Remote code execution is possible by exploiting flaws in Vxworks

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. About IoT: What is the IoT? How the internet of things works What is edge computing and how it’s changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security Building IoT-ready networks must become a priority What is the Industrial IoT? [And why the stakes are so high] The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years.To read this article in full, please click here

Remote code execution is possible by exploiting flaws in Vxworks

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. About IoT: What is the IoT? How the internet of things works What is edge computing and how it’s changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security Building IoT-ready networks must become a priority What is the Industrial IoT? [And why the stakes are so high] The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years.To read this article in full, please click here

When It Comes to Security Architecture, Edge Is Where It’s At

There are billions of reasons why network security needs to be pushed to the edge, and Netskope is...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Decoding a Kubernetes Service Account Token

Recently, while troubleshooting a separate issue, I had a need to get more information about the token used by Kubernetes Service Accounts. In this post, I’ll share a quick command-line that can fully decode a Service Account token.

Service Account tokens are stored as Secrets in the “kube-system” namespace of a Kubernetes cluster. To retrieve just the token portion of the Secret, use -o jsonpath like this (replace “sa-token” with the appropriate name for your environment):

kubectl -n kube-system get secret sa-token \
-o jsonpath='{.data.token}'

The output is Base64-encoded, so just pipe the output into base64:

kubectl -n kube-system get secret sa-token \
-o jsonpath='{.data.token}' | base64 --decode

The result you’re seeing is a JSON Web Token (JWT). You could use the JWT web site to decode the token, but given that I’m a fan of the CLI I decided to use this JWT CLI utility instead:

kubectl -n kube-system get secret sa-token \
-o jsonpath='{.data.token}' | base64 --decode | \
jwt decode -

The final -, for those who may not be familiar, is the syntax to tell the jwt utility to look at STDIN for the JWT it needs to Continue reading

flexiWAN Open Source SD-WAN Enters Public Beta

The first public beta of its open source SD-WAN platform was released alongside the announcement of...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

How to compile OpenWrt and still use the official repository

Overview

We all know what OpenWrt is. The amazing Linux distro built specifically for embedded devices.

What you can achieve with a rather cheap router running OpenWrt, is mind-boggling.

OpenWrt also gives you a great control over its build system. For normal cases, you probably don’t need to build OpenWrt from source yourself. That has been done for you already and all you need to do, is to just download the appropriate compiled firmware image and then upload it to your router1.

But for more advanced usages, you may find yourself needing to build OpenWrt images yourself. This could be due wanting to make some changes to the code, add some device specific options, etc.

Building OpenWrt from source is easy, well-documented, and works great. That is, until you start using opkg to install some new packages.

opkg will by default fetch new packages from the official repository (as one might expect), but depending on the package, the installation may or may not fail.

If you only want to add/remove some packages from a firmware, building OpenWrt from scratch is an overkill. You want to use OpenWrt Image Builder instead. OpenWrt Image Builder also does not suffer from Continue reading

TCP MSS Values

It may sound a little esoteric, but after a recently exposed Linux vulnerability the setting of the MSS value in a TCP handshake evidently matters. What values are used out there in the Internet today?

IoT roundup: Connected cows, food safety sensors and tracking rent-a-bikes

While the public image of agriculture remains a bit antiquated, the industry is actually an increasingly sophisticated one, and farmers have been particularly enthusiastic in their embrace of IoT. Everything from GPS-guided precision for planting, watering and harvesting to remote soil monitoring and in-depth yield analysis is available to the modern farmer.What’s more, the technology used in agriculture continues to evolve at speed; witness the recent partnership between Quantified Ag, a University of Nebraska-backed program that, among other things, can track livestock health via a system of IoT ear tags, and Cradlepoint, a vendor that makes the NetCloud Manager product.To read this article in full, please click here

Google Cloud to offer VMware data-center tools natively

Google this week said it would for the first time natively support VMware workloads in its Cloud service, giving customers more options for deploying enterprise applications.The hybrid cloud service called Google Cloud VMware Solution by CloudSimple will use VMware software-defined data center (SDCC) technologies including VMware vSphere, NSX and vSAN software deployed on a platform administered by CloudSimple for GCP.RELATED: How to make hybrid cloud work “Users will have full, native access to the full VMware stack including vCenter, vSAN and NSX-T. Google Cloud will provide the first line of support, working closely with CloudSimple to help ensure customers receive a streamlined product support experience and that their business-critical applications are supported with the SLAs that enterprise customers need,”  Thomas Kurian, CEO of Google Cloud wrote in a blog outlining the deal. To read this article in full, please click here

Top 4 Tactics To Keep Node.js Rockin’ in Docker

This is a guest post from Docker Captain Bret Fisher, a long time DevOps sysadmin and speaker who teaches container skills with his popular Docker Mastery courses including Docker Mastery for Node.js, weekly YouTube Live shows, and consults to companies adopting Docker. Join Bret for an online meetup on August 28th, where he’ll give demos and Q&A on Node.js and Docker topics.

Foxy, my Docker Mastery mascot is a fan of Node and Docker
We’ve all got our favorite languages and frameworks, and Node.js is tops for me. I’ve run Node.js in Docker since the early days for mission-critical apps. I’m on a mission to educate everyone on how to get the most out of this framework and its tools like npm, Yarn, and nodemon with Docker.

There’s a ton of info out there on using Node.js with Docker, but so much of it is years out of date, and I’m here to help you optimize your setups for Node.js 10+ and Docker 18.09+. If you’d rather watch my DockerCon 2019 talk that covers these topics and more, check it out on YouTube.

Let’s go through 4 steps Continue reading

BrandPost: To SD-WAN or Not to SD-WAN? – The answer is in Your ROI

This is the part-one of a two-part blog series that will explore the return on investment that can be achieved by deploying a business-driven SD-WAN. In this installment, I will discuss how enterprise IT organizations can make the business case for moving from a traditional router-centric WAN architecture to a business-first networking model with SD-WAN.According to a survey conducted by Frost and Sullivan in 2018[1], 72 percent of respondents considered SD-WAN as a priority for their organization. Only a small percentage, six percent, indicated that they have no intention to deploy SD-WAN in the near term.To read this article in full, please click here

How to manage logs in Linux

Managing log files on Linux systems can be incredibly easy or painful. It all depends on what you mean by log management.If all you mean is how you can go about ensuring that your log files don’t eat up all the disk space on your Linux server, the issue is generally quite straightforward. Log files on Linux systems will automatically roll over, and the system will only maintain a fixed number of the rolled-over logs. Even so, glancing over what can easily be a group of 100 files can be overwhelming. In this post, we'll take a look at how the log rotation works and some of the most relevant log files. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Automatic log rotation Log files rotate frequently. What is the current log acquires a slightly different file name and a new log file is established. Take the syslog file as an example. This file is something of a catch-all for a lot of normal system messages. If you cd over to /var/log and take a look, you’ll probably see a series of syslog files like this:To read Continue reading

1 1,221 1,222 1,223 1,224 1,225 3,882