0

Skillz: editing a web page

So one of the skillz you ought to have in cybersec is messing with web-pages client-side using Chrome's Developer Tools. Web-servers give you a bunch of HTML and JavaScript code which, once it reaches your browser, is yours to change and play with. You can do a lot with web-sites that they don't intend by changing that code.

Let me give you an example. It's only an example -- touching briefly on steps to give you an impression what's going on. It's not a ground up explanation of everything, which you may find off-putting. Click on the images to expand them so you can see fully what's going on.

0

Launching an Open Source Book Project

In my list of planned 2017 projects, I mentioned that one thing I’d like to do this year is launch an open source book project. Well, I’m excited to announce The Open vSwitch Cookbook, an Apache 2.0-licensed book project aimed at providing “how to” recipes for Open vSwitch (OVS).

Portions of the book are already available, with more content being added soon (more on that in a moment).

I’m using GitBook as the publishing platform; this allows me to write in Markdown and publish to a variety of formats. I’ll only be publishing to HTML at first; other formats may come down the road. I chose GitBook for a few reasons:

1. It’s free for open source projects. This book, as well as the software that is its focus, are both open source projects.
2. As I mentioned already, I can use Markdown for all the content.
3. It allows me to store the book in a Git repository and use standard Git workflows.

I decided against using GitBook to host the Git repository for the book. Instead, the book’s source is found on GitHub. This enables collaboration on the book’s content—an aspect of this project that I think Continue reading

0

Worth Reading: ARM gains a foothold in China

China represents a huge opportunity for chip designer ARM as it looks to extend its low-power system-on-a-chip (SoC) architecture beyond the mobile and embedded devices spaces and into new areas, such as the datacenter and emerging markets like autonomous vehicles, drones and the Internet of Things. China is a massive, fast-growing market with tech companies – including such giants as Baidu, Alibaba, and Tencent – looking to leverage such technologies as artificial intelligence to help expand their businesses deeper into the global market and turning to vendors like ARM that can help them fuel that growth. —The Next Platform

The post Worth Reading: ARM gains a foothold in China appeared first on 'net work.

0

Reaction; Do we really need a new Internet?

The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters. All around us, there were new buildings under construction, with that tall towering crane anchored to the building in several places. We wondered how that crane was built, and considered how precise the building process seemed to be to the complete mess building a network seems to be.

And then, this week, I ran across a couple of articles arguing that we need a new Internet. For instance—

What we really have today is a Prototype Internet. It has shown us what is possible when we have a cheap and ubiquitous digital infrastructure. Everyone who uses it has had joyous moments when they have spoken to family far away, found a hot new lover, discovered their perfect house, or booked a wonderful holiday somewhere exotic. For this, we should be grateful and have no regrets. Yet we have not only learned about the possibilities, but also about the problems. The Prototype Internet is not fit for purpose for the safety-critical and socially sensitive types of Continue reading

0

Iraqi hacker takes credit for hijacking subdomain, defacing Trump site

A hacker, purportedly from Iraq, defaced a site previously used by President Donald Trump for campaign fundraising. The “hack” occurred Sunday on the server secure2.donaldjtrump.com. It was short-lived.A screenshot of the defacement was posted on the subreddit Hacking. The page displayed an anonymous man in a fedora above the message: Hacked By Pro_Mast3r ~Attacker GovNothing Is ImpossiblePeace From Iraq g33xter Ars Technica reported the server was “behind Cloudflare’s content management and security platform, and it does not appear to be directly linked from the Trump/Pence campaign's home page. But it does appear to be an actual Trump campaign server.”To read this article in full or to leave a comment, please click here

0

Iraqi hacker took credit for hijacking subdomain and defacing Trump site

A hacker, purportedly from Iraq, defaced a site previously used by President Donald Trump for campaign fundraising. The “hack” occurred Sunday on the server, secure2.donaldjtrump.com. It was short-lived.A screenshot of the defacement was posted on the subreddit Hacking. The page displayed an anonymous man in a fedora above the message: Hacked By Pro_Mast3r ~Attacker GovNothing Is ImpossiblePeace From Iraq g33xter Ars Technica reported the server was “behind Cloudflare’s content management and security platform, and does not appear to be directly linked from the Trump Pence campaign's home page. But it does appear to be an actual Trump campaign server.”To read this article in full or to leave a comment, please click here

