How Developers got Password Security so Wrong

How Developers got Password Security so Wrong

How Developers got Password Security so Wrong

Both in our real lives, and online, there are times where we need to authenticate ourselves - where we need to confirm we are who we say we are. This can be done using three things:

  • Something you know
  • Something you have
  • Something you are

Passwords are an example of something you know; they were introduced in 1961 for computer authentication for a time-share computer in MIT. Shortly afterwards, a PhD researcher breached this system (by being able to simply download a list of unencrypted passwords) and used the time allocated to others on the computer.

As time has gone on; developers have continued to store passwords insecurely, and users have continued to set them weakly. Despite this, no viable alternative has been created for password security. To date, no system has been created that retains all the benefits that passwords offer as researchers have rarely considered real world constraints[1]. For example; when using fingerprints for authentication, engineers often forget that there is a sizable percentage of the population that do not have usable fingerprints or hardware upgrade costs.

Cracking Passwords

In the 1970s, people started thinking about how to better store passwords and cryptographic hashing started to Continue reading

History of Networking: Policy with Joel Halpern

Policy at Internet scale is a little understood, and difficult (potentially impossible) to solve problem. Joel Halpern joins the History of Networking over at the Network Collective to talk about the history of policy in the Internet at large, and networked systems in general.

The Next Platform Announces Renowned HPC Expert Joins Team

Former Harvard Computer Science Lead Brings Distributed Systems Experience to Top Publication’s Readers

The Next Platform is proud to announce that former Assistant Dean and Distinguished Engineer for Research Computing at Harvard, Dr. James Cuff, has joined the editorial team in a full-time capacity as Distinguished Technical Author.

As the leading publication covering distributed systems in research and large enterprise, Dr. Cuff rounds out a seasoned editorial team that delivers in-depth analysis from the worlds of supercomputing, artificial intelligence, cloud and hyperscale datacenters, and the many other technology areas that comprise the highest end of today’s IT ecosystems.

Dr. Cuff

The Next Platform Announces Renowned HPC Expert Joins Team was written by Nicole Hemsoth at The Next Platform.

The Road To 400G Ethernet Is Paved With Bechtolsheim’s Intentions

The best way to make a wave is to make a big splash, which is something that Andy Bechtolsheim, perhaps the most famous serial entrepreneur in IT infrastructure, is very good at doing. As one of the co-founders of Sun Microsystems and a slew of networking and system startups as well as the first investor in Google, he doesn’t just see waves, but generates them and then surfs on them, creating companies and markets as he goes along.

Bechtolsheim was a PhD student at Stanford University, working on a project that aimed to integrate networking interfaces with processors when he

The Road To 400G Ethernet Is Paved With Bechtolsheim’s Intentions was written by Timothy Prickett Morgan at The Next Platform.

BrandPost: How to accelerate multi-cloud migration

As we begin 2018, enterprises continue to accelerate their migration of workloads to public cloud service providers (AWS, Azure and Google), often as part of an overall digital transformation (DT) and cloud-first IT strategy. This is not surprising as IDC predicts that by the end of this year, nearly 80% of workloads will be processed in cloud data centers.To read this article in full, please click here

What is NAS and how do NAS servers excel at corralling unstructured data?

Network-attached storage (NAS) is a category of file-level storage that’s connected to a network and enables data access and file sharing across a heterogeneous client and server environment.“Ideally, NAS is platform- and OS-independent, appears to any application as another server, can be brought online without shutting down the network and requires no changes to other enterprise servers,” says research firm Gartner in its definition of NAS. BE SURE NOT TO MISS: What do users really think of all-flash arrays? What is hyperconvergence? Hyperconvergence gathers speed in 2018 Micro-modular data centers set to multiply NAS history: the evolution of network-attached storage NAS evolved from file servers used in the 1980s to provide access to files for network clients. NAS devices typically consist of bundled hardware and software with a built-in operating system, and they typically use industry-standard network protocols such as SMB and NFS for remote file service and data sharing and TCP/IP for data transfer. In an enterprise setting, NAS can allow IT teams to streamline data storage and retrieval while consolidating their server and storage infrastructure.To read this article in full, please click here

How fast can a bird search a tree?

 

I was wondering if you could help me figure something out: what is the algorithmic complexity of a bird searching a tree for food?

Over the years I've had the pleasure of watching a lot of cute little birds feed in our oak trees. I've noticed they have a search pattern.

A bird will hop from branch to branch looking for insects. They don't hop on a branch and explore every square inch of it, so it's not an exhaustive search. They'll take a couple hops, peck at a branch a few times, and hop to a nearby branch. Birds also search the underside of branches, so the whole surface area of a tree is game. 

I've often marveled in wonder at how efficient this whole process is. They scour huge trees in no time. Then they'll move on to the next tree and repeat the process until they fly away to a completely different area.

My dog when searching for a ball seems to follow a similar Lévy flight sort of pattern. Search a local area by bouncing around for bit and then take a bee-line for a completely different area and repeat the process. 

