Upcoming Event: Network Automation Workshop

I spent most of last year developing SDN-related content, resulting in pretty successful 2-day workshop and 20+ hours of online content. However, I fully agree with Matt Oswalt that network automation matters even more than lofty centralized ideas, so it was time to focus on that area.

As always, the easiest way to push yourself is to commit to a deadline, so I agreed to do a network automation workshop during the Troopers 16 event. Here’s what it will cover:

Read more ...

Study of another IP camera reveals serious problems

An in-depth analysis of yet another Internet-connected security camera has revealed a host of software problems.Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola's Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.They found they could take control of the camera remotely and control its movement, redirect the video feed and figure out the password for the wireless network the device is connected to.One attack exploits a cross-site request forgery problem. It was possible to scan for camera connected to the Internet and then get a reverse root shell.To read this article in full or to leave a comment, please click here

Lawfare thinks it can redefine π, and backdoors

There is gulf between how people believe law to work (from watching TV shows like Law and Order) and how law actually works. You lawyer people know what I'm talking about. It's laughable.

The same is true of cyber: there's a gulf between how people think it works and how it actually works.

This Lawfare blogpost thinks it's come up with a clever method to get their way in the crypto-backdoor debate, by making carriers like AT&T responsible only for the what ("deliver interpretable signal in response to lawful wiretap order") without defining the how (crypto backdoors, etc.). This pressure would come in the form of removing current liability protections they now enjoy for not being responsible for what customers transmit across their network. Or as the post paraphrases the proposal:
Don’t expect us to protect you from liability for third-party conduct if you actively design your systems to frustrate government efforts to monitor that third-party conduct.
The post is proud of its own smarts, as if they've figured out how to outwit mathematicians and redefine pi (π). But their solution is nonsense, based on a hopelessly naive understanding of how the Internet works. It appears all Continue reading

Cisco-Jasper deal should make enterprise IoT safer

Cisco Systems' planned US$1.4 billion acquisition of Jasper Technologies could make it easier for enterprises to build businesses around services instead of products. While the Internet of Things includes sensors and devices that enterprises can use to better run their operations and cut costs, it can also give them whole new business models. Much of Jasper's business is connecting the products companies make to mobile networks. It sits between enterprises and mobile operators, doing the complicated work of tying IoT applications to network connections. Cisco builds a lot of the gear on the network side of that equation, plus higher-level smarts like analytics on the other end that can make IoT more effective and profitable. Bringing their capabilities together will simplify deployments that currently involve lots of different companies and pieces of software, the companies say.To read this article in full or to leave a comment, please click here

Comodo to fix major flaw in knock-off Chrome browser

Comodo will release an update Wednesday to fix a serious vulnerability in its web browser, which it markets as a way for users to enhance their security.Google engineer Tavis Ormandy found that the company's Chromodo browser disables the "same origin policy," one of the most basic tenets of web security, according to a writeup.To read this article in full or to leave a comment, please click here

Cisco Puts Storage into ‘Beast’ Mode

Cisco this week says it fortified its SAN switching lineup for the next 10 years. The company launched the MDS 9718 – or “the beast” as it was referred to internally -- a high port density, programmable director that’s ready for 32G.The switch supports 10G, 16G, 40G today, and with future support for 32G Cisco claims it should be around for the next decade. FibreChannel tops out at 16G today.It scales to 768 line rate 16G FibreChannel or 10G FibreChannel-over-Ethernet (FCoE) ports, or 384 40G FCoE. Brocade's DCX 8510, by contrast, supports up to 512 16G FC.To read this article in full or to leave a comment, please click here

As 5G approaches, 3G and 4G are still getting faster

Most of the excitement at Mobile World Congress this month will be about 5G, which won't officially exist until 2020. But vendors will also be showing off new ways to speed up the networks people are using now.That means more than 4G, because while LTE gets a lot of press, older services are more common than you might think. Just over half of the world's mobile subscriptions (51 percent) are for 2G service only, according to Tolaga Research analyst Phil Marshall. Almost one-third are limited to 3G, while only 15 percent are 4G. Even in 2020, only 48 percent of subscriptions will be for 4G.Some users are stuck on a slower network because they haven't upgraded to a faster phone, and some of those 2G-only subscriptions are for connected machines that don't need any more speed. But there are a lot of mobile users who could use a performance bump even before 5G comes along.To read this article in full or to leave a comment, please click here

BleepingComputer under free speech attack as SpyHunter makers sue over bad review

BleepingComputer is a valuable asset to the Internet, in my opinion, as it is often one of the first sites to warn of newly reported ransomware; volunteer security professionals also regularly provide answers to any number of other computer questions. Yet BleepingComputer is seriously under fire for daring to engage in free speech as Enigma Software is suing the site over a negative review of Enigma’s flagship anti-malware program SpyHunter.To read this article in full or to leave a comment, please click here

Google Fiber to be free for select affordable housing residents

Google Fiber on Wednesday announced free gigabit Internet service to residents of selected public housing projects connected to its fiber optic service in U.S. cities.The program was launched at West Bluff, an affordable housing community in Kansas City, Mo., where 100 homes have been connected to Google Fiber. Across the Kansas City area, Google is now working with affordable housing providers to connect as many as nine properties that could reach more than 1,300 local families.Google described the program as an extension of its work with ConnectHome, an initiative of the U.S. Department of Housing and Urban Development (HUD) and the Obama administration.To read this article in full or to leave a comment, please click here

