Steven J. Vaughan-Nichols

Author Archives: Steven J. Vaughan-Nichols

Multifactor Authentication Is Being Targeted by Hackers

It was only a matter of time. While multifactor authentication (MFA) makes logging into systems safer, it doesn’t make it “safe.” As well-known hacker KnownBe4, showed in 2018 it’s easy to Proofpoint has found transparent reverse proxy. Typically transparent reverse proxies, such as the open source man-in-the-middle (MitM) attacks to steal credentials and session cookies. Why go to this trouble? Because, as an MFA company 78% of users now use MFA, compared to just 28% in 2017. That’s good news, but it’s also given cybercrooks the incentive they needed to target MFA. A Range of Kits To make it easy for wannabe hackers. Proofpoint found today’s phishing kits range from “simple open-source kits with human-readable code and no-frills functionality Continue reading

Prossimo: Making the Internet Memory Safe

The Let’s Encrypt certificate authority, but it has also turned its hand to fixing memory problems. It sponsors, via Google, so Rust in Linux in no small part to fix its built-in C memory problems. And, it also has a whole department, Rustls, a safer memory-safe code. Memory-safe programs are written in languages that avoid the usual use after free problems. C, C++, and Assembly, for all their speed, make it all too easy to make these kinds of mistakes. Languages such as Rust, Go, and C#, however, Continue reading

Dynamic DNS Security Blues

Whenever you run into a network problem, the wise network admin or sysadmin always remembers “It’s always Black Hat USA 2021 security conference Ami Luttwak and head of research simple loophole that allowed them to intercept dynamic DNS (DDNS) traffic going through managed DNS providers like Amazon and Google. And, yes, that includes the DDNS you’re using on your cloud. And, if you think that’s bad, just wait until you see just how trivial this attack is. Our intrepid researchers found that “simply registering certain ‘special’ domains, specifically the name of the name server itself, has unexpected consequences on all other customers using the name server.

What the Heck Happened to the Internet? Fastly’s Hard Fall and Quick Recovery

Well, wasn’t that fun? On June 8, 2021, many internet users went to their usual sites such as Amazon, Reddit, CNN, or the New York Times and found nothing but an “Error 503 service unavailable” and an ominous “connection failure” note. So, what happened? The Commercial Internet Exchange (CIX) other features became important. In particular, everyone started demanding faster performance and lower latency. The solution? CDNs. These companies, which besides Fastly include market-leader Cloudflare, all use the same basic techniques to speed up the net. They take the data from popular sites and place it in distributed caches in points of presence (PoP) close to consumers. If that sounds familiar to you even if you’re a cloud native developer and not a network administrator there’s a good reason. CDNs were one of the first business models Continue reading

Why Open Source Project Maintainers are Reluctant to use Digital Signatures, Two-Factor Authentication

We all agree that open source development methods help create better code. The Cathedral and the Bazaar,” which explained how the methodology of openness worked in Fetchmail project. But, that’s a general rule. Open source can still be abused by unscrupulous developers. So, why don’t we make sure when a programmer attempts to merge code into a program that they’re really who they say they are, by using two-factor authentication (2FA) or a digital signature? Good question. You might not think this is a real problem. Alas, it is. For example, in 2019 CursedGrabber malware was successfully Linux Foundation’s 2020 FOSS Contributor Survey, when developers were asked if the open source projects Continue reading

Open Policy Agent for the Enterprise: Styra’s Declarative Authorization Service

Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, new three-tier product offering for Styra Declarative Authorization Service (DAS). Before diving into DAS, though, let’s make sure we’re all on the same page with OPA and policies in general. OPA is an open source, general-purpose policy engine that unifies policy enforcement across the stack. You write these policies in its high-level declarative language Datalog query language. With Rego, you can specify policy as code and create simple APIs to offload policy decision-making from your software. You can then use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. And, what’s a policy engine you ask?

