Hackathon at Africa Internet Summit Focuses on Time, Vehicular Communications, and Network Programmability
We are pleased to announce the 2nd Hackathon@AIS will be held in Dakar, Senegal, on 9-10 May, alongside the Africa Internet Summit. Participants from 14 countries have confirmed their participation and will work on activities centered around three main topics:
- The Network Time Protocol (or NTP)
- Wireless communication in vehicular environments – based on Intelligent Transportation Systems
- Network Programmability
Working on open Internet standards involves a collaborative effort whereby individuals from different backgrounds provide input and expertise to improve the Internet. Work is focused on common objectives with set timelines. This work is mostly done by people in different geographical locations using the Internet (and online tools) to collaborate on the work. In some cases, short technical events called hackathons place experts in one physical location to work collaboratively to solve a problem or develop a new product or output in a short period of time.
Last year, the Internet Society’s African Regional Bureau, together with AFRINIC, organized a hackathon in Kenya, during the 2017 Africa Internet Summit. In Africa, work on open Internet standards development is low, with only a handful of Request For Comments (RFCs) known to have been published by experts from the region. One of Continue reading
Fhoosh Accelerator Kits Help Deploy Super-Fast Encryption Tech Even Faster
The kits are based on the company’s software, which encrypts data up to 15 times faster than standard encryption.
Using the Cloud to Secure the Cloud
Multi-cloud is a powerful new option for enterprise customers, but it has its complexities — especially regarding security. Users need a simple and consistent way to protect the data-in-motion going between the clouds.
Virtustream Makes Security Risk Management SaaS-Y With Viewtrust
The company acquired the software when it scooped up SEIM vendor Viewtrust in 2014.
Expanding Multi-User Access on dash.cloudflare.com
One of the most common feature requests we get is to allow customers to share account access. This has been supported at our Enterprise level of service, but is now being extended to all customers. Starting today, users can go to the new home of Cloudflare’s Dashboard at dash.cloudflare.com. Upon login, users will see the redesigned account experience. Now users can manage all of their account level settings and features in a more streamlined UI.
CC BY 2.0 image by Mike Lawrence
All customers now have the ability to invite others to manage their account as Administrators. They can do this from the ‘Members’ tab in the new Account area on the Cloudflare dashboard. Invited Administrators have full control over the account except for managing members and changing billing information.
For Customers who belong to multiple accounts (previously known as organizations), the first thing they will see is an account selector. This allows easy searching and selection between accounts. Additionally, there is a zone selector for searching through zones across all accounts. Enterprise customers still have access to the same roles as before with the addition of the Administrator and Billing Roles.
The New Dashboard @ dash. Continue reading
Gluware Q&A: Software Enable your Brownfield Network
Thanks to all who joined us for the Gluware DemoFriday: Software Enable your Brownfield Network – Automate Multi-Vendor QoS on Routers and NAC.
VMware CEO Pat Gelsinger Preaches One Love, One NSX
During his Dell Technologies World keynote, Gelsinger detailed the company’s “vision for the future of networking.” That future looks like NSX.
Michael Dell Says Robopocalypse Is Fake News, Future Is Software Defined
Michael Dell told Dell Technologies World attendees to use software, data, AI, and IoT to remain relevant.
Why Knowing About Industry / Market Makes You Smarter
Understanding industry and market forces, and how those forces shape vendor behavior, can be valuable for your career.We Have to Learn How to Manage the Cattle
Not long after I published the blog post arguing against physical appliances, Oven wrote a very valid comment: "But then you'd have 20 individual systems to manage, add licenses to for additional features, updates etc."
Even though the blog post (and the comment) was written in 2013, not much has changed in the meantime.
Read more ...A Review of RSA Conference
So, I recently went to my first RSA Conference. It’s something I’ve had on my radar for a while but never had the opportunity to do. However, with Security Field Day coming up later this year I thought it was high time I went to see what everything was about. Here are some ideas that I came up with during my pilgrimage to the big security conference.
- It’s Huge. Like, really big. I’ve never seen a bigger conference before. I haven’t gone to Oracle OpenWorld or Dreamforce, but the size of the RSA show floor alone dwarfs anything I’ve seen. Three whole areas, including one dedicated to emerging vendors. That’s big. Almost too big in fact.
- I Still Hate Moscone. It’s official. No conference should ever use this place again. It’s been 4 years since I railed against it and every word still applies. Doubly so this year, as RSA was being held during construction! Seriously. At this point, Moscone must be paying people to hold a convention there. RSA is too big. I don’t care if it’s cheap to ferry people up from Silicon Valley. Stop doing this to yourself and tarnishing your brand. Just go to Vegas if Continue reading
Pulse Secure Q&A: A Trust Model for Multi-Cloud Networks and Applications Beyond Zero Trust
Thanks to all who joined us for the Pulse Secure 2018 Next-Gen Data Center Networking Report Webinar: A Trust Model for Multi-Cloud Networks and Applications Beyond Zero Trust.
What Happened? The Amazon Route 53 BGP Hijack to Take Over Ethereum Cryptocurrency Wallets
Yesterday, we published a blog post sharing the news and some initial details about Amazon’s DNS route hijack event to steal Ethereum cryptocurrency from myetherwallet.com. In this post, we’ll explore more details about the incident from the BGP hijack’s perspective.
