Today, Chrome Takes Another Step Forward in Addressing the Design Flaw That is an Unencrypted Web
The following is a guest post by Troy Hunt, awarded Security expert, blogger, and Pluralsight author. He’s also the creator of the popular Have I been pwned?, the free aggregation service that helps the owners of over 5 billion accounts impacted by data breaches.
I still clearly remember my first foray onto the internet as a university student back in the mid 90's. It was a simpler online time back then, of course; we weren't doing our personal banking or our tax returns or handling our medical records so the whole premise of encrypting the transport layer wasn't exactly a high priority. In time, those services came along and so did the need to have some assurances about the confidentiality of the material we were sending around over other people's networks and computers. SSL as it was at the time was costly, but hey, banks and the like could absorb that given the nature of their businesses. However, at the time, there were all sorts of problems with the premise of serving traffic securely ranging from the cost of certs to the effort involved in obtaining and configuring them through to the performance hit on the Continue reading
IBM-Led Nabla Container Platform Touts Isolation for Its Security Posture
The design differs from traditional Docker-based containers that allow for a host kernel to be shared by running containers, which leads to more interaction between the host and container pods.
Xage Scores $12M Series A for Blockchain-Based IoT Security
The company’s platform uses blockchain to connect industrial IoT devices and synchronize and store credentials, certificates, policies, and data between edge and data center locations.
Research: Even Password Complexity is a Tradeoff
Stronger passwords are always better—at least this is the working theory of most folks in information technology, security or otherwise. Such blanket rules should raise your suspicions, however; the rule11 maxim if you haven’t found the tradeoff, you haven’t looked hard enough should apply to passwords, too.
Begin with this simple assertion: complex passwords are primarily a guard against password guessing attacks. Further, while the loss of a single account can be tragic for the individual user (and in some systems, the loss of a single password can have massive consequences!), for the system operator, it is the overall health of the system that matters. There is, in any system, a point at which enough accounts have been compromised that the system itself can no longer secure any information. This not only means the system can no longer hide information, it also means transactions within the system can no longer be trusted.
The number of compromised accounts varies based on the kind of system in view; effectively breaching Continue reading
Tech Heavyweights Create Open Source Project to Transfer Data
Google, Facebook, Twitter, and Microsoft are behind the initiative. So far, Amazon and Apple are not part of the group.
Where in the World is NSX?
VMware NSX is going worldwide! We’ll be out and about through the end of the year, spreading networking and security love across America, Asia Pacific, and Europe. Our goal is to help agile organizations move toward a Virtual Cloud Network with consistent connectivity, branch optimization, and security across all infrastructure.
Whether we’ll be at a booth, product demo, talk, or otherwise – we want to connect! Join us at any of the major conferences and NSX upcoming events listed below to chat with our product experts. And, if you think you’ll be in attendance, be sure to tweet at us to let us know!
NSX Upcoming Events
Checkpoint CPX – 2/4
When: February 2 – 4, 2019
Where: Las Vegas, NV
Click here to learn more
Networking Field Day – 2/13
When: February 13 – 15, 2019
Where: Palo Alto, CA
Click here to learn more
Mobile World Congress – 2/25
When: February 25 – 28, 2019
Where: Barcelona, Spain
Click here to learn more
RSAC – 3/4
When: March 4 – 8, 2019
Where: San Francisco, CA
Click here to learn more
Cisco Live APJ– 3/5
When: March 5 Continue reading
Securing U.S. Democracy: Athenian Project Update
Last December, Cloudflare announced the Athenian Project to help protect U.S. state and local election websites from cyber attack.
Since then, the need to protect our electoral systems has become increasingly urgent. As described by Director of National Intelligence Dan Coats, the “digital infrastructure that serves this country is literally under attack.” Just last week, we learned new details about how state election systems were targeted for cyberattack during the 2016 election. The U.S. government’s indictment of twelve Russian military intelligence officers describes the scanning of state election-related websites for vulnerabilities and theft of personal information related to approximately 500,000 voters.
This direct attack on the U.S. election systems using common Internet vulnerabilities reinforces the need to ensure democratic institutions are protected from attack in the future. The Athenian Project is Cloudflare’s attempt to do our part to secure our democracy.
Engaging with Elections Officials
Since announcing the Athenian Project, we’ve talked to state, county, and municipal officials around the country about protecting their election and voter registration websites. Today, we’re proud to report that we have Athenian Project participants in 19 states, and are in talks with many more. We have also strategized with civil Continue reading
Rethink Your Security Infrastructure
A software-driven approach to security makes advanced capabilities possible even on a tight budget.
IPv6 in China
Photo by chuttersnap / Unsplash
At the end of 2017, Xinhua reported that there will be 200 Million IPv6 users inside Mainland China by the end of this year. Halfway into the year, we’re seeing a rapid growth in IPv6 users and traffic originating from Mainland China.
Why does this matter?
IPv6 is often referred to the next generation of IP addressing. The reality is, IPv6 is what is needed for addressing today. Taking the largest mobile network in China today, China Mobile has over 900 Million mobile subscribers and over 670 Million 4G/LTE subscribers. To be able to provide service to their users, they need to provide an IP address to each subscriber’s device. This means close to a billion IP addresses would be required, which is far more than what is available in IPv4, especially as the available IP address pools have been exhausted.
What is the solution?
To solve the addressability of clients, many networks, especially mobile networks, will use Carrier Grade NAT (CGN). This allows thousands, possibly up to hundreds of thousands, of devices to be shared behind a single internet IP address. The CGN equipment can be very expensive to scale and further, given the Continue reading
Containers-as-a-Service is a Fresh Battleground for Cloud Giants
Half of container users started less than 12 months ago, providing new blood for AWS, Azure, Google, Docker, VMware, Red Hat to fight over.
Commercial Kubernetes Services: There’s an App for That
The Google Cloud Platform Marketplace updates its previously launched Cloud Launcher service and offers applications that are tested and vetted to work on Kubernetes.
Security Vendor Claims 98 Percent of Serverless Deployments at Risk
The company scanned thousands of serverless-based apps running in production on AWS, with 16 percent of those at risk considered "serious."
Clark County Embraces Intrinsic Security with VMware NSX Data Center
Allen Tyson is a Senior Network Analyst at Clark County, located in the State of Nevada. Clark County encompasses the City of Las Vegas, and sees 47 million visitors each year. With roughly 10,000 employees and 38 departments, Allen has a large network to maintain.
Alex Berger, Networking and Security Product Marketing Manager, spoke with Allen about software-defined networking (SDN), and what led Clark County to choosing VMware NSX Data Center.
The Power of Social Media Communities
When a forward-thinking Deputy Chief Information Officer began talking about SDN, Allen did his due diligence to decide on the best option for Clark County. He took to social media to determine whether that choice would be NSX Data Center or Cisco ACI.
“First thing I did was I got on Twitter,” Allen explains. “It seemed like NSX was capable of doing a little bit more [than Cisco ACI] and it also seemed like the communities behind NSX and the people who were using NSX and the ability that I had to get a response from people was greater on the NSX side. And so, I started looking more into NSX.”
Allen was looking for stories from other customers with similar Continue reading
Corelight and Databricks Combine Forces for Threat Detection, Remediation, and Analytics
Both Corelight and Databricks are based on open source technologies — Corelight on Bro and Databricks on Apache Spark. While the open source technologies have been combined, this is the first time the companies' commercial versions of software will integrate.
Insider Threat Management Startup ObserveIT Closes $33M Series B
One-quarter of all security incidents involve insiders, according to Verizon’s annual Data Breach Investigations Report.
Smart Shopping Starts Today!
Let’s face it – things are different now than when we were kids.
I grew up with technology. My weekends consisted of frantically switching out floppy disks while on 13-inch-green-screen missions to destroy cubism-esque dragons, orcs and whatever else I could with my wizard powers. It taught me critical reasoning, innovative thinking, and gave me the courage to try new things.
Now that I’m a mom, I’m an advocate for my kids to use tech. But today’s tech is different. Now the Internet is everywhere and it’s a part of our everyday lives, in everyday things. Coffeemakers, toothbrushes, toasters, televisions and, yes – even teeth.
