RSA: Geolocation shows just how dead privacy is

A regular refrain within the online security community is that privacy is dead. David Adler’s talk at RSA Tuesday, titled “Where you are is who you are: Legal trends in geolocation privacy and security,” was about one of the major reasons it is so, so dead. To paraphrase Adler, founder of the Adler Law Group, it is not so much that in today’s connected world there is a single, malevolent Big Brother watching you. It’s that there are dozens, perhaps hundreds, of “little brothers” eagerly watching you so they can sell you stuff more effectively. Collectively, they add up to an increasingly omniscient big brother. “Everything is gathering location data – apps, mobile devices and platforms that you use,” he said. “Often it is being done without your knowledge or consent.To read this article in full or to leave a comment, please click here

Scientists working to create book-sized living, breathing supercomputers

If you want to change the world, it might not occur to you to start by getting drunk. At least that’s how it happened for an idea that led to a tiny biological computer which will reportedly be morphed into a “living, breathing supercomputer” about the size of a book.“We’ve managed to create a very complex network in a very small area,” said McGill University’s Dan Nicolau, Chair of the Department of Bioengineering. “This started as a back of an envelope idea, after too much rum I think, with drawings of what looked like small worms exploring mazes.”To read this article in full or to leave a comment, please click here

Slicing and Dicing Flooding Domains (1)

This week two different folks have asked me about when and where I would split up a flooding domain (IS-IS) or area (OSPF); I figured a question asked twice in one week is worth a blog post, so here we are…

Before I start on the technical reasons, I’m going to say something that might surprise long time readers: there is rarely any technical reason to split a single flooding domain into multiple flooding domains. That said, I’ll go through the technical reasons anyway.

There are really three things to think about when considering how a flooding domain is performing:

  • SPF run time
  • flooding frequency
  • LSDB size

design-files
Let’s look at the third issue first, the database size. This is theoretically an issue, but it’s really only an issue if you have a lot of nodes and routes. I can’t ever recall bumping up against this problem, but what if I did? I’d start by taking the transit links out of the database entirely—for instance, by configuring all the interfaces that face actual host devices as passive interfaces (which you should be doing anyway!), and configuring IS-IS to advertise just the passive interfaces. You can pull similar tricks in OSPF. Continue reading

IDG Contributor Network: Microsoft defends PCs, post network penetration

This week at the RSA security conference, Microsoft announced the succinctly named Windows Defender Advanced Threat Detection product. The solutions (which really needs a better or at least shorter name) is focused on helping an organization's IT department detect threats to Windows 10 machines after the perimeter network has been penetrated. This is an important and pragmatic recognition of the fact that despite most solutions focusing on perimeter security, sometimes the outside line gets broken and hackers find a way in.To read this article in full or to leave a comment, please click here

Cisco Engineers Enterprise Genome for Software

 SAN DIEGO – Cisco this week introduced a software-driven architecture designed to extend policy throughout an enterprise wired and wireless network, from branch to edge to core.Cisco’s Digital Network Architecture (DNA) is a blueprint for building an enterprise network with virtualization, automation, analytics, cloud service management and programmability for ease of operation and management. It is delivered through Cisco ONE software licensing on a variety of Cisco platforms, and is anchored by the company’s APIC-Enterprise Module SDN controller, which has been slow to emerge from development and trials.To read this article in full or to leave a comment, please click here

Malice or Stupidity or Inattention? Using Code Reviews to Find Backdoors

The temptation to put a backdoor into a product is almost overwhelming. It’s just so dang convenient. You can go into any office, any lab, any customer site and get your work done. No hassles with getting passwords or clearances. You can just solve problems. You can log into any machine and look at logs, probe the box, issue commands, and debug any problem. This is very attractive to programmers.

I’ve been involved in several command line interfaces to embedded products and though the temptation to put in a backdoor has been great, I never did it, but I understand those who have.

There’s another source of backdoors: infiltration by an attacker.

We’ve seen a number of backdoors hidden in code bases you would not expect. Juniper Networks found two backdoors in its firewalls. Here’s Some Analysis of the Backdoored Backdoor. Here’s more information to reaffirm your lack of faith in humanity: NSA Helped British Spies Find Security Holes In Juniper Firewalls. And here are a A Few Thoughts on Cryptographic Engineering.

