Cool New Networking Products At Interop 2016
Vendors debut cloud-managed network management, Wave 2 access points, and more at this year's Interop.
Vendors debut cloud-managed network management, Wave 2 access points, and more at this year's Interop.
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13.
It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the “old days”, it has no name except CVE-2016-2107. (I call it LuckyNegative201)
It’s a wonderful example of a padding oracle in constant time code, so we’ll dive deep into it. But first, two quick background paragraphs. If you already know all about Lucky13 and how it's mitigated in OpenSSL jump to "Off by 20" for the hot and new.
If, before reading, you want to check that your server is safe, you can do it with this one-click online test.
Very long story short, the CBC cipher suites in TLS have a design flaw: they first compute the HMAC of the plaintext, then encrypt plaintext || HMAC || padding || padding length
using CBC mode. The receiving end is then left with the uncomfortable task of decrypting the message and checking HMAC and padding without revealing the padding length in any way. If they do, we call Continue reading
In honor of Star Wars Day, we asked speakers at Interop Las Vegas about their favorite sci-fi flicks.
I have stumbled upon a recent post from Greg Ferro on Ethrealmind, the post is titled SDN is not an innovation, it’s an iteration. I actually wanted to share this post because it kind of puts things into prespective. The word innovate refers to creating something that is new and disruptive. Innovations needs to come …
The post SDN is an Iteration that will Lead Innovations appeared first on Networkers-online.com.
I’m presenting at two Data Center Interest Group Switzerland events organized by Gabi Gerber in Zurich in early June:
I hope to see you in Zurich in a bit more than a month!
Observations and highlights from the second day of Interop Las Vegas 2016.