OpenSSL releases several patches but none for serious issues

The OpenSSL project has released several patches for moderate flaws, including an additional defense against the Logjam vulnerability revealed last month.OpenSSL is widely used open-source software that encrypts communications using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol. SSL/TLS prevents clear-text data from being transmitted across the Web, avoiding high security risks.The patches include three for moderate flaws. Two of these fix flaws that could be used for denial of service attacks, according to an advisory. The third patch fixes a moderate flaw that affects OpenSSL versions prior to a June 2014 release. A fourth patch is for a low severity race condition flaw.To read this article in full or to leave a comment, please click here

Four challenges for Twitter’s next CEO

Dick Costolo has stepped down as CEO of Twitter after five years on the job, relinquishing his post amid longstanding problems including sluggish growth and frequent abusive comments posted to the social network. Twitter cofounder Jack Dorsey, who is also CEO of Square, will be interim CEO when Costolo steps down on July 1.When Twitter finds a permanent replacement, he or she will face several big challenges. Here are four of them:1. Defining what Twitter isPerhaps the biggest problem Twitter has is that many people who aren’t tech enthusiasts still don’t understand what it’s for or why they should use it. For every occasion Twitter is referred to as a social network, it’s also identified as a news source, a publishing system, a feed of real-time events and a micro blog. Perhaps it’s all those things, but that doesn’t help sell it to people who aren’t yet on the service. If it’s a social network, why use it when Facebook’s around? If it’s a micro blog, why not use a proper blog like Tumblr instead?To read this article in full or to leave a comment, please click here

Hacked data on millions of US gov’t workers was unencrypted, union says

A union representing U.S. government workers says it believes detailed personal information on millions of current and former federal employees that was stolen by hackers was not encrypted.The American Federation of Government Employees (AFGE) said the attack on the Office of Personnel Management (OPM) resulted in the theft of all personnel data for every federal employee.In a letter sent Thursday to Katherine Archuleta, director of the OPM, from David Cox, president of the AFGE, the union says it believes hackers targeted the government’s Central Personnel Data File, an expansive database with information on government workers except those in the military or intelligence fields.To read this article in full or to leave a comment, please click here

No GA yet for Cisco’s enterprise SDN

Cisco’s enterprise SDN controller is still in controlled release a year after it was first supposed to be generally available and months after an updated GA date. The APIC Enterprise Module shipped in February in controlled release to “multiple” customers who are using it in production, Cisco says, including IBM, which is using it on behalf of German airliner Lufthansa.To read this article in full or to leave a comment, please click here

Two years on, Google’s Project Loon drifts into focus

It’s been two years since Google first disclosed Project Loon, and while the company continues to keep most details of the project secret, the technology and challenges behind it are slowly coming into focus.Loon is an ambitious attempt to bring the Internet to the roughly 5 billion people on the planet who are out of range of existing networks. The project involves suspending cellular access points under high-altitude balloons to provide Internet access to those on the ground, an idea that sounds elegantly simple but was anything but.A series of recent presentations and talks by Google X employees have revealed some of the technical and commercial challenges the company faced in realizing Loon, and in nearing its target cost of $10,000 per balloon.To read this article in full or to leave a comment, please click here

Two years on, Google’s Project Loon drifts into focus

It’s been two years since Google first disclosed Project Loon, and while the company continues to keep most details of the project secret, the technology and challenges behind it are slowly coming into focus.Loon is an ambitious attempt to bring the Internet to the roughly 5 billion people on the planet who are out of range of existing networks. The project involves suspending cellular access points under high-altitude balloons to provide Internet access to those on the ground, an idea that sounds elegantly simple but was anything but.A series of recent presentations and talks by Google X employees have revealed some of the technical and commercial challenges the company faced in realizing Loon, and in nearing its target cost of $10,000 per balloon.To read this article in full or to leave a comment, please click here

Pluribus Networks Lets Go of Hardware, Plugs Into Dell

A strategy overhaul turns Pluribus into an all-software startup.