Flaws in smart toy back-end servers puts kids and their families at risk

Over the past two years security researchers have shown that many Internet-connected "smart" devices have not been designed with security in mind. This also seems to be the case for their back-end systems.The latest example are flaws found in the Web services operated by smart-toy makers which could expose children's personal information and location.Researchers from security firm Rapid7 found serious vulnerabilities in the Web application programming interfaces (APIs) used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.In the case of Smart Toy devices, the researchers found that the manufacturer's Web service did not properly validate request senders. Through the exposed APIs, they could enumerate all customers and find their toy ID, name, type and associated child profile; they could access all children's profiles, including their names, birth dates, gender and spoken languages; they could find out when a parent or child is interacting with their toy and could associate someone's toy with a different account, effectively hijacking it.To read this article in full or to leave a comment, please click here

CloudFlare’s Impact On The HTTP/2 “Universe”

CloudFlare released HTTP/2 support for all customers on December 3rd, 2015. Now, two months later, it's time to take a look at the impact of this release on the HTTP/2 "universe" and also at what has changed from a HTTP/2 vs. SPDY vs. HTTP 1.1 traffic ratio perspective.

HTTP/2 Usage

Previously, we showcased browser market share data from our own website. Using these numbers, we predicted the ratio of HTTP/2 traffic that we expected to see once enabled. Now, we can compare this original data set with updated data from the last 48 hours.

Below is the market share of HTTP/2 capable browsers that we saw on our website during a 48 hour period. The first one was before our HTTP/2 launch, the other one was last week. Both data sets were pulled from Google Analytics, and user agents were analyzed for HTTP/2 support.

HTTP/2 capable browser Global Market Share Late Nov 2015 Global Market Share Late Jan 2016
IE 11 on Windows 10 0.14% 0.34%
Edge 12, and 13 0.35% 0.48%
Firefox 36 - 45 5.09% 11.05%
Chrome 41 - 49 15.06% 38.86%
Safari 9 0.91% 2.69%
Opera Continue reading

A Case Study: WordPress Migration for Shift.ms

The case study presented involves a migration from custom database to WordPress. The company with the task is Valet and it has a vast portfolio of previously done jobs that included shifts from database to WordPress, multisite-to-multisite, and multisite to single site among others. The client is Shift.ms.

Problem

The client, Shift.ms, presented a taxing problem to the team. Shift.ms had a custom database that they needed migrated to WordPress. They had installed a WordPress/BuddyPress and wanted their data moved into this new installation. All this may seem rather simple. However, there was one problem; the client had some data in the newly installed WordPress that they intended to keep.

Challenges

The main problem was that the schema for the database and that of WordPress are very different in infrastructure. The following issues arose in an effort to deal with the problem:

IRS Scam: 5,000 victims cheated out of $26.5 million since 2013

The Internal Revenue Service says that aggressive and threatening phone calls by criminals impersonating IRS agents continues to plague taxpayers.The Treasury Inspector General for Tax Administration in January said it has received reports of roughly 896,000 contacts since October 2013 and have become aware of over 5,000 victims who have collectively paid over $26.5 million as a result of the scam.+More on Network World: CIA details agency’s new digital and cyber espionage focus+“The phone fraud scam has become an epidemic, robbing taxpayers of millions of dollars of their money,” said J. Russell George, the Treasury Inspector General for Tax Administration in a statement. “We are making progress in our investigation of this scam, resulting in the successful prosecution of some individuals associated with it over the past year.”To read this article in full or to leave a comment, please click here

Advanced VMware NSX Security Services with Check Point vSEC

VMware NSX provides an integrated Distributed Firewall (DFW), which offers L2-L4 security at the vNIC level and protects East-West traffic, and an Edge Firewall provided by the Edge Services Gateway (ESG), which offers L2-L4 security at the edge and protects North-South traffic in and out of the Software Defined Data Center (SDDC).

Figure 1: VMware NSX DFW and Edge Firewall Logical Design Example

Figure 1: VMware NSX DFW and Edge Firewall Logical Design Example

The DFW is a kernel-level module and allows for enhanced segmentation and security across a virtualized environment. DFW enables a distributed security architecture allowing for micro-segmentation.

In addition to the DFW and ESG Firewall, there are many third party integrations with well-known security partners such as Check Point and Palo Alto Networks. In this blog, we’ll focus on the Check Point vSEC solution for NSX. For a complete list of security partner solutions and more information, see the supported NSX third party security products on the VMware NSX Technical Partners Webpage.

For this blog, the following VMware and Check Point components and corresponding versions are used:

  • VMware vSphere 5.5
  • VMware vCenter 5.5
  • VMware NSX 6.1.4
  • Check Point Management Server R77.30
  • Check Point SmartConsole R77.30
  • Check Point vSEC Controller R77.30
  • Check Point Continue reading
1 3,009 3,010 3,011 3,012 3,013 3,696