Juniper is not alone. Here’s a backdoor in AMX AV equipment. A Secret SSH backdoor in Fortinet hardware found in more products. There were Backdoors Found in Barracuda Continue reading

Google CSO peers out from the fishbowl to talk security

Google’s Vice President Security and Privacy Engineering Gerhard Eschelbeck spoke yesterday to a packed house at the RSA Security Conference about his professional life. Google operates in a fishbowl because its business model depends on both consumers, enterprise users and privacy regulators trusting it to store vast amounts of data in its data centers. Given this scrutiny and gigantic computing scale makes Google intriguing. It’s a benchmark establishing best security practices.Eschelbeck’s stark mission statement “to protect users’ data” speaks of the alignment of his security group with the company’s cloud services and advertising business model.To read this article in full or to leave a comment, please click here

Apple formally appeals judge’s iPhone unlocking order

Just in case its motion to vacate wasn't enough, Apple late Tuesday filed an appeal of a California judge's order requiring it to help the FBI defeat the password protection on the iPhone of one of the San Bernardino mass shooters.Apple's lawyers filed the appeal "in an abundance of caution," to cover the possibility that an appeal is the most appropriate way to oppose Magistrate Judge Sheri Pym's Feb. 16 order, they said in a court filing.To read this article in full or to leave a comment, please click here

Devops for Networking Forum in Santa Clara

Normally, I would be writing this a few weeks ago, but sometimes the world just takes the luxury of time away from you.  In this case, I couldn’t be happier though as I’m about to part of something that I believe is going to be really really amazing.  This event is really a testimony to Brent Salisbury and John Willis’s commitment to community and their relentless pursuit of trying to evolve the whole industry, bringing along as many of the friends they’ve made along the way as possible. 

Given the speaker list, I don’t believe there’s been any event in recent ( or long term!) memory that has such an amazing list of speakers. The most amazing part is that this event was really put together in the last month!!!! 

If you’re in the bay area, you should definitely be there. If you’re not in the area, you should buy a plane ticket as you might not ever get a chance like this again. 

 

DevOps Forum for Networking

From the website

 

previously known as DevOps4Networks is an event started in 2014 by John Willis and Brent Salisbury to begin a discussion on what Devops Continue reading

CCDE – Inter AS L3 VPNs

Introduction

Sometimes a customer needs a L3 VPN between two locations where the same SP is not present. This can be on a national or international basis. It would be possible to buy an Internet circuit and run an overlay such as DMVPN but what if the customer wants to buy a MPLS VPN circuit?

The customer could buy a VPN from SP1 in location1 and a VPN from SP2 in location2. The two SPs would then have to exchange traffic somehow to make the customer circuit end to end. The concept is shown in the following topology.

Inter-AS-L3VPN Overview
Inter-AS-L3VPN Overview

The customer connects to the PE of each of the SPs. The SPs need to interconnect at some common point, either through a public peering place such as an IX or with an private interconnect at a common location. The routers that connect to each other are called autonomous system border routers (ASBR). There are three main options and a fourth option which combines two of the others.

Inter-AS Option A

Option A is the most simple of the options to interconnect the ASBRs. Each customer VRF requires either a physical interface or more likely a subinterface. Option A has Continue reading

DOD to invite security experts to Hack the Pentagon

The U.S. Department of Defense plans to ask computer security experts to Hack the Pentagon as part of a push to improve its cyber defenses.The initiative is similar to the bug bounty programs run by commercial software companies seeking to reward hackers who report security vulnerabilities in code. The DOD says it's the first cyber bug bounty program in the history of the federal government.The DOD program, which will launch in April, will ask participants to examine its public Web pages, searching out vulnerabilities and attack launching points.But the program will only go that far. The DOD's classified networks will be off-limits to the participants, and they won't be free to launch actual attacks on any of the department's public-facing sites.To read this article in full or to leave a comment, please click here

Video: What’s New in Docker Swarm 1.1

Last week we released our Docker Datacenter solution to the world, bringing container management and deployment to the enterprise with an on-premises Containers-as-a-Service platform. Universal Control Plane, part of the Docker Datacenter solution, enables IT operations teams to manage and … Continued

Datanauts 025: Moving To The Cloud: IaaS Lessons Learned

The Datanauts talk pros and cons of adopting IaaS with guest Steve Winwood, a technical architect with direct experience in IaaS usage. We talk about when IaaS makes sense vs. building your own infrastructure, considerations for choosing a provider, how cloud app deployment is different, how to understand and manage costs, and more.

The post Datanauts 025: Moving To The Cloud: IaaS Lessons Learned appeared first on Packet Pushers.

Datanauts 025: Moving To The Cloud: IaaS Lessons Learned

The Datanauts talk pros and cons of adopting IaaS with guest Steve Winwood, a technical architect with direct experience in IaaS usage. We talk about when IaaS makes sense vs. building your own infrastructure, considerations for choosing a provider, how cloud app deployment is different, how to understand and manage costs, and more.

The post Datanauts 025: Moving To The Cloud: IaaS Lessons Learned appeared first on Packet Pushers.

1 3,108 3,109 3,110 3,111 3,112 3,836