NetworkingNexus.net

Critical flaw in PHPMailer library puts millions of websites at risk

A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.To read this article in full or to leave a comment, please click here

Critical flaw in PHPMailer library puts millions of websites at risk

6 Container Themes to Track in 2017

Docker and the container world are growing up fast.

Using Guzzle and PHPUnit for REST API Testing

APIs are increasingly becoming the backbone of the modern internet - whether you're ordering food from an app on your phone or browsing a blog using a modern JavaScript framework, chances are those requests are flowing through an API. Given the need for APIs to evolve through refactoring and extension, having great automated tests allows you to develop fast without needing to slow down to run manual tests to work out what’s broken. Additionally, by having tests in place you’re able to firmly identify the requirements that your API should meet, your API tests effectively form a tangible and executable specification. API Testing offers an end-to-end mechanism of testing the behaviour of your API which has advantages in both reliability and also development productivity.

In this post I'll be demonstrating how you can test RESTful APIs in an automated fashion using PHP, by building a testing framework through creative use of two packages - Guzzle and PHPUnit. The resulting tests will be something you can run outside of your API as part of your deployment or CI (Continuous Integration) process.

Guzzle acts as a powerful HTTP client which we can use to simulate HTTP Requests against our API. Though PHPUnit Continue reading

Voice Gateway and Voice VRF – Caveats

Many networks leverage what is known as a VRF. These are used for traffic isolation and create separate routing instances within a router. It is important that vrf awareness is confirmed for any service (DHCP, Voice GW, etc) being locally provided for a given point in the network. One use case for such a configuration might be for voice isolation with or without MPLS. In the case that a router is providing voice gateway functionality (i.e. FXO/FXS to VOIP), the voice functions must understand the VRF construct in order to properly fulfill the role.

TL;DR–This configuration sometimes does not behave as expected and, in my experience, may require a reboot after following the documented procedure.

The configuration for VRF-Aware H.323 and SIP for Voice Gateways can be found at the URL below.

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/stork.html

Notice that it makes reference to the fact that the services need to be restarted–

To configure a voice VRF, you must shut down voice services on the gateway, assign a previously defined VPN VRF to the VoIP SPI, and then restart voice services.

As one researches this particular configuration, the concept of voice “multi-vrf” will likely come up. Based on my Continue reading

25% off Samsung SmartThings Hub For Smart Homes – Deal Alert

Designed to be the heart of your smart home, the Samsung SmartThings Hub connects wirelessly to hundreds of compatible smart devices, so you can monitor, manage, and secure your home from anywhere. Simply pair other Samsung SmartThings devices with the Hub and enjoy full control and customization of all your devices via the free Samsung SmartThings app, or even with your voice via Amazon's Alexa service. The hub currently lists for $100, but Amazon has it for 25% off, so you can grab it for just $75. Check it out on Amazon.To read this article in full or to leave a comment, please click here

NVMe and NVMs: What To Expect

An overview of how new protocols impact storage performance.

The products Apple discontinued in 2016

Looking back, moving forwardThe modern-day Apple isn't afraid to stop making a product. The company has its reasons to do so: outdated technology, what it contributes to the bottom line, resource allocation, whatever. And as far as Apple history goes, 2016 may be remembered more for the products Apple discontinued than what the company released.To read this article in full or to leave a comment, please click here

The products Apple discontinued in 2016

Thwarting cybersecurity threats with behavioral analytics in 2017

Companies are investing more money in emerging technologies that can help anticipate and detect a variety of threats, including phishing scams and advanced persistent threats, both of which are weighing heavily on the minds’ of corporate board members. For 2017 CIOs are eyeing tools that use anomaly-detecting analytics and machine learning algorithms to protect their companies’ data.“Our level of investments is increasing because of the increasing capabilities of the threat actors,” says Bob Worrall, CIO of Juniper Networks, who spent 12 percent more on cybersecurity tools in 2016 that he spent in 2015. His budget will increase more in 2017 as he purchases tools to shield Juniper’s corporate data and intellectual property. “As the bad guys get smarter we have to as well.”To read this article in full or to leave a comment, please click here

Thwarting cybersecurity threats with behavioral analytics in 2017

9 technologies that IT needed but didn’t get in 2016

Despite some significant arrivals, 2016 also failed to deliver some long-awaited technologies. And some of what we eagerly ripped the wrapping paper off proved to be a letdown.Here’s a rundown of the gifts IT didn’t get in 2016.Professional-grade 3D printing If you want to print out a stand for your phone or a model for a new product, you can easily find a 3D printer for the office that can do that — as long as you want to print them out in plastic. You can spend more and get a 3D printer that can UV cure resin and make small objects like custom-fit earplugs in about 10 minutes (I watched my ACS Custom in-ear monitor headphones get printed from digital scans of my ear canals earlier this year). Even HP’s $140,000 Multi Jet Fusion printers — promised for this year and offering multi-color printing — only just went on sale, and they still only print nylon. You can prototype a (plastic) circuit board with conductive ink circuits with the Voxel8 Developer Kit, as long as you pause the printing and add the chips by hand.To read this article in full or to leave a comment, please Continue reading