Say goodbye to MS-DOS command prompt

My very first technology article, back in 1987, was about MS-DOS 3.30. Almost 30 years later, I’m still writing, but the last bit of MS-DOS, cmd.exe — the command prompt — is on its way out the door. It’s quite possible that you have been using Microsoft Windows for years — decades, even — without realizing that there’s a direct line to Microsoft’s earliest operating system or that an MS-DOS underpinning has carried over from one Windows version to another — less extensive with every revision, but still there nonetheless. Now we’re about to say goodbye to all of that. Interestingly, though, there was not always an MS-DOS from Microsoft, and it wasn’t even dubbed that at birth. The history is worth reviewing now that the end is nigh.To read this article in full or to leave a comment, please click here

Say goodbye to MS-DOS command prompt

My very first technology article, back in 1987, was about MS-DOS 3.30. Almost 30 years later, I’m still writing, but the last bit of MS-DOS, cmd.exe — the command prompt — is on its way out the door. It’s quite possible that you have been using Microsoft Windows for years — decades, even — without realizing that there’s a direct line to Microsoft’s earliest operating system or that an MS-DOS underpinning has carried over from one Windows version to another — less extensive with every revision, but still there nonetheless. Now we’re about to say goodbye to all of that. Interestingly, though, there was not always an MS-DOS from Microsoft, and it wasn’t even dubbed that at birth. The history is worth reviewing now that the end is nigh.To read this article in full or to leave a comment, please click here

Containers vs. virtual machines: How to tell which is the right choice for your enterprise

Name a tech company, any tech company, and they're investing in containers. Google, of course. IBM, yes. Microsoft, check. But, just because containers are extremely popular, doesn't mean virtual machines are out of date. They're not. Containers Containers vs. virtual machines: How to tell which is the right choice for your enterprise Do you need a container-specific Linux distribution? Container wars: Interesting times ahead for Docker and its competitors The beginner's guide to Docker Yes, containers can enable your company to pack a lot more applications into a single physical server than a virtual machine (VM) can. Container technologies, such as Docker, beat VMs at this part of the cloud or data-center game.To read this article in full or to leave a comment, please click here

Why you want a bare metal hypervisor and how to choose

Once upon a time, there was nothing but native, or bare metal, hypervisors (a.k.a. virtual machine managers). In the 1980s, I cut my teeth on IBM System/370 mainframes running VM/CMS, but bare metal's history goes all the way back to the 1960s. With bare metal hypervisors, the hypervisor runs directly on the hardware. There is no intervening operating system.To read this article in full or to leave a comment, please click here(Insider Story)

For containers, security is problem #1

I get it. I really do. Containers let data-center and cloud administrators put two to three times more server instances on a given server than they can with virtual machines. That means fewer servers, which means less power usage, which equals -- Ka-ching! -- less spending on your IT budget. What's not to like?MORE ON NETWORK WORLD: 12 Free Cloud Storage options Well, ahem, you see there's this little, tiny problem. It’s unclear just how secure containers are, and there is certainly not much agreement on how to secure them or who will take that on.To read this article in full or to leave a comment, please click here

Do you need a container-specific Linux distribution?

You've always been able to run containers on a variety of operating systems: Zones on Solaris; Jails on BSD; Docker on Linux and now Windows Server; OpenVZ on Linux, and so on. As Docker in particular and containers in general explode in popularity, operating system companies are taking a different tack. They're now arguing that to make the most of containers you need a skinny operating system to go with them.To read this article in full or to leave a comment, please click here

Containers vs. virtual machines: How to tell which is the right choice for your enterprise

Name a tech company, any tech company, and they're investing in containers. Google, of course. IBM, yes. Microsoft, check. But, just because containers are extremely popular, doesn't mean virtual machines are out of date. They're not.Yes, containers can enable your company to pack a lot more applications into a single physical server than a virtual machine (VM) can. Container technologies, such as Docker, beat VMs at this part of the cloud or data-center game.To read this article in full or to leave a comment, please click here