Leaky Abstraction: An Example

The paper in question is from 2008, and the remedies have already been implemented in every BGP implementation I know of (in fact, getting rid of the scanner is something that just went into FR Routing). The paper can be found here, and a presentation based on the paper can be found here. They use a different example than mine in the paper—it’s a bit more subtle.

In this case, the abstraction is treating an AS as a single “thing” to provide stability in the larger routing system. But any time you have an abstraction, including summarization and aggregation, there is always some possibility the abstraction will leak. Here the leak is an internal route metric change “leaking” into an actual change in the path through the network, although both paths still exist. There are more subtle changes, such as a route metric change causing an update to be sent even though the path itself hasn’t even changed, but I chose this example to make it easier to understand.

The post Leaky Abstraction: An Example appeared first on 'net work.

Like in PCs, Microsoft and ARM look to topple Intel in servers

Intel's TV marketing campaign says the company is driving 98 percent of the cloud. That statistic will come under attack with some chip and OS announcements on Wednesday.The most significant announcement: Microsoft's Windows Server OS now running on ARM chips. The OS was exclusive to x86 chips, but now customers can consider ARM chips to run Windows Server.Microsoft did not announce an official date for an ARM version of Windows Server, though the software company is using such systems internally. The announcement was made on the opening day of Open Compute Project's U.S. Summit in Santa Clara, California.At the summit, Qualcomm showed a new 48-core 1U server running its Centriq 2400 ARM chip. The server is based on Microsoft's Project Olympus server design and was shown running Windows Server. It was designed for the Azure cloud at Microsoft. The Centriq 2400 chip isn't available commercially but is still in testing.To read this article in full or to leave a comment, please click here

A note about “false flag” operations

There's nothing in the CIA #Vault7 leaks that calls into question strong attribution, like Russia being responsible for the DNC hacks. On the other hand, it does call into question weak attribution, like North Korea being responsible for the Sony hacks.

There are really two types of attribution. Strong attribution is a preponderance of evidence that would convince an unbiased, skeptical expert. Weak attribution is flimsy evidence that confirms what people are predisposed to believe.


The DNS hacks have strong evidence pointing to Russia. Not only does all the malware check out, but also other, harder to "false flag" bits, like active command-and-control servers. A serious operator could still false-flag this in theory, if only by bribing people in Russia, but nothing in the CIA dump hints at this.

The Sony hacks have weak evidence pointing to North Korea. One of the items was the use of the RawDisk driver, used both in malware attributed to North Korea and the Sony attacks. This was described as "flimsy" at the time [*]. The CIA dump [*] demonstrates that indeed it's flimsy -- as apparently CIA malware also uses the RawDisk code.

In the coming days, biased partisans are going Continue reading

Fears of election hacking spread in Europe

France has followed the Netherlands in placing its faith in paper-based voting systems ahead of key elections later this year, following allegations that Russian hackers influenced last year's U.S. presidential election. The French government will not allow internet voting in legislative elections to be held in June because of the "extremely elevated threat of cyberattacks." The move follows a recommendation from the French Network and Information Security Agency (ANSSI), it said Monday. The move will only affect 11 of the 577 electoral districts voting, those representing French citizens living outside their home country. These expatriates had previously been allowed to vote over the internet in some elections because the alternative was to require some of them to travel vast distances to the nearest embassy or consulate with a ballot box.To read this article in full or to leave a comment, please click here

Fears of election hacking spread in Europe

France has followed the Netherlands in placing its faith in paper-based voting systems ahead of key elections later this year, following allegations that Russian hackers influenced last year's U.S. presidential election. The French government will not allow internet voting in legislative elections to be held in June because of the "extremely elevated threat of cyberattacks." The move follows a recommendation from the French Network and Information Security Agency (ANSSI), it said Monday. The move will only affect 11 of the 577 electoral districts voting, those representing French citizens living outside their home country. These expatriates had previously been allowed to vote over the internet in some elections because the alternative was to require some of them to travel vast distances to the nearest embassy or consulate with a ballot box.To read this article in full or to leave a comment, please click here

