Wireless attacks on aircraft instrument landing systems

Wireless attacks on aircraft instrument landing systems Sathaye et al., USENIX Security Symposium 2019

It’s been a while since we last looked at security attacks against connected real-world entities (e.g., industrial machinery, light-bulbs, and cars). Today’s paper is a good reminder of just how important it is becoming to consider cyber threat models in what are primary physical systems, especially if you happen to be flying on an aeroplane – which I am right now as I write this!

The first fully operational Instrument Landing System (ILS) for planes was deployed in 1932. But assumptions we’ve been making since then (and until the present day, it appears!) no longer hold:

Security was never considered by design as historically the ability to transmit and receive wireless signals required considerable resources and knowledge. However, the widespread availability of powerful and low-cost software-defined radio platforms has altered the threat landscape. In fact, today the majority of wireless systems employed in modern aviation have been shown to be vulnerable to some form of cyber-physical attacks.

Both sections 1 and 6 in the paper give some eye-opening details of known attacks against aviation systems, but to date no-one Continue reading

At the Grace Hopper Celebration, Learn Why Developers Love Docker

Lisa Dethmers-Pope and Amn Rahman at Docker also contributed to this blog post.

Docker hosted a Women’s Summit at DockerCon 2019.

As a Technical Recruiter at Docker, I am excited to be a part of Grace Hopper Celebration. It is a marvelous opportunity to speak with many talented women in tech and to continue pursuing one of Docker’s most valued ambitions: further diversifying our team. The Docker team will be on the show floor at the Grace Hopper Celebration, the world’s largest gathering of women technologists the week of October 1st in Orlando, Florida.

Our Vice President of Human Resources, and our Senior Director of Product Management, along with representatives from our Talent Acquisition and Engineering teams will be there to connect with attendees. We will be showing how to easily build, run, and share an applications using the Docker platform, and talking about what it’s like to work in tech today. 

Supporting Women in Tech

While we’ve made strides in diversity within tech, the 2019 Stack Overflow Developer Survey shows we have work to do. According to the survey, only 7.5 percent of professional developers are women worldwide (it’s 11 percent of all developers in the U. Continue reading

IBM brings blockchain to Red Hat OpenShift; adds Apache CouchDB for hybrid cloud customers

IBM continued its Red Hat and open-source integration work this week by adding Red Hat OpenShift support to its blockchain platform and bringing a Kubernetes Operator for Apache CouchDB along side its hybrid-cloud services offering. The ability to deploy IBM Blockchain on Red Hat OpenShift, the company’s flagship enterprise Kubernetes platform, means IBM Blockchain developers will have the ability  to deploy secure software, either on-premises, in public clouds or in hybrid cloud architectures.To read this article in full, please click here

CrowdStrike-Ukraine Explained

Trump's conversation with the President of Ukraine mentions "CrowdStrike". I thought I'd explain this.


What was said?

This is the text from the conversation covered in this
“I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy people... The server, they say Ukraine has it.”
Personally, I occasionally interrupt myself while speaking, so I'm not sure I'd criticize Trump here for his incoherence. But at the same time, we aren't quite sure what was meant. It's only meaningful in the greater context. Trump has talked before about CrowdStrike's investigation being wrong, a rich Ukrainian owning CrowdStrike, and a "server". He's talked a lot about these topics before.


Who is CrowdStrike?

They are a cybersecurity firm that, among other things, investigates hacker attacks. If you've been hacked by a nation state, then CrowdStrike is the sort of firm you'd hire to come and investigate what happened, and help prevent it from happening again.


Why is CrowdStrike mentioned?

Because they were the lead investigators in the DNC hack who came to the conclusion that Russia was responsible. The pro-Trump crowd believes this conclusion is Continue reading

Gremlin’s Scenarios Simulate Common Outages for Chaos Engineering

There are two things that seem to motivate developers — a speedy, self-explanatory onboarding experience and a bit of friendly competition. Certainly, Gremlin chaos as a service’s new Scenarios features seems to check both boxes. The Scenarios feature, which launched Thursday at the company’s Lorne Kligerman. The idea for Scenarios pulled from their former chaotic lives as well as from customer success and developer advocates. “We know things will fail today. We Continue reading

CMC Networks Bolsters SD-WAN with Enea NFV Access

Enea's NFV Access platform will power CMC Network's Rapid Adaptive Network SD-WAN in Africa and the...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Ericsson Bribery Scandal Cuts Deep, Surpassing $1B Penalty

Ericsson expects to pay $1.23 billion to cover a potential settlement and related costs to resolve...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Data center gear will increasingly move off-premises

I've said that colocation and downsizing in favor of the cloud is happening, and the latest research from 451 Research confirms the trend. More than half of global utilized racks will be located at off-premises facilities, such as cloud and colocation sites, by the end of 2024, the company found.As companies get out of data center ownership, hardware will move to colocation sites like Equinix and DRT or cloud providers. The result is the total worldwide data center installed-base growth will see a dip of 0.1% CAGR between 2019-2024, according to the report, but overall total capacity in terms of space, power, and racks will continue to shift toward larger data centers.To read this article in full, please click here

