A couple of months ago, Google announced that it had started using SSL as a factor in SEO ranking. Since the search giant is the referrer for most website traffic, this is the type of announcement that gets the attention of website owners.
Cloudflare, a popular and easy to implement Content Delivery Network, seems to be stepping up to this challenge. Even their free offering has an option to provide forward facing SSL services. As discussed on Packet Pushsers Priority Queue show 34, they are also modifying SSL in ways that allow them to provide services to organizations without the need to obtain the site owner’s private keys. The likely result of the offering is that many existing and many new Cloudflare customers will take advantage of their SSL services.
Paul’s Take–I think Google’s announcement, combined with Cloudflare’s SSL offerings, will result in a significant increase of SSL encrypted traffic. This will have an interesting effect on how organizations do security. Traditionally, there has been a lower (but increasing) ratio of https to http traffic. Scanning SSL traffic, for troubleshooting or security, is significantly more challenging than its clear text counterpart.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. Continue reading
Earlier today, I was listening to Risky Business show #341. In this show Matt Solnik discussed vulnerabilities that he attempted to share at BlackHat. I say attempted, because it sounds like they may have had some issues with audio/video during critical times of the presentation. Nonetheless, it seems like there are many vulnerable implementations of the open mobile administration device management (OMA-DM). I took a minute to dig up some of the videos published by Accuvant that makes this stuff real.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may not reflect the position of past, present or future employers.
The post Vulnerable OMA-DM Implementations and Over the Air Hacks appeared first on PacketU.
I have recently started working with Check Point products again, after a 5-year break. This has given me a different perspective on how they are progressing. It has been disappointing to see that they’re still suffering from some of the same old bugs. Some of the core functionality is now showing its age, and is no longer appropriate for modern networks.
When you’re using a product or technology on a regular basis, it can be hard to accurately gauge progress. Maybe it feels like there are only incremental changes, with nothing major happening. But then you come across a 5-year old system, and you realise just how far we’ve come. If you don’t think iOS is changing much, find some videos of the first iPhones.
The opposite is when it feels like there are many regular enhancements…but when you step back you see that core product issues are not dealt with. It can be hard to see this when you’re working at the coal-face. You need to step away, work with other products and systems, then return.
That’s what I’ve done with Check Point recently. Through much of the 2000s, I did a huge amount of work with Check Point firewalls. Continue reading
Like “orchestration”, compliance is a frequently overloaded phrase in IT -- it means very different things to different people. Ansible is frequently used in all sorts of compliance use cases, which we’ll expand on below.
Compliance can mean checking to see if a system has “drifted” from a known state, pushing a system back into line from a different state, or making it conform with a very specific set of (often security related) standards.
Welcome to Technology Short Take #45. As usual, I’ve gathered a collection of links to various articles pertaining to data center-related technologies for your enjoyment. Here’s hoping you find something useful!
Every now and then I get an email from a subscriber having video download problems. Most of the time the problem auto-magically disappears (and there’s no indication of packet loss or ridiculous latency in traceroute printout), but a few days ago Henry Moats managed to consistently reproduce the problem and sent me exactly what I needed: a pcap file.
TL&DR summary: you have to know a lot about application-level protocols, application servers and operating systems to troubleshoot networking problems.
Read more ...