Archive

Category Archives for "Networking"

The Correct Mask for a PE’s Loopback0

As I've written about previously (The Importance of BGP NEXT_HOP in L3VPNs), the BGP NEXT_HOP attribute is key to ensuring end to end connectivity in an MPLS L3VPN. In the other article, I examine the different forwarding behavior of the network based on which of the egress PE's IP addresses is used as the NEXT_HOP. In this article I'll look at the subnet mask that's associated with the NEXT_HOP and the differences in forwarding behavior when the mask is configured to different values.

There is a lot of (mis-)information on the web stating that the PE's loopback address — which, as I explain in the previous article, should always be used as the NEXT_HOP — must have a /32 mask. This is not exactly true. I think this is an example of some information that has been passed around incorrectly, and without proper context, and is now taken as a rule. I'll explain more about this further on in the article.

Twitter surprises with a sales gain, but user growth lags

Twitter reported a higher than expected increase in revenue on Tuesday, suggesting progress in the company’s efforts to grow its ad sales.Total revenue for the second quarter ending June 30 was US$502 million, Twitter reported, up 61 percent from the same period last year, and beating estimates of $481 million from analysts polled by the Thomson Financial Network.Twitter also reported decent growth in its users, although with a caveat. For the quarter, the total number of users logging in monthly was 316 million, up 15 percent. But compared to the first quarter, the vast majority of the increase was derived from SMS Fast Followers, people who access Twitter content on mobile devices but do not have accounts on the service.To read this article in full or to leave a comment, please click here

Italian parliament drafts a declaration of Internet rights

The Italian parliament wants to have its say in the creation of an international legal framework promoting freedom, equality and access to cyberspace for all, and on Tuesday it presented a Declaration of Internet Rights that it will bring to the Internet Governance Forum in Brazil in November.“This is the first time that a parliament produces a declaration on Internet rights of constitutional inspiration and international scope,” Laura Boldrini, the speaker of the lower house of parliament and a major backer of the project, told a press conference in Rome. Boldrini said she hoped parliament would pass a motion calling on the Italian government to promote the document in national and international forums. The document was drawn up by a commission headed by Stefano Rodotà, a former politician and jurist.To read this article in full or to leave a comment, please click here

With ‘recall,’ Fiat Chrysler makes its car hack worse

After Wired showed two hackers remotely gain access and immobilize a moving Jeep by exploiting software vulnerabilities last week, Fiat Chrysler responded by patching the vulnerability in several Jeep, Dodge, and Chrysler models that were equipped with the Uconnect software that was hacked. How they went about issuing the patch, however, may just put the company's customers further at risk.Rather than simply treating the software patch as a traditional recall (i.e. requiring them to visit a service center and have an expert make the fix), Fiat Chrysler is mailing a USB thumb drive to owners of the affected cars. From there, the cars' owners can plug the USB drive into the cars' USB port to patch the software vulnerability. This seems like a convenient way to issue a recall for something that car owners can fix themselves. To read this article in full or to leave a comment, please click here

Human error to blame in fatal crash of Virgin Galactic’s spacecraft

When the co-pilot of Virgin Galactic’s SpaceshipTwo prematurely unlocked the feathering -- or braking system on the spacecraft it set off a chain of events that lead to a chain of events that brought the ship down.+MORE ON NETWORK WORLD: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+That was but one of the findings released today by the National Transportation Safety Board which has ben investigating the Virgin Galactic crash 10 months ago that killed the copilot and badly injured the pilot.To read this article in full or to leave a comment, please click here

Amazon Launchpad store will sell goods from startups

Amazon is opening a specialized storefront on its website that will sell products from startups in an effort to help the fledging companies build their businesses.Called Launchpad, the site lists approximately 200 items with an emphasis on tech gadgets, like a US$649 drone or a $150 floating Bluetooth speaker. There are also startups selling food, like gluten-free pancake mix, and wellness products, including vitamins. Each startup will get a product page for its merchandise and will get Amazon’s help with marketing and distributing. The products will ship to buyers from Amazon’s warehouses and will be eligible for Prime, the company’s expedited shipping program. Joining Launchpad is free, Amazon said.To read this article in full or to leave a comment, please click here

Obama won’t pardon Snowden, despite petition

U.S. President Barack Obama won’t pardon National Security Agency leaker Edward Snowden, despite strong public support for it, the White House said Tuesday.A petition on WhiteHouse.gov calling for Obama to pardon Snowden has nearly 168,000 signatures, but that’s not enough to sway the president, said Lisa Monaco, Obama’s advisor on homeland security and counterterrorism.Obama has pushed for surveillance reforms “since taking office,” Monaco wrote on the WhiteHouse.gov petition site. “Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it,” she added.To read this article in full or to leave a comment, please click here

