Scalability of OpenFlow Control Plane Network

This article was initially sent to my SDN mailing list. To register for SDN tips, updates, and special offers, click here.

I got an interesting question from one of my readers:

If every device talking to a centralized control plane uses an out-of-band channel to talk to the OpenFlow controller, isn’t this a scaling concern?

A year or so ago I would have said NO (arguing that the $0.02 CPU found in most networking devices is too slow to overload a controller or reasonably-fast control-plane network).

Long Distance vMotion Is A Dumpster Fire

In this screencast, I go on a rant about why long-distance vMotion is a dumpster fire. Seriously, don’t do it.

Prayer Time at the Austin Summit

A large portion of the OpenStack community is gathered in Austin this week for the Spring 2016 OpenStack Summit. As I’ve done at previous Summits (and other events), I’m offering to gather with other Christian believers for a brief time of prayer in the mornings before the sessions kick off each day.

Normally I get these arranged much earlier, so I apologize for not getting this out there sooner. That being said, if you’re a Christian and interested in gathering for a brief time of prayer, we will be meeting outside the Austin Convention Center at 8:30 am. We’ll meet along East 4th Street, on the convention center side of the Downtown Station.

Anyone is welcome to join us, but please note that this will be a distinctly Christian-focused and Christ-centered event.

You don’t need to RSVP or let me know you’ll be there; just feel free to stop by. I hope to see you there!

iPhone 7 Rumor Rollup: Analyst buzzkill; all glass, all the time; cool iOS 10 concept video

A reminder not to put Barclays analyst Mark Moskowitz on your A List if you plan to have an iPhone 7 party – though you might want to put him at the top of the list for the iPhone 8 in 2017.The market watcher has issued a note to investors this week, according to Fortune, in which he says the iPhone 7 smartphone that Apple will reportedly launch later this year will be devoid of “any must-have form factor changes” compared to the iPhone 6s.MORE: Best iPhone 7 Design Concepts of 2016To read this article in full or to leave a comment, please click here

IPSpace

I will be presenting as part of a new online class at IPSpace.net. Check here for details.

The post IPSpace appeared first on 'net work.

Personal info of all 94.3 million Mexican voters publicly exposed on Amazon

On April 14, MacKeeper security researcher Chris Vickery discovered another misconfigured MongoDB, but this time the database contained the full names, addresses, birth dates and voter registration numbers for every Mexican voter. The database containing personal information on 93.4 million Mexican voters was hosted on an Amazon cloud server with “no password or any authentication of any sort” to protect it. And it has been publicly accessible since September 2015, according to Salted Hash’s Steve Ragan; although it is unknown how many people besides Vickery accessed the records.To read this article in full or to leave a comment, please click here

Personal info of all 94.3 million Mexican voters publicly exposed on Amazon

On April 14, MacKeeper security researcher Chris Vickery discovered another misconfigured MongoDB, but this time the database contained the full names, addresses, birth dates and voter registration numbers for every Mexican voter. The database containing personal information on 93.4 million Mexican voters was hosted on an Amazon cloud server with “no password or any authentication of any sort” to protect it. And it has been publicly accessible since September 2015, according to Salted Hash’s Steve Ragan; although it is unknown how many people besides Vickery accessed the records.To read this article in full or to leave a comment, please click here

Analyzing real WordPress hacking attempts

In my last few posts I’ve pondered the issue of how insecure WordPress installations have become. Here’s an interesting thing to try if you run a Wordpress site; install the 404 to 301 plugin and in its settings check the “Email notifications” option and enter an email address in the “Email address” field. Now, whenever a nonexistent URL is requested, you’ll get notified and, at least for me, it’s been pretty interesting to see how hackers attempt to enter my WordPress installations. To read this article in full or to leave a comment, please click here

Analyzing real WordPress hacking attempts

In my last few posts I’ve pondered the issue of how insecure WordPress installations have become. Here’s an interesting thing to try if you run a Wordpress site; install the 404 to 301 plugin and in its settings check the “Email notifications” option and enter an email address in the “Email address” field. Now, whenever a nonexistent URL is requested, you’ll get notified and, at least for me, it’s been pretty interesting to see how hackers attempt to enter my WordPress installations. To read this article in full or to leave a comment, please click here

Question: How did hackers steal $81 million? Answer: Pretty easily.

