Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here

Weekend Reads 041119

Since at least the middle of the last century, the question of how to get employees to improve has generated a good deal of opinion and research. —Marcus Buckingham and Ashley Goodall

Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? —Geoff Huston

n February, the company announced its intention to move forward with the development of the Curie cable, a new undersea line stretching from California to Chile. It will be the first private intercontinental cable ever built by a major non-telecom company. Tyler Cooper—

You have your morning coffee in hand, you’ve just finished your daily scrum, and you sit down at your computer to start your day. Up pops a Slack message. You scan your emails, then bounce back to Slack. —Sarah Wall

“Open core” evolved as one of the primary ways for companies that maintain an open source project to make money. They offer a product that at the “core” is the open source project, but with features that only paying customers have access too. MongoDB and Elastic, —Eric Anderson

EU antitrust regulators should consider forcing tech giants such as Google and Continue reading

BrandPost: How the Server Rack in your Converged Infrastructure can Speed up your Edge Computing Deployment

According to research firm MarketsandMarkets™, from 2017 through to 2022, edge computing will experience a Compound Annual Growth Rate (CAGR) of 35.4% (from $1.47 Billion US to $6.72 Billion US). Those in the business of distributing, configuring and selling IT solutions recognize that traditional IT offerings will need to be modified in order to accommodate these new edge computing environments.A number of factors influence the adaptation of edge computing in what are primarily remote locations. These include fast delivery and ease of installation, operation and management of that hardware equipment such as server racks and software. These systems also need to perform in such a way as to address latency, bandwidth cost and data location issues.To read this article in full, please click here

Heavy Networking 441: Active Network Testing And Service Assurance With Netrounds (Sponsored)

On today’s Heavy Networking we talk with sponsor Netrounds about measuring network performance and user experience through active testing. Netrounds' software generates synthetic traffic to measure actual performance of critical services, provides assurance that KPIs are being met, and identifies where problems occur.

The post Heavy Networking 441: Active Network Testing And Service Assurance With Netrounds (Sponsored) appeared first on Packet Pushers.

Failure Analysis: An Interesting way to Break CAPWAP

I recently stumbled into what I think is a very interesting failure scenario with a Cisco Wireless solution. This was a traditional controller based solution that leveraged a CAPWAP data and control plane. The symptoms were fairly consistent and strange.

Symptoms:

  • When issues are occurring, all uploads reduce to about 1.5Mb/s
  • Installing a new AP seems to solve the issue
  • Issue re-occurs in a few minutes
  • Issues only occur for one specific site
  • Wireless is configured consistently across 5 sites
  • RF is not an issue

Topology:

When I got involved with this, a few people had reviewed the configuration and TAC had been involved for some time. While on-site, I took a look at RF and channel utilization (expecting to find it to be ugly since I knew it was heavily dependent on 2.4Ghz). My first order of business was to spin up a test AP in its own group and advertise a test SSID on a 5Ghz channel. Upon doing so, both iPerf and Speedtest were >50Mb/s. My initial thought was that the density needed to be increased and the radios tweaked to get more clients on 5Ghz. However, a few minutes into my testing–my upload also Continue reading

Intent-Based Networking Resources

Every now and then I get a question along the lines of I’m your subscriber and would like to know more about X, so I decided to start creating technology-specific pages on www.ipSpace.net that would include links to most relevant ipSpace.net blog posts, webinars, sections in our online courses, and interesting third-party resources.

The subscriber triggering this process asked me about Intent-Based Networking, so here’s the relevant resources page.

Master of web puppets: abusing web browsers for persistent and stealthy computation

Master of web puppets: abusing web browsers for persistent and stealthy computation Papadopoulus et al., NDSS’19

You’ve probably heard about crypto-currency mining and the like in hijacked browsers.

