Preventing Malicious Request Loops

The web is an collaborative ecosystem. Web standards exist to ensure that participants of the network behave in a predictable way. If network participants deviate from the established standards then there can be unintended consequences. This blog post is about one of these unintended consequences.

A group of researchers recently published a paper "Forwarding Loop Attacks in the Content Delivery Networks" describing what can happen when web services interact in a non-compliant way. They describe an attack where a malicious user can force multiple service providers to send each other an unending stream of requests in a loop. This request loop can result in resource exhaustion and denial of service at the service provider. This paper also demonstrated that the attack is practical, and can be performed using a large list of service providers.

CloudFlare's service has been modified to be standards-compliant with respect to HTTP proxying. However, fixing the vulnerability that enables this attack requires all proxy services to conform to the same standards. If even one service provider is non-compliant, the attack can still be carried out against compliant services. In this post, we will describe the attack and explain how a proxy services can go from being Continue reading

Unikernel Systems Joins Docker

I’m happy to announce today that Unikernel Systems is part of Docker! Unikernels compile your source code into a custom operating system that includes only the functionality required by the application logic. That makes them small, fast, and improves efficiency. … Continued

Unikernel Systems joins Docker

Today, Unikernel Systems announced that it is joining Docker. Please read the main notice posted at unikernel.com and the Docker blog post at http://blog.docker.com/2016/01/unikernel/.

An important part of the work of Unikernel Systems is to support the growing unikernel movement, which includes contributing to a number of open source projects as well as supporting this community website, unikernel.org. The Unikernel Systems team will continue this work.

Through further interaction with the Docker project and community, the open source unikernel community will receive increased visibility and contributions which will accelerate the adoption of unikernels.

Links:

Discuss this on devel.unikernel.org

Ukranian hacker who tried to frame security expert now facing jail time

Brian Krebs, author of the Krebs on Security blog, has made a name for himself by exposing some of the most dangerous characters in the cybercrime underworld. And he has paid a price for doing so, including being the target of a SWAT attack.Several years ago, Krebs also incurred the wrath of a Ukrainian hacker, Sergey Vovnenko, who responded to the unwanted publicity Krebs provided him by trying to frame the journalist for heroin possession. Krebs writes on his blog:To read this article in full or to leave a comment, please click here

Review: Windows Server 2016 Technical Preview 4

In November, Microsoft released Windows Server 2016 Technical Preview 4. With the final release due out in the second half of this year, TP4 gives us the latest look at where Microsoft's flagship operating system is heading. There are several interesting spots to look at and some licensing news that is controversial. I put the release through its paces for around a month; here are my observations.To read this article in full or to leave a comment, please click here(Insider Story)

Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated

After being caught off guard by the disclosure of a serious flaw in the Linux kernel this week, Google has quickly developed a patch for Android and shared it with device manufacturers.It might take weeks for device makers to start releasing firmware updates that include the fix, but that's not a huge problem since, according to Google's assessment, the flaw doesn't affect many Android devices to begin with.The privilege escalation vulnerability allows attackers to gain full control over Linux-based systems if they have access to a limited account or trick users into running a malicious application. It was found by researchers from Israeli threat defense start-up Perception Point.To read this article in full or to leave a comment, please click here

Healthcare IT execs fear loss of life due to hacked medical devices or networks

Today, Veracode released "The State of Web and Mobile Application Security in Healthcare," made possible after Veracode, along with the Healthcare Information and Management Systems Society (HIMSS), surveyed 200 healthcare IT executives. The exploitation of vulnerabilities in apps was the greatest concern among those healthcare IT execs.Veracode reported, "Survey respondents cited the potential for loss of life due to compromised networks or medical devices, brand damage due to theft of patient information and regulatory enforcement as their top fears related to such security breaches."To read this article in full or to leave a comment, please click here

IPv6 Address Allocation Is Operating System-Specific

The breadth of address allocation options available in IPv6 world confuses many engineers thoroughly fluent in IPv4, but it also gives operating system developers way too many options… and it turns out that different operating systems behave way differently when faced with the same environment.

2016-01-21: In the meantime, Luka got further details on Windows behavior, and Enno Rey provided a few additional links.

Read more ...