One of the peculiar things about computer security is how much the topic is written about and discussed (a huge amount) compared to how much is actually done (always less than you think). But what’s really peculiar is that enterprises, which you’d think would have better security than organizations in, say, the SMB space, often have serious security deficiencies. Case in point: The Bangladesh Central Bank.In February this year, hackers managed to get into the Bangladesh Central Bank’s network and acquired the bank’s SWIFT credentials, codes that authorize interbank transfers. The hackers then used the credentials four times to transfer some $81 million to various accounts in the Philippines and Sri Lanka via the New York Federal Reserve but on the fifth attempt, the hackers misspelled the receiving account’s name (they spelled “Shalika Foundation” as Shalika “Fandation”)(du’oh). To read this article in full or to leave a comment, please click here

Question: How did hackers steal $81 million? Answer: Pretty easily.

One of the peculiar things about computer security is how much the topic is written about and discussed (a huge amount) compared to how much is actually done (always less than you think). But what’s really peculiar is that enterprises, which you’d think would have better security than organizations in, say, the SMB space, often have serious security deficiencies. Case in point: The Bangladesh Central Bank.In February this year, hackers managed to get into the Bangladesh Central Bank’s network and acquired the bank’s SWIFT credentials, codes that authorize interbank transfers. The hackers then used the credentials four times to transfer some $81 million to various accounts in the Philippines and Sri Lanka via the New York Federal Reserve but on the fifth attempt, the hackers misspelled the receiving account’s name (they spelled “Shalika Foundation” as Shalika “Fandation”)(du’oh). To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — April 22, 2016

Here are the top stories SDxCentral wrangled this week related to SDN, NFV, cloud, and virtualization infrastructure: Verizon Publishes an SDN/NFV Reference Architecture — We can’t let AT&T have all the fun. On the heels of Ma Bell’s Ecomp specification, Verizon lays down some SDN/NFV knowledge of its own. A bit of Friday fun from the NFV World Congress. How... Read more →

US no longer requires Apple’s help to crack iPhone in New York case

The U.S. no longer requires Apple’s assistance to unlock an iPhone 5s phone running iOS 7 used by the accused in a drug investigation, stating that an “individual provided the passcode to the iPhone at issue in this case.” The Department of Justice has withdrawn its application in the U.S. District Court for the Eastern District of New York. DOJ  had earlier appealed to District Judge Margo K. Brodie an order from Magistrate Judge James Orenstein, ruling that Apple could not be forced to provide assistance to the government to extract data from the iPhone 5s.To read this article in full or to leave a comment, please click here

US no longer requires Apple’s help to crack iPhone in New York case

The U.S. no longer requires Apple’s assistance to unlock an iPhone 5s phone running iOS 7 used by the accused in a drug investigation, stating that an “individual provided the passcode to the iPhone at issue in this case.” The Department of Justice has withdrawn its application in the U.S. District Court for the Eastern District of New York. DOJ  had earlier appealed to District Judge Margo K. Brodie an order from Magistrate Judge James Orenstein, ruling that Apple could not be forced to provide assistance to the government to extract data from the iPhone 5s.To read this article in full or to leave a comment, please click here

Mininet-WiFi: Software defined network emulator supports WiFi networks

Mininet-WiFi is a fork of the Mininet SDN network emulator. The Mininet-WiFi developers extended the functionality of Mininet by adding virtualized WiFi stations and access points based on the standard Linux wireless drivers and the 80211_hwsim wireless simulation driver. They also added classes to support the addition of these wireless devices in a Mininet network scenario and to emulate the attributes of a mobile station such as position and movement relative to the access points.

