Replace SHA-1. It’s not that hard.

Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard. The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here

Replace SHA-1. It’s not that hard.

Now that SHA-1 has been broken it’s time for enterprises that have ignored its potential weakness for years to finally act, and it’s not that hard. The most common use of the hash function is in securing SSL and TLS connections, and to get rid of SHA-1 in that use is to utilize browsers and servers that don’t support it. Depending on the size of an organization, this isn’t onerous, says Paul Ducklin, a senior security advisor at Sophos. (See his excellent description of the problem with SHA-1 and other hashing algorithms.)To read this article in full or to leave a comment, please click here

iPhone 7 Plus catches fire and melts in crazy new video

In 2016, Samsung experienced the mother of all public relations nightmares after scores of Galaxy Note 7 owners reported that their new devices were prone to catching fire, and in some cases exploding. Samsung was ultimately forced to issue a worldwide recall for its well-reviewed phablet, costing the company billions in the process, not to mention a resulting black mark on the company's reputation.Flash forward to 2017 and we have an interesting story of a smartphone smoking, catching fire and melting. Only thing is, the story doesn't involve a Samsung device, but rather Apple's iPhone 7 Plus.In a video that has gone viral, we see the iPhone 7 Plus in question self-destructing.To read this article in full or to leave a comment, please click here

Financial Institutions Weigh Risks, Benefits of Cloud Migration

Cloud computing in its various forms is often pitched as a panacea of sorts for organizations that are looking to increase the flexibility of their data and to drive down costs associated with their IT infrastructures. And for many, the benefits are real.

By offloading many of their IT tasks – from processing increasingly large amounts of data to storing all that data – to cloud providers, companies can take the money normally spent in building out and managing their internal IT infrastructures and put it toward other important business efforts. In addition, by having their data in an easily

Financial Institutions Weigh Risks, Benefits of Cloud Migration was written by Jeffrey Burt at The Next Platform.

Change All Your Passwords, Right Now!

by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one of the largest Content Delivery Networks (CDNs) on the Internet. Many popular Web sites, mobile apps, etc. make use of the CloudFlare CDN, which hosts content […]

Stuff The Internet Says On Scalability For February 24th, 2017

Hey, it's HighScalability time:

 

Great example of Latency As A Pseudo-Permanent Network Partition. A slide effectively cleaved Santa Cruz from the North Bay by slowing traffic to a crawl.

If you like this sort of Stuff then please support me on Patreon.

  • 40 TFLOPS: on Lambda; 7: new habitable planets with good beer; dozens: balloons needed in Loon network; 500 TB/sec: rate at which DNA is copied in human body; 1/2: web is encrypted; 34: regions in Azure; $8k: cost of Tesla self-driving hardware; 99.95%: DMCA takedowns are bot BS; 300 nanometers: new microscope; 7%: AMP traffic to publishers; 

  • Quotable Quotes:
    • @jasonlk: Elon Musk: Self-Driving Car Revolution Will Leave 15% of World Population Without Jobs
    • Near death Archimedes: Stand away, fellow, from my diagram!
    • rumpelstilskin21: Angular and React make for popular headlines on reddit but unless you are working for a major, large web site where such things might be deemed useful by management (and no one else) then quit trying to get educated by the amateurs on reddit.
    • StorageMojo: There is a new paradigm about to hit the industry, which will eviscerate large portions of Continue reading

Cloudflare bug exposed passwords, other sensitive data from websites

For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here

Cloudflare bug exposed passwords, other sensitive data from websites

For months, a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites that use the company's content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.Cloudflare acts as a reverse proxy for millions of websites, including those of major internet services and Fortune 500 companies, for which it provides security and content optimization services behind the scenes. As part of that process, the company's systems modify HTML pages as they pass through its servers in order to rewrite HTTP links to HTTPS, hide certain content from bots, obfuscate email addresses, enable Accelerated Mobile Pages (AMP) and more.To read this article in full or to leave a comment, please click here

35% off Razor Hovertrax 2.0 Hoverboard Self-Balancing Smart Scooter – Deal Alert

Step on the deck and go with Razor Hovertrax 2.0, the world’s smartest self-balancing electric scooter. Intelligently-engineered with EverBalance technology, Hovertrax 2.0 is the only board that auto-levels for a safer, easier mount and a smoother ride. Whether you’re coasting, racing, or commuting, Hovertrax 2.0 is always in balance. Indoors or out, Hovertrax 2.0 does the work so you can enjoy the journey. Hovertrax 2.0: technology so advanced, it’s simple. Once you learn how to ride, it becomes second nature.  Razor was also the first U.S. brand to receive the UL 2272 listing for safety, ensuring that the Hovertrax 2.0 meets or exceeds the highest fire and electrical safety standards. The HoverTrax 2.0 has a list price of $459.99 has been reduced 35% to just 298.00. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Google cloud debuts Intel’s latest Skylake processors