9 technologies that IT needed but didn’t get in 2016

7 IT recruiting predictions for 2017

In 2016, recruiters grappled with an evolving job market, an incredibly competitive hiring landscape, a shortage of IT talent and sky-high salaries for in-demand roles. Those trends are likely to continue into 2017 as recruiters continue to adapt to the this high-demand, low supply hiring landscape, says Dave Morgan, president of IT and engineering for professional recruiting and staffing services firm Addison Group.To read this article in full or to leave a comment, please click here(Insider Story)

Encryption in 2016: Small victories add up

Technology development seems to gallop a little faster each year. But there's always one laggard: encryption. Why the deliberate pace? Because a single, small mistake can cut off communications or shut down businesses.Yet there are times when you take stock—only to discover the encryption landscape seems to have transformed overnight. Now is that time. Although the changes have been incremental over several years, the net effect is dramatic.[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan.15, 2017: Use code 8TIISZ4Z. ] Some of those changes began shortly after Edward Snowden's disclosures of the U.S. government’s extensive surveillance apparatus. Others are the natural result of cryptographic ideas reaching the marketplace, says Brent Waters, an associate professor at the University of Texas at Austin and the recipient of the Association for Computing Machinery’s 2015 Grace Murray Hopper Award.To read this article in full or to leave a comment, please click here

Encryption in 2016: Small victories add up

SoftBank invests $1.2 billion in the OneWeb satellite network

We now know at least one recipient of Masayoshi Son's massive $50 billion investment for the U.S. He ponied up $1.2 billion for OneWeb, the global satellite project for worldwide internet coverage. OneWeb is a project from English entrepreneur Richard Branson. The goal is to put as many as 2,400 small satellites in low orbit to provide complete global coverage for broadband internet access in many places where it's not available. According to SpaceNews, that number has been reduced to 900. To read this article in full or to leave a comment, please click here

5 reasons to automate your network

AutomationImage by ThinkstockThere’s no doubt about it, networks are becoming increasingly complex, and between connecting to high-powered data centers, spinning up cloud deployments and ensuring constant connectivity – all while keeping costs down – IT teams are feeling the pressure. So, how can they do it all, do it well and keep within a tight budget? Automation.To read this article in full or to leave a comment, please click here

How I Started Hating Automatic Context Switching in Cisco IOS

Here’s a trick question:

Imagine you have a network running IPv4 and VPNv4 services;
You want to use neighbor next-hop-self on IPv4 sessions, but not on VPNv4 sessions;

To implement this request you use the following configuration commands (plenty of other commands removed because they don’t impact the results):

router bgp 64500
 address-family ipv4
  maximum-paths ibgp 32
  maximum-paths 32
  neighbor 192.168.0.4 next-hop-self
  neighbor 192.168.0.1 next-hop-self
 address-family vpnv4
  maximum-paths ibgp 32
  maximum-paths 32
  no neighbor 192.168.0.4 next-hop-self
  no neighbor 192.168.0.1 next-hop-self

Try to figure out what the end-result will be without connecting to a router or reading the rest of this blog post.

Ok, here’s what totally threw me off (and wasted an hour of my life): next-hop-self is removed from neighbors in the IPv4 address family. Here’s why:

There is no maximum-paths ibgp command in VPNv4 address family;
The moment you enter maximum-paths ibgp command the configuration parser exits the address-family vpnv4 context and enters router bgp context;
Because the ipv4 address family is the default context within router bgp (for legacy reasons) all the subsequent commands are executed within the address-family ipv4 context removing next-hop self from neighbors in IPv4 address family.

No wonder David Barroso named his library NAPALM (you’ll find the full story in this or this podcast).

Lenovo’s popular ThinkPads speed up with Intel’s Kaby Lake chips

Lenovo is starting its CES party a bit early, announcing new and upgraded ThinkPad laptops and a 2-in-1 with Intel's new Kaby Lake chips and a slew of new features. The new ThinkPads are getting better screens, faster DDR4 memory and more storage capacity. Features like USB-C ports, optional LTE connectivity, precision touchpads and optional infrared cameras for Windows Hello are being offered across the ThinkPad X, L and T series. Lenovo also introduced the ThinkPad Yoga 370 2-in-1, which is the first model in the brand with a 13.3-inch HD screen and a Thunderbolt 3 port. The upgraded products are mainly workhorse ThinkPads, but Lenovo is also expected to separately announce flashier laptops and 2-in-1s at CES.To read this article in full or to leave a comment, please click here

« Previous 1 … 2,378 2,379 2,380 2,381 2,382 … 3,791 Next »