Often Continue reading

HPE Brings More HPC To The DoD

Much of the focus of the recent high-profile budget battle in Washington – and for that matter, many of the financial debates over the past few decades – has been around how much money should go to the military and how much to domestic programs like Social Security and Medicare.

In the bipartisan deal struck earlier this month, both sides saw funding increase over the next two years, with the military seeing its budget jump $160 billion. Congressional Republicans boasted of a critical win for the Department of Defense (DoD) that will result in more soldiers, better weapons, and improved

HPE Brings More HPC To The DoD was written by Jeffrey Burt at The Next Platform.

We now offer live, on-site Google Cloud Architect training!



 

We’re excited to announce the release of our newest bootcamp: The Google Cloud Architect Exam Bootcamp. Currently the only course of it’s kind on the market, this bootcamp focuses specifically on what candidates need to know to pass the GCP Cloud Architect Exam. Like our other bootcamps, this class is taught live, on-site by an expert INE Instructor and will feature 5 days of intensive, hands-on, real world exercises, practice exams, and in-depth case study discussions. Attendees will also be provided access to a complete series of GCP based cloud labs.

The goal of our GCP Cloud Architect Exam Bootcamp is to equip students with a foundation-level knowledge of Google Cloud Platform to pass the exam. The primary focus of the class is core concepts and topics found on the GCP Cloud Architect written exam.

This bootcamp is currently only offered in May and August of 2018, at our NC location, but more dates and locations will likely be added in the future.

Who Should Take it?

Our Written Exam Bootcamp is for anyone who is beginning their GCP Cloud Architect certification journey, but already has at least basic knowledge of cloud computing. We strongly recommend at least 1 Continue reading

Episode 22 – Securing BGP

In part 3 of our deep dive into BGP operations, Nick Russo and Russ White join us again on Network Collective to talk about securing BGP. In this episode we cover topics like authentication, advertisement filtering, best practices, origin security, path security, and remotely triggered black holes.

 

 

We would like to thank Cumulus Networks for sponsoring this episode of Network Collective. Cumulus is offering you, our listeners, a completely free O’Reilly ebook on the topic of BGP in the data center. You can get your copy of this excellent technical resource here: http://cumulusnetworks.com/networkcollectivebgp

 

 

Show Notes:

  • Authentication
    1. Classic MD5
    2. Enhanced Authentication extensions (EA). Supported by IOS XR and allows for SHA1 as well, along with key-chain rotations. Doesn’t appear commonly used
    3. GTSM, and how it can be better than the previous option in some cases
  • Basic prefix filtering:
    1. From your customers: allow any number of their own AS prepended
    2. From the Internet: block bogons (RFC1918, class D/E, etc)
    3. To your peers: only your local space (ie, your customers)
    4. From your peers: only routes originating from their AS (any # of prepends)
  • BCP38
    1. Techniques for spoofing prevention
    2. Describe with a simple snail mail analogy
    3. Usually uRPF strict Continue reading

Private data centers still alive and kicking

Earlier this month, Cisco updated its Global Cloud Index (GCI), giving rise to a number of news stories that were filled with doom and gloom for corporate IT departments. (Note: Cisco is a client of ZK Research.)For example, one of the articles stated that based on the GCI, cloud computing would virtually replace traditional data centers within three years. While it's true public clouds are growing, private clouds are also increasing. It's a multi-cloud era, as Cisco's Kip Compton writes.To read this article in full, please click here

Private data centers still alive and kicking

Earlier this month, Cisco updated its Global Cloud Index (GCI), giving rise to a number of news stories that were filled with doom and gloom for corporate IT departments. (Note: Cisco is a client of ZK Research.)For example, one of the articles stated that based on the GCI, cloud computing would virtually replace traditional data centers within three years. While it's true public clouds are growing, private clouds are also increasing. It's a multi-cloud era, as Cisco's Kip Compton writes.To read this article in full, please click here

Ready for Take-Off with Kubernetes, Cloud Foundry, and vSphere

A complex and diverse world

Singapore. Etihad. Wow. I always found it impressive when airlines were able to build a business and a brand without a significant domestic customer base to start off from. They instead focus on the global market, which is much more challenging. There is a competitive landscape of many players. There is the complexity of interconnecting a world of disparate lands and diverse customer cultures and preferences. An impressive feat.

The world of networking is becoming quite similar. From private, hybrid, and public cloud models, to increased use of SaaS, to the way SaaS and other apps are built using microservices architectures and containers, the landscape of islands to connect in an inherently secure and automated fashion is increasingly diverse and complex.

An app built to demonstrate this diversity

If the airline to networking analogy is lost on you, or you think it’s too much of a stretch, let me pull up the second reason I used planes in my symbolism. My brilliant colleague Yves Fauser built an app to demonstrate how NSX is connecting and securing this variety of new app frameworks, and it happens to be a “plane spotter” app. You may have already Continue reading

1 1,710 1,711 1,712 1,713 1,714 3,835