VMware, Cisco SDNs Bring Home the Bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other. In all the noise, it’s rare to hear from one that plans to implement both. But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs bring home the bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other.In all the noise, it’s rare to hear from one that plans to implement both.But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

VMware, Cisco SDNs bring home the bacon

In the scramble for SDN supremacy, Cisco and VMware usually bark about users who opt for one of their solutions over the other.In all the noise, it’s rare to hear from one that plans to implement both.But that’s what SugarCreek, a $650 million, privately-held food processing and packing company based in Washington Court House, OH, is doing in its software-defined data centers (SDDC). VMware’s NSX network virtualization software will be used to secure and automate the VMware-virtualized server environment, while Cisco’s Application Centric Infrastructure (ACI) will be deployed to manage the physical network infrastructure.To read this article in full or to leave a comment, please click here

New Android ransomware uses clickjacking to gain admin privileges

File-encrypting ransomware applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator privileges.Clickjacking is a method that involves manipulating the user interface in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements.Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an alert intended to scare users into paying fictitious fines. Most of them impersonated law enforcement agencies and claimed that the devices were locked because illegal content was found on them.To read this article in full or to leave a comment, please click here

Net ring-buffers are essential to an OS

Even by OpenBSD standards, this rejection of 'netmap' is silly and clueless.

BSD is a Linux-like operating system that powers a lot of the Internet, from Netflix servers to your iPhone. One variant of BSD focuses on security, called "OpenBSD". A lot of security-related projects get their start on OpenBSD. In theory, it's for those who care a lot about security. In practice, virtually nobody uses it, because it makes too many sacrifices in the name of security.

"Netmap" is a user-space network ring-buffer. What that means is the hardware delivers network packets directly to an application, bypassing the operating system's network stack. Netmap currently works on FreeBSD and Linux. There are projects similar to this known as "PF_RING" and "Intel DPDK".


The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a "general purpose operating system".

In addition, it ultimately means that the application is going to have to implement it's own TCP/IP stack. That means it's going to repeat all the same mistakes of the past, such as "ping of death" when a Continue reading

Cisco Merging IOS-XE Code Trains

Reliable sources tell me that Cisco is undergoing a huge internal transformation now that Chuck Robbins is in charge. I haven’t been able to see any evidence of this transformation and have been wondering when customers would see the results. Cisco Enterprise was presenting at Network Field Day 11 and this particular presentation from Cisco Enterprise […]

The post Cisco Merging IOS-XE Code Trains appeared first on EtherealMind.

Less porn-surfing corporate bosses, more execs taking phishing bait to infect networks

ThreatTrack Security wanted to know how the challenges facing malware analysts dealing with cyber threats have evolved in past two years. So the company had Opinion Matters conduct an independent blind survey of 207 security professionals dealing with malware analysis in the U.S. While the findings are not all sunshine and chocolate, only 11% said they investigated a data breach that was not disclosed to customers, compared to 57% who said the same back in 2013. Another piece of good news - fewer security analysts need to purge malware as a result of a company's senior leadership member visiting a porn site. In 2013, 40% of malware infections came from porn-surfing corporate bosses, compared to 26% in 2015.To read this article in full or to leave a comment, please click here

How not to be a better programmer

Over at r/programming is this post on "How to be a better programmer". It's mostly garbage.


Don't repeat yourself (reuse code)


Trying to reuse code is near the top of reasons why big projects fail. The problem is that while the needs of multiple users of a module may sound similar, they are often different in profound ways that cannot be reconciled. Trying to make the same bit of code serve divergent needs is often more complex and buggy than multiple modules written from the ground up for each specific need.

Yes, we adhere to code cleanliness principles (modularity, cohesion) that makes reuse easier. Yes, we should reuse code when the needs match close enough. But that doesn't mean we should bend over backwards trying to shove a square peg through a round hole, and the principle that all pegs/holes are the same.


