0

Cisco patches authentication, denial-of-service, NTP flaws in many products

Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.Cisco has patched this vulnerability in the 1.0.7.2 firmware version for RV220W devices. Manual workarounds include disabling the remote management functionality or restricting it to specific IP addresses.To read this article in full or to leave a comment, please click here

0

Bug Bounties for Network Software

Its a fact that bugs and faults in networking products is not a key issue for customers. Indeed vendors rely on customer testing and deployment to find bugs before declaring their products as fully tested or generally available. I believe this created a process of moral hazard and false incentives. IETF RFC1925  2. The Fundamental Truths – […]

The post Bug Bounties for Network Software appeared first on EtherealMind.

0

Stuff The Internet Says On Scalability For January 29th, 2016

Hey, it's HighScalability time:

 

• 88: the too short life of Marvin Minsky; $18.4 billion: profit made by Apple in 3 months; 100M: hours of video watched on Facebook each day; 1.59 billion: Facebook users; $115B: size of game market by 2020; 12 years: Mars rover still going strong; 96.3m: barrels of oil produced per day; 570 Billion: object brighter than the Sun; 134 pounds: carried by drones;  $2.4 billion: AWS Q4 sales; 2.5 million: advertisers on the Facebook;


• Quotable Quotes:
  • @ptaoussanis: Real-world scaling 101: be in the habit of routinely, objectively asking what parts of your system could stand to be simplified or removed
  • @Carnage4Life: Azure revenue up 140%. Search revenue from #BingAds up 21%. Microsoft is killing it in the cloud
  • @gabriel_boya: Scaling up a Cloud Service on @azure takes so many hours that your customers may be gone by the time your instances are allocated...
  • AJ007: Facebook is the Continue reading

0

Inside Verizon’s Super Bowl Control Center

With banks of big-screens high along three walls and a huge TV on the fourth, it could be a great spot to watch The Super Bowl. But when the Denver Broncos take on the Carolina Panthers on Feb. 7, the people in this room won't be concerned with touchdowns, running yards and time outs. They'll be analyzing gigabits, latency and capacity to make sure Verizon's cellular network holds up for fans.This is Verizon's Super Bowl command room -- a temporary, purpose-built nerve center in the shadow of Levi's Stadium that pulls in data from permanent and temporary base stations near the site of Super Bowl 50 and the fan area in downtown San Francisco.Organizers predict up to a million people will visit the Bay Area for The Super Bowl, so Verizon has added 46 small cells and 10 macro cells to augment its network.To read this article in full or to leave a comment, please click here

0

Worth Reading: Inside the Internet Archive

To most of the web surfing public, the Internet Archive’s Wayback Machine is the face of the Archive’s web archiving activities. Via a simple interface, anyone can type in a URL and see how it has changed over the last 20 years. Yet, behind that simple search box lies an exquisitely complex assemblage of datasets and partners that make possible the Archive’s vast repository of the web. How does the Archive really work, what does its crawl workflow look like, how does it handle issues like robots.txt, and what can all of this teach us about the future of web archiving? -via forbes

The post Worth Reading: Inside the Internet Archive appeared first on 'net work.

0

iPexpert’s Newest “CCIE Wall of Fame” Additions 1/29/2016

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

Continue reading

0

Real-Time Traffic Monitoring Is Built Into Your Network: Why Aren’t You Using It?

How to use the sFlow instrumentation built into your hardware.

0

Network Evolution: What Lies Ahead in 2016

Happy 2016 to all! I was fortunate enough to finish 2015 quietly with family and friends. It was a luxury I deeply appreciated. Like most of you, I spend most of the year trying to balance work with play, personal friends with professional coworkers, and family with career. It was really nice during the break... Read more →

0

Attack disrupts HSBC online banking services in the UK on tax deadline

HSBC customers in the U.K. who waited until the last day to pay their taxes might have had trouble doing so because the institution's online banking system was unavailable Friday.In an emailed statement, the bank said that it was the target of a denial-of-service attack which affected its U.K. personal banking website."HSBC has successfully defended against the attack, and customer transactions were not affected," the company said. "We are working hard to restore normal service."In addition to today being the last day when private individuals can pay the tax owed for the year that ended on Apr. 5, 2015, it is also a pay day.The company has been answering a large number of complaints from frustrated customers via its Twitter account.To read this article in full or to leave a comment, please click here

0

Beunos Aires at Night

The post Beunos Aires at Night appeared first on 'net work.

