AT&T Quietly Buys FiberTower for Millimeter Wave Assets
FiberTower will give AT&T more mmWave spectrum.
Responsible Disclosure from a Collaborative Security Perspective
I recently wrote about an agenda to mitigate the threats of insecure devices on the Internet of Things. One of the requirements expressed in that agenda is “For every product sold, there is a way that security researchers can responsibly disclose vulnerabilities found”.
Mr. Olaf Kolkman
Protecting everyone from WordPress Content Injection
Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress.
CC BY-SA 2.0 image by Nicola Sap De Mitri
The problem was found by the team at Sucuri and reported to WordPress. The WordPress team worked with WAF vendors, including Cloudflare, to roll out protection before the patch became available.
Earlier this week we rolled out two rules to protect against exploitation of this issue (both types mentioned in the Sucuri blog post). We have been monitoring the situation and have not observed any attempts to exploit this vulnerability before it was announced publicly.
Customers on a paid plan will find two rules in WAF, WP0025A and WP0025B, that protect unpatched WordPress sites from this vulnerability. If the Cloudflare WordPress ruleset is enabled then these rules are automatically turned on and blocking.
Protecting Everyone
As we have in the past with other serious and critical vulnerabilities like Shellshock and previous issues with JetPack, we have enabled these two rules for our free customers as well.
Free customers who want full protection for their WordPress sites can upgrade to a Continue reading
Datanauts 069: Microsoft Embraces Open Source
Microsoft has made significant moves into open source. The Datanauts investigate what these efforts are, and what happened to the monopoly we once knew. The post Datanauts 069: Microsoft Embraces Open Source appeared first on Packet Pushers.Serverless computing’s future is now – and why you should care
Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.
Serverless computing, a disruptive application development paradigm that reduces the need for programmers to spend time focused on how their hardware will scale, is rapidly gaining momentum for event-driven programming. Organizations should begin exploring this opportunity now to see if it will help them dramatically reduce costs while ensuring applications run at peak performance.
For the last decade, software teams have been on a march away from the practice of directly managing hardware in data centers toward renting compute capacity from Infrastructure as a Service (IAAS) vendors such as Amazon Web Services (AWS) and Microsoft Azure. It is rare that a software team creates unique value by managing hardware directly, so the opportunity to offload that undifferentiated heavy lifting to IaaS vendors has been welcomed by software teams worldwide.
To read this article in full or to leave a comment, please click here
Help Wanted: Stitching a Federated SDN on OpenStack with EVPN
I am working with a client that has a rather unique problem and I’m looking for help on the possible solution.
For unusual, but practical, reasons there is a need to deploy three SDN solutions.
- VMware Integrated OpenStack with NSX
- Mirantis OpenStack with OpenContrail
- BGP-EVPN for existing and future
What I need help with is the stitching these different overlays together so that high bandwidth (>500Gbps), low latency (<5ms) data can flow in between virtual and physical networks.
There is no alignment to a hardware vendor and will buy whatever hardware can meet the requirements based on its software features.
Questions
- I know that each of these solution supports VXLAN overlay and can be terminated (VTEP) in hardware. But which hardware ? What operating systems ? What protocols are used for any given hardware/software platform ?
- What is the configuration of the VTEP devices and can they be integrated into an orchestration (self-developed) ? What APIs are used to configure the VTEP instances ?
- What are the performance considerations around VTEP ?
- Is is practical to stitch a BGP-EVPN physical underlay to an SDN overlay such as NSX or OpenContrail ?
Discussion
I would be interested in talking to anyone who could offer advice and input Continue reading
Worth Reading: Running from DDoS
The post Worth Reading: Running from DDoS appeared first on 'net work.
IPv6 Q&A For The Home Network Nerd
I was a guest on the Daily Tech News Show, episode 2957A. We chatted about the news of the day, then had an IPv6 discussion aimed at folks who are curious, but haven’t had a chance to work with v6 yet. My goal was to dispel FUD and spread the gospel of IPv6 to the nerdy public.
For those of you that listened to the show, here’s the text I’d prepped. We didn’t get to all of this when recording, so you might find more information here to inspire your IPv6-related Google-fu.
What are the benefits to me as a general consumer of IPv6? (beyond having fifteen bajillion addresses)
In a certain sense, there is little tangible benefit for consumers. Addressing is largely transparent to general consumers. I think many consumers don’t know or care about the IPv4 address assigned to their gear. They care whether or not they can access the Internet resource they are trying to access.
For the more tech savvy, IPv6 does indeed bring fifteen bajillion addresses, so to speak. And while that doesn’t seem like a big deal, it is. For example, most of us at home have gear obscured by NAT. This makes us feel more secure Continue reading
TLS 1.3 explained by the Cloudflare Crypto Team at 33c3
Nick Sullivan and I gave a talk about TLS 1.3 at 33c3, the latest Chaos Communication Congress. The congress, attended by more that 13,000 hackers in Hamburg, has been one of the hallmark events of the security community for more than 30 years.
You can watch the recording below, or download it in multiple formats and languages on the CCC website.
The talk introduces TLS 1.3 and explains how it works in technical detail, why it is faster and more secure, and touches on its history and current status.
The slide deck is also online.
This was an expanded and updated version of the internal talk previously transcribed on this blog.
TLS 1.3 hits Chrome and Firefox Stable
In related news, TLS 1.3 is reaching a percentage of Chrome and Firefox users this week, so websites with the Cloudflare TLS 1.3 beta enabled will load faster and more securely for all those new users.
You can enable the TLS 1.3 beta from the Crypto section of your control panel.
Nominations Open for the Next Class of Internet Hall of Fame Inductees
Do you know someone who has played a significant role in the development and advancement of the open, global Internet? Organizations and individuals from around the world are invited to submit nominations to the Internet Hall of Fame.
2017 marks a significant milestone for the Internet Society as we celebrate 25 years of dedication to an open, secure Internet that benefits all people throughout the world. The Internet has come a long way since its earliest days, and the Internet Hall of Fame honors a select group of visionaries and innovators who were instrumental in the Internet’s development and advancement along the way.
Ms. Kathryn Brown