Archive

Category Archives for "Networking"

It’s Time For Security Apprenticeships

Breaking into an industry isn’t easy. When you look at the amount of material that is necessary to learn IT skills it can be daunting and overwhelming. Don’t let the for-profit trade school ads fool you. You can’t go from ditch digger to computer engineer in just a few months. It takes time and knowledge to get there.

However, there is one concept in non-technical job roles that feels very appropriate to how we do IT training, specifically for security. And that’s the apprenticeship.

Building For The Future

Apprenticeship is a standard for electricians and carpenters. It’s the way that we train new people to do the work of the existing workforce. It requires time and effort and a lot of training. But, it also fixes several problems with the current trend of IT certification:

  1. You Can’t Get a Job Without Experience – Far too often we see people getting rejected for jobs at the entry level because they have no experience. But how are they supposed to get the experience without doing the job? IT roles paradoxically require you to be cheap enough to hire for nothing but expect you to do the job on day one. Apprenticeships fix Continue reading

Updated Privacy Policy with minor clarifications

As we continue our work related to the upcoming General Data Protection Regulation (GDPR), we have published an updated Privacy Policy for all visitors to our websites. This version makes some minor clarifications to our previous Privacy Policy from August 2017.

We also published a Privacy Policy Frequently Asked Questions (FAQ) list with more details about how we comply with various provisions of the policy. If you have any questions about this, please contact me at [email protected].

See also:

The post Updated Privacy Policy with minor clarifications appeared first on Internet Society.

Keeping Drupal sites safe with Cloudflare’s WAF

Keeping Drupal sites safe with Cloudflare's WAF

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers. This post examines how we protected people against a new major vulnerability in the Drupal CMS, nicknamed Drupalgeddon 2.

Two weeks after adding protection with WAF rule ID D0003 which mitigates the critical remote code execution Drupal exploit (SA-CORE-2018-002/CVE-2018-7600), we have seen significant spikes of attack attempts. Since the 13th of April the Drupal security team has been aware of automated attack attempts and it significantly increased the security risk score of the vulnerability. It makes sense to go back and analyse what happened in the last seven days in Cloudflare’s WAF environment.

What is Drupalgeddon 2

The vulnerability potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could make a site completely compromised.

Drupal introduced renderable arrays, which are a key-value structure, with keys starting with a ‘#’ symbol, that allows you to alter data during form rendering. These arrays however, did not have enough input validation. This means that an attacker could inject a custom renderable array on one of these keys in the form structure.

Continue reading

Weekend Reads 042018: Mostly DNS Security Stuff

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. In this post we will look at how one part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information and what you can do to better protect your privacy and security. Although DNS has long been a serious compromise in the privacy of the web, we’ll discuss some simple steps you can take to improve your privacy online. —Stan Adams @CDT

Cloudflare, the internet security and performance services company, announced a new service called “Spectrum.” The service gets its name from the fact that Cloudflare aims to offer DDoS protection for the whole “spectrum” of ports and protocols for its enterprise customers. @Tom’s Hardware

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication. In order to trick Continue reading

2018 Internet Society Board of Trustees Final Election Results & IETF Appointments

The Internet Society Elections Committee is pleased to announce the final results of the 2018 elections for the Board of Trustees. The voting concluded on 9 April 2018. The challenge period (for appeals) was opened on 11 April and closed on 18 April.

There were no challenges filed. Therefore the election results stand:

  • Walid Al-Saqaf has been re-elected to the board by Chapters, and
  • Robert Pepper has been elected by Organization members.

Also, following the process documented in RFC 3677, the Internet Architecture Board has selected and the IETF has confirmed:

  • Gonzalo Camarillo
  • John Levine

to each serve second terms on the board.

The term of office for all 4 of these Trustees will be 3 years, commencing with the 2018 Annual General Meeting of the Internet Society, 29 June – 1 July.

The Elections Committee congratulates all of the new and renewing Trustees. We also extend our thanks again to all the candidates and to everyone who participated in the process this year.

The post 2018 Internet Society Board of Trustees Final Election Results & IETF Appointments appeared first on Internet Society.

StayFocusd Extension For Chrome

During the last month or two, I’d gotten into a habit of trawling through Imgur, looking for memes I could spin into humorous tweets about networking. It became a game to see what tweets I could create that people would find funny.

That game was successful, in that I had many tweets that were liked and/or retweeted dozens or, in a few cases, hundreds of times. But there was a downside. I was spending a lot of time on Imgur seeking inspiration. I was also spending a lot of time composing tweets and checking reactions.

I Hurt Myself Today

This led to the familiar cycle of Internet addiction. I was hooked on Twitter…again. I’ve been through this with Twitter off and on for many years now. My use of Imgur was also obsessive, opening the app on my phone multiple times per day and scrolling, scrolling, scrolling while looking for new fodder.

Using social media in the context of addiction is subtly different from simply wasting time. Addiction, for me, means using social media when I didn’t plan to. There’s a compulsion that would drive me to fire up Tweetdeck and check out all of my carefully curated columns, review Continue reading

StayFocusd Extension For Chrome

During the last month or two, I’d gotten into a habit of trawling through Imgur, looking for memes I could spin into humorous tweets about networking. It became a game to see what tweets I could create that people would find funny.

That game was successful, in that I had many tweets that were liked and/or retweeted dozens or, in a few cases, hundreds of times. But there was a downside. I was spending a lot of time on Imgur seeking inspiration. I was also spending a lot of time composing tweets and checking reactions.

I Hurt Myself Today

This led to the familiar cycle of Internet addiction. I was hooked on Twitter…again. I’ve been through this with Twitter off and on for many years now. My use of Imgur was also obsessive, opening the app on my phone multiple times per day and scrolling, scrolling, scrolling while looking for new fodder.

Using social media in the context of addiction is subtly different from simply wasting time. Addiction, for me, means using social media when I didn’t plan to. There’s a compulsion that would drive me to fire up Tweetdeck and check out all of my carefully curated columns, review Continue reading

Worth Reading: DevOps and component chaos

Modern software development is trending more toward a componentized approach because developers would rather assemble something using a variety of well-built pieces of third-party code than reinvent the wheel every time they create something new. The approach has done wonders for speed and agility, but it’s increasing a lot of enterprise attack surfaces because too few organizations are keeping up with the vulnerabilities these components pose. —Ericka Chickowski @Dark Reading

Why Enterprise IT Customers Are Stupid

There are many ways that buyers of Enterprise IT are stupid. Mostly its bad leadership and poor management that leads to poor decisions and processes like ITIL. Sometimes its pride preventing you from admitting failure, or the allure of a free steak lunch (putting one over your salary owner by paying for it with overpriced […]
1 1,377 1,378 1,379 1,380 1,381 3,431