NetworkingNexus.net

HPE Misses Q1 Revenue, Enterprise Group Continues to Decline

The public cloud is taking its toll.

Incident report on memory leak caused by Cloudflare parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.

It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.

We quickly identified the problem and turned off three minor Cloudflare features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) that were all using the same HTML parser chain that was causing the leakage. At that point it was no longer possible for memory to be returned in an HTTP response.

Because of the seriousness of such a bug, a cross-functional team from software engineering, infosec and operations formed in San Francisco and London to fully understand Continue reading

Stop using SHA1: It’s now completely unsafe

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible.SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made.To read this article in full or to leave a comment, please click here

Stop using SHA1: It’s now completely unsafe

11 low-tech, decidedly cool cars

Retromobile 2017 Car ShowImage by Reuters/Benoit TessierOne of the true stellar classic car events on the world happened recently in Paris. “Retromobile” features hundreds of amazingly cool, some one of a kind models. Here we’ll talk a look at 11 of the decidedly coolest – courtesy of Reuters.To read this article in full or to leave a comment, please click here

Google’s new AI aims to end abusive online comments using ‘Perspective’

The internet is a tough place to have a conversation. Abuse has driven celebrities and ordinary folks from social media platforms that are ill-equipped to deal with it, and some publishers have switched off comment sections.That’s why Google and Jigsaw (an early stage incubator at Google parent company Alphabet) are working on a project called Perspective. It uses artificial intelligence to try to identify toxic comments, with an aim of reducing them. The Perspective API released Thursday will provide developers with a score of how likely users are to perceive a comment as toxic. In turn, that score could be used to develop features like automatic post filtering or to provide users with feedback about what they're writing before they submit it for publication. Starting on Thursday, developers can request access to Perspective's API for use in projects they're working on, and Jigsaw will approve them on a rolling basis.To read this article in full or to leave a comment, please click here

How to institute an agile IT outsourcing process

Traditionally, IT organizations have spent six months to a year or more on the IT outsourcing transaction process, finding the right providers and negotiating a suitable contract. But as IT services — and, increasingly, as-a-service— deals have gotten shorter, that lengthy process may no longer make sense.Industry advisors and consultants have debated the potential benefits of speedier sourcing for several years. In today’s rapidly changing business and technology landscape, it may become an imperative. But an effective outsourcing engagement demands more than just an accelerated version of the traditional IT services transaction process.To read this article in full or to leave a comment, please click here

5G will help autonomous cars cruise streets safely

Years from now, your first autonomous car may have a lot of help from 5G wireless networks to navigate the streets safely.5G will be as important to autonomous cars as 4G has been to mobile phones. The technology will help cars change lanes, recognize signals and draw up accurate maps. 5G will also help vehicles communicate in order to scope out road and weather conditions.For collision avoidance, 5G will connect cars to cloud services for object recognition. It will also provide a constant link to live TV for backseat passengers to enjoy. Many 5G capabilities for autonomous cars will be on display at the Mobile World Congress trade show in Barcelona, where Intel and Qualcomm will be showing off their latest technologies.To read this article in full or to leave a comment, please click here

4 things we expect from Mobile World Congress 2017

Mobile World Congress, the Davos of wireless technology, is happening next week in Barcelona, and it’s going to be a particularly important year, as the mobile landscape readies itself for a couple of fairly major shifts.Here’s our quick look ahead to next week in sunny Spain and the four main points we expect from the MWC show.5G, or at least previews of it There’s been a big school of 5G press releases floating into our inboxes here in tech media just ahead of MWC (i.e., “Verizon plans 5G wireless trial service in 11 cities this year”), and it’s no real surprise – next-generation mobile networks are going to do a lot more than just boost speeds. They’ll also connect large numbers of devices – not just phones and tablets and laptops – to each other.To read this article in full or to leave a comment, please click here

4 things we expect from Mobile World Congress 2017

50% off Dell UltraSharp U3415W PXF79 34-Inch Curved LED-Lit Monitor – DealAlert

This 34-inch 21:9 curved monitor with a panoramic view, cinematic WQHD resolution and rich sound has just sunk 50% to its best price yet on Amazon, making this a solid deal on the U3415W. Learn more and explore buying options for the U3415W on Amazon. To read this article in full or to leave a comment, please click here

