Introducing CloudFlare Registrar: Designed for Security, Not the Masses

CloudFlare Registrar Badge

At CloudFlare, we’ve constructed one of the world’s largest networks purpose-built to protect our customers from a wide range of attacks. We’re so good at it that attackers increasingly look for ways to go around us, rather than go through us. One of the biggest risks for high-profile customers has been having their domain stolen at the registrar.

In 2013, we became intimately familiar with this problem when domains for the New York Times were hijacked and the newspaper’s CTO reached out to us to help get it back. We were able to assist, but the newspaper had its web and email traffic rerouted for hours.

Since the New York Times domain hijack, a number of other sites have had their domains stolen. We ourselves have seen multiple attempts to take control of CloudFlare’s registrar account. Thankfully, none have been successful—but some have gotten closer than we were comfortable with. Given the risk, we began looking for a registrar with security protocols that we could trust.

A Brief History of Registries and Registrars

In the early days of the Internet, domain registration was free. As the Internet began to take off, demand for domain registrations exploded. In 1993, unable to Continue reading

The Sony Pictures hackers have been hitting organizations from different countries for years

The group of hackers that crippled the computer infrastructure of Sony Pictures Entertainment in late 2014 has been responsible for a large number of attacks against organizations from South Korea, the U.S. and other countries over the past seven years.The group has been dubbed Lazarus by a coalition of security vendors who have worked together over the past two years to investigate its activities. During this time they've established links between Lazarus and 1,000 malicious file samples organized in over 45 distinct malware families.The researchers found evidence of attacks by this group against organizations from the government, media, military, aerospace, financial, and critical infrastructure sectors stretching as far back as 2009. The attacks included cyberespionage, denial of service, data theft and data destruction.To read this article in full or to leave a comment, please click here

Drowning in the Data of Things

DrowningSign

If you saw the news coming out of Cisco Live Berlin, you probably noticed that Internet of Things (IoT) was in every other announcement. I wrote about the impact of the new Digital Ceiling initiative already, but I think that IoT is a bit deeper than that. The other thing that seems to go hand in hand with discussion of IoT is big data. And for most of us, that big data is going to be a big problem.

Seen And Not Heard

Internet of Things is about dumb devices getting smart. Think Flowers for Algernon. Only now, instead of them just being smarter they are also going to be very talkative too. The amount of data that these devices used to hold captive will be unleashed on something. We assume that the data is going to be sent to a central collection point or polled from the device by an API call or a program that is mining the data for another party. But do you know who isn’t going to be getting that data? Us.

IoT devices are going to be talking to providers and data collection systems and, in a lot of cases, each other. But they Continue reading

BlackBerry eyes IoT, diversifies with new cybersecurity practice

Struggling smartphone vendor BlackBerry is looking to diversify its business by launching a cybersecurity consulting service, focusing in part on the Internet of Things, and providing related tools to customers.The Ontario smartphone vendor, an early standard bearer for multifunction mobile phones, announced Wednesday it has acquired U.K. cybersecurity consulting firm Encription. The company did not disclose the terms of the deal, which was completed last week.BlackBerry's move into cybersecurity consulting isn't a huge leap, as the company has long positioned itself as a security-minded smartphone vendor. Late last year, the company launched the Priv, a security- and privacy-focused smartphone running a modified version of Android.To read this article in full or to leave a comment, please click here

DevOps Tools for Modern Data Centers

Back in October, 2015, I spoke at All Things Open in Raleigh, North Carolina, an event focused on open technology and open source software. I was very excited by this event because many attendees work in or manage data centers, which means they are very familiar with Linux but have little experience with the networking stack. Cumulus Networks is the first major networking company to contribute a true Linux networking operating system for data center switches, which is highly disruptive to the industry and drives a lot of fun conversations with open-minded individuals.

The talk I did for All Things Open last October titled “Using DevOps Tools for Modern Data Centers” focuses on the new concept of NetDevOps or DevOps for Network devices. Since the network operating system is Cumulus Linux, why not use open source off-the-shelf automation tools that are already being leveraged in the data center to act as a controller.  These tools have an extremely large user base, are vendor neutral — that is, not proprietary — and can scale easily.

Screen Shot 2016-02-23 at 9.31.55 AM

So what are the benefits of using open source tools? One of the most important benefits from a networking point of view is provisioning. Imagine you have 1000 Continue reading

IDG Contributor Network: In the WAN, it’s better to be single than attached

In a traditional WAN infrastructure, the control plane and data plane are tightly coupled, typically congruent, and cannot be separated due to how they are integrated with each network device. This architecture served the networking needs of enterprises well until now, since most data flows were structured around data centers with centralized exits. However, the emergence of cloud computing and new dynamic business requirements that involve communicating with multiple partners and suppliers have forced enterprises to embrace new connectivity models. Today, enterprises need secure access to both partners and cloud provider infrastructures. This new model requires a different policy structure that is very difficult to instantiate and maintain within a legacy MPLS WAN.To read this article in full or to leave a comment, please click here

