Constant Updates Key to Fighting Spectre, Meltdown, Foreshadow
It's common for hardware to have bugs. It's up to the kernel to provide mitigation.
Despite What VMware Says, Not Everyone Wants to Deploy Containers in VMs
OpenStack’s Rocky Release makes it easier to deploy containers on bare metal.
Identifying and alerting on data loss using Cloudflare Workers
Photo by Markus Spiske / Unsplash
You hear about data breaches almost every day in the news these days. New regulations, such as GDPR, require companies to disclose data breaches within 72 hours of becoming aware. Becoming aware of and identifying data breaches as they happen, however, is not an easy task. It is often challenging for companies to become aware of their own data breaches and losses well-before they get picked up by the media.
One symptom of a data breach is data (such as passwords or PII) that should never leave internal systems making its way through an HTTP response into the public Internet. Since Cloudflare Workers sits between your infrastructure and the public for any endpoints exposed to the Internet, Workers can be used as a way of alerting you of canary data leaving.
In the following example, we will be inspecting the content of each response, checking to see if our canary data has leaked out, and if so, returning a static response and calling the PagerDuty API to notify of a potential breach.
Detecting Data Loss
In this example, we’ll be looking for a particular string in the body of the response. This string can Continue reading
Former LinkedIn, Yahoo, Cisco Execs Target Cloud Security at Avid Secure
The startup uses artificial intelligence and automation to detect and respond to security threats and ensure compliance in cloud environments.
CLKscrew: Another side channel you didn’t know about
Network engineers focus on protocols and software, but somehow all of this work must connect to the hardware on which packets are switched, and data is processed. A big part of the physical side of what networks “do” is power—how it is used, and how it is managed. The availability of power is one of the points driving centralization; power is not universally available at a single price. If cloud is cheaper, it’s probably not because of the infrastructure, but rather because of the power and real estate costs.
A second factor in processing is the amount of heat produced in processing. Data center designers expend a lot of energy in dealing with heat problems. Heat production is directly related to power usage; each increase in power consumption for processing shows up as heat somewhere—heat which must be removed from the equipment and the environment.
It is important, therefore, to optimize power usage. To do this, many processors today have power management interfaces allowing software to control the speed at which a processor runs. For instance, Kevin Myers (who blogs here) posted a recent experiment with pings running while a laptop is plugged in and on battery—
Reply from 2607:f498:4109::867:5309: Continue reading
Call for Participation – ICANN DNSSEC Workshop at ICANN63 Barcelona
Do you have a great idea about DNSSEC or DANE that you’d like to share with the wider community? If so, and you’re planning to be in Barcelona, Spain for ICANN63 in October 2018, submit a proposal to present your idea at the DNSSEC Workshop!
Send a brief (1-2 sentence) description of your proposed presentation to [email protected] by Friday, 07 September 2018.
The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop during the ICANN63 meeting held from 20-25 October 2018 in Barcelona, Spain. The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments.
Building a Diverse Business Development Team in EMEA
Cloudflare’s mission is to help build a better Internet, and we are also serious about building a diverse workforce where everyone can be themselves, regardless of their gender, sexual orientation, or cultural background.
The Recruiting team sat down with Anil Karavadra, EMEA Head of Business Development, to find out how he has built a diverse team since he joined.
the EMEA team pictured 1st August, some members attending Orientation
Recruiting Team: First question Anil, how did you end up at Cloudflare?
Anil Karavadra: Funny story about this--I was actually approached by my boss! He reached out to me and said “Hey would you be interested in joining Cloudflare?”, and initially I said no because I hadn’t heard of Cloudflare before! Then he suggested “Well how about we share some best practices?”, and I said okay, although I knew he was going to try and pitch Cloudflare to me. After I had a chat with him and he shared his vision to grow the EMEA BDR organisation. This sounded interesting to me so I then went through the interview process and got through. Now that I’m here I love it.
RT: How long have you been Continue reading
Northbound Networks Zodiac GX
Northbound Networks Zodiac GX is an inexpensive open source software based switch that is ideal for experimenting with software defined networking (SDN) in a physical network setting. The small fanless package makes the switch an attractive option for desktop use. The Zodiac GX is also based on Open vSwitch, making it easy to take SDN control strategies developed on Mininet.
ovs-vsctl -- --id=@sflow create sflow agent=$OVS_BR target=$IP_CONTROLLER_1 sampling=100 polling=10 -- set bridge $OVS_BR sflow=@sflowReboot the switch for the changed to take effect.
Use sflowtool to verify that sFlow is arriving at the controller host and to examine the contents of the telemetry stream. Running sflowtool using Docker is a simple alternative to building the software Continue reading
SUSE Touts Financial Growth, Hints at Future Acquisitions
CTO Thomas Di Giacomo said the company plans to invest more into its operations including a focus on acquisitions.
PQ 153: DDoS Open Threat Signaling For Coordinated Response
What if DDoS mitigation services could coordinate to thwart attacks? On today's Priority Queue, we explore Distributed Denial Of Service Open Threat Signalling, or DOTS, an IETF effort to do just that. Andrew Mortensen is our guest.
The post PQ 153: DDoS Open Threat Signaling For Coordinated Response appeared first on Packet Pushers.
One Deep Learning Benchmark to Rule Them All
Over the last few years we have detailed the explosion in new machine learning systems with the influx of novel architectures from deep learning chip startups to efforts from vendors and hyperscalers alike. …
One Deep Learning Benchmark to Rule Them All was written by Nicole Hemsoth at .
First APrIGF in the Pacific a Resounding Success
The 2018 Asia Pacific Regional Internet Governance Forum (APrIGF) which was held in Port Vila, Vanuatu from August 13-16 came to an exciting close after a week of valuable dialogue on Internet Governance issues in the region. This was the first time the APrIGF was held in the Pacific and the local hosts, Vanuatu’s Office of the Government Chief Information Officer (OGCIO), Vanuatu Telecommunications and Radiocommunications Regulator (TRR), and the local people of Vanuatu showed the APrIGF community what Pacific Island hospitality is all about.
The community had the privilege of having APrIGF 2018 opened by none other than the Vanuatu Prime Minister, Charlot Salwai. Also present at APrIGF 2018 and delivering his keynote address was the godfather of the Internet himself, Vint Cerf who took time to contribute in various discussions and engage with participants. With the theme of Empowering Communities in Asia Pacific to Build an Affordable, Inclusive, Open and Secure Internet, the calibre of delegates speaks volumes for the importance of such a dialogue.
Participants from all over Asia-Pacific, representing various stakeholder groups, were present to contribute to discussion and engage in the proceedings. This was the culmination of months of planning and execution by the Continue reading
Introduction to Infrastructure as Code
Small misconfigured settings plague many IT environments, impacting security and stability. Infrastructure as code lets you apply a consistent configuration to a broad range of endpoints.