From a security perspective, a fundamental problem of web applications is that by default their publisher is considered as trusted, and thus allowed to run JavaScript code (even from third parties) on the user side without any restrictions… On the positive side JavaScript execution so far has been constrained chronologically to the lifetime of the browser window or tab that rendered the compromised or malicious website.

Not any more! This paper shows how modern browsers with support for Service Workers can be stealthily connected into a botnet, with a connection that persists until the user closes the browser completely: “in contrast to previous approaches for browser hijacking, a key feature of MarioNet is that it remains operational even after the user browses away from the malicious webpage.

MarioNet building blocks: Service Workers and WebRTC

Service Workers are non-blocking modules that reside in the user’s browser. Once registered they can run in the background without requiring the user to continue browsing on the originating site. In addition, service workers have Continue reading

Assange indicted for breaking a password

In today's news, after 9 years holed up in the Ecuadorian embassy, Julian Assange has finally been arrested. The US DoJ accuses Assange for trying to break a password. I thought I'd write up a technical explainer what this means.


According to the US DoJ's press release:
Julian P. Assange, 47, the founder of WikiLeaks, was arrested today in the United Kingdom pursuant to the U.S./UK Extradition Treaty, in connection with a federal charge of conspiracy to commit computer intrusion for agreeing to break a password to a classified U.S. government computer.
The full indictment is here.

It seems the indictment is based on already public information that came out during Manning's trial, namely this log of chats between Assange and Manning, specifically this section where Assange appears to agree to break a password:


What this says is that Manning hacked a DoD computer and found the hash "80c11049faebf441d524fb3c4cd5351c" and asked Assange to crack it. Assange appears to agree.

So what is a "hash", what can Assange do with it, and how did Manning grab it?

Computers store passwords in an encrypted (sic) form called a "one way hash". Since it's "one way", it can Continue reading

Kernel of Truth season 2 episode 5: The power of community

Subscribe to Kernel of Truth on iTunes, Google Play, SpotifyCast Box and Sticher!

Click here for our previous episode.

From developer days to hackathons and from events to forums, Slack and social media included- there’s a community out there waiting for you! In this episode, host Brian talks to community evangelist for Nutanix Angelo Luciani and our own Pete Lumbis about the power of community and self-service. What are the perks, both personally and professionally, that you get when you’re actively participating in a community? What are some communities and resources we’ve found useful? Grab a taco, listen and find out. We promise you’ll get the taco reference after listening.

Guest Bios

Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to be a part of the open networking innovation. When not working, Brian is a voracious reader and has held a variety of jobs, including bartending in three countries and working as an extra in a German Continue reading

Collaboration, Connectivity, and Self-Determination

Over 20 million people in North America lack access to fast, affordable, and reliable Internet. In October 2018, the Indigenous Connectivity Summit gathered over 150 Indigenous leaders, policymakers, network operators, and community members in the Canadian Arctic town of Inuvik to focus on a common goal: bringing fast, affordable, and reliable Internet to Indigenous communities. The event featured success stories of community networks across North America to demonstrate the power of communities to lead their own Internet solutions, and how anyone can support them.

Crystal Gail Fraser, a Gwichyà Gwich’in woman who calls Inuvik home, sees collaborative Internet solutions as a critical path to self-determination for her community.

As I stepped off the plane in Inuvik, I inhaled the arctic air. I observed the scenic landscape of Dinjii Zhuh (Gwich’in) and Inuvialuit territory, taking in the familiarity: the snow-covered rolling hills, stunted spruce trees, and ice crystals in the air.

A scenic landscape on the Inuvik-Tuktoyaktuk Highway, which is located on Inuvialuit
land.
Photo credit: April Froncek

This land and all that it holds, means, and represents, has been critical to Dinjii Zhuh culture, economies, and lifestyles since Ts’ii Dęįį (Time Immemorial).

Crystal Gail Fraser and her daughter Quinn Addison Continue reading
1 1,217 1,218 1,219 1,220 1,221 3,796