It’s World Password Day but passwords may be headed for extinction

Today is World Password Day but a range of alternative authentication methods is challenging passwords so that within the foreseeable future the day of awareness could become obsolete.Biometrics  and cell phones are important to this replacement, with ongoing trials of how effective they might be. There is a flurry of activity in these areas to do away with passwords: The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone, but that could be used as a second factor in authenticating to any number of online services. The phones also feature the more common fingerprint scanner. Rumors have LG adding facial recognition software to their LG G6 phones that could be used in a similar manner. Also, Alabama’s revenue department is trialing a face-recognition app from MorphoTrust that uses iPhones to scan taxpayers’ drivers licenses and to scan their face. The backend verifies the identity of the taxpayer by comparing the license image and uses that to authenticate the person filing an electronic return. Phones are also used to receive texts of one-time passwords, which does involve a password, but not one the user generates or changes at some point or has Continue reading

India’s Supreme Court hears challenge to biometric authentication system

Two lawsuits being heard this week before India’s Supreme Court question a requirement imposed by the government that individuals should quote a biometrics-based authentication number when filing their tax returns.Civil rights groups have opposed the Aadhaar biometric system, which is based on centralized records of all ten fingerprints and iris scans, as their extensive use allegedly encroach on the privacy rights of Indians. “Aadhaar is surveillance technology masquerading as secure authentication technology,” said Sunil Abraham, executive director of Bangalore-based research organization, the Centre for Internet and Society.The Indian government has in the meantime extended the use of Aadhaar, originally meant to identify beneficiaries of state schemes for the poor, to other areas such as filing of taxes, distribution of meals to school children and payment systems.To read this article in full or to leave a comment, please click here

India’s Supreme Court hears challenge to biometric authentication system

Two lawsuits being heard this week before India’s Supreme Court question a requirement imposed by the government that individuals should quote a biometrics-based authentication number when filing their tax returns.Civil rights groups have opposed the Aadhaar biometric system, which is based on centralized records of all ten fingerprints and iris scans, as their extensive use allegedly encroach on the privacy rights of Indians. “Aadhaar is surveillance technology masquerading as secure authentication technology,” said Sunil Abraham, executive director of Bangalore-based research organization, the Centre for Internet and Society.The Indian government has in the meantime extended the use of Aadhaar, originally meant to identify beneficiaries of state schemes for the poor, to other areas such as filing of taxes, distribution of meals to school children and payment systems.To read this article in full or to leave a comment, please click here

Interim Forwarding Loops in OSPF or IS-IS Networks

One of my readers sent me this question (slightly rephrased):

Assume you have A,B and C connected in a triangle (with an alternate longer path to C). What happens if C loses its links to A and B? Won’t the traffic to C loop between A and B for a while?

As always, it depends.

Learning Python: Week2 (Printing, Numbers, and Lists) -Part 4

May the Fourth be with you on World Password Day

Get ready to be bombarded with “May the Fourth be with you” puns regarding your passwords and identity, as this year May 4 is not only Star Wars Day but also World Password Day.Leading up to World Password Day, I received dozens of emails about how bad our password hygiene still is, studies about poor password management, reminders to change passwords, pitches about password managers and biometric options to replace passwords, reminders to use multi-factor authentication (MFA) as well as the standard advise for choosing a stronger password. Some of that advice contradicts NIST-proposed changes for password management.Although NIST closed comments on for its Digital Identity Guidelines draft on May 1, VentureBeat highlighted three big changes. Since this is NIST and changes to password management rules will eventually affect even nongovernment organizations and trickle down to affect pretty much everyone online, it’s important to look at them. Those changes, according to VentureBeat, boil down to:To read this article in full or to leave a comment, please click here

May the Fourth be with you on World Password Day

Get ready to be bombarded with “May the Fourth be with you” puns regarding your passwords and identity, as this year May 4 is not only Star Wars Day but also World Password Day.Leading up to World Password Day, I received dozens of emails about how bad our password hygiene still is, studies about poor password management, reminders to change passwords, pitches about password managers and biometric options to replace passwords, reminders to use multi-factor authentication (MFA) as well as the standard advise for choosing a stronger password. Some of that advice contradicts NIST-proposed changes for password management.Although NIST closed comments on for its Digital Identity Guidelines draft on May 1, VentureBeat highlighted three big changes. Since this is NIST and changes to password management rules will eventually affect even nongovernment organizations and trickle down to affect pretty much everyone online, it’s important to look at them. Those changes, according to VentureBeat, boil down to:To read this article in full or to leave a comment, please click here

Sneaky Gmail phishing attack fools with fake Google Docs app

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here

Sneaky Gmail phishing attack fools with fake Google Docs app

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here

CCIE Renewed Again – Exam 400-101 v5.1

It came around again: CCIE renewal. Last time I renewed, I wasn’t sure if I should do it again. But I gave in, passed the CCIE R&S Written Exam, and moved one step closer to Emeritus. Turns out it wasn’t that bad, and I should not have put it off for so long.

Renewal Cycle

Cisco certifications below Expert level have a 3-year renewal cycle. You can renew your CCNA or CCNP certifications at any time by sitting an exam at the same level. Your 3-year cycle restarts from the day you pass that exam.

CCIE is a little different. A CCIE certification remains valid for two years from your lab date. You can sit any CCIE-level written exam to renew your CCIE certification. At that point your validity date gets extended for another two years - note that it is another two years based upon your lab date, not the date you passed your most recent re-cert exam.

If you don’t pass a written exam during the two-year period, your status goes to “Suspended.” You then have another 12 months to pass the exam, or you completely lose your CCIE status.