0

Iraqi hacker took credit for hijacking subdomain and defacing Trump site

A hacker, purportedly from Iraq, defaced a site previously used by President Donald Trump for campaign fundraising. The “hack” occurred Sunday on the server, secure2.donaldjtrump.com. It was short-lived.A screenshot of the defacement was posted on the subreddit Hacking. The page displayed an anonymous man in a fedora above the message: Hacked By Pro_Mast3r ~Attacker GovNothing Is ImpossiblePeace From Iraq g33xter Ars Technica reported the server was “behind Cloudflare’s content management and security platform, and does not appear to be directly linked from the Trump Pence campaign's home page. But it does appear to be an actual Trump campaign server.”To read this article in full or to leave a comment, please click here

0

Scaling @ HelloFresh: API Gateway

HelloFresh keeps growing every single day: our product is always improving, new ideas are popping up from everywhere, our supply chain is being completely automated. All of this is simply amazing us, but of course this constant growth brings many technical challenges.

Today I’d like to take you on a small journey that we went through to accomplish a big migration in our infrastructure that would allow us to move forward in a faster, more dynamic, and more secure way.

The Challenge

We’ve recently built an API Gateway, and now we had the complex challenge of moving our main (monolithic) API behind it — ideally without downtime. This would enable us to create more microservices and easily hook them into our infrastructure without much effort.

The Architecture

0

Worth Reading: Mud Slinging

Network Engineers are redefining themselves, always learning, always trying to improve themselves and marketing still puts out things like this in 2017. Sales and marketing definitely need to up their game. As my CEO said the other day: “Business is not between companies, it’s between people”. This is exactly what it’s about. If you burn my confidence by putting up stupid stuff on social media, it will affect your sales. Endorse your product on its own merits. Don’t talk down other vendors. This only makes YOU look bad. —Lost in Transit

The post Worth Reading: Mud Slinging appeared first on 'net work.

0

Apple, Microsoft and Amazon offer fairer deal on cloud storage

Apple, Microsoft and Amazon have agreed to give cloud storage subscribers fairer contracts after intervention by the U.K.'s Competition and Markets Authority.Such cloud storage services are typically used to store photos, videos, music or digital copies of important documents.If the services shut down or vary their capacity or prices without notice, customers can lose their data, or be held hostage.The CMA asked the storage service providers to give adequate notice before closing, suspending or changing services, and to allow customers to cancel their contracts and receive a pro-rata refund if they didn't accept service changes.The regulator last year obtained similar undertakings from Google, Dropbox and five other cloud storage providers.To read this article in full or to leave a comment, please click here

0

Free Webinar – DMZ Anywhere.Let’s talk about DMZ security design options

This is a free webinar but requires registration and seats are limited thus please register immediately. Webinar on Tuesday, February 28, 2017 7:00 PM – 8:30 PM AST. REGISTER Agenda Introduction to Security Zones What’s DMZ? Why do we need DMZ? Physical vs Logical Network Segmentation Emerging Technologies (Virtualization, Micro Segmentation) Benefits of DMZ Anywhere […]

The post Free Webinar – DMZ Anywhere.Let’s talk about DMZ security design options appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

0

Python – Kirk Byers Course Week 3 Part 3

This post will describe the exercises and solutions for week three of Kirk Byers Python for Network Engineers.

The last exercise of the week is to create an IP address checker that checks the validity of an IP address. Here are the instructions:

IV. Create a script that checks the validity of an IP address.  The IP address should be supplied on the command line.
    A. Check that the IP address contains 4 octets.
    B. The first octet must be between 1 - 223.
    C. The first octet cannot be 127.
    D. The IP address cannot be in the 169.254.X.X address space.
    E. The last three octets must range between 0 - 255.

    For output, print the IP and whether it is valid or not.