As noted by Dyn, CloudFlare, and various other entities who monitor Internet routing and health, Amazon’s Route 53 (the DNS service offered by AWS) prefixes were hijacked. A BGP update taken from Isolario suggests that on 24 April, its BGP feeders were correctly receiving 205.251.192.0/23, 205.251.194.0/23, 205.251.196.0/23, 205.251.198.0/23, originated from Amazon (AS16509), until 11:04:00 (UTC). But, at 11:05:41 (UTC), Isolario recorded the first more specific /24 malicious announcements via BGP feeder and the announcements originated from eNET (AS10297) to its peer 1&1 Internet SE (AS8560). Click to enlarge image.
RIPE Stats collected the first more specific malicious advertisement at 11:05:42 (UTC) originating from eNET (AS10297), but this time through peer Hurricane Electric (AS6939).
Exactly at the same time, 11:05:42 (UTC), the Isolario BGP feeder received another update originating from eNET (AS10297) and it was also coming via Hurricane Electric (AS6939). Click to enlarge image.
Hurricane Electric has a worldwide Continue reading
Service Providers Race Toward Network Automation, Incredible Hulk Style
When asked what superhero they want their future network to be associated with, respondents’ No. 1 pick was the Hulk.
Your Data Center Needs a Network Time Machine
Big Switch’s data center monitoring fabric will add support for public cloud environments including AWS and Azure later this year.
The Cybersecurity Tech Accord Fits Squarely in the Collaborative Security Approach
Last week at RSA, more than 30 global companies came together to sign the Cybersecurity Tech Accord “to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.” It is an example of collaboration, which demonstrates the commitment and focus of the signatory companies to take action in order to tackle the significant security threats we are currently facing. It is this type of collective action we have promoted as part of our collaborative security
The Tech Accord is a positive step by large corporations across the globe involved in security to come together in the name of collaboration and make security commitments that resonate with the demands of Internet users everywhere. Per the Accord’s website, there are four main tenets of the Tech Accord:
- Stronger defense
The companies will mount a stronger defense against cyberattacks. As part of this, recognizing that everyone deserves protection, the companies pledged to protect all customers globally regardless of the motivation for attacks online. - No offense
The companies will not help governments launch cyberattacks against innocent citizens and enterprises, and will protect against tampering or exploitation of their products and services through every stage of technology development, design Continue reading
No, Ray Ozzie hasn’t solved crypto backdoors
According to this Wired article, Ray Ozzie may have a solution to the crypto backdoor problem. No, he hasn't. He's only solving the part we already know how to solve. He's deliberately ignoring the stuff we don't know how to solve. We know how to make backdoors, we just don't know how to secure them.The vault doesn't scale
Yes, Apple has a vault where they've successfully protected important keys. No, it doesn't mean this vault scales. The more people and the more often you have to touch the vault, the less secure it becomes. We are talking thousands of requests per day from 100,000 different law enforcement agencies around the world. We are unlikely to protect this against incompetence and mistakes. We are definitely unable to secure this against deliberate attack.
A good analogy to Ozzie's solution is LetsEncrypt for getting SSL certificates for your website, which is fairly scalable, using a private key locked in a vault for signing hundreds of thousands of certificates. That this scales seems to validate Ozzie's proposal.
But at the same time, LetsEncrypt is easily subverted. LetsEncrypt uses DNS to verify your identity. But spoofing DNS is easy, as was recently shown in Continue reading
Another BGP Hijacking Event Highlights the Importance of MANRS and Routing Security
Another BGP hijacking event is in the news today. This time, the event is affecting the Ethereum cryptocurrency. (Read more about it here, or here.) Users were faced with an insecure SSL certificate. Clicking through that, like so many users do without reading, they were redirected to a server in Russia, which proceeded to empty the user’s wallet. DNSSEC is important to us, so please check out the Deploy360 DNSSEC resources to make sure your domain names are protected. In this post, though, we’ll focus on the BGP hijacking part of this attack.
What happened?
First, here’s a rundown of routing attacks on cryptocurrency in general – https://btc-hijack.ethz.ch/.
In this case specifically, the culprit re-routed DNS traffic using a man in the middle attack using a server at an Equinix data center in Chicago. Cloudflare has put up a blog post that explains the technical details. From that post:
“This [hijacked] IP space is allocated to Amazon(AS16509). But the ASN that announced it was eNet Inc(AS10297) to their peers and forwarded to Hurricane Electric(AS6939).
“Those IPs are for Route53 Amazon DNS servers. When you query for one of their client zones, those servers Continue reading
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.
CC BY 2.0 image by elhombredenegro
What is BGP?
The Internet is composed of routes. For our DNS resolver 1.1.1.1 , we tell the world that all the IPs in the range 1.1.1.0 to 1.1.1.255 can be accessed at any Cloudflare PoP.
For the people who do not have a direct link to our routers, they receive the route via transit providers, who will deliver packets to those addresses as they are connected to Cloudflare and the rest of the Internet.
This is the normal way the Internet operates.
There are authorities (Regional Internet Registries, or RIRs) in charge of distributing IP addresses in order to avoid people using the same address space. Those are IANA, RIPE, ARIN, LACNIC, APNIC and AFRINIC.
What is a BGP leak?
The broad definition of a BGP leak would be IP space that is announced by somebody not allowed by the owner of the Continue reading
Fun, Games, and Cryptojacking at RSA Conference
Cyber warfare and cryptomining dominated RSA Conference keynotes and talks with technologists, who advocated a back-to-basics approach to network security.