Cisco Talos warns of new Cryptolocker ransomware campaigns

A number of reports are warning businesses and consumers alike that a new round of ransomware based on the infamous Cryptolocker (aka TorrentLocker or Teerac) code is making the rounds.Today Cisco Talos wrote: “Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analyzed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks.”To read this article in full or to leave a comment, please click here

Cisco Talos warns of new Cryptolocker ransomware campaigns

A number of reports are warning businesses and consumers alike that a new round of ransomware based on the infamous Cryptolocker (aka TorrentLocker or Teerac) code is making the rounds.Today Cisco Talos wrote: “Crypt0l0cker has gone through a long evolution, the adversaries are updating and improving the malware on a regular basis. Several indicators inside the samples we have analyzed point to a new major version of the malware. We have already seen large campaigns targeting Europe and other parts of the world in 2014 and 2015. It seems to be that the actors behind these campaigns are back now and launching again massive spam attacks.”To read this article in full or to leave a comment, please click here

Cisco equipment Comprehsively Pwned by US Government

Tough day for Cisco. A large number of Cisco software releases and devices were comprehensively pwned by US Gov spy agencies. This isn’t surprising, thats what they are supposed to do but now the details have been published on WikiLeaks.

This LinkedIn blog post outlines some of what has been found.

When I took a quick look at Wikileaks data, the range of possibilities is substantial but require access to the device itself. The Cisco post has details on the range of exploits in their response published today: http://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far which says its too early to frame a response. I agree.

Some thoughts:

  1. Waiting to hear if other vendors are impacted, not known at this time but it seems likely.
  2. Now that these vulnerabilities have been published, your networks are at risk.
  3. There isn’t much that Cisco can do yet.
  4. Cisco as a dominant vendor is a target because one exploit can be widely applied to more targets and because targets are likely to have Cisco assets.
  5. The published vulnerabilities are for older equipment but more recent documentation will be released in the next few weeks. It could get worse if newer equipment is also vulnerable.
  6. While it seems Continue reading

Supplemental Melatonin For Improved Sleep Quality

For years, my sleep has been hit or miss. Stress and projects are the big drivers that impact my sleep. If I have a lot on my mind, it’s hard to settle into steady sleep. If I wake up in the middle of the night, it’s hard to get back to sleep.

For me, quality sleep is the difference between a productive day where I move projects ahead and a terrible day where I take power naps around lethargic staring at my inbox while feeling guilty about what I’m not getting done.

Enter melatonin.

Melatonin, “is a hormone that is produced by the pineal gland in animals and regulates sleep and wakefulness,” according to Wikipedia. In other words, we make melatonin in our bodies, and it prompts us to sleep.

As I understand it, the body’s natural inclination is to release melatonin in response to night/day cycles. For instance, I have noticed that I fall into a sleep/wake cycle matching sunset/sunrise when I am on long-distance backpacking trips. When indoors with artificial light, screens holding my attention, and a work schedule that doesn’t care about what the sun is doing, melatonin production, in theory, isn’t as consistent.

Technologies like Apple’s Night Shift for Continue reading

Comey: Strong encryption “shatters” privacy-security bargain

FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding. Actually, he went further, declaring that such default encryption “shatters” the bargain. “This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.To read this article in full or to leave a comment, please click here

Comey: Strong encryption “shatters” privacy-security bargain

FBI Director James Comey told a Boston audience this morning that “ubiquitous strong encryption” – the kind now available on most smartphones and other digital devices – is threatening to undermine the “bargain” that he said has balanced privacy and security in the US since its founding. Actually, he went further, declaring that such default encryption “shatters” the bargain. “This is a big deal, and I urge you to continue to engage in a hard conversation about it. I love privacy, but I also love the bargain,” he said, noting that the FBI’s inability to crack encrypted devices means the investigative “room” where the agency works is increasingly growing dark, and therefore undermining security.To read this article in full or to leave a comment, please click here

