Archive

Category Archives for "Networking"

Best Deals of the Week, August 8-12 – Deal Alert

Best Deals of the Week, August 8-12 - Deal AlertCheck out this roundup of the best deals on gadgets, gear and other cool stuff we have found this week, the week of August 18th. All items are highly rated, and dramatically discounted!23% off HDMI Cloner Box for Gaming or HD Video Stream Capture, No PC neededHere's a device any gamer or video enthusiast may want to have on hand. Connect a game console, DVD, or any video source to this gadget via its HDMI input, and with the push of a button it captures and saves the video stream to any attached USB flash drive, with no PC required. Advanced hardware H.264 encoding captures your live gameplay or video playback in 1080p Full HD, while keeping the file size low and capturing speeds high. Averaging 4 out of 5 stars on Amazon from over 170 customers (read reviews), the gadget's $129.99 list price has been reduced23% to $99.99. With the unit you'll get a free 16gb USB stick to get you started (enough for several hours of video). See the discounted cloner box now on Amazon.To read this article in full or to leave a comment, please click here

Illusive Networks uses deception to detect an attacker in your network

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The term "advanced persistent threat" is tossed around so frequently that some people might think that every cyberattack results from an APT. This is far from the case. In fact, APTs represent a very dangerous category of cyber threats that use sophisticated resources and techniques to evade detection and that are tenacious in their mission, whether it's to steal information or disrupt normal operations.NIST defines advanced persistent threat by describing three characteristics. The APT:1.         Pursues its objectives repeatedly over an extended period of timeTo read this article in full or to leave a comment, please click here

Illusive Networks uses deception to detect an attacker in your network

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The term "advanced persistent threat" is tossed around so frequently that some people might think that every cyberattack results from an APT. This is far from the case. In fact, APTs represent a very dangerous category of cyber threats that use sophisticated resources and techniques to evade detection and that are tenacious in their mission, whether it's to steal information or disrupt normal operations.NIST defines advanced persistent threat by describing three characteristics. The APT:1.         Pursues its objectives repeatedly over an extended period of timeTo read this article in full or to leave a comment, please click here

More details on rumored Microsoft Surface desktops appear

Last month I mentioned Microsoft could be targeting the all-in-one (AIO) market—including Apple's horribly neglected iMac line—with a series of AIO PCs. Now details are emerging on just what Redmond has in the works.Windows Central, which fueled the initial rumors, has updated the story with new details from its own sources on Microsoft's AIO Surface devices. According to the report, which cites unnamed sources, Microsoft is currently testing three Surface AIOs:To read this article in full or to leave a comment, please click here

This is strictly a violation of the TCP specification

I was asked to debug another weird issue on our network. Apparently every now and then a connection going through CloudFlare would time out with 522 HTTP error.

CC BY 2.0 image by Chris Combe

522 error on CloudFlare indicates a connection issue between our edge server and the origin server. Most often the blame is on the origin server side - the origin server is slow, offline or encountering high packet loss. Less often the problem is on our side.

In the case I was debugging it was neither. The internet connectivity between CloudFlare and origin was perfect. No packet loss, flat latency. So why did we see a 522 error?

The root cause of this issue was pretty complex. Afterred long debugging we identified an important symptom: sometimes, once in thousands of runs, our test program failed to establish a connection between two daemons on the same machine. To be precise, an NGINX instance was trying to establish a TCP connection to our internal acceleration service on localhost. This failed with a timeout error.

Once we knew what to look for we were able to reproduce this with good old netcat. After a couple of dozen of Continue reading

IDG Contributor Network: Cybersecurity skills crisis creating vulnerabilities

Cybersecurity staffing continues to be a problem, a new report has found. Intel Security says a massive 82 percent of IT professionals that it surveyed are battling a shortage in workers specializing in cybersecurity.It’s proving to be a major deficit and is resulting in serious damage. Australia, France, Germany, Israel, Japan, Mexico, U.S. and U.K. are all hurting for hires, the study says.Market research specialist Vanson Bourne performed the survey and interviewed IT decision makers working in cybersecurity in developed countries.+ Also on Network World: Closing the cybersecurity talent gap, one woman at a time +To read this article in full or to leave a comment, please click here

Pakistan cybercrime law scares by its vagueness

Pakistan’s National Assembly has passed a cybercrime bill that provides for censorship of the internet and could also be misused by the vagueness of some of its provisions.Section 34 of the new Prevention of Electronic Crimes Act gives authorities the power to remove or block access to a variety of content.It provides for such action in “the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence under this Act, ” according to a copy of the bill on the website of the Digital Rights Foundation.To read this article in full or to leave a comment, please click here

New compromises won’t end the fight between LTE-U and Wi-Fi

The Wi-Fi Alliance says it’s taken more steps toward compromise since backers of LTE-Unlicensed slammed a coexistence workshop that took place last week. But those moves haven’t brought about wireless peace just yet.LTE-U is a system for running LTE networks in some of the unlicensed frequencies used by Wi-Fi. The workshop, the latest of several intended to make sure LTE-U doesn’t unfairly interfere with Wi-Fi, brought together participants that want to use the new cellular system as well as those devoted to Wi-Fi.When it was done, the Alliance said a test for coexistence was on track for completion next month. However, LTE-U supporters, including Qualcomm, said the whole effort was technically unsound and biased against them.To read this article in full or to leave a comment, please click here

Here’s why Azure Stack will only run on certain hardware

Microsoft made a divisive announcement last month when it revealed that Azure Stack will be delayed until the middle of next year and that the private cloud software will only run on a set of integrated hardware systems rather than a wide variety of hardware. Now, the company is trying to explain that change to customers. On Thursday, Microsoft Principal Group Program Manager Vijay Tewari makes the case for shipping Azure Stack on a small variety of hardware in a video interview. His main point is this: constraining the software to a small set of hardware leads to a better product that's more useful right out of the gate.To read this article in full or to leave a comment, please click here

Here’s why Azure Stack will only run on certain hardware

Microsoft made a divisive announcement last month when it revealed that Azure Stack will be delayed until the middle of next year and that the private cloud software will only run on a set of integrated hardware systems rather than a wide variety of hardware. Now, the company is trying to explain that change to customers. On Thursday, Microsoft Principal Group Program Manager Vijay Tewari makes the case for shipping Azure Stack on a small variety of hardware in a video interview. His main point is this: constraining the software to a small set of hardware leads to a better product that's more useful right out of the gate.To read this article in full or to leave a comment, please click here

Technology Short Take #70

Welcome to Technology Short Take #70! In this post you’ll find a collection of links to articles discussing the major data center technologies—networking, hardware, security, cloud computing, applications, virtualization…you name it! (If there’s a topic you think I’m missing, I’d love to hear from you.)

Networking

  • MTU in OpenStack Neutron has been, as this article by Sam Yaple points out, a bit of a touchy subject. Fortunately, it looks like progress has been made on that front, so check out Sam’s post for more details.
  • Jason Edelman has an article from back in January that describes the use of Big Switch’s Big Cloud Fabric (BCF) and Big Monitoring Fabric (BMF) in conjunction with Ansible (via some Ansible modules that Jason himself developed).
  • Dwayne Sinclair covers the basics of SpoofGuard in NSX, and how to interact with SpoofGuard via API, in this article.
  • This article is a bit more OpenStack-focused, but given that it focuses pretty heavily on Neutron I thought it’d fit better here in the “Networking” section. The article talks about how to use the --allowed_address_pairs extension to build a highly-available proxy server instead of using LBaaS.
  • Numan Siddique describes the native DHCP support available in OVN (Open Continue reading

Auto Renew Let’s Encrypt Certificates

I'm a big fan of Let's Encrypt (free, widely trusted SSL certificates) but not a big fan of most of the client software available for requesting and renewing certificates. Unlike a typical certificate authority, Let's Encrypt doesn't have a webui for requesting/renewing certs; everything is driven via an automated process that is run between a Let's Encrypt software client and the Let's Encrypt web service.

Since the protocols that Let's Encrypt uses are standards-based, there are many open source clients available. Being security conscious, I have a few concerns with most of the clients:

  • Complication. Many of the clients are hundreds of lines long and unnecessarily complicated. This makes the code really hard to audit and since this code is playing with my crypto key material, I do want to audit it.
  • Elevated privilege. At least one of the clients I saw required root permission. That's a non starter.

Millions of Volkswagens can be broken into with a wireless hack

Millions of Volkswagens built over the past 20 years can be broken into with a hack that exploits the cars’ remote control key systems, security researchers have found. Most VWs built since 1995 use one of a handful of electronic “master keys” to remotely open and lock the doors, and those keys can be extracted by reverse engineering the firmware, the researchers wrote in a new paper.  That alone isn’t enough to break into a car -- the master key has to be combined with a unique code generated by each remote key device. But the researchers also devised a way to do that, assembling a piece of radio hardware costing around $40.To read this article in full or to leave a comment, please click here

Millions of Volkswagens can be broken into with a wireless hack

Millions of Volkswagens built over the past 20 years can be broken into with a hack that exploits the cars’ remote control key systems, security researchers have found. Most VWs built since 1995 use one of a handful of electronic “master keys” to remotely open and lock the doors, and those keys can be extracted by reverse engineering the firmware, the researchers wrote in a new paper.  That alone isn’t enough to break into a car -- the master key has to be combined with a unique code generated by each remote key device. But the researchers also devised a way to do that, assembling a piece of radio hardware costing around $40.To read this article in full or to leave a comment, please click here

1 2,417 2,418 2,419 2,420 2,421 3,443