IDG Contributor Network: Hundreds of cloud apps still vulnerable to DROWN

If you have even a passing interest in security vulnerabilities, there’s no chance that you missed the news about the DROWN vulnerability. It’s one of the biggest vulnerabilities to hit since Heartbleed, potentially impacting a third of all HTTPS websites. By exploiting the obsolete SSLv2 protocol, this flaw makes it possible for an attacker to eavesdrop on a TLS session.Because we use SSL and TLS encryption to shop, send messages, and send emails online, DROWN potentially allows attackers to access our messages, passwords, credit card details, and other sensitive data.To read this article in full or to leave a comment, please click here

Label Switched Multicast – Configuration

In the previous post (Label Switched Multicast – An Introduction) in this series on Label Switched Multicast (LSM) I introduced the concepts behind LSM and draft-rosen, the two most poplar methods for transporting multicast traffic through MPLS Layer 3 VPNs.

In this article I will talk through the configuration of LSM on the PE and P routers and get to the point where two CEs are successfully passing multicast traffic via the MPLS network. All of the configuration examples will be relevant to Cisco IOS.

As was the case in the introduction article in the series, it’s best if you already have a good understanding of multicast and MPLS before reading this article.

At the end of this article you’ll be able to start configuring your own LSM environment using the configuration samples here as a template.

To the CLI!

Configuring the Provider Network

In order to keep this post on point, I’m going to start on the basis that basic routing, LDP and MP-BGP are already configured and that unicast traffic is successfully flowing between all CEs.

The basic topology being used here is the same as the one in the introduction post:

Sample LSM Topology
Sample LSM Topology

Within the Continue reading

Google warns of Android flaw used to gain root access to devices

An application that allows users to gain full control -- root access -- over their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.The bug was originally fixed in the Linux kernel in April 2014, but wasn't flagged as a vulnerability until February 2015 when its security implications were understood and it received the CVE-2015-1805 identifier. Even then, the fix did not get ported to Android, which is based on the Linux kernel.It wasn't until Feb. 19 that researchers from a security outfit called C0RE Team notified Google that the vulnerability could be exploited on Android in order to achieve privilege escalation -- the execution of code with the privileges of the root account.To read this article in full or to leave a comment, please click here

Google to bring Internet to unconnected Cuba

Google has set a deal to bring Wi-Fi and broadband connectivity to Cuba, but some are already wondering how much information and access will freely flow to the Cuban people.President Obama and his family are in Cuba this week. It's the first time a U.S. president has visited Cuba in 88 years.In an interview with ABC News anchor David Muir that aired on Monday, the president addressed the fact that only 5% of homes in Cuba have access to the Internet, one of the lowest rates in the world.To read this article in full or to leave a comment, please click here

There’s no conspiracy behind the FBI-v-Apple postponement

The FBI says it may have found another way to get data off an iPhone, and thus asked to postpone a hearing about whether Apple can be forced to do it. I thought I'd write a couple of comments. Specifically, people are looking for reasons to believe that the FBI, or Apple, or both are acting in bad faith, and that everything that happens is some sort of conspiracy. As far as I can tell, all evidence is that they are acting in good faith.

Orin Kerr writes:
If that happens, neither side will look good in the short term. The FBI won’t look good because it went to court and claimed it had no alternatives when an alternative existed. The whole case was for nothing, which will raise suspicions about why the government filed the case and the timing of this new discovery. But Apple won’t look good either. Apple claimed that the sky would fall if it had to create the code in light of the risk outsiders might steal it and threaten the privacy of everyone. If outsiders already have a way in without Apple’s help, then the sky has already fallen. Apple just didn’t know Continue reading

FBI says it may have found a way to unlock shooter’s iPhone

The FBI says it may have discovered a way to break into the iPhone used by one of the San Bernardino mass shooters, and an important court hearing in the case that was scheduled for Tuesday has been postponed. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone," lawyers for the government said in a court filing Monday afternoon, referring to the shooter Syed Farook. "Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple set forth in the All Writs Act Order in this case," the government lawyers wrote.To read this article in full or to leave a comment, please click here

Tor Project says it can quickly catch spying code

The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.To read this article in full or to leave a comment, please click here

