Is Flow-Based Forwarding Just Marketing Fluff?

When writing the Packet- and Flow-Based Forwarding blog post, I tried to find a good definition of flow-based forwarding (and I was not the only one being confused), and the one from Junos SRX documentation is as good as anything else I found, so let’s use it.

TL&DR: Flow-based forwarding is a valid technical concept. However, when mentioned together with OpenFlow, it’s mostly marketing fluff.

Read more ...

Brocade VDX SNMP Changes

Brocade tightened up some SNMP settings with NOS 6.0.x. This improves security, but it also means that you will need to modify your configuration if you upgrade. If you don’t, SNMP won’t work, and you’ll get errors with BNA/Nagios/Cacti/etc. Here’s the changes, and how to get SNMP working with NOS 6.0.x. NB This applies to VDX Data Centre switches. Other product lines have different configuration.

Usual disclaimers apply: Yes, I work for Brocade. Doesn’t mean that I’m an official spokesperson, or a replacement for TAC. I’m just putting this info out there to help others who get bitten by this.

5.x and earlier defaults

NOS 5.x and earlier had default SNMP settings that looked like this:

snmp-server contact "Field Support."
snmp-server location "End User Premise."
snmp-server sys-descr "Brocade VDX Switch."
snmp-server community ConvergedNetwork
snmp-server community OrigEquipMfr rw
snmp-server community "Secret C0de" rw
snmp-server community common
snmp-server community private rw
snmp-server community public
snmp-server user snmpadmin1 groupname snmpadmin
snmp-server user snmpadmin2 groupname snmpadmin
snmp-server user snmpadmin3 groupname snmpadmin
snmp-server user snmpuser1
snmp-server user snmpuser2
snmp-server user snmpuser3

Yeah. Pretty open. So if you’re lazy, and your NMS tried a default discovery string of Continue reading

Ransomware and scammy tech support sites team up for a vicious one-two punch

Symantec has seen a curious fusing of two pernicious online threats, which would cause a big headache if encountered by users.Some websites offering questionable tech support services are also dishing up ransomware, which locks up a users files until they pay a fee to decrypt them.The support scams involve trying to convince users they have a computer problem and then selling them overpriced software or support services to fix it. It's often done via a pop-up message that urges people to call a number or download software.To read this article in full or to leave a comment, please click here

Toy maker VTech says breach hit 6.4 million kids’ accounts

Educational toy maker VTech has said 11.6 million accounts were compromised in a cyberattack last month, including those of 6.4 million children.The total number of accounts affected is nearly double that reported last week by the security news site Motherboard, which interviewed a hacker who claimed credit for the breach.Most of the account holders were in the U.S., including 2.2 million parents and 2.8 million children, VTech said Wednesday in Hong King, where the company is based. France, the U.K., Germany and Canada round out the top five countries hit, VTech said in an updated FAQ.To read this article in full or to leave a comment, please click here

NSA needs more EFF hoodies

A few months ago, many stories covered "intelexit.org", a group that bought billboards outside NSA buildings encouraging moderates to leave intelligence organizations. This is a stupidbad idea.

For one thing, it's already happening inside the intelligence community. Before Snowden, EFF hoodies were tolerated. From what I hear, they aren't anymore. Anybody who says anything nice about the EFF or Snowden quickly finds their promotion prospects reduced. And if you aren't being promoted, you are on track to be pushed out, to make room for new young blood.

The exit of moderates is radicalizing the intelligence community. More and more, those who stay want more surveillance.

In my own experience, the intelligence community is full of pro-EFF moderates. More than anybody, those inside the community can see the potential for abuse. For all that mass surveillance is unacceptable, the reality is that it's not really being abused. It really is just focused on catching evil terrorists, not on tracking political activists in America. All this power is in the hands of people who use the power as intended.

A mass exodus of moderates, though, will change this, creating a more secretive and more abusive organization. The NSA is nowhere near Continue reading

Windows 10 update didn’t remove spying utility, Microsoft just renamed it

One of the services at the heart of Windows 10's user information gathering (otherwise known as spying) that many thought was removed in the latest update to the operating system is, in fact, still there, doing what it always did.The Diagnostics Tracking Service, aka DiagTrack, was one of the main culprits in telemetry and other user activity gathering in Windows 10. It has been identified as a keylogger, although some people dispute that. Given the concerns around spying in Windows 10, just the accusation is damaging enough.See also: Windows 10 update deep dive: Big changes, minor tweaks, and common problems With the release of Build 10586, or Threshold 2, DiagTrack disappeared and there was much rejoicing. However, the white hat hackers at Tweakhound (and confirmed by BetaNews) have discovered that Microsoft merely renamed it to the Connected User Experiences and Telemetry service, which throws people off, along with all the utilities to turn off these services, like DoNotSpy10.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why you should lawyer up before a cyberattack