The IP address will be supplied through the command line. Like we’ve done before we are going to check the number of arguments supplied and exit the script if the number of arguments is not two. We need to import sys so that we can use sys.argv.

import sys

if len(sys.argv) != 2:
	sys.exit("Usage: ./ip_checker.py <IP-ADDRESS>")

We’ll store the IP address as input as dotted decimal into the Continue reading

0

Hackers behind bank attack campaign use Russian as decoy

The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.Researchers from cybersecurity firm BAE Systems have recently obtained and analyzed additional malware samples related to an attack campaign that has targeted 104 organizations -- most of them banks -- from 31 different countries.They found multiple commands and strings in the malware that appear to have been translated into Russian using online tools, the results making little sense to a native Russian speaker.To read this article in full or to leave a comment, please click here

0

Hackers behind bank attack campaign use Russian as decoy

The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.Researchers from cybersecurity firm BAE Systems have recently obtained and analyzed additional malware samples related to an attack campaign that has targeted 104 organizations -- most of them banks -- from 31 different countries.They found multiple commands and strings in the malware that appear to have been translated into Russian using online tools, the results making little sense to a native Russian speaker.To read this article in full or to leave a comment, please click here

0

BrandPost: Increasing Agility with a Modern Storage Network

The combination of heated competition and high customer expectations is feeding the demand for greater operational agility in every organization. Employees must have the ability to transform massive amounts of data into actionable insight while delivering the superior service customers demand. That calls for a more responsive, reliable IT infrastructure—but organizations also need to minimize delays, costs, and downtime while they make that infrastructure more agile.Although IT teams are under pressure to respond promptly and cost-effectively to changes in both the market and the IT environment, it's impossible to predict new demands from the lines of business, new competitive threats, or how much bandwidth to allocate for applications that don't yet exist. All you really know is that you must prepare your infrastructure for any possibility.To read this article in full or to leave a comment, please click here

0

Using DCNM to Automate Cisco FabricPath Operations

In my final post on Cisco’s Data Center Network Manager (DCNM), I’m taking a look at the deployment capabilities and templating features which allow configuration to be deployed automatically to multiple devices. In its simplest case, this might be used to set a new local username / password on all devices in the fabric, but in theory it can be used for much more.

DCNM Scripting

Let’s get one thing straight right out of the gate: this ain’t no Jinja2 templating system. While DCNM’s templates support the use of variables and some basic loop and conditional structures, the syntax is fairly limited and the only real-time interaction with the device during the execution of the template amounts to a variable containing the output of the last command issued. There are also very few system variables provided to tell you what’s going on. For example I couldn’t find a variable containing the name of the current device; I had to issue a hostname command and evaluate the response in order to confirm which device I was connecting to. That said, with a little creativity and a lot of patience, it’s possible to develop scripts which do useful things to the fabric.

Continue reading

0

IDG Contributor Network: People Power brings bots and A.I. to home security systems

Ever since smart thermostat maker Nest burst onto the scene with its unique combination of beautiful design and A.I.-powered automation, there has been increasing attention about how A.I. can be applied to the so-called smart home. The fact that Google acquired Nest and then, by all accounts, proceeded to screw up the opportunity that Nest created, doesn't in any way lessen the importance and opportunity that smart homes creates. So it was interesting to hear of another play, this time a combined software and hardware one.To read this article in full or to leave a comment, please click here

0

12 steps to small business security

Swimming upstream?Image by ThinkstockIf you’re a small to midsized business and you wing it when it comes to network management and security then it’s not a question of if you will have a disaster, it’s merely a question of when. Why? Because malware, accidents and disasters are all waiting in the wings to pop out and make your life hell and cost you lots of money. Now I won’t lie to you, getting insulated from the bad stuff isn’t cheap, but if you think security and reliability is expensive, try fixing a disaster. Here are 12 steps that will, in the long run, make your business safer. Think you’ve got this covered? How many have you got in place?To read this article in full or to leave a comment, please click here

0

12 steps to small business security

Swimming upstream?Image by ThinkstockIf you’re a small to midsized business and you wing it when it comes to network management and security then it’s not a question of if you will have a disaster, it’s merely a question of when. Why? Because malware, accidents and disasters are all waiting in the wings to pop out and make your life hell and cost you lots of money. Now I won’t lie to you, getting insulated from the bad stuff isn’t cheap, but if you think security and reliability is expensive, try fixing a disaster. Here are 12 steps that will, in the long run, make your business safer. Think you’ve got this covered? How many have you got in place?To read this article in full or to leave a comment, please click here

0

Three technologies that could demolish slow internet

Broadband internet has opened up almost unlimited possibilities for commerce, distance learning, civic participation, and knowledge sharing. But we are only scratching the surface of what's to come.To read this article in full or to leave a comment, please click here(Insider Story)