Data center gear will increasingly move off-premises

I've said that colocation and downsizing in favor of the cloud is happening, and the latest research from 451 Research confirms the trend. More than half of global utilized racks will be located at off-premises facilities, such as cloud and colocation sites, by the end of 2024, the company found.As companies get out of data center ownership, hardware will move to colocation sites like Equinix and DRT or cloud providers. The result is the total worldwide data center installed-base growth will see a dip of 0.1% CAGR between 2019-2024, according to the report, but overall total capacity in terms of space, power, and racks will continue to shift toward larger data centers.To read this article in full, please click here

Cisco Warns of ‘Continued Attempts’ to Exploit Critical Bug

Cisco disclosed more than two dozen vulnerabilities in its network automation software and one...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Designing Your First Application in Kubernetes, Part 4: Configuration

I reviewed the basic setup for building applications in Kubernetes in part 1 of this blog series, and discussed processes as pods and controllers in part 2. In part 3, I explained how to configure networking services in Kubernetes to allow pods to communicate reliably with each other. In this installment, I’ll explain how to identify and manage the environment-specific configurations expected by your application to ensure its portability between environments.

Factoring out Configuration

One of the core design principles of any containerized app must be portability. We absolutely do not want to reengineer our containers or even the controllers that manage them for every environment. One very common reason why an application may work in one place but not another is problems with the environment-specific configuration expected by that app.

A well-designed application should treat configuration like an independent object, separate from the containers themselves, that’s provisioned to them at runtime. That way, when you move your app from one environment to another, you don’t need to rewrite any of your containers or controllers; you simply provide a configuration object appropriate to this new environment, leaving everything else untouched.

When we design applications, we need to identify what Continue reading

Cisco: 13 IOS, IOS XE security flaws you should patch now

Cisco this week warned its IOS and IOS XE customers of 13 vulnerabilities in the operating system software they should patch as soon as possible.All of the vulnerabilities – revealed in the company’s semiannual IOS and IOS XE Software Security Advisory Bundle – have a security impact rating (SIR) of "high". Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device, Cisco stated. "How to determine if Wi-Fi 6 is right for you" Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two others affect Cisco IOS Software, and eight of the vulnerabilities affect Cisco IOS XE Software. The final one affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.  Cisco has released software updates that address these problems.To read this article in full, please click here

Cisco: 13 IOS, IOS XE security flaws you should patch now

Cisco this week warned its IOS and IOS XE customers of 13 vulnerabilities in the operating system software they should patch as soon as possible.All of the vulnerabilities – revealed in the company’s semiannual IOS and IOS XE Software Security Advisory Bundle – have a security impact rating (SIR) of "high". Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device, Cisco stated. "How to determine if Wi-Fi 6 is right for you" Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two others affect Cisco IOS Software, and eight of the vulnerabilities affect Cisco IOS XE Software. The final one affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.  Cisco has released software updates that address these problems.To read this article in full, please click here

Deep Dive: How Do Banks Score on Privacy and Security?

In April 2019 the Internet Society’s Online Trust Alliance published its 10th annual Online Trust Audit & Honor Roll assessing the security and privacy of 1,200 top organizations. The Banking sector includes the top 100 banks in the U.S., based on assets according to the Federal Deposit Insurance Corporation (FDIC). Banks had a standout year, with a dramatic increase in scores across the board. Let’s take a closer look.

Overall, 73% of banks made the Honor Roll, putting the banking sector 4th behind the News and Media (78%), Consumer Services (85%), and the U.S. Federal Government (91%) sectors. In the previous Audit, only 27% made the grade. This large jump is due to improvements in all three scoring categories: email authentication, site security, and privacy.

Email 

Banks, like most sectors, came close to 100% adoption in the two main email security technologies studied in the Audit: SPF (93%) and DKIM (87%). In addition, banks saw a marked improvement in how many sites implemented both both technologies at 87% in 2018, up from 60% in 2017. This puts banks among the most improved sectors in this area.

DMARC builds on SPF and DKIM results, provides a means for Continue reading

HTTP/3: the past, the present, and the future

HTTP/3: the past, the present, and the future

During last year’s Birthday Week we announced preliminary support for QUIC and HTTP/3 (or “HTTP over QUIC” as it was known back then), the new standard for the web, enabling faster, more reliable, and more secure connections to web endpoints like websites and APIs. We also let our customers join a waiting list to try QUIC and HTTP/3 as soon as they became available.

HTTP/3: the past, the present, and the future

Since then, we’ve been working with industry peers through the Internet Engineering Task Force, including Google Chrome and Mozilla Firefox, to iterate on the HTTP/3 and QUIC standards documents. In parallel with the standards maturing, we’ve also worked on improving support on our network.

We are now happy to announce that QUIC and HTTP/3 support is available on the Cloudflare edge network. We’re excited to be joined in this announcement by Google Chrome and Mozilla Firefox, two of the leading browser vendors and partners in our effort to make the web faster and more reliable for all.

In the words of Ryan Hamilton, Staff Software Engineer at Google, “HTTP/3 should make the web better for everyone. The Chrome and Cloudflare teams have worked together closely to bring HTTP/3 and QUIC from nascent standards to widely Continue reading

1 1,092 1,093 1,094 1,095 1,096 3,794