Darkode cybercrime forum might be making a comeback

The former administrator of Darkode, the online cybercrime forum that was recently shut down by law enforcement agencies, is preparing to bring it back, with better security and privacy for its members.On July 15, the U.S. Department of Justice announced that the Darkode hacking forum where cybercriminals had gathered to exchange services and tools for years, was dismantled following an operation that involved agencies in 20 countries.Seventy suspected Darkode members from many countries were searched, arrested or charged after the FBI infiltrated the forum’s invitation-only membership and gathered evidence.To read this article in full or to leave a comment, please click here

Google: Lock up your Compute Engine data with your own encryption keys

Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they’re concerned about the company snooping on their corporate information.On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.“Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request,” wrote Leonard Law, Google product manager, in a blog post describing the new feature.To read this article in full or to leave a comment, please click here

EU privacy watchdog weighs in on data protection reform, shares concerns

As European Union lawmakers in the Commission, Parliament and Council debate a new data protection law, the EU’s data protection watchdog has chimed in, expressing some concerns and saying individuals’ privacy rights should be at the core of the legislation.Although he is perhaps best placed to offer an opinion on the matter, legislators have no obligation to listen to European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who released his own proposed draft of the law on Monday.A lot is at stake, said Buttarelli. “This reform will shape data processing for a generation which has no memory of living without the internet. The EU must therefore fully understand the implications of this act for individuals, and its sustainability in the face of technological development.”To read this article in full or to leave a comment, please click here

Google tells its publisher partners to comply with EU cookie directive

Google is now requiring that publishers that carry its ads comply with a European Union directive and ask their site visitors’ for permission before setting cookies on their computers.Google spelled out the requirement in its new EU User Consent Policy for publishers that participate in services including AdSense, DoubleClick Ad Exchange and DoubleClick for Publishers.“If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today,” said Jason Woloz, Google’s security and privacy program manager for display and video ads, in a blog postTo read this article in full or to leave a comment, please click here

Brinks safe — with a USB port — proves easy hacking for security researchers

“Every step of the way, we were like, ‘This can’t be possible.’ ”Yet this – opening a Brinks CompuSafe Galileo using its standard USB port, a keyboard and 100 lines of code – was most definitely possible for a pair of security researchers, Daniel Petro and Oscar Salazar, who work for the IT security consulting company Bishop Fox.From an IDG News Service story on our site: They bought a Galileo CompuSafe on eBay. The most egregious problem they found is a fully functional USB port on the side of the safe. That allowed them to plug in a keyboard and a mouse, which worked.To read this article in full or to leave a comment, please click here

MetalCaptcha: Free service uses metal band logos as CAPTCHAs

Hacker News had me laughing today as a company called HeavyGifts took a joke and turned it into a real and free product by using metal band logos as CAPTCHAs. Unless there is another computer virus based on weaponizing heavy metal, such as the malware reported to F-Secure’s Mikko Hypponen by an Iranian nuclear scientist after AC/DC’s Thunderstruck was allegedly blasting from workstations in the middle of the night, when else can I write about metal music?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Software vulnerabilities hit a record high in 2014, report says

How safe is the software you use? Do you have a system in place to identify vulnerabilities and patch them when they are discovered? How quickly do you react to vulnerability reports? There's evidence that software vulnerabilities are on the rise, and few companies are taking the necessary action to combat them.There was some worrying news in the recent Secunia Vulnerability Review 2015. The number of recorded vulnerabilities hit a record high of 15,435 last year, up 18% from 2013. The vulnerability count has increased 55% in the last five years. The report also found a rise in the number of zero-day vulnerabilities with 20 being uncovered in the 50 most popular programs. These are vulnerabilities that have already been exploited by hackers before being made public or being patched.To read this article in full or to leave a comment, please click here

Xen patches new virtual-machine escape vulnerability

A new vulnerability in emulation code used by the Xen virtualization software can allow attackers to bypass the critical security barrier between virtual machines and the host operating systems they run on.The vulnerability is located in the CD-ROM drive emulation feature of QEMU, an open source hardware emulator that’s used by Xen, KVM and other virtualization platforms. The flaw is tracked as CVE-2015-5154 in the Common Vulnerabilities and Exposures database.The Xen Project released patches for its supported releases Monday and noted that all Xen systems running x86 HVM guests without stubdomains and which have been configured with an emulated CD-ROM drive model are vulnerable.To read this article in full or to leave a comment, please click here

1 3,039 3,040 3,041 3,042 3,043 3,478