Going Keyless Everywhere
Time flies. The Heartbleed vulnerability was discovered just over five and a half years ago. Heartbleed became a household name not only because it was one of the first bugs with its own web page and logo, but because of what it revealed about the fragility of the Internet as a whole. With Heartbleed, one tiny bug in a cryptography library exposed the personal data of the users of almost every website online.
Heartbleed is an example of an underappreciated class of bugs: remote memory disclosure vulnerabilities. High profile examples other than Heartbleed include Cloudbleed and most recently NetSpectre. These vulnerabilities allow attackers to extract secrets from servers by simply sending them specially-crafted packets. Cloudflare recently completed a multi-year project to make our platform more resilient against this category of bug.
For the last five years, the industry has been dealing with the consequences of the design that led to Heartbleed being so impactful. In this blog post we’ll dig into memory safety, and how we re-designed Cloudflare’s main product to protect private keys from the next Heartbleed.
Memory Disclosure
Perfect security is not possible for businesses with an online component. History has shown us that no matter how Continue reading
Delegated Credentials for TLS
Today we’re happy to announce support for a new cryptographic protocol that helps make it possible to deploy encrypted services in a global network while still maintaining fast performance and tight control of private keys: Delegated Credentials for TLS. We have been working with partners from Facebook, Mozilla, and the broader IETF community to define this emerging standard. We’re excited to share the gory details today in this blog post.
Also, be sure to check out the blog posts on the topic by our friends at Facebook and Mozilla!
Deploying TLS globally
Many of the technical problems we face at Cloudflare are widely shared problems across the Internet industry. As gratifying as it can be to solve a problem for ourselves and our customers, it can be even more gratifying to solve a problem for the entire Internet. For the past three years, we have been working with peers in the industry to solve a specific shared problem in the TLS infrastructure space: How do you terminate TLS connections while storing keys remotely and maintaining performance and availability? Today we’re announcing that Cloudflare now supports Delegated Credentials, the result of this work.
Cloudflare’s TLS/SSL features are among the top reasons Continue reading
Why Are You Always so Negative?
During the last Tech Field Day Extra @ CLEUR, one of the fellow delegates asked me about my opinion on technology X (don’t remember the details, it was probably one of those over-hyped four-letter technologies). As usual, I started explaining the drawbacks, and he quickly stopped me with a totally unexpected question: “Why do you always tend to be so negative?”
That question has been haunting me for months… and here are a few potential answers I came up with.
Read more ...JNCIS-SP
How to play the JNCIS-SP game and win!JNCIS-SP
I recently passed the JNCIS Service Provider (JN0-361) certification exam on my second attempt. This post will cover the materials and methods I used to tackle this exam. First Attempt Juniper had a free cert day on the 17th of September 2019 here in Australia. From the time it was...Dell Technologies and VMware Deliver the Roadmap to 5G Network Architecture
Dell Technologies and VMware deliver an adaptable edge architecture tailored to the challenges...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
IPv6 Buzz 038: IPv6 In The Federal Government
Today's episode explores how the US federal government views IPv6 adoption. We also explore the use of IPv6 by the U.S. Department of Defense, including innovations, and how the DoD's use affects its work with civilian entities. Our guest is Jeremy Duncan, founder and leading partner of the consultancy Tachyon Dynamics.
The post IPv6 Buzz 038: IPv6 In The Federal Government appeared first on Packet Pushers.
IPv6 Buzz 038: IPv6 In The Federal Government
Today's episode explores how the US federal government views IPv6 adoption. We also explore the use of IPv6 by the U.S. Department of Defense, including innovations, and how the DoD's use affects its work with civilian entities. Our guest is Jeremy Duncan, founder and leading partner of the consultancy Tachyon Dynamics.Intel, Sony, NTT Forge Optical, Wireless Initiative
The forum envisions a future where technologies like silicon photonics, edge computing, and...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Ericsson, Huawei Win Top Ratings on 5G Mobile Core
“The gap that distinguishes leaders from the rest of the pack is very small, and the market is...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Install Azure CLI on your Android Phone
I installed the Azure CLI in the Termux app on my Android phone. This post describes all the steps required to successfully run Azure CLI on most Android phones.
Installing Azure CLI on Termux on your Android phone is an alternative to using Azure Cloud Shell on Chrome or Firefox, or to using the Cloud Shell feature on the Azure mobile app. It’s also a cool thing to try.
This post is based on the excellent work done by Matthew Emes, who wrote a blog post about installing Azure CLI on a Chromebook. Matthew’s procedure got me started, but I had to modify it to make Azure CLI work in Termux on my Android phone. Also, Azure CLI has changed since Matthew wrote about it and some of his steps, while they still work, are no longer necessary.
Termux
Install Termux on your Android phone. Termux is a terminal emulator and Linux environment that runs on most Android devices with no rooting or setup required. You can use Termux as a terminal emulator to manage remote systems and it will run a large number of Linux utilities and programming languages directly on your phone. Install it from the Google Continue reading
Developers Going All-In On Kubernetes
To learn more about containerized infrastructure and cloud native technologies, consider coming to...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Nokia’s SOAR Lineup Tackles 5G, IoT Security
“Basically 60% of the devices we are monitoring are IoT devices, and 78% of the malware we are...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
What Scary Movies Can Teach Us About Internet Trust
Mad geniuses. Evil dolls. Slow zombies. This Halloween, we’ll see all of these horror film clichés come to life. Sure they’re fun, but are there lessons we can learn from them? What if they could teach us what not to do? We looked at seven scary tropes and what they might teach us about Internet trust.
The call is coming from inside the house.
The phone calls keep coming, each one scarier than the last. Ring. “Are you home alone?” Ring. “Have you locked the doors?” Ring. “Look in the basement.” It’s only then you realize the stalker has been in the house all along.
We lock our doors to make our homes more secure, but we don’t always think about the security of the things we connect to our home networks. An insecure connected device can put your whole network and the devices on it at risk. Meaning, yes, the cybersecurity threat could be coming from inside the house. By protecting your home network, you limit your devices’ exposure to online threats and help mitigate the risk they may pose to others. You can make your network more secure by using encryption, a strong password, and Continue reading