Lawyers advise enterprises to establish preemptive legal protection before suffering a cyberattack. While one might expect lawyers to say that, there are some reasons to take this advice.Namely, a federal district court in Minnesota found in October that "certain documents created during Target's internal investigation of its 2013 payment card breach were protected by the attorney-client privilege and work product doctrine," according to the Cybersecurity Law Report.Investigation The court told Target that it didn't have to produce certain documents that the plaintiffs wanted to see. The reason: they were part of the investigation.To read this article in full or to leave a comment, please click here

AMD pushes Crimson driver fan speed hotfix after reports of overheating Radeon cards

AMD plans to roll out a hotfix on Monday, November 30 for its new Radeon Software Crimson after some users reported their graphics cards were too hot to handle—and not in a good way.A random assortment of AMD GPU users recently reported seeing the fans in their graphics cards locked to a maximum 20 percent speed limit regardless of the load they were under. Some users report their cards being physically damaged after heavy gameplay sessions as a result of the bug. Update: AMD has released a new driver to correct the issue, Crimson Beta 15.11.11. The release notes mention several other tweaks, including bug fixes in Just Cause 3, Call of Duty: Black Ops 3, and Star Wars Battlefront.To read this article in full or to leave a comment, please click here

UK intelligence service GCHQ is on trial for hacking

GCHQ, the British signals intelligence service, is in the dock accused of hacking computers without individual warrants in order to tap communications.The allegations, made by messaging providers and campaign groups GreenNet, RiseUp Networks, Chaos Computer Club and Privacy International, among others, concern the use by the U.K. Government Communications Headquarters of "thematic warrants" to hack computers. They began making their cases to the U.K.'s Investigatory Powers Tribunal in London on Tuesday, in hearings scheduled to run through Friday.GCHQ first admitted to hacking in February following Privacy International's initial legal challenge.To read this article in full or to leave a comment, please click here

Feds drive toward high-tech criminal tracking system standard

Electronic monitoring technologies are not the panacea for tracking criminals many believe they are.The main issue – and it’s a big one – is that such the packages also known as offender tracking systems (OTS) operate and perform with no underlying industry standards for communications or software causing a myriad of problems for law enforcement agencies.+More on Network World: Gartner: Get onboard the algorithm train!An OTS typically consists of hardware, such as an ankle bracelet, used for collecting Global Positioning System (GPS) signals to determine an individual's location, and software for analyzing data collected from the hardware device.To read this article in full or to leave a comment, please click here

Deep Lessons from Google and eBay on Building Ecosystems of Microservices

When you look at large scale systems from Google, Twitter, eBay, and Amazon, their architecture has evolved into something similar: a set of polyglot microservices.

What does it looks like when you are in the polyglot microservices end state? Randy Shoup, who worked in high level positions at both Google and eBay, has a very interesting talk exploring just that idea: Service Architectures at Scale: Lessons from Google and eBay.

What I really like about Randy's talk is how he is self-consciously trying to immerse you in the experience of something you probably have no experience of: creating, using, perpetuating, and protecting a large scale architecture.

In the Ecosystem of Services section of the talk Randy asks: What does it look like to have a large scale ecosystem of polyglot microservices? In the Operating Services at Scale section he asks: As a service provider what does it feel like to operate such a service? In the Building a Service section he asks: When you are a service owner what does it look like? And in the Service Anti-Patterns section he asks: What can go wrong?

A very powerful approach.

The highlight of the talk for me was the idea of Continue reading

Worth Reading: IPv6 Performance

Every so often I hear the claim that some service or other does not support IPv6 not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service over IPv6 they would be exposing their clients to an inferior level of performance of the service. via potaroo.net

The post Worth Reading: IPv6 Performance appeared first on 'net work.

Judge strips redactions from NSL, showing info FBI gets without a warrant

A federal judge lifted an 11-year gag order the FBI had imposed on Nicholas Merrill and removed redactions of a National Security Letter (NSL) so Americans can see the overly broad "types of electronic communications transaction records" that the FBI has sought and continues to seek through NSLs.The FBI served the NSL back in 2004 when Nicholas Merrill owned and operated Calyx Internet Access, a small ISP with about 200 customers. After the judge found in favor of Merrill and not the government, Merrill said, "For more than a decade, the FBI has fought tooth and nail in order to prevent me from speaking freely about the NSL I received. Judge Marrero’s decision vindicates the public’s right to know how the FBI uses warrantless surveillance to peer into our digital lives. I hope today’s victory will finally allow Americans to engage in an informed debate about proper the scope [sic] of the government’s warrantless surveillance powers."To read this article in full or to leave a comment, please click here

Security ‘net: Google, Watson, and other thoughts

Encryption, security, and privacy are at the top of our list, it seems. The question is — who really cares about your privacy? Is Google a champion of freedom, or a threat to national sovereignty?

Google is unique in its leadership, plans, and global marketpower to accelerate the majority of all global Web traffic “going dark,” i.e. encrypted by default. Google’s “going dark” leadership seriously threatens to neuter sovereign nations’ law-enforcement and intelligence capabilities to investigate and prevent terrorism and crime going forward.

Or has Google just figured