The Good, The Bad, and The Questionable: Acquisition Activities

Sometimes I read the headlines when a company gets acquired and think to myself, “Wow, that was a great move!” Other times I can’t really speak after reading because I’m shaking my head too much about what I see to really make any kind of judgement. With that being said, I think it’s time to look at three recent acquisitions through the lens of everyone’s favorite spaghetti western.

The Good – Palo Alto Buys Twistlock: This one was kind of a no-brainer to me. If you want to stay relevant in the infrastructure security space you’re going to need to have some kind of visibility into containers. If you want to stay solvent after The Cloud destroys all infrastructure spending forevermore, you’re going to need to learn how to look into containers. And when you’re ready and waiting for the collapse of the cloud, containers are probably still going to be relevant.

Joking aside, this is a great move for Palo Alto. They’re getting a lot of container talent and can start looking at all kinds of ways to integrate that into their solution sets. It lets people in the organization justify the spend they have for security Continue reading

Join Cloudflare India Forum in Bangalore on 6 June 2019!

Join Cloudflare India Forum in Bangalore on 6 June 2019!
Join Cloudflare India Forum in Bangalore on 6 June 2019!

Please join us for an exclusive gathering to discover the latest in cloud solutions for Internet Security and Performance.

Cloudflare Bangalore Meetup

Thursday, 6 June, 2019:  15:30 - 20:00

Location: the Oberoi (37-39, MG Road, Yellappa Garden, Yellappa Chetty Layout, Sivanchetti Gardens, Bengalore)

We will discuss the newest security trends and introduce serverless solutions.

We have invited renowned leaders across industries, including big brands and some of the fastest-growing startups. You will  learn the insider strategies and tactics that will help you to protect your business, to accelerate the performance and to identify the quick-wins in a complex internet environment.

Speakers:

  • Vaidik Kapoor, Head of Engineering, Grofers
  • Nithyanand Mehta, VP of Technical Services & GM India, Catchpoint
  • Viraj Patel, VP of Technology, Bookmyshow
  • Kailash Nadh, CTO, Zerodha
  • Trey Guinn, Global Head of Solution Engineering, Cloudflare

Agenda:

15:30 - 16:00 - Registration and Refreshment

16:00 - 16:30 - DDoS Landscapes and Security Trends

16:30 - 17:15 - Workers Overview and Demo

17:15 - 18:00 - Panel Discussion - Best Practice on Successful Cyber Security and Performance Strategy

18:00 - 18:30 - Keynote #1 - Future edge computing

18:30 - 19:00 -  Keynote # 2 - Cyber attacks are evolving, Continue reading

A case for lease-based, utilitarian resource management on mobile devices

A case for lease-based, utilitarian resource management on mobile devices Hu et al., ASPLOS’19

I’ve chosen another energy-related paper to end the week, addressing a problem many people can relate to: apps that drain your battery. LeaseOS borrows the concept of a lease from distributed systems, but with a rather nice twist, and is able to reduce power wastage by 92% with no disruption to application experience and no changes required to the apps themselves.

So about that twist. LeaseOS injects a transparent proxy between an app and a power-hungry OS resource. The app thinks it has control of the resource until it releases it, but under the covers the proxy is given a lease. In a traditional leasing scheme, it’s up to the borrower to request a lease extension. But here half the problem is that apps are requesting expensive resources they don’t really need. So instead the OS monitors how wisely the leased resource is being used. If an app is making good, legitimate use of the resource then the lease will be transparently extended. If it isn’t, it loses the underlying resource. How you tell whether or not an app is being a wise steward of Continue reading

Upcoming Webinars and Events (June 2019)

I’m always amazed at how fast the time flies. I have no idea where May disappeared to, it seems like it was only yesterday when I was writing about webinar plans in 2019… and yet it’s only a month till ipSpace.net Summer Break™.

During June 2019 I’ll continue updating Designing the Private Cloud Infrastructure webinar, and start a new pet project: How Networks Really Work – I’m literally minutes away from traveling to a quiet spot in the middle of nowhere where I’ll work on the materials. In between these webinars you’ll find me in Zurich where I’ll run Microsoft Azure Networking workshop on June 12th in parallel with SIGS Technology Conference.

As you might expect we have plenty of things already lined up for autumn 2019… more about that in a week or two.

LDAP Search Active Directory

I recently had to migrate authentication for a service from FIPA to Active Directory. It was a bit of fluffing around because the directory structure in FIPA did not exactly align with the directory structure in AD. In this post I will demonstrate how to use the ldapsearch command to search...

Upcoming Course: How Routers Really Work

My newest course on Safari through Pearson is coming up in just a few weeks:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

VPC native GKE clusters – Container native LB

This blog is last in the series on VPC native GKE clusters. In this blog, I will cover Network endpoint groups(NEG) and Container native load balancing. For the first part on GKE ip addressing, please refer here and the second part on VPC native clusters, please refer here. Container load balancing and Network endpoint groups(NEG) … Continue reading VPC native GKE clusters – Container native LB

A10 Networks ACOS Critical Insecure Cookie Vulnerability 1 of 2

The following summarizes an HTTP persistence cookie vulnerability that I identified in A10’s ACOS ADC software. This issue was disclosed to A10 Networks in June 2016 and has since been resolved.

A10 Networks Cookie Vulnerability

This vulnerability results in information disclosure about names of service-groups and IPs of real servers, as well as the ability to manipulate the content of the cookies.

SUMMARY OF VULNERABILITY

The ACOS documentation for HTTP persistence cookies notes that “For security, address information in the persistence cookies is encrypted.” However, the address information is not “encrypted”; rather, the real server IP and port information is weakly obfuscated and is easily decoded, exposing information about the internal network. The simplicity of the obfuscation also makes it trivial to manually create a cookie which ACOS would decode and honor.

Additionally, cookies configured using the service-group command option have the service-group’s full name included in the persistence cookie as plain text. This vulnerability applies to HTTP/HTTPS VIP types that have been configured to use a cookie-based persistence template.

SOFTWARE VERSIONS TESTED

This vulnerability was discovered and validated initially in ACOS 2.7.2-P4-SP2 and reconfirmed most recently in ACOS 4.1.1-P3.

VULNERABLE VERSIONS

This behavior has been core to Continue reading

1 1,221 1,222 1,223 1,224 1,225 3,841