Review: 8 password managers for Windows, Mac OS X, iOS, and Android

I hate passwords. I hate coming up with them. I hate remembering them. I hate mistyping them four times in a row. And I hate getting locked out of whatever I'm trying to log into in the process.That said, I hate being hacked only slightly more, so I've done my part to use passwords that aren't "password123" or something equally foolish. The hard part is keeping them straight, which I could do by writing them down -- but isn't that a security hole all over again? Heck, I've known that since I was a kid. I saw "WarGames."[ Roger Grimes' free and almost foolproof way to check for malware. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Password vaults, aka password safes or password managers, help solve this problem. They give you a central spot to store all your passwords, encrypted and protected by a passphrase or token you provide. This way, you have to memorize a single password: the one for your password vault. All the other passwords you use can be as long and complex as possible, even randomly generated, and you don't have to worry about remembering them.To read Continue reading

7 heavily-hyped information security products, vendors that hit the scrap heap

Hitting the heapImage by SmoobsInformation security vendors release new products with all the hope of parents sending their child out into the world or a mother bird forcing her babies out of the nest. Unfortunately, as everywhere else in nature, some security technologies fall to the ground and go splat! Here are seven security-related offerings whose trajectories fell off sharply just before the bitter end.To read this article in full or to leave a comment, please click here(Insider Story)

Attackers can turn Microsoft’s exploit defense tool EMET against itself

Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, it's likely that many users haven't upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesn't bring any new significant mitigations.To read this article in full or to leave a comment, please click here

VLANs and Failure Domains Revisited

My friend Christoph Jaggi, the author of fantastic Metro Ethernet and Carrier Ethernet Encryptors documents, sent me this question when we were discussing the Data Center Fabrics Overview workshop I’ll run in Zurich in a few weeks:

When you are talking about large-scale VLAN-based fabrics I assume that you are pointing towards highly populated VLANs, such as VLANs containing 1000+ Ethernet addresses. Could you provide a tipping point between reasonably-sized VLANs and large-scale VLANs?

It's not the number of hosts in the VLAN but the span of a bridging domain (VLAN or otherwise).

Read more ...

IDG Contributor Network: All the buzzwords: Behavioral biometric adaptive authentication with SecureAuth

SecureAuth is a vendor in the authentication and access space. It covers a range of related functions including authentication, single sign on, and user self-service. At its core, SecureAuth is juggling the conflicting aims of ensuring easy access to applications by legitimate users and high security for sensitive data.One of the ways in which companies reconcile these seemingly irreconcilable aims is through using deep analytics to automate some of the access functions. A case in point comes from SecureAuth's latest version, which includes behavioral analytics, risk analysis, and biometric tracking.What all that means is that SecureAuth is offering to analyze a user's keystrokes and mouse movements to build a profile of an individual user's behavior. Thereafter, this profile is compared to subsequent login attempts and, if they don't match, SecureAuth applies a higher level of access control.To read this article in full or to leave a comment, please click here

Tor users increasingly treated like second-class Web citizens

The Internet is becoming harder to browse for users of Tor, the anonymity network that provides greater privacy, according to a new study. The blame can be placed largely on those who use Tor, short for The Onion Router, for spamming or cyberattacks. But the fallout means that those who want to benefit from the system's privacy protections are sometimes locked out. Researchers scanned the entire IPv4 address space and found that 1.3 million websites will not allow a connection coming from a known Tor exit node. Also, some 3.67 percent of Alexa's top 1000 websites will block Tor users at the application level.To read this article in full or to leave a comment, please click here

A Software-Defined Service Provider Network Improves Profitability and Delivers Competitive Advantage

At Plexxi we’re building a simply better network for public and private cloud environments and next generation service providers. The next era of IT requires support for data center agility, scale-out applications, converged infrastructure, Big Data analytics and integrated security over networks that are both local and global in scale. In a prior blog I reviewed the case study of a large enterprise that deployed a next generation data center network achieving agility through integration with VMware, data and application workload awareness and a dynamic, single-tier fabric optimized for east/west and north/south data center traffic. In this installment of my blog, I review the case study of Perseus. They have built the world’s largest SDN-based on demand services network allowing them to quickly offer new products and services while enabling new deployments at a rapid pace.

Perseus had an existing international network to transport high-speed, high-precision and high-performance applications across the globe for their managed service customers. That network was built on traditional platforms, similar to those of competitors, leveraging a layer three MPLS backbone for multi-tenancy and differentiated services.

They were planning to expand global operations to a new continent and across dozens of new countries where they did Continue reading

Baidu web browsers leaked sensitive information, researchers say

Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study. Baidu responded by releasing software fixes, but researchers say not all the issues have been resolved. The study was published Tuesday by Citizen Lab, a research group that's part of the University of Toronto.  It focused on the Windows and Android versions of Baidu's browser, which are free products. It also found that sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit).To read this article in full or to leave a comment, please click here

1 3,123 3,124 3,125 3,126 3,127 3,840