0

Verizon Boosts Security With Blockchain, Adds MDR

One of the services encrypts and replicates identity data across multiple online servers on the...

Read More »

0

Headcount: Firings, Hirings, and Retirings — February 2020

SAP revamped org structure, exited 2 board members; Intel slashed jobs despite record quarter; plus...

Read More »

0

4 Ways SD-Branch Is Transforming Retail Networks

Retail SD-branch can help a business retain customers, offer them better service, and increase...

Read More »

0

A requirements spec for voting

In software development, we start with a "requirements specification" defining what the software is supposed to do. Voting machine security is often in the news, with suspicion the Russians are trying to subvert our elections. Would blockchain or mobile phone voting work? I don't know. These things have tradeoffs that may or may not work, depending upon what the requirements are. I haven't seen the requirements written down anywhere. So I thought I'd write some.


One requirement is that the results of an election must seem legitimate. That's why responsible candidates have a "concession speech" when they lose. When John McCain lost the election to Barack Obama, he started his speech with:

"My friends, we have come to the end of a long journey. The American people have spoken, and they have spoken clearly. A little while ago, I had the honor of calling Sen. Barack Obama — to congratulate him on being elected the next president of the country that we both love."

This was important. Many of his supporters were pointing out irregularities in various states, wanting to continue the fight. But there are always irregularities, or things that look like irregularities. In every election, if a Continue reading

0

Pwned Passwords Padding (ft. Lava Lamps and Workers)

The Pwned Passwords API (part of Troy Hunt’s Have I Been Pwned service) is used tens of millions of times each day, to alert users if their credentials are breached in a variety of online services, browser extensions and applications. Using Cloudflare, the API cached around 99% of requests, making it very efficient to run.

From today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data. This exists to effectively protect from any potential attack vectors which seek to use passive analysis of the size of API responses to identify which anonymised bucket a user is querying. I am hugely grateful to security researcher Matt Weir who I met at PasswordsCon in Stockholm and has explored proof-of-concept analysis of unpadded API responses in Pwned Passwords and has driven some of the work to consider the addition of padded responses.

Now, by passing a header of “Add-Padding” with a value of “true”, Pwned Passwords API users are able to request padded API responses (to a minimum of 800 entries with additional padding of a further 0-200 entries). The padding consists of randomly generated hash suffixes with the usage Continue reading

0

Did We Just Attend the Last Trade Show Ever at RSA?

Security professionals tend to be at least a moderately paranoid bunch, and adding a real virus to...

Read More »

0

Rakuten Mobile Dismisses Open RAN Skeptics

The open RAN framework is 40% cheaper than traditional telecommunication infrastructure, according...

Read More »

0

Claris Rides Apple Hook for Low-Code Nirvana

The low-code vendor is Apple's only direct software play in the B2B space.

0

Daily Roundup: Nokia CEO Walks the Plank

Nokia CEO walked the plank; VMware's winning streak came to a screeching halt; and Marvell injected...

Read More »

0

Cisco’s Wendy Nather: Never Say This to a CISO

When Cisco acquired Duo Security, Nather’s was the only CISO advisory team. Cisco quickly saw the...

Read More »

0

Marvell Injects New Life Into Infrastructure Chips

The chips are designed to power networking equipment like switches, routers, secure gateways,...

Read More »

0

SDxCentral’s Top 10 Articles — February 2020

SAP revamps organizational structure, exits 2 board members; coronavirus kills MWC Barcelona; and...

Read More »

0

Technical Details of Why Cloudflare Chose AMD EPYC for Gen X Servers

From the very beginning Cloudflare used Intel CPU-based servers (and, also, Intel components for things like NICs and SSDs). But we're always interested in optimizing the cost of running our service so that we can provide products at a low cost and high gross margin.

We're also mindful of events like the Spectre and Meltdown vulnerabilities and have been working with outside parties on research into mitigation and exploitation which we hope to publish later this year.

We looked very seriously at ARM-based CPUs and continue to keep our software up to date for the ARM architecture so that we can use ARM-based CPUs when the requests per watt is interesting to us.

In the meantime, we've deployed AMD's EPYC processors as part of Gen X server platform and for the first time are not using any Intel components at all. This week, we announced details of this tenth generation of servers. Below is a recap of why we're excited about the design, specifications, and performance of our newest hardware.

Servers for an Accelerated Future

Every server can run every service. This architectural decision has helped us achieve higher efficiency across the Cloudflare network. It has also given us more Continue reading

0

VMware Suffers Operational Indigestion

The company began to lose momentum coming out of its latest fiscal year in which it made 10...

Read More »

0

Daily Roundup: Huawei CSO Mocks US Security Policy

Huawei CSO mocked US security policy; Palo Alto Networks added X factor to $560M Demisto buy; and...

Read More »

0

Fortinet CEO: SD-WAN, Edge, Automation Key to Next-Gen Security

Perimeter-based security is no longer sufficient, security surfaces and compute demands are...

Read More »

0

Palo Alto Networks Adds X Factor to $560M Demisto Buy

Palo Alto Network’s product announcement coincided with its quarterly earnings report, which fell...

Read More »

0

Denial of Services as a Service

Hacking isn’t new. If you follow the 2600 Magazine culture of know the name Mitnick or Draper you know that hacking has been a part of systems as long as their have been systems. What has changed in recent years is the malicious aspect of what’s going on in the acts themselves. The pioneers of hacking culture were focused on short term gains or personal exploitation. It was more about proving you could break into a system and getting the side benefit of free phone calls or an untraceable mobile device. Today’s hacking cultures are driven by massive amounts of theft and exploitation of resources to a degree that would make any traditional hacker blush.

It’s much like the difference between petty street crime and “organized” crime. With a patron and a purpose, the organizers of the individual members can coordinate to accomplish a bigger goal than was ever thought possible by the person on the street. Just like a wolf pack or jackals, you can take down a much bigger target with come coordination. I talked a little bit about how the targets were going to start changing almost seven years ago and how we needed to start figuring Continue reading

0

Securing Memory at EPYC Scale

Security is a serious business, one that we do not take lightly at Cloudflare. We have invested a lot of effort into ensuring that our services, both external and internal, are protected by meeting or exceeding industry best practices. Encryption is a huge part of our strategy as it is embedded in nearly every process we have. At Cloudflare, we encrypt data both in transit (on the network) and at rest (on the disk). Both practices address some of the most common vectors used to exfiltrate information and these measures serve to protect sensitive data from attackers but,  what about data currently in use?

Can encryption or any technology eliminate all threats? No, but as Infrastructure Security, it’s our job to consider worst-case scenarios. For example, what if someone were to steal a server from one of our data centers? How can we leverage the most reliable, cutting edge, innovative technology to secure all data on that host if it were in the wrong hands? Would it be protected? And, in particular, what about the server’s RAM?

Data in random access memory (RAM) is usually stored in the clear. This can leave data vulnerable to software or hardware probing by Continue reading

0

Daily Roundup: Huawei Security Concern Ignites RSA Panel

Huawei security concerns ignited RSA panel discussion; Airline exec dished advice to security...

Read More »