The Mininet-WiFi extended the base Mininet code by adding or modifying classes and scripts. So, Mininet-WiFi adds new functionality and still supports all the normal SDN emulation capabilities of the standard Mininet network emulator.

In this post, I describe the unique functions available in the Mininet-WiFi network emulator and work through a few tutorials exploring its features.

How to read this post

In this post, I present the basic functionality of Mininet-WiFi by working through a series of tutorials, each of which works through Mininet-WiFi features, while building on the knowledge presented in the previous tutorial. I suggest new users work through each tutorial in order.

I do not attempt to cover every feature in Mininet-WiFi. Once you work through the tutorials in this post, Continue reading

Facebook bug hunter stumbles on backdoor left by… another bug hunter

When Orange Tsai set out to participate in Facebook's bug bounty program in February, he successfully managed to gain access to one of Facebook's corporate servers. But once in, he realized other hackers had beaten him to it.Tsai thought he had stumbled on some malicious activity in Facebook's network. But, according to a statement from Facebook on Friday, what he found was something else.Tsai, a consultant with Taiwanese penetration testing outfit Devcore, had started by mapping Facebook's online properties, which extend beyond user-facing services like facebook.com or instagram.com.One server that caught his attention was files.fb.com, which hosted a secure file transfer application made by enterprise software vendor Accellion and was presumably used by Facebook employees for file sharing and collaboration.To read this article in full or to leave a comment, please click here

Facebook bug hunter stumbles on backdoor left by… another bug hunter

When Orange Tsai set out to participate in Facebook's bug bounty program in February, he successfully managed to gain access to one of Facebook's corporate servers. But once in, he realized other hackers had beaten him to it.Tsai thought he had stumbled on some malicious activity in Facebook's network. But, according to a statement from Facebook on Friday, what he found was something else.Tsai, a consultant with Taiwanese penetration testing outfit Devcore, had started by mapping Facebook's online properties, which extend beyond user-facing services like facebook.com or instagram.com.One server that caught his attention was files.fb.com, which hosted a secure file transfer application made by enterprise software vendor Accellion and was presumably used by Facebook employees for file sharing and collaboration.To read this article in full or to leave a comment, please click here

The Ethernet community is working to introduce six new rates in the next 3 years

In its first 27 years of existence we saw the introduction of six Ethernet rates – 10Mbps, 100Mbps, 1Gbps, 10Gbps 40Gbps and 100Gbps.  And the Ethernet community is now working feverously to introduce six new rates -- 2.5Gbps, 5Gbps, 25Gbps 50Gbps, 200Gbps and 400Gbps-- in the next three years. Higher Ethernet rates used to be introduced when industry bandwidth requirements drove the need for speed.  Butwith Ethernet’s success, it soon became apparent that one new advance could satisfy the requirements of each Ethernet application space.  This was clearly illustrated nearly 10 years ago when it was recognized that computing and networking were growing at different rates.   This led to 40Gbps being selected as the next rate for servers beyond 10Gbps, while 100Gbps was selected as the next networking rate.   To read this article in full or to leave a comment, please click here

The Ethernet community is working to introduce six new rates in the next 3 years

In its first 27 years of existence we saw the introduction of six Ethernet rates – 10Mbps, 100Mbps, 1Gbps, 10Gbps 40Gbps and 100Gbps.  And the Ethernet community is now working feverously to introduce six new rates -- 2.5Gbps, 5Gbps, 25Gbps 50Gbps, 200Gbps and 400Gbps-- in the next three years. Higher Ethernet rates used to be introduced when industry bandwidth requirements drove the need for speed.  Butwith Ethernet’s success, it soon became apparent that one new advance could satisfy the requirements of each Ethernet application space.  This was clearly illustrated nearly 10 years ago when it was recognized that computing and networking were growing at different rates.   This led to 40Gbps being selected as the next rate for servers beyond 10Gbps, while 100Gbps was selected as the next networking rate.   To read this article in full or to leave a comment, please click here

The Ethernet community is working to introduce six new rates in the next 3 years