Google today announced that it is the first IaaS public cloud provider to run the newest version of Intel’s chips, named Skylake.The news comes just months after Google and Intel announced a partnership in November 2016 to co-engineer new processors for the company’s cloud platform.+MORE AT NETWORK WORLD: Battle of the IaaS cloud: Amazon Web Services versus Microsoft Azure vs. Google Cloud Platform+Skylake is the code-name for the next-generation silicon beyond Intel’s Broadwell processors.To read this article in full or to leave a comment, please click here

Google snafu signs users out of accounts, wreaks havoc on OnHub and Wifi routers

The good thing and the bad thing about the cloud is, well, the cloud. The latter part of that trueism was brought home late Thursday when some Google users were suddenly signed out of their accounts and devices.The problem affected Google Wifi mesh routers, Google’s OnHub router, other devices like the Chromecast, and even some plain old Google Accounts.The impact on you at home: If this problem affected you last night and you were suddenly signed out of all your accounts, don’t worry. Malcious hackers hadn’t suddenly taken over all your devices. Google says it was just a snafu with the Google Account engine.To read this article in full or to leave a comment, please click here

UN steps in to end marketing war over what 5G means

With mobile operators' marketing departments already throwing around claims about their 5G services, the United Nations is weighing in with its definition of what qualifies a network as next-generation.Verizon Wireless will begin delivering "5G" service to select users in 11 U.S. cities in mid-2017, even though some places don't yet have access to 4G. And at the Mobile World Congress 2017 trade show in Barcelona, companies including Intel, Qualcomm and Ericsson will be promoting their moves towards 5G.To read this article in full or to leave a comment, please click here

Networking Features Coming Soon in Ansible 2.3

Ansible 2.3 Networking Update

It’s been a year since the first networking modules were developed and included in Ansible 2.0. Since then, there have been two additional Ansible releases and more than 175 modules added, with 24 networking vendor platforms enabled. With the fantastic efforts from the community and our networking partners, Ansible has been able to add more and more features for networking use cases. In the forthcoming Ansible 2.3 release, the focus on networking enablement now turns to increasing performance and adding connection methods that provide compatibility and flexibility.

Looking ahead to Ansible 2.3, the most notable additions planned are:

  • Persistent connections framework
  • The network_cli connection plugin
  • The netconf connection plugin

Why are these features important?

Since Ansible 2.0, the primary focus for networking enablement has been to help increase the number of third-party devices that have modules included by default. As this list grows (we expect to have even more platforms and modules in Ansible 2.3), Ansible and Ansible Tower continue to be trusted components of critical networking production deployments.

The development of these plugins further demonstrates the value and investment Ansible and the community have made into networking infrastructure enablement. As we approach the Ansible Continue reading

OCSA Passed!

It’s official – I passed the ONF Certified SDN Associate exam. I’m OCSA #SDN10356! If you’re interested in obtaining this certificate, I recommend you read through my short blog series covering the resources necessary on the blueprint. ONF Certified SDN Associate (OCSA) – Part 1 ONF Certified SDN Associate (OCSA) – Part 2 ONF Certified […]

The post OCSA Passed! appeared first on Overlaid.

IDG Contributor Network: 3 security analytics approaches that don’t work (but could) — Part 2

A security analytics approach that exploits the unique strengths of Bayesian networks, machine learning and rules-based systems—while also compensating for or eliminating their individual weaknesses—leads to powerful solutions that are effective across a wide array of security missions. Despite the drawbacks of security analytics approaches I described in part 1 of this series, it's possible to build such solutions today, giving users a way to rapidly identify their highest-priority security threats at very large scale without being deluged with false-positive alerts or being forced to hire an army of extra analysts.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 security analytics approaches that don’t work (but could) — Part 2

A security analytics approach that exploits the unique strengths of Bayesian networks, machine learning and rules-based systems—while also compensating for or eliminating their individual weaknesses—leads to powerful solutions that are effective across a wide array of security missions. Despite the drawbacks of security analytics approaches I described in part 1 of this series, it's possible to build such solutions today, giving users a way to rapidly identify their highest-priority security threats at very large scale without being deluged with false-positive alerts or being forced to hire an army of extra analysts.To read this article in full or to leave a comment, please click here