Did you ever think we’d have connected homes, let alone bras that might detect breast cancer?
These everyday things are known as the Internet of Things – IoT for short. It’s already everywhere.
Manufacturers are building connected things faster than most of us can keep up. While that means there’s lots of cool things hitting the shelves, many haven’t been built with our security or privacy in mind. That’s why we hear stories ranging from the somewhat humorous to the terrifying.
But we’re hungry for IoT devices – buying them as fast as manufacturers can Continue reading
Cloud, Container, and Serverless Developers Are In Big Demand
Sylabs is offering $2,500 to any non-employee that refers a developer that is eventually hired by the company.
The Week in Internet News: Startup Finds a Way to Glue Fiber to Roadways
Why don’t we glue it in the road? A technology startup has patented a way to integrate broadband fiber to blacktop, reports Motherboard. The patented technique, inspired by dentistry, uses a blend of resins to stick fiber optic cables to roads.
Major spending to fix IoT security: The Internet of Things security market will grow to US$6 billion by 2023, with spending to rise 300 percent between 2018 and 2023, according to Juniper Research. However, poor long-term device support and little fear of ramifications will keep security spending on connected homes lagging behind other markets, the research firm says.
Data breaches cost big bucks: The average cost of a data breach is $3.86 million, up more than 6 percent from last year, according to a study from IBM and the Ponemon Institute. Compromised organizations took 197 days to identify a breach and an additional 69 days to contain it, reports IT Pro. A data breach cost organizations an average of $148 per lost or stolen record.
AI takes over the world: About three-quarters of all consumers have interacted with artificial intelligence systems, reports ComputerWeekly.com. A Capgemini survey of 10,000 consumers found, however, that more than half of consumers prefer Continue reading
IETF 102, Day 1: IETF arrive à Montréal
Tomorrow sees kickoff of the Working Groups sessions at IETF 102 in Montreal, Canada, we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. Monday is an important day, with meetings of the TLS, 6MAN and SIDROPS Working Groups, along with two other IoT related groups.
6MAN commences at 09.30 EDT/UTC-4, and has six new drafts up for discussion covering IPv6 Neighbor Discovery Extensions for Prefix Delegation, IPv6 VPNs, ICMPv6, OAM in Segment Routing Networks with an IPv6 Data plane, allowing low or zero valid lifetimes to be accepted in Router Advertisement Prefix Information Options where it’s known that there can only be one router on the link; as well as introducing a new IPv6 ‘unrecognised’ option for ICMPv6 that conveys whether an underlying network can transmit IPv6 packets.
There are also three working group sponsored drafts, adopted from the last meeting. Privacy Extensions for Stateless Address Autoconfiguration in IPv6 describes an extension that causes nodes to generate global scope addresses from interface identifiers that change over time; IPv6 Segment Routing Header specifies how a node can steer a packet through a controlled set of instructions (segments) by prepending an SR header Continue reading
DNS-Over-TLS Built-In & Enforced – 1.1.1.1 and the GL.iNet GL-AR750S
GL.iNet GL-AR750S in black, same form-factor as the prior white GL.iNet GL-AR750. Credit card for comparison.
Back in April, I wrote about how it was possible to modify a router to encrypt DNS queries over TLS using Cloudflare's 1.1.1.1 DNS Resolver. For this, I used the GL.iNet GL-AR750 because it was pre-installed with OpenWRT (LEDE). The folks at GL.iNet read that blog post and decided to bake DNS-Over-TLS support into their new router using the 1.1.1.1 resolver, they sent me one to take a look at before it's available for pre-release. Their new router can also be configured to force DNS traffic to be encrypted before leaving your local network, which is particularly useful for any IoT or mobile device with hard-coded DNS settings that would ordinarily ignore your routers DNS settings and send DNS queries in plain-text.
In my previous blog post I discussed how DNS was often the weakest link in the chain when it came to browsing privacy; whilst HTTP traffic is increasingly encrypted, this is seldom the case for DNS traffic. This makes it relatively trivial for an intermediary to work out what site you're sending Continue reading