Archive

Category Archives for "Networking"

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

New Amazon Echo Discounted $20 Right Now – Deal Alert

Amazon has a discount of $20 active right now on their all new Echo smart speaker, which features a new speaker, new design, and is available in a range of styles including fabrics and wood veneers. Echo connects to Alexa to play music, make calls, set alarms and timers, ask questions, control smart home devices, and more -- instantly. Echo averages 4 out of 5 stars on Amazon from over 2,200 reviewers, and with the current discount you can grab it for yourself (or someone else) now for just $79.99. See the discounted Echo deal now on Amazon.To read this article in full, please click here

Reflections from the Global Commission on the Stability of Cyberspace

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Popular Destinations rerouted to Russia

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

Looking at timeline we can see two event windows of about three minutes each. The first one started at 04:43 UTC and ended at around 04:46 UTC. The second event started 07:07 UTC and finished at 07:10 UTC.

Even though these events were relatively short lived, they were significant because it was picked up by a large number of peers and because of several new more specific prefixes that are not normally seen on the Internet. So let’s dig a little deeper.

One of the interesting things about this incident is the prefixes that were affected are all network prefixes for well known and high traffic internet organizations. The other odd thing is that the Origin AS 39523 (DV-LINK-AS) hasn’t been seen announcing any prefixes for many years (with one exception below), so why Continue reading

VMware Closes Acquisition of VeloCloud Networks

As applications and data continue to be distributed more broadly from the data center to the edge, customers are increasingly relying on software-defined wide-area networks (SD-WANs) versus traditional networking for flexible, secure connectivity.  It’s for this reason that I am pleased to share that we officially closed our acquisition of VeloCloud Networks today, bringing their industry-leading, cloud-delivered SD-WAN solution to our growing software-based networking portfolio. The acquisition of VeloCloud significantly advances our strategy of enabling customers to run, manage, connect and secure any application on any cloud to any device.

VMware NSX was a game changer in the industry, and it has become the industry-leading implementation of network virtualization. Customers choose NSX because it delivers network and security services closest to the application. By adding VeloCloud’s SD-WAN solutions to our portfolio, we are extending our value in the enterprise and increasing our relevance with service providers by offering end-to-end automation, application continuity and security from data center to cloud edge. VeloCloud will bring the same properties to the wide-area network with an SD-WAN solution that provides full visibility, metrics, control and automation of all endpoints, resulting in better performance and availability for enterprise and cloud applications.

If you are a Continue reading

One Little Thing Can Break All Your Automation

I’ve been doing some work automating A10 Networks load balancers recently, and while testing I discovered a bug which broke my scripts. As hard as I try to code my scripts to cope with both success and failure, I realized that the one thing I can’t do much with is a failure of a key protocol.

A10 Networks Logo

Breaking Badly

So what matters when I’m automating device configurations? Three things come to mind immediately:

The Network / Transport

I need reliable network connectivity, or my automation requests will constantly be timing out or failing. While a script should be able to cope with an occasional network failure, unreliable networks are not fun to work with.

Data Transfer Format

Pick a format (XML, JSON) and use it consistently. I’m happy so long as I can send a request and read a response in a given format. If I send a request using JSON, send a response using JSON. Funnily enough I was troubleshooting WordPress xmlrpc recently and noticed that when there was an error, the XML command being issued received a 404 error followed by, well, you’d hope an XML error response, right? No, because it was an HTTP 404 error, the site Continue reading

Let’s Mobilize for Better Data Stewardship

If we want organizations like Equifax to be good data stewards, we, the users and consumers, must mobilize.

In October, the Internet Society explored why the dominant approach to data handling, based around the concepts of risk and compliance, does not work. To recap: “…data handlers try to adhere to regulatory requirements and minimize the risk to themselves – not necessarily to the individuals whose data they handle. For some data handlers, the risk that poor security creates may not extend to them.”

Euphemistically put, Equifax has not been an example of forthcomingness, transparency, and accountability. Users can change this paradigm. Users can shift the cost of a data breach onto the data handler by holding the accountable for their action or lack of action.

The key is to organize. For example, Consumer Reports is organizing a campaign calling on Equifax to take the next steps to address the fallout from the data breach. Their first step was to deliver a petition signed by over 180,000 individuals to Equifax’s headquarters.

The Internet Society just pledged $10k to this cause, to help Consumer Reports make sure Equifax does everything in its power to make things right for consumers in Continue reading

1 1,519 1,520 1,521 1,522 1,523 3,435