fair number. After all, the promise of “Turn your PC’s idle time into cash” would seem pretty compelling to most users. See also: I bought Bitcoin from PayPal. Here’s what happened.Even if you keep your machine on all the time, it uses considerably less power than if you’re running crypto-mining algorithms. With that, let’s deconstruct Norton’s cynical bet.

Most users will lose a considerable amount in terms of power expense and wear and tear on their machines because even though the mining and power costs broke even for the Verge with today’s Ethereum mining overhead, it will only get more costly in terms of calculation effort and power over time. Norton also doesn’t release the Ethereum sliver unless a user reaches a minimum threshold, and that could take a very long time. Then, and only then, can the user transfer the Norton-mined Ethereum to Coinbase, and both the transfer and the sale of the transferred Ethereum will also result in fees. Norton has to know that most users won’t make any money. In fact, they have to know that most users will lose money, never actually derive any value, and never take the step to move that tiny little bit of mined Ethereum to Coinbase. Norton has to know that what it’s really doing is almost the same as malware vendors: using unsuspecting users’ gear and power to mine coin, from which Norton takes a no-way-to-lose 15% cut. Norton is cynically betting that most of its users are too unsophisticated to do the analysis. Norton is also cynically betting that most users will respond positively to an offer that appears to be easy money. So not only does Norton charge
$50 to $250 a year for Norton 360

 (the price goes up in subsequent years, because of course it does), they’re betting that users will spend another $200+ a year on electricity based on the promise of turning “your PC’s idle time into cash.” That’s just cold. Too juicy a scheme I think Norton has unleashed a very dangerous and very disturbing genie here. Because while Norton is an early player in the bundled crypto-mining game, they sure won’t be the last. Shaving 15% in profits off the top, using users’ power and gear to do all the work and pay all the expenses, is just too promising a scheme for other companies to avoid. Without a doubt, expect a darker future where technology vendors embed crypto-miners in their code. The more up-and-up companies may give users the option to opt-in or opt-out, while the less aboveboard businesses are likely just to embed their own mining code and hope nobody calls them out. See also: In just a week, my Bitcoin ‘investment’ plummeted by almost 14%How many connected devices are there out there? How many smart bulbs, smart microwaves, anti-malware software suites, smartphone apps, and games — oh, you can definitely expect this crap from game makers — how many will embed mining software into their programs and sleeze that 15% off the top? Mark my words. Cryptocurrency mined using increasing processor work algorithms is a pox on humankind. Go ahead, comment below. Crypto fans, tell me why being a crypto-miner will make you rich and cool. You know you want to. Go ahead. Thoughtful folks, please feel free to weigh in on the implications of this kind of scheme. Voices of reason are welcome, too.
Disclosure: NortonLifeLock was previously known as Symantec. Back in the days of wooden computers and iron programmers, a way, way, waaay long time ago, I was an executive at Symantec.You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

A prison in New Mexico had an unplanned lockdown due to a ransomware attack. 

As reported by Source NM, the Metropolitan Detention Center in Bernalillo County, New Mexico, went into lockdown on January 5, 2022, after cyberattackers infiltrated Bernalillo County systems and deployed malware. Local government systems were impacted by the cyberattack, including those used to manage the prison.  Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the establishment’s internet but also locked staff out of data management servers and security camera networks.  The incident came to light in court documents, with one public defender representing the inmates suggesting that their constitutional rights were violated due to the sudden lockdown, which also meant that visitations were canceled.  Concerns were also raised surrounding the lack of internet access, with inmates left with only payphones to communicate with court representatives.  Employees of the jail, too, had to rely on unstable cellular connections to make phone calls or access email, and video conference-based court proceedings – imposed widely across the United States due to COVID-19 – could not proceed on the day of the lockdown.  

A number of databases are suspected of being corrupted by the cyberattack, including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.  In addition to the lack of data access and camera feeds, prison guards were left unable to manage automatic doors. However, physical keys could still be used and access to this particular system was restored by the afternoon of January 5.  Federal law enforcement has been contacted, however, the sudden lockdown has meant that the prison may have been unable to comply with a decades-old court order and settlement relating to allegations of poor prison conditions.Speaking to The Register, as of January 12, a spokesperson for the prison said that services “are still being repaired.” In a statement dated January 10, Bernalillo County said employees are working remotely as “the county assesses and recovers from cyber issues affecting certain computer systems,” and normal services are yet to resume. County officials added that “no in-person visitation” is allowed “until further notice” at the prison, and “phone contact is limited.” Bernalillo County Sheriff’s Office Advisory and Review Board (SOARB) has canceled its latest meeting due to “a computer network issue affecting certain computer systems of Bernalillo County.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More