A Solution to Compression Oracles on the Web
This is a guest post by Blake Loring, a PhD student at Royal Holloway, University of London. Blake worked at Cloudflare as an intern in the summer of 2017.
Compression is often considered an essential tool when reducing the bandwidth usage of internet services. The impact that the use of such compression schemes can have on security, however, has often been overlooked. The recently detailed CRIME, BREACH, TIME and HEIST attacks on TLS have shown that if an attacker can make requests on behalf of a user then secret information can be extracted from encrypted messages using only the length of the response. Deciding whether an element of a web-page should be secret often depends on the content of the page, however there are some common elements of web-pages which should always remain secret such as Cross-Site Request Forgery (CSRF) tokens. Such tokens are used to ensure that malicious webpages cannot forge requests from a user by enforcing that any request must contain a secret token included in a previous response.
I worked at Cloudflare last summer to investigate possible solutions to this problem. The result is a project called cf-nocompress. The Continue reading
SDN Hasn’t Faded, It’s Just Evolved
A look at how software-defined networking is expanding with the incorporation of analytics and how service providers are implementing the technology.
SDN Hasn’t Faded, It’s Just Evolved
A look at how software-defined networking is expanding with the incorporation of analytics and how service providers are implementing the technology.
Upcoming Webinars, Online Courses and Live Events
The pace of live webinar sessions will slow down a bit in April 2018 due to the onslaught of European spring holiday season. Nonetheless, you’ll be able to enjoy:
- The second part of EVPN Technical Deep Dive series with Dinesh Dutt on April 5th;
- The planning and design part of NSX, ACI or EVPN webinar with Mitja Robas on April 24th;
On April 19th we’ll have the first DIGS event in 2018, starting with introduction to SDDC and VMware NSX in the morning and NSX workshop in the afternoon.
Read more ...Casting Call: Angling for Good Tech and Good Conversation – Coming to YouTube SOON!
The idea started forming in my head 3 years ago at CiscoLive Europe 2018 in Barcelona. I was asked to be a roving reporter for the event. I had never done anything like that before…. so to say I was... Read More ›
The post Casting Call: Angling for Good Tech and Good Conversation – Coming to YouTube SOON! appeared first on Networking with FISH.
Data Center Network Equipment Revenue Hit $13.7B in 2017
Bare metal switch revenue was up 60 percent year-over-year in the fourth quarter of 2017. And it’s projected to reach $3.6 billion in 2022, with cloud deployments as the primary driver.
ONF Operator Members are Tired of Vendor Inertia
Step up or get out of the way, say the operator board members of ONF, including AT&T, China Unicom, Comcast, Google, Deutsche Telekom, NTT Group, Telefonica, and Turk Telekom.
Intent-Based Management Will Revolutionize the Storage Industry
Looking into the world of manufacturing and how its modernizing can help to understand the intricacies of intent-based approaches and how they can be applied to storage.