My renewal date was last Continue reading

Now Slack search can look for knowledgeable users and channels

How do you find someone in an organization who can answer a burning question? That’s what Slack is trying to answer with an update to its search feature that was released for larger teams on Wednesday.Users who search on topics, such as hiring procedures or sales contracts, will see a bubble pop up in the search results that highlights relevant users and channels for that topic. It’s designed to keep employees from wasting time navigating their companies.Improved search is important for Slack, which faces growing competition from rivals like Microsoft and Google. Microsoft Teams already has a bot that’s supposed to make it easier for users to find coworkers to answer questions.To read this article in full or to leave a comment, please click here

VXLAN: BGP EVPN with Cumulus Quagga

VXLAN is an overlay network to encapsulate Ethernet traffic over an existing (highly available and scalable, possibly the Internet) IP network while accomodating a very large number of tenants. It is defined in RFC 7348. For an uncut introduction on its use with Linux, have a look at my “VXLAN & Linux” post.

In the above example, we have hypervisors hosting a virtual machines from different tenants. Each virtual machine is given access to a tenant-specific virtual Ethernet segment. Users are expecting classic Ethernet segments: no MAC restrictions¹, total control over the IP addressing scheme they use and availability of multicast.

In a large VXLAN deployment, two aspects need attention:

1. discovery of other endpoints (VTEPs) sharing the same VXLAN segments, and
2. avoidance of BUM frames (broadcast, unknown unicast and multicast) as they have to be forwarded to all VTEPs.

A typical solution for the first point is using multicast. For the second point, this is source-address learning.

Introduction to BGP EVPN

BGP EVPN (RFC 7432 and draft-ietf-bess-evpn-overlay for its application with VXLAN Continue reading

VXLAN & Linux

VXLAN is an overlay network to carry Ethernet traffic over an existing (highly available and scalable) IP network while accommodating a very large number of tenants. It is defined in RFC 7348.

Starting from Linux 3.12, the VXLAN implementation is quite complete as both multicast and unicast are supported as well as IPv6 and IPv4. Let’s explore the various methods to configure it.

To illustrate our examples, we use the following setup:

• an underlay IP network (highly available and scalable, possibly the Internet),
• three Linux bridges acting as VXLAN tunnel endpoints (VTEP),
• four servers believing they share a common Ethernet segment.

A VXLAN tunnel extends the individual Ethernet segments accross the three bridges, providing a unique (virtual) Ethernet segment. From one host (e.g. H1), we can reach directly all the other hosts in the virtual segment:

$ ping -c10 -w1 -t1 ff02::1%eth0
PING ff02::1%eth0(ff02::1%eth0) 56 data bytes
64 bytes from fe80::5254:33ff:fe00:8%eth0: icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from fe80::5254:33ff:fe00:b%eth0: icmp_seq=1 ttl=64 time=4.98 ms (DUP!)
64 bytes from fe80::5254:33ff:fe00:9%eth0: icmp_seq=1 ttl=64 time=4.99 ms (DUP!)
64 bytes from fe80::5254:33ff:fe00:a%eth0: icmp_seq=1 ttl=64 time=4.99 ms (DUP!)

--- ff02::1%eth0 ping statistics ---
1 packets transmitted, 1 received, +3 duplicates,  Continue reading

Full Stack Journey 005: Patrick Kelso

Full Stack Journey 005: Patrick Kelso

Episode #5 of the Full Stack Journey Podcast features Patrick Kelso, an independent consultant who works in the UNIX/virtualization/cloud space.

The post Full Stack Journey 005: Patrick Kelso appeared first on Packet Pushers.

Introducing the new Cloudflare Community Forum

Cloudflare’s community of users is vast. With more than 6 million domains registered, our users come in all shapes and sizes and are located all over the world. They can also frequently be found hanging out all around the web, from social media platforms, to Q&A sites, to any number of personal interest forums. Cloudflare users have questions to ask and an awful lot of expertise to share.

It’s with that in mind that we wanted to give Cloudflare users a more centralized location to gather, and to discuss all things Cloudflare. So we have launched a new Cloudflare Community at community.cloudflare.com.

Who is this community for?

It's for anyone and everyone who uses Cloudflare. Whether you are adding your first domain and don’t know what a name server is, or you are managing 1,000s of domains via API, or you are somewhere in between. In the Cloudflare Community you will be able to find tips, tricks, troubleshooting guidance, and recommendations.

We also think this will be a great way to get feedback from users on what’s working for them, what isn’t, and ways that we can make Cloudflare better. There will even be opportunities to Continue reading

Value Constrains Us. At Least, It Should.

A friend of mine asked me, “How do you manage the billions of chat messages, chat apps, social media, etc.? I’m becoming so inefficient it isn’t funny.”

TL;DR

The short answer is that I don’t manage them. I mostly ignore them. I don’t view most of these apps, especially social media, as something to be kept up with. I declared permanent amnesty (some would say bankruptcy) some time ago. I have a different viewpoint on these tools than I once did.

See also the post I wrote on Cal Newport’s book, Deep Work in May 2016.

I limit active participation.

I only take part in a few services, and I’m not consistently active on any of them. Despite however many followers I might have on a given platform, the world doesn’t care what I have to say on those services so much that my contributions especially matter. Therefore, stepping back isn’t harming anyone, nor is it disappointing someone that I’m not saying something or participating in every conversation that I might. No one notices.

Conversely, I don’t pay attention to everything everyone else is saying on all the platforms where things are being said. The Internet allows everyone to talk Continue reading

9 reasons why the death of the security appliance is inevitable

9 reasons why the death of the security appliance is inevitable

9 reasons why the death of the security appliance is inevitable