How CRM buyers can negotiate the best deal

CRM software buyers should choose wisely the first time because the software becomes so embedded in the organization that switching to a different vendor is unlikely, according to procurement analysts at market research firm IBIS World Inc.To read this article in full or to leave a comment, please click here(Insider Story)

Senators push FCC to keep its net neutrality rules

The U.S. Federal Communications Commission should reverse course and keep the net neutrality rules it passed just two years ago, several Democratic senators said Wednesday.The FCC has not yet moved to repeal the regulations prohibiting broadband providers from selectively blocking or slowing web traffic, but the agency's new chairman, Republican Ajit Pai, has called the rules a "mistake."Broadband customers, however, still need the protections of the net neutrality rules, several Democratic members of the Senate Commerce, Science, and Transportation Committee said during a hearing.To read this article in full or to leave a comment, please click here

Senators push FCC to keep its net neutrality rules

The U.S. Federal Communications Commission should reverse course and keep the net neutrality rules it passed just two years ago, several Democratic senators said Wednesday.The FCC has not yet moved to repeal the regulations prohibiting broadband providers from selectively blocking or slowing web traffic, but the agency's new chairman, Republican Ajit Pai, has called the rules a "mistake."Broadband customers, however, still need the protections of the net neutrality rules, several Democratic members of the Senate Commerce, Science, and Transportation Committee said during a hearing.To read this article in full or to leave a comment, please click here

Microsoft and NVIDIA partner to bring GPUs to the public cloud

The cloud has been a core component of almost every organization's IT strategy for the past five years. However, I believe we are reaching a cloud “tipping point” where it will be used for dramatically different things than it has in the past.The first wave of cloud growth was fueled by organizations looking for a cheaper alternative to running servers on premises. The next wave of cloud growth will be driven by organizations looking to fundamentally change their businesses through the use of advanced technologies like machine learning and artificial intelligence (AI).Over the past year, we have seen a veritable cornucopia of AI use cases included playing poker and Go, writing news stories, filing insurance claims, driving cars and writing code. This current phase of cloud moves it from being a “nice to have” to an absolute, slam dunk, need to have as it’s almost impossible for a business to have the scale and elasticity required to power an AI platform.To read this article in full or to leave a comment, please click here

How AMD’s Naples X86 Server Chip Stacks Up To Intel’s Xeons

Ever so slowly, and not so fast as to give competitor Intel too much information about what it is up to, but just fast enough to build interest in the years of engineering smarts that has gone into its forthcoming “Naples” X86 server processor, AMD is lifting the veil on the product that will bring it back into the datacenter and that will bring direct competition to the Xeon platform that dominates modern computing infrastructure.

It has been a bit of a rolling thunder revelation of information about the Zen core used in the “Naples” server chip, the brand of

How AMD’s Naples X86 Server Chip Stacks Up To Intel’s Xeons was written by Timothy Prickett Morgan at The Next Platform.

Juniper product development chief resigns, company resets engineering makeup

Juniper is reshaping some of its top executive roles as Jonathan Davidson, executive VP and general manager of the firm’s Development and Innovation group resigned from the company.Davidson, a former Cisco executive in charge products such as the Cisco 7200 and Enterprise ASR 1000 product management team joined Juniper in 2010 to lead the company’s Security, Switching and Solutions Business Unit. He ultimately became executive vice president and general manager of the Juniper Development and Innovation group, where he replaced Rami Rahim who is now the company’s CEO.To read this article in full or to leave a comment, please click here

Juniper product development chief resigns, company resets engineering makeup

Juniper is reshaping some of its top executive roles as Jonathan Davidson, executive VP and general manager of the firm’s Development and Innovation group resigned from the company.Davidson, a former Cisco executive in charge products such as the Cisco 7200 and Enterprise ASR 1000 product management team joined Juniper in 2010 to lead the company’s Security, Switching and Solutions Business Unit. He ultimately became executive vice president and general manager of the Juniper Development and Innovation group, where he replaced Rami Rahim who is now the company’s CEO.To read this article in full or to leave a comment, please click here

1 2,085 2,086 2,087 2,088 2,089 3,680