Cisco reorganizes engineering in a big way; veteran Ahuja out

Cisco, which kicked off 2016 with news that the leader of its engineering troops would soon be leaving the company, has now undertaken a major reorganization of that same group and disclosed another high-profile departure.The company announced internally that the moves, designed to better align engineering with Cisco business priorities under new-ish CEO Chuck Robbins, include the exit of 18-year veteran and Service Provider leader Kelly Ahuja. Cisco did not say where Ahuja might be headed, but did say he will be replaced by Yvette Kanouff, who will lead an expanded Service Provider organization. Kanouff joined Cisco in 2014 from Cablevision and has been Cisco's SVP and GM, Cloud Solutions.To read this article in full or to leave a comment, please click here

Cisco reorganizes engineering in a big way; veteran Ahuja out

Cisco, which kicked off 2016 with news that the leader of its engineering troops would soon be leaving the company, has now undertaken a major reorganization of that same group and disclosed another high-profile departure.The company announced internally that the moves, designed to better align engineering with Cisco business priorities under new-ish CEO Chuck Robbins, include the exit of 18-year veteran and Service Provider leader Kelly Ahuja. Cisco did not say where Ahuja might be headed, but did say he will be replaced by Yvette Kanouff, who will lead an expanded Service Provider organization. Kanouff joined Cisco in 2014 from Cablevision and has been Cisco's SVP and GM, Cloud Solutions.To read this article in full or to leave a comment, please click here

Label Switched Multicast — Configuration

In the previous post (Label Switched Multicast - An Introduction) in this series on Label Switched Multicast (LSM) I introduced the concepts behind LSM and draft-rosen, the two most poplar methods for transporting multicast traffic through MPLS Layer 3 VPNs.

In this article I will talk through the configuration of LSM on the PE and P routers and get to the point where two CEs are successfully passing multicast traffic via the MPLS network. All of the configuration examples will be relevant to Cisco IOS.

As was the case in the introduction article in the series, it's best if you already have a good understanding of multicast and MPLS before reading this article.

At the end of this article you'll be able to start configuring your own LSM environment using the configuration samples here as a template.

To the CLI!

Using Docker Machine with AWS

As part of a broader effort (see the post on my 2016 projects) to leverage public cloud resources more than I have in the past, some Docker Engine-related testing I’ve been conducting recently has been done using AWS EC2 instances instead of VMs in my home lab. Along the way, I’ve found Docker Machine to be quite a handy tool, and in this post I’ll share how to use Docker Machine with AWS.

By and large, using Docker Machine with AWS is pretty straightforward. You can get an idea of what information Docker Machine needs by running docker-machine create -d amazonec2 --help. (You can also view the documentation for the AWS driver specifically.) The key pieces of information you need are:

  • --amazonec2-access-key: This is your AWS access key. Docker Machine can read it from the $AWS_ACCESS_KEY_ID environment variable, or—if you have the AWS CLI installed—Docker Machine can read it from there.
  • --amazonec2-secret-key: This is your AWS secret key. As with the AWS access key, Docker Machine can read this from an environment variable ($AWS_SECRET_ACCESS_KEY) or from the AWS CLI credentials file (by default, found in ~/.aws/credentials).
  • --amazonec2-region: The AWS driver defaults to Continue reading

Hyper-connected cars can drive you to paranoia

This sounds like an ugly thing for a ham radio operator and director of a community radio station to say but: Clip your car’s antenna. Or stuff a wad of chewing gum into your car’s USB port, and perhaps its ODB2 port. Enough is enough.As Andy Greenberg of WIRED wrote of a US DOT Public Service Announcement, “it is important that consumers and manufacturers maintain awareness of potential cyber security threats” to their now hyper-connected cars.There are likely two antennas, one for radio and one that connects your car to a third-party monitoring system. On-Star, if you have it, is tracking your every move. Do they give information to the NSA? Consider that the NSA probably already gets such cell-phone transmitted information anyway. GM cards have it, and many other cars have their own in-vehicle two-way monitoring systems.To read this article in full or to leave a comment, please click here

Worth Reading: Utilization at ‘net interconnects

I am pleased to release analysis taken from direct measurement of Internet interconnection points, which represents advancement in this important field of research. To this end, I am releasing a working paper that includes data from seven Internet Service Providers (ISPs) who collectively serve approximately half of all US broadband subscribers. -via Circle ID

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Utilization at ‘net interconnects appeared first on 'net work.

1 3,033 3,034 3,035 3,036 3,037 3,787