Give variables/methods clear names


Programmers hate to read other code because the variable names are unclear. Hence the advice to use "clear names" that aren't confusing.

But of course, programmers already think they are being clear. No programmer thinks to themselves "I'm going to be deliberately obtuse here so that other programmers won't understand". Therefore, Continue reading

UpGuard offers a rating score of risk preparedness

UpGuard analyzes data about the state of corporate networks to devise a single numerical score that gives a quick sense of security risk, a number that could be used by insurance companies to set premiums for cyber insurance.The UpGuard platform includes a scanner that evaluates exposure of publicly facing Web interfaces and determines the risk of breaches. This is augmented by analysis of data about the internal network from sources including existing security platforms and software services via APIs or from Windows Remote Management.That is rolled up into a number – the Cybersecurity Threat Assessment Report (CSTAR) – that capsulizes how vulnerable a network is to attacks, the company says. In addition to the number, the platform enables drilling down into what weaknesses it has found so customers can take remedial action.To read this article in full or to leave a comment, please click here

Five Years After Egypt

egypt

This week marks a somber milestone in Internet history: the 5-year anniversary of former Egyptian President Hosni Mubarak’s order to shutdown his country’s access to the global Internet amid widespread protests.   Similar popular protests would sweep through the region during a time frame that became known as the Arab Spring.  Within days of the Egyptian blackout, Internet service would be restored and Mubarak would resign after 30 years in power.

egypt
As the Arab Spring protests spread to other countries, the trend of government-directed Internet blackouts continued in Syria, Libya, and Bahrain.  In the years since 2011, we have documented (on this blog and on our Twitter feed) government-directed blackouts in a number of countries, including Sudan, Iraq, and most recently Congo-Brazzaville.  While the protests in Tahrir Square came to exemplify the greater Arab Spring movement, the legacy of the Egyptian Internet blackout was that it ushered in the modern era of government-directed suppression of Internet communication.

Egypt

On the evening of 27 January 2011 (US Eastern Time), we were alerted to the Egyptian blackout by our BGP route monitoring system.  Within minutes, I was assisting my colleague Jim Cowie in Continue reading

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.The vulnerability is part of a class of bugs that stem from Java object deserialization and which security researchers have warned about a year ago.In programming languages, serialization is the process of converting data to a binary format for storing it or for sending it over the network. Deserialization is the reverse of that process.Deserialization is not an issue in itself, but like most processes that involve processing potentially untrusted input, measures need to be taken to ensure that it is performed safely. For example, an attacker could craft a serialized object that includes a Java class that the application accepts and which could be abused for something malicious.To read this article in full or to leave a comment, please click here

IDG Contributor Network: The new Rogue IT: A growing, invisible threat to your IT operations

Back in the day, "rogue IT" typically entailed departments building servers and putting them under their desks in an attempt to circumvent the IT department and all of the pesky security controls that came with IT-approved servers.Often, those servers sat under a desk, inside a closet or back room — unpatched, unprotected, and non-compliant — for long stretches of time before finally being discovered. Those were the good ol' days, compared to the new type of rogue IT that's quickly spreading through today's IT landscape. It's invisible, nearly undetectable, and completely unacceptable, to say the least. The new rogue IT involves departments buying things online (think Amazon Web Services, Google Services, and Microsoft Azure), and setting up off-the-books IT operations outside of your organization's boundaries. To read this article in full or to leave a comment, please click here

2016’s 25 geekiest 25th anniversaries

Back in 1991There was quite a collection of new technology and plain-old interesting geeky stuff in 1991. Included were the public debut of the World Wide Web, the introduction of Linux and the discovery of Otzi the Iceman. There was the lithium-ion battery, PGP encryption, Apple’s PowerBook, Terminator 2 and more. When through, if you’d like to catch up on the first nine installments of this series, check out 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008 and 2007.To read this article in full or to leave a comment, please click here