However, the operator has acknowledged that it is not immune to the security concerns linked to the...
For some time I’ve wanted to play with coverage-guided fuzzing. Fuzzing is a powerful testing technique where an automated program feeds semi-random inputs to a tested program. The intention is to find such inputs that trigger bugs. Fuzzing is especially useful in finding memory corruption bugs in C or C++ programs.
Normally it's recommended to pick a well known, but little explored, library that is heavy on parsing. Historically things like libjpeg, libpng and libyaml were perfect targets. Nowadays it's harder to find a good target - everything seems to have been fuzzed to death already. That's a good thing! I guess the software is getting better! Instead of choosing a userspace target I decided to have a go at the Linux Kernel netlink machinery.
Netlink is an internal Linux facility used by tools like "ss", "ip", "netstat". It's used for low level networking tasks - configuring network interfaces, IP addresses, routing tables and such. It's a good target: it's an obscure part of kernel, and it's relatively easy to automatically craft valid messages. Most importantly, we can learn a lot about Linux internals in the process. Bugs in netlink aren't going Continue reading
Firefox is changing is marketing message to be a 'respectful' and 'protection'.
The post Musing: Firefox 69 Privacy and Respect appeared first on EtherealMind.
Du'An Lightfoot stops by the Network Neighborhood podcast to talk about #LabEveryDay, continuous learning, how his military experiences influenced his tech journey, how he's tackling automation, the role of community in tech, and more.
The post Network Neighborhood – Lab Every Day With Du’An Lightfoot appeared first on Packet Pushers.
Red Hat will become a subsidiary of IBM, but executives at both companies stressed there are no...
Dublin adds a broadband service blueprint and new 5G and cross-carrier virtual private network...
You might have any number of software controllers in your infrastructure: one for wireless, one for SD-WAN, one in the data center, one for security, and so on. Would it be useful to federate these controllers? Can we expect the industry to produce a controller of controllers? Is this even a good idea? Today's Heavy Networking podcast ponders these questions with guest Rob Sherwood.
The post Heavy Networking 458: SDN Federation – One Controller To Rule Them All? appeared first on Packet Pushers.
The ONEx technology uses a patented algorithm designed to improve the exchange and transmission of...
Elastifile provides scalable cloud-native file storage with intelligent object tiering. Earlier...
Acacia, an existing Cisco supplier, makes high-speed optical interconnect products for cloud and...
On Tuesday July 9, 2019 the Internet Society’s Online Trust Alliance (OTA) released its 11th Cyber Incident & Breach Trends report, which provides an overview of cyber incidents – and offers steps organizations can take to prevent and mitigate the potential damage. This year’s report found a shifting landscape of cyber incidents. As the growth of some attack types levels off, others increase.
Adding it all up, OTA estimates that there were more than 2 million cyber incidents in 2018, and it is likely that even this number significantly underestimates the actual problem. OTA estimates an overall financial impact of at least $45 billion worldwide. The lead categories of attacks are cryptojacking (1.3 million) and ransomware (500,000), followed by breaches (60,000), supply chain (at least 60,000 infected websites), and Business Email Compromise (20,000).
There are many organizations that track data breaches overall. For example, Risk Based Security Reported the highest number at 6,515 breaches and 5 billion exposed records, both down from 2017. These estimates vary depending on their methodologies – see our full report for all of the breach estimates and our methodology.
One well-established attack type, ransomware, saw a decline in 2018. However, the total dollar Continue reading