Sophos Tracks Kubernetes Vulnerabilities, Adds Threat Intel Platform

Enea’s Roland Steiner Discusses Mobile Vendors, UDM, and Why the SaaS Model is Just Better

Amazon Detective, McAfee Hunt Down the Baddies

Silver Peak, Versa, Citrix, Aruba Bolster SD-WAN With AWS

Online Trust Audit for 2020 Presidential Campaigns Update

On 7 October 2019, the Internet Society’s Online Trust Alliance (OTA) released the Online Trust Audit for 2020 U.S. Presidential Campaigns. Overall, 30% of the campaigns made the Honor Roll, and 70% had a failure, mainly related to scores for their privacy statements. As part of this process, OTA reached out to the campaigns, offering to explain their specific Audit scores and ways to improve them. The campaigns were also told that they would be rescored in mid-November and the updated results would be published in early December. As a result, several campaigns contacted us to understand the methodology and scoring, and several of them made improvements.

Rescoring of all elements of the Audit was completed on 25 November, and the table below shows the updated results since release of the original Audit. Several campaigns have been suspended since early October (Messam, O’Rourke, Ryan, and Sanford, as well as Bullock and Sestak in early December). Campaigns shown in bold in the Honor Roll column made enough improvements to earn passing scores for their privacy statements and thereby achieve Honor Roll status. Campaigns shown in italics at the bottom of the table are new entrants since the Audit was released. Continue reading

Fortinet Extends Cloud Security Into AWS CloudFormation

Cisco SD-WAN, ACI Anywhere Gain AWS Links

Juniper SD-WAN Now Handles SD-LAN

Telefónica Reorients Around Tech, Waiting on 5G

SDxCentral’s Top 10 Articles — November 2019

5G Is No Panacea for IoT

Top 5 SD-WAN Takeaways for 2019

Harnessing the Power of the People: Cloudflare’s First Security Awareness Month Design Challenge Winners

Grabbing the attention of employees at a security and privacy-focused company on security awareness presents a unique challenge; how do you get people who are already thinking about security all day to think about it some more? October marked Cloudflare’s first Security Awareness Month as a public company and to celebrate, the security team challenged our entire company population to create graphics, slogans, and memes to encourage us all to think and act more securely every day.

Employees approached this challenge with gusto; global participation meant plenty of high quality submissions to vote on. In addition to being featured here, the winning designs will be displayed in Cloudflare offices throughout 2020 and the creators will be on the decision panel for next year’s winners. Three rose to the top, highlighting creativity and style that is uniquely Cloudflarian. I sat down with the winners to talk through their thoughts on security and what all companies can do to drive awareness.

Eugene Wang, Design Team, First Place

Sílvia Flores, Executive Assistant, Second Place

Scott Jones, e-Learning Developer, Third Place

Security Haiku

Wipe that whiteboard clean‌‌
Visitors may come and see
Secrets not for them

No tailgating please
You may be a Continue reading

Gelsinger’s Greatest Hits on VMware’s Q3 Earnings Call

Palo Alto Acquires Aporeto for $150M, Posts Mixed Q1

Deconstructing Google’s excuses on tracking protection

At worst Google is lying, at best, they are white lies ?

The post Deconstructing Google’s excuses on tracking protection appeared first on EtherealMind.

FCC Bans Huawei, ZTE From USF-Funded Projects

Operators Dish on Edge Computing Strategies at MEF 2019

TCP MD5

TCP_MD5 (RFC 2385) is something that doesn’t come up often. There’s a couple of reasons for that, good and bad.

I used it with tlssh, but back then (2010) it was not practical due to the limitations in the API on Linux and OpenBSD.

This is an updated post, written after I discovered TCP_MD5SIG_EXT.

What it is

In short it’s a TCP option that adds an MD5-based signature to every TCP packet. It signs the source and destination IP addresses, ports, and the payload. That way the data is both authenticated and integrity protected.

When an endpoint enables TCP MD5, all unsigned packets (including SYN packets) are silently dropped. For a signed connection it’s not even possible for an eavesdropper to reset the connection, since the RST would need to be signed.

Because it’s on a TCP level instead of part of the protocol on top of TCP, it’s the only thing that can protect a TCP connection against RST attacks.

It’s used by the BGP protocol to set a password on the connection, instead of sending the password in the handshake. If the password doesn’t match the TCP connection doesn’t even establish.

But outside of BGP it’s essentially Continue reading

A10 Hires New CEO, No Word on Potential Sale