Fight for privacy of students, cellphone users moves to US states

The fight for privacy is moving to U.S. states with 16 states and the District of Columbia introducing legislation on Wednesday that address issues such as requiring permission before student data is shared for non-educational purposes and the requirement of warrants before using cell site simulators to track phone users.“A bipartisan consensus on privacy rights is emerging, and now the states are taking collective action where Congress has been largely asleep at the switch,” said Anthony D. Romero, executive director of the American Civil Liberties Union, which coordinated the initiative, in a statement. To read this article in full or to leave a comment, please click here

Ukrainian power companies are getting hit with more cyberattacks

A number of Ukrainian power companies are seeing fresh cyberattacks following ones in December that briefly knocked out power for tens of thousands of customers. Security vendor Eset said on Wednesday that the attacks use a different kind of malware, prompting questions about whether the same group or groups are involved. "The malware is based on a freely available open-source backdoor – something no one would expect from an alleged state-sponsored malware operator," wrote Robert Lipovsky, a senior malware researcher with Eset. The new finding deepens the mystery over who is targeting the Ukrainian companies.To read this article in full or to leave a comment, please click here

Looking Ahead: My 2016 Projects

Almost every year since 2012, I’ve been publishing a list of projects/goals for the upcoming year (here’s the original list for 2012, then 2013, I skipped 2014, and here’s the list for 2015). In this post, I’m going to share with you the list of projects/goals for 2016.

Here’s the list for 2016. For some of the items below, I’m also going to include a stretch goal, something I’ll aim toward but won’t count against myself if I don’t actually attain it.

  1. Complete a new book (again). In addition to actually completing the new network automation book I’m writing with Jason Edelman and Matt Oswalt (it’s available now as an Early Access edition), I have another book project lined up that I intend to finish and get published in 2016.

  2. Make more open source contributions. I failed this one miserably last year (see last year’s report card), but I am intent on making this one happen. Over time, I expect that this will just be part of who I am, but until then I’m going to explicitly call it out. Since I’m not a programmer (not yet, may never be), these contributions will have Continue reading

FireEye to grow intelligence capabilities with iSight Partners deal

FireEye has acquired Texas-based iSight Partners for $200 million, a deal that executives say will give FireEye stronger intelligence on cybercriminal and hacking groups before they strike.The transaction, announced Wednesday, closed on Jan. 14.FireEye started with an end-point protection product aimed at filtering out malware before it entered a company's network. But the company has sought to expand its range of services through acquisitions as cybersecurity has become an ever-increasing concern -- and a more lucrative business.In early 2014, it bought Mandiant, a computer security company that specializes in investigating cyberattacks. The victims of some of the largest data breaches in memory, including Target, have retained Mandiant's services.To read this article in full or to leave a comment, please click here

Preparing IT for the ‘gig economy’

In the next 10 years, companies will regularly tap into a vast pool of independent contractors to get work done on a crowdsourced, pay-as-you-go basis, according to research supported by the Society for Information Management’s Advanced Practices Council.To read this article in full or to leave a comment, please click here(Insider Story)

Open Networking: The Eject Button

Those of us that weren’t born in the iPod era used to have physical music and movie media like cassette tapes, vinyl, CDs, minidisc, VHS and almost Beta Max. The idea was that you could take this media and play it on any compatible player and in some cases record too. Ok, I know the concept is almost the same with digital media, but there is something nostalgic about physical things.

Focussing on the mighty cassette tape, the medium that young teenagers used to woo their targets with heart felt mix tapes, it was possible to buy cassettes of different record time lengths and different materials for quality. Cassette decks were integrated in to boom boxes, Sony Walkmans, all in one HiFi units and of course, the more quality HiFi separate devices along with supposed studio quality devices. To give it some more background, these devices would have support electronics like headphone amplifiers, graphic equalisers, high speed dubbing (for fast transfer between decks), microphone amplifier circuits and even motorised loading and eject mechanisms. See the vague similarity between this and networking? No, I thought not. The cassette much like interchangeable networking components is removable. It’s transportable and although the tape Continue reading

IDG Contributor Network: Data center outages increasingly caused by DDoS

Think housing your servers in a data center rather than squeezing them under your desk is a bulletproof solution?Well, they might be safer in a data center, but believe it or not, some of the same pitfalls that can create trouble in the office can affect those secure data centers too. Namely UPS failure, human error, and cybercrime.'Unplanned' UPS system failure is still the principal cause of "unplanned data center outages," according to a new report.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Data center outages increasingly caused by DDoS

Think housing your servers in a data center rather than squeezing them under your desk is a bulletproof solution?Well, they might be safer in a data center, but believe it or not, some of the same pitfalls that can create trouble in the office can affect those secure data centers too. Namely UPS failure, human error, and cybercrime.'Unplanned' UPS system failure is still the principal cause of "unplanned data center outages," according to a new report.To read this article in full or to leave a comment, please click here

1 3,141 3,142 3,143 3,144 3,145 3,808