Palo Alto Integration with Cisco ACI and OpenStack on Software Gone Wild

A while ago Christer Swartz explained how a Palo Alto firewall integrates with VMware NSX. In the meantime, Palo Alto announced integration with Cisco ACI and OpenStack, and it was time for another podcast with Christer deep-diving into the technical details of these integrations.

Spoiler: It’s not OpFlex. For more details, listen to Episode 53 of Software Gone Wild

Reddit’s removal of ‘warrant canary’ could hint at US demand for its user data

Reddit has removed a notice, known as a warrant canary, from its transparency report for 2015, suggesting that it may have received a secret national security order for user data.The removal of the warrant canary is a reminder to users that their online communications could be the target of investigators.The most controversial of the orders is the National Security Letter, which gives the government the authority to compel the production of customer records held by telephone companies, Internet service providers and other electronic communications service providers.Companies, who have been asked for user data by the government, are usually served the requests under a “gag order” that prohibits them from disclosing the request for data.To read this article in full or to leave a comment, please click here

Building Web front end for Python scripts with Flask

Recently I revived my relationship with Python in an effort to beat routine tasks appearing here and there. So I started to write some pocket scripts and, luckily, was not the only one on this battlefield – my colleagues also have a bunch of useful scripts. With all those pieces of code sent in email, cloned from repos, grabbed on network shares

CloudFlare aims to block fewer legitimate Tor users

CloudFlare is tweaking its systems to make it easier for legitimate Tor users to access websites that use its network to deliver content.Tor users have complained that CloudFlare-powered websites too frequently display CAPTCHAs, a security gate designed to stop automated web bots and abuse. CAPTCHAs are the squiggly text or puzzles you have to solve to prove you're a real human.The problem is that many computers employing Tor are engaged in abusive activity, resulting in CloudFlare displaying CAPTCHAs when it detects a computer using the Tor network.Legitimate Tor users thus have a poor browsing experience given the wide use of CloudFlare's CDN.To read this article in full or to leave a comment, please click here

‘No viruses! Honest!’

These "free USB sticks" were left for the taking in our break room here at Network World headquarters.And, even though I’m reasonably certain I know who left them, there’s no way I’m falling for the old “No viruses! Honest!” trick. To read this article in full or to leave a comment, please click here

FCC votes for strict new broadband privacy rules

The U.S. Federal Communications Commission has taken a major step toward new regulations requiring ISPs to get customer permission before using or sharing their Web-surfing history and other personal information.The FCC voted 3-2 Thursday to approve a notice of proposed rule-making, or NPRM, the first step toward passing new regulations, over the objections of the commission's two Republicans.The proposed rules, which will now be released for public comment, require ISPs to get opt-in permission from customers if they want to use their personal information for most reasons besides marketing their own products.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What is the future of mobile communications app security

We are well on our way to a world where communications traffic between mobile apps will be completely secure. Whether voice or text, monitored traffic will be encrypted and uncrackable, even with the cooperation of the app or device developers.A recent example, Facebook’s WhatsApp is reportedy causing law enforcement concern, as it appears to be impervious to decryption efforts. Government legislation forcing vendors to incorporate some type of backdoor password seems to be the only alternative to living with this new reality, but legislation may be unenforceable in the international context of app development and distribution.To read this article in full or to leave a comment, please click here

Hackers can abuse the iOS mobile device management protocol to deliver malware

Starting with iOS 9, Apple has tried to make it harder for attackers to trick users into installing unauthorized apps on their devices by abusing stolen enterprise certificates. However, it left one door open that attackers can still exploit: the protocol used by mobile device management products.In a presentation at the Black Hat Asia security conference on Friday, researchers from Check Point Software Technologies will demonstrate that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices with little user interaction.Apple's tight control over the iOS App Store has made it hard, but not impossible, for attackers to infect iOS devices with malware.To read this article in full or to leave a comment, please click here

New wireless tech from MIT promises password-free Wi-Fi

New wireless technology developed by researchers at MIT's Computer Science and Artificial Intelligence Lab promises to kill the Wi-Fi password at last.Dubbed Chronos, the new system enables a single Wi-Fi access point to locate users to within tens of centimeters without relying on any external sensors. What that means is that it could figure out where people are in a home or office and adjust heating and cooling accordingly. It could also enable a small cafe to better restrict its free Wi-Fi to paying customers. Existing Wi-Fi devices don’t have wide enough bandwidth to measure the "time of flight" of a signal from transmitter to receiver, or router to device, so typically a person's position can be determined only by triangulating multiple angles relative to the person from multiple access points.To read this article in full or to leave a comment, please click here

Skyport Systems and The Zero Trust DC

Skyport Systems offers a trusted computing platform to securely host virtual machines. Big deal? Well, maybe more than it seems at first glance.

Skyport Systems

I was sitting in some Juniper training last week being told about their Zero Trust security capabilities (referred to in VMWare NSX terminology as micro-segmentation), and as I listened I started thinking about zero trust in the wider context of who can be relied upon when it comes to software, and even the hardware on which it runs.

Software Issues

Let’s face it, the events of the the last few years have brought to light for Americans that far from a need to fear what other nation states might be willing to do to get access to our data, the real threat may lie within. Juniper was in the news at the end of last year after the announcement that ScreenOS contained unauthorized code suspected of being planted there by the NSA. And then in January 2016, Juniper announced that ScreenOS would be dropping the NSA-developed Dual_EC_DRBG random number generator which perhaps coincidentally has a known weakness in it, a vulnerability that was made even worse by an implementation change in ScreenOS to use a larger Continue reading