Appeals court denies requests to delay net neutrality rules

A U.S. appeals court has denied requests by several broadband providers and trade groups to delay the Federal Communications Commission’s net neutrality rules while they challenge the regulations.The Court of Appeals for the District of Columbia Circuit on Thursday denied 10 requests to delay the implementation of the rules. The court’s denial of the stay requests means the new net neutrality rules will go into effect as scheduled Friday, even as 10 lawsuits against the rules go forward at the appeals court.The groups requesting a stay of the rules “have not satisfied the stringent requirements for a stay pending court review,” a panel of three judges wrote Thursday.To read this article in full or to leave a comment, please click here

FTC charges game developer with misusing money raised on Kickstarter

A project developer who raised more than US$122,800 on Kickstarter to create a new board game has been charged by the U.S. Federal Trade Commission with using the money for personal equipment, moving expenses, rent and licenses for a separate project.Erik Chevalier, doing business as The Forking Path, asked for money from individuals to produce a board game called The Doom That Came to Atlantic City, but cancelled the project more than a year after the May 2012 funding campaign, the FTC said in its first consumer-protection complaint involving crowdfunding.To read this article in full or to leave a comment, please click here

Uber launches iPhone game to attract new drivers

Uber launched a new game for iPhone users today aimed at teaching people what it’s like to work as a driver for the tech-driven transportation company.UberDrive is equal parts teaching tool and recruitment mechanism: players are taught to find the most efficient route around a map of San Francisco for the digital passengers they “pick up” in the game. Players are taught to go and grab riders from areas where surge pricing is in effect, and get rewarded for taking efficient routes to their destination. Surge pricing is Uber’s practice of charging multiple times its base fare in areas seeing heavy demand.To read this article in full or to leave a comment, please click here

BRKDCT-2333 – Data Center Network Failure Detection

Presenter: Arkadiy Shapiro, Manager Technical Marketing (Nexus 2000 – 7000) @ArkadiyShapiro

You could say I’m obsessed with BFD –Arkadiy

The focus on this session is around failure detection (not reconergence, protocol tuning, etc). This session will not go over user-driven failure detection methods (ping, traceroutes, etc).

Fast failure detection is the key to fast convergence.

Routing convergence steps:

1. Detect
2. Propagate (tell my neighbors)
3. Process (routing recalc, SPF, DUAL, etc)
4. Update (update RIB/FIB, program hardware tables)

Failure detection tools: a layered approach: Layer 1, 2, MPLS, 3, application.

Interconnect options:

• Point to point – failure detection is really easy here; event driven; fast
• Layer 3 with Layer 1 (DWDM) bump in the wire
• Layer 3 with Layer 2 (ethernet) bump in the wire
• Layer 3 with Layer 3 (firewall/router) bump in the wire

Think about this: moving to higher speeds (1G -> 10G -> 40G -> beyond) means that more data is lost as you move to higher speeds without changing the failure detection/reconvergence characteristics of the network. 1 second reconvergence time at 1G is way different than 1 second at 40G.

Be aware: ISSU may not support aggressive timers on various protocols. Another reason to be wary of timer cranking.

Continue reading

Cisco Won’t Blacklist White Box Switches

A Cisco white box is a possibility, John Chambers says.

Is IoT a Threat or an Opportunity for Service Providers?

Implications of IoT for service providers.

Arista Networks’ Jayshree Ullal: Why Networking is Fun Again

Embrace automation, the Arista CEO says.