0

The Cisco-Arista Battle Over CLI

0

What Old IT Pros Need To Remember

0

Free Webinar: Introduction to SDN

Almost exactly two years ago I ran an Introduction to SDN webinar trying to explain what SDN might be. The landscape has changed significantly in the meantime (for example, software/hardware disaggregation is becoming a reality), but SDN remains as meaningless as Cloud and wrapped in many layers of marketing nonsense.

It was clearly time to do a second version of the webinar, and it’s still free thanks to my sponsor NIL Data Communications. All you have to do to attend it is to fill in the registration form.

0

BGP in 2015

The Border Gateway Protocol, or BGP, has been holding the Internet together, for more than two decades and nothing seems to be falling off the edge so far. But the past does not necessarily determine the future. How well is BGP coping with the ever-growing Internet?

0

OpenSSL patches a severe but not widespread problem

The OpenSSL project has patched a problem in the cryptographic library but one that likely does not affect many popular applications.OpenSSL enables SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption. Most websites use it, which is indicated in Web browsers with a padlock symbol.It's an open-source library that is widely used in applications for secure data transfers. After serious vulnerabilities were found in OpenSSL over the last couple of years, the application has been under much scrutiny by security researchers.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The latest vulnerability affects versions 1.0.1 and 1.0.2. The updated versions are 1.0.2f and 1.0.1r.To read this article in full or to leave a comment, please click here

0

GIT and Jinja – Like Peanut butter and Pickles!

0

LG patches data theft bug affecting millions of Android phones

LG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data.The application, called Smart Notice, is a kind of multifunctional widget, managing contacts, notifications, and weather and traffic alerts.Researchers from BugSec and Cynet, two computer security companies, found that they could attack a person's phone by sending them a contact with malicious JavaScript contained in the name field, according to a video.To read this article in full or to leave a comment, please click here

0

Technology Short Take #60

Welcome to Technology Short Take #60. As usual, I’ve gathered what I hope to be a useful but varied collection of articles and links on key data center technologies. I hope something I’ve included here will be helpful—enjoy!

Networking

• The rise of Linux in importance in the networking industry continues, with Arista announcing enhancements to Arista EOS to support—among other things—Docker containers. (See this SDx Central article or this Network World article for more details.)
• As a partial counterpoint to the increased use/visibility of Linux in the networking industry, check out Ivan’s take on Dell’s OS10 announcement.
• And while we are on the topic of Linux and open source in the networking industry…read this entertaining and informative article on the importance of (truly) open source libraries in networking.
• NIC offloads can make a noticeable difference in performance with VXLAN-based overlay networks, so it’s worth some time making sure that VXLAN offloads are supported and enabled. Dale Coghlan has an article on the Broadcom bnx2x driver and VXLAN offload that may save you some time in this area.
• This post on automating NSX security rules using Splunk (and some custom code) is pretty cool. Granted, it’s a VMware post, so Continue reading

0

Andrey Sibiryov Reflects on Speaking at DockerCon EU 2015

DockerCon EU 2015 speaker Andrey Sibiryov currently works as a Senior Infrastructure Engineer at Uber Technologies, concentrating on metrics and observability. He was also the lead developer of the Cocaine Cloud platform and led the Cloud Technologies department at Yandex in addition to working on the Helios CI/CD … Continued

0

Extreme Networks’ Q2 Provokes an Extreme Reaction

A 26% drop after a satisfactory Q2 report.