50% off Dell UltraSharp U3415W PXF79 34-Inch Curved LED-Lit Monitor

How to assess security automation tools

This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. During my recent trip to Tel Aviv to attend CyberTech 2017, I had a one-on-one conversation with Barak Klinghofer, co-founder and CTO of Hexadite. He gave me a preview of an educational presentation he was to give two weeks later at the RSA Conference. His insight is worth repeating for anyone looking to add automation tools to their security toolset.As I saw at CyberTech, and I’m sure was the case at RSA, the hottest topics were security automation, automated incident response and security orchestration. These can be confusing terms, as every vendor describes them a little bit differently.To read this article in full or to leave a comment, please click here

How to assess security automation tools

Worth Reading: Security in a box

Security in-a-box was created by a diverse team of experts who understand not only the conditions under which advocates work, but also the resource restrictions they face. Although the toolkit was designed primarily to address the growing needs of advocates in the global South – particularly human rights defenders – the software guides and security strategies in this toolkit are relevant to everyone; specifically people working with sensitive information. This may include vulnerable minorities, independent journalists or whistleblowers, as well as advocates working on a range of issues, from environmental justice to anti-corruption. —Security in a Box

The post Worth Reading: Security in a box appeared first on 'net work.

Telefonica-Sigfox deal is a big win for diverse IoT networks

The global partnership announced Wednesday between Telefonica and IoT specialist Sigfox could ensure the latter’s long-term success while accelerating the overall growth of LPWANs (low-power, wide-area networks).Telefonica said it will integrate Sigfox’s energy-sipping, low-data-rate radios into millions of devices used for things like smart metering and asset tracking. The Spain-based mobile carrier operates in 21 countries across Europe and Latin America, so the deal should significantly expand Sigfox’s footprint. It’s talking with customers about possible large-scale rollouts across both regions, including Spain, Germany, Colombia, Argentina, and Brazil.To read this article in full or to leave a comment, please click here

Telefonica-Sigfox deal is a big win for diverse IoT networks

Promises, Challenges Ahead for Near-Memory, In-Memory Processing

The idea of bringing compute and memory functions in computers closer together physically within the systems to accelerate the processing of data is not a new one.

Some two decades ago, vendors and researchers began to explore the idea of processing-in-memory (PIM), the concept of placing compute units like CPUs and GPUs closer together to help reduce to the latency and cost inherent in transferring data, and building prototypes with names like EXECUBE, IRAM, DIVA and FlexRAM. For HPC environments that relied on data-intensive applications, the idea made a lot of sense. Reduce the distance between where data was …

Promises, Challenges Ahead for Near-Memory, In-Memory Processing was written by Jeffrey Burt at The Next Platform.

ONF Certified SDN Associate (OCSA) – Part 5

The OCSA exam tests your understanding of components in an SDN framework, your ability to articulate the fundamental workings of networking and the OpenFlow protocol, as well as your knowledge of vendors, solutions and projects available in the SDN landscape. This is the last part in a series of posts that review the blueprint for […]

The post ONF Certified SDN Associate (OCSA) – Part 5 appeared first on Overlaid.

How about family spring break in Austin?

Are you looking for Spring Break plans with the family? Look no further than DockerCon 2017! Located in sunny Austin, Texas April 17-20, DockerCon provides learning and entertainment for all members of the family.

DockerCon

Childcare

As part of our efforts to make DockerCon’s doors open to all, we are excited to announce that we will be partnering again this year with Big Time Kid to provide childcare at DockerCon! Gone are the days of “Mom / Dad has to stay home with the kids…” – you can now bring the whole family to DockerCon!

Childcare will be offered:

Monday, April 17 1:00pm – 7:30pm
Tuesday, April 18 8:00am – 6:30pm
Wednesday, April 19 8:00am – 5:30pm
Thursday, April 20 8:00am – 12:00pm

Following in the success of last year, we have chosen Big Time Kid Care as our childcare provider. All caregivers and staff are certified, fully insured and experienced in child education and care with police background checks. Big Time Kid Care will be well equipped and excited to take good care of your little ones at a kid-friendly play room close to the DockerCon activities at Austin Convention Center. Games, activities, breakfast and lunch will be provided.

Spousetivities

« Previous 1 … 2,247 2,248 2,249 2,250 2,251 … 3,808 Next »