DARPA seeks high-speed inter-satellite communication technology

As the use of smaller satellites in larger constellations increases, the need for faster communications between spacecraft will be needed for improved availability for intelligence, surveillance, telecommunications and reconnaissance applications.The Defense Advanced Research Projects Agency this week announced a program called “Inter-Satellite Communication Links (ISCL)” it hopes will see the development of lightweight, low-power, and low-cost inter-satellite communications technology that could be used in a wide range of small Low Earth Orbit (LEO) satellites. Specifically, this program seeks to develop ISCLs with the highest practical data rates while having a per-link average weight of less than 2 pounds and an orbit-average power dissipation of less than 3 watts, DARPA stated.To read this article in full or to leave a comment, please click here

Windows 10 will allow apps to actively scan their content for malware

Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users’ computers.The goal of the new Antimalware Scan Interface (AMSI) is to let applications send content to the locally installed antivirus product to be checked for malware.According to Microsoft, this can have important benefits when dealing with script content in particular, because malicious scripts are commonly obfuscated to bypass antivirus detection. Scripts also typically get executed in the memory of the applications that are designed to interpret them, so they don’t create files on disk for antivirus programs to scan.To read this article in full or to leave a comment, please click here

House panel votes to delay net neutrality rules

A U.S. House of Representatives subcommittee has voted to require the Federal Communications Commission to suspend new net neutrality rules until a series of lawsuits challenging the regulations are resolved.The action by the House Appropriations Committee’s general government subcommittee Thursday comes too late to stop the new rules from going into effect as scheduled Friday. The requirement could force the FCC to suspend the rules in the coming months though it’s unlikely that President Barack Obama, a strong supporter of net neutrality rules, would sign the appropriations bill requiring a delay of the regulations.The net neutrality rules, which classify broadband as a regulated telecom service, will go into effect Friday unless a U.S. appeals court decides at the last minute to delay the rules, as requested by several broadband groups.To read this article in full or to leave a comment, please click here

BRKSEC-2137 – Snort Implementation in Cisco Products

Presenter: Eric Kostlan, Technical Marketing Engineer, Cisco Security Technologies Group

Above all, Snort is a community –Eric

Snort stats

• over 4 million downloads
• nearly 500,000 registered users

Snort was created in 1998 (!!). Sourcefire founded in 2001.

The Snort engine

• Packet sniffer (DAQ)
• Packet decoder
• Preprocessors
• Detection engine
• Output module

DAQ – packet acquisition library(ies?). Snort leverages this to pull packets off the wire (Snort doesn’t have its own built-in packet capture abilities). DAQ provides a form of abstraction between the Snort engine and the hardware where the bits are flowing. DAQ – Data AcQusition. DAQ modes: inline, passive or read from file.

Packet decoder – look for header anomalies, look for weird TCP flags, much more. Generator id (GID) is 116 for the packet decoder. Decodes Layer  and Layer 3 protocols with a focus on TCP/IP suite.

Preprocessors – apply to Layer 3, 4, and 7 protocols. “Protocol decoders”. Normalizes traffic. Major preprocessors: frag3 (reassembly), stream5 (reconstruct TCP streams), http_inspect (normalizes http traffic), protocol decoders (telnet, ftp, smtp, so on).

Detection engine – various performance settings (eg, how long to spend on regex). Two components: rule builder and inspection component. Rule builder: assembles the rules into Continue reading

Featured Interview: When is Open Not Open? Dell Discusses Their Anti-lock-in NFV Strategy

Jeff Baher discusses Dell's NFV Strategy and what we can expect from Dell's NFV approach.

Chip vendors work to make Bluetooth perfect fit for IoT

Bluetooth Low Energy (BLE) has become a key building block for the Internet of Things, and chip makers are working to make it an even better fit by using the technology to further reduce power consumption of devices and helping developers implement it.Applications have been a key ingredient in making smartphones a huge success. Vendors are hoping to repeat that recipe for IoT, with semiconductor companies such as ST Microelectronics coming up with tools to make BLE, a set of specifications for reduced-power wireless networking, easier for developers to use.ST has launched an offering for voice over BLE, which includes the necessary software, components and development tools to integrate voice control in wearables and home-automation systems. Voice control can aid battery life by minimizing touchscreen usage, while improving ease-of-use, according to ST.To read this article in full or to leave a comment, please click here