Scott Bradner retired in late 2016 after more than 50 years in Harvard University IT. Along the way he worked in the IETF for 25 years – 10 on the IESG – and served on the ISOC & ARIN boards.
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security.
I have written about how we need to rethink password security and Pwned Passwords v2 in the following post: How Developers Got Password Security So Wrong. Instead, in this post I want to discuss one of the technical contributions Cloudflare has made towards protecting user information when using this tool.
Cloudflare continues to support Pwned Passwords by providing CDN and security functionality such that the data can easily be made available for download in raw form to organisations to protect their customers. Further; as part of the second iteration of this project, I have also worked with Troy on designing and implementing API endpoints that support anonymised range queries to function as an additional layer of security for those consuming the API, that is visible to the client.
This contribution allows for Pwned Passwords clients to use range queries to search for breached passwords, without having to disclose a complete unsalted Continue reading
Both in our real lives, and online, there are times where we need to authenticate ourselves - where we need to confirm we are who we say we are. This can be done using three things:
Passwords are an example of something you know; they were introduced in 1961 for computer authentication for a time-share computer in MIT. Shortly afterwards, a PhD researcher breached this system (by being able to simply download a list of unencrypted passwords) and used the time allocated to others on the computer.
As time has gone on; developers have continued to store passwords insecurely, and users have continued to set them weakly. Despite this, no viable alternative has been created for password security. To date, no system has been created that retains all the benefits that passwords offer as researchers have rarely considered real world constraints[1]. For example; when using fingerprints for authentication, engineers often forget that there is a sizable percentage of the population that do not have usable fingerprints or hardware upgrade costs.
In the 1970s, people started thinking about how to better store passwords and cryptographic hashing started to Continue reading
The startup’s revenue grew 181 percent in 2017 over the previous year.
Public safety groups may benefit from slicing functionality.
EOLO built a custom SDN routing appliance for deployment at radio towers.
Policy at Internet scale is a little understood, and difficult (potentially impossible) to solve problem. Joel Halpern joins the History of Networking over at the Network Collective to talk about the history of policy in the Internet at large, and networked systems in general.
It added integrations with Xirrus WiFi and enhanced its automated cloud connectivity.
Former Harvard Computer Science Lead Brings Distributed Systems Experience to Top Publication’s Readers
The Next Platform is proud to announce that former Assistant Dean and Distinguished Engineer for Research Computing at Harvard, Dr. James Cuff, has joined the editorial team in a full-time capacity as Distinguished Technical Author.
As the leading publication covering distributed systems in research and large enterprise, Dr. Cuff rounds out a seasoned editorial team that delivers in-depth analysis from the worlds of supercomputing, artificial intelligence, cloud and hyperscale datacenters, and the many other technology areas that comprise the highest end of today’s IT ecosystems.
Dr. Cuff …
The Next Platform Announces Renowned HPC Expert Joins Team was written by Nicole Hemsoth at The Next Platform.
The best way to make a wave is to make a big splash, which is something that Andy Bechtolsheim, perhaps the most famous serial entrepreneur in IT infrastructure, is very good at doing. As one of the co-founders of Sun Microsystems and a slew of networking and system startups as well as the first investor in Google, he doesn’t just see waves, but generates them and then surfs on them, creating companies and markets as he goes along.
Bechtolsheim was a PhD student at Stanford University, working on a project that aimed to integrate networking interfaces with processors when he …
The Road To 400G Ethernet Is Paved With Bechtolsheim’s Intentions was written by Timothy Prickett Morgan at The Next Platform.
I was wondering if you could help me figure something out: what is the algorithmic complexity of a bird searching a tree for food?
Over the years I've had the pleasure of watching a lot of cute little birds feed in our oak trees. I've noticed they have a search pattern.
A bird will hop from branch to branch looking for insects. They don't hop on a branch and explore every square inch of it, so it's not an exhaustive search. They'll take a couple hops, peck at a branch a few times, and hop to a nearby branch. Birds also search the underside of branches, so the whole surface area of a tree is game.
I've often marveled in wonder at how efficient this whole process is. They scour huge trees in no time. Then they'll move on to the next tree and repeat the process until they fly away to a completely different area.
My dog when searching for a ball seems to follow a similar Lévy flight sort of pattern. Search a local area by bouncing around for bit and then take a bee-line for a completely different area and repeat the process.
Often Continue reading
Much of the focus of the recent high-profile budget battle in Washington – and for that matter, many of the financial debates over the past few decades – has been around how much money should go to the military and how much to domestic programs like Social Security and Medicare.
In the bipartisan deal struck earlier this month, both sides saw funding increase over the next two years, with the military seeing its budget jump $160 billion. Congressional Republicans boasted of a critical win for the Department of Defense (DoD) that will result in more soldiers, better weapons, and improved …
HPE Brings More HPC To The DoD was written by Jeffrey Burt at The Next Platform.
We’re excited to announce the release of our newest bootcamp: The Google Cloud Architect Exam Bootcamp. Currently the only course of it’s kind on the market, this bootcamp focuses specifically on what candidates need to know to pass the GCP Cloud Architect Exam. Like our other bootcamps, this class is taught live, on-site by an expert INE Instructor and will feature 5 days of intensive, hands-on, real world exercises, practice exams, and in-depth case study discussions. Attendees will also be provided access to a complete series of GCP based cloud labs.
The goal of our GCP Cloud Architect Exam Bootcamp is to equip students with a foundation-level knowledge of Google Cloud Platform to pass the exam. The primary focus of the class is core concepts and topics found on the GCP Cloud Architect written exam.
This bootcamp is currently only offered in May and August of 2018, at our NC location, but more dates and locations will likely be added in the future.
Who Should Take it?
Our Written Exam Bootcamp is for anyone who is beginning their GCP Cloud Architect certification journey, but already has at least basic knowledge of cloud computing. We strongly recommend at least 1 Continue reading
In this SDxCentral eBook, Making Networks Secure, we look at some of the key security strategies that are being used to protect networks in this new virtualized world.
In part 3 of our deep dive into BGP operations, Nick Russo and Russ White join us again on Network Collective to talk about securing BGP. In this episode we cover topics like authentication, advertisement filtering, best practices, origin security, path security, and remotely triggered black holes.
We would like to thank Cumulus Networks for sponsoring this episode of Network Collective. Cumulus is offering you, our listeners, a completely free O’Reilly ebook on the topic of BGP in the data center. You can get your copy of this excellent technical resource here: http://cumulusnetworks.com/networkcollectivebgp
Show Notes: