Docker Networking on Software Gone Wild

A year and a half ago, Docker networking couldn’t span multiple hosts and used NAT with port mapping to expose container-based services to the outside world.

Docker is the hottest Linux container solution these days. Want to know more about it? Matt Oswalt is running Introduction to Docker webinar in a few days.

In August 2014 a small startup decided to change all that. Docker bought them before they managed to get public, and the rest is history.

Read more ...

Online advertising company fixes severe XSS flaw

An online advertising company has fixed a vulnerability in its platform that could have allowed hackers to steal information from a large number of users.The cross-site scripting (XSS) flaw in the platform of PublicityClerks was found by a U.K. security researcher who goes by the handle CEHSecurity on Twitter.Cross-site scripting flaws are one of the most common faults in websites. They allow an attacker to inject malicious code into a website, which then can be used to steal data and for other attacks."As soon as we were aware of the issue, we fixed it ASAP and ensured our advertisers and publishers were not affected," said James Hakim, PublicityClerks' founder and CEO.To read this article in full or to leave a comment, please click here

Online advertising company fixes severe XSS flaw

An online advertising company has fixed a vulnerability in its platform that could have allowed hackers to steal information from a large number of users.The cross-site scripting (XSS) flaw in the platform of PublicityClerks was found by a U.K. security researcher who goes by the handle CEHSecurity on Twitter.Cross-site scripting flaws are one of the most common faults in websites. They allow an attacker to inject malicious code into a website, which then can be used to steal data and for other attacks.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV "As soon as we were aware of the issue, we fixed it ASAP and ensured our advertisers and publishers were not affected," said James Hakim, PublicityClerks' founder and CEO.To read this article in full or to leave a comment, please click here

Lenovo fixes hard-coded password in file-sharing utility

Lenovo has patched several software flaws in a file-sharing utility, which could allow attackers to browse and make copies of files.The flaws were found by Core Security, which described in an advisory a lengthy back and forth dialog with Lenovo starting in late October over the problems.The affected application is SHAREit, which is designed to let people share files from Windows computers or Android devices over a local LAN or through a Wi-Fi hotspot that's created.SHAREit is preloaded on Lenovo devices, including its ThinkPad and IdeaPad notebooks and other mobile devices. The vulnerable SHAREit versions are the Android 3.0.18_ww and Windows 2.5.1.1 packages, Core Security said.To read this article in full or to leave a comment, please click here

Lenovo fixes hard-coded password in file-sharing utility

Lenovo has patched several software flaws in a file-sharing utility, which could allow attackers to browse and make copies of files.The flaws were found by Core Security, which described in an advisory a lengthy back and forth dialog with Lenovo starting in late October over the problems.The affected application is SHAREit, which is designed to let people share files from Windows computers or Android devices over a local LAN or through a Wi-Fi hotspot that's created.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV SHAREit is preloaded on Lenovo devices, including its ThinkPad and IdeaPad notebooks and other mobile devices. The vulnerable SHAREit versions are the Android 3.0.18_ww and Windows 2.5.1.1 packages, Core Security said.To read this article in full or to leave a comment, please click here

SDN and Network Automation: Splitting Hairs?

At the recent Network Field Day 11, there were several discussions at the Cisco offices after the Cisco folks left the room. One of these discussions, led by Terry Slattery, was centered around SDN, and I think it’s worth a listen/watch (only about 20 minutes): In this video, I made the argument that SDN should be limited to a very specific definition, which eliminates the management plane from the conversation entirely (around 5:40).

The Unspoken Benefits of Open Networking

I have noticed a lot of very premature dismissal of a growing trend in the networking industry, which is the rise of open network operating systems. Nearly every post-announcement discussion that I hear among peers tends to sound something like this: I am not Facebook or Google. I don’t want to install third-party software on my switches, so this “open networking” movement is not relevant to me or my organization.

The Unspoken Benefits of Open Networking

I have noticed a lot of very premature dismissal of a growing trend in the networking industry, which is the rise of open network operating systems. Nearly every post-announcement discussion that I hear among peers tends to sound something like this: I am not Facebook or Google. I don’t want to install third-party software on my switches, so this “open networking” movement is not relevant to me or my organization.

SDN and Network Automation: Splitting Hairs?

At the recent Network Field Day 11, there were several discussions at the Cisco offices after the Cisco folks left the room. One of these discussions, led by Terry Slattery, was centered around SDN, and I think it’s worth a listen/watch (only about 20 minutes): In this video, I made the argument that SDN should be limited to a very specific definition, which eliminates the management plane from the conversation entirely (around 5:40).

The Unspoken Benefits of Open Networking

I have noticed a lot of very premature dismissal of a growing trend in the networking industry, which is the rise of open network operating systems. Nearly every post-announcement discussion that I hear among peers tends to sound something like this:

I am not Facebook or Google. I don’t want to install third-party software on my switches, so this “open networking” movement is not relevant to me or my organization.

I believe this sentiment is based on an incomplete understanding of all of the benefits of open networking. I’d like to bring up some additional points that aren’t being discussed as much as others, as it pertains to open network operating systems. I believe these additional benefits apply to a very large spectrum of organizations, not just the top 1% webscale companies.

This is not to say that closed-source operating systems do not have a place anymore, or that the current participants in the open networking ecosystem are perfect, or that we have anything but a long road ahead of us in this journey…my point in writing this post is simply to illuminate parts of the conversation that deserve more attention.

We discussed open operating systems in a recent video-enabled Continue reading

IDG Contributor Network: Employee data often isn’t encrypted as well as customer data, report says

Employee bank records are among the sensitive details that companies are failing to protect adequately through encryption, a recent study has uncovered. While enterprises now take customer data protection seriously, in many cases they're ignoring their workers' needs for security, according to encryption product vendor Sophos.Not always doing it Sophos says that it found almost half (47%) of the companies it surveyed had owned-up to not always encrypting employee healthcare information when it stored that data. And close to that number (43%) failed to always encrypt workers' Human Resources employee files.To read this article in full or to leave a comment, please click here

Juniper acquires packet optical company

Juniper Networks this week entered into a definitive agreement to acquire BTI Systems, a provider of cloud and metro networking systems and software to content, cloud and service providers.Terms of the acquisition were not disclosed.BTI will allow Juniper to accelerate delivery of packet optical transport systems for the data center interconnect and metro optical networking markets. The BTI products will be integrated with Juniper’s NorthStar Controller and network management features to enable end-to-end provisioning of services, said Jonathan Davidson, executive vice president and general manager, Juniper Development and Innovation, in this blog post.To read this article in full or to leave a comment, please click here

All your old-tech passwords belong to us, for just $17

Today's lesson on how the cloud can work against you, as well as for you, is about your passwords and keys, and how they're becoming useless. I've stolen a link from Mark Gibbs to help.Let's say you've been letting older security encryption methods live out their life in the pastures of your data center. CloudCracker, using massively-induced dictionary attacks, can make mincemeat from a frightening number of password key-exchange seeds.For just $17 per, CloudCracker can conveniently crack the following password seeds: WPA/WPA2, NTLM, SHA-512, MD5s, and/or MS-CHAPv2. No tears, please. And yes, cracked like an egg, a $17 egg. Certainly no one would abuse such a service, would they?To read this article in full or to leave a comment, please click here

1 3,079 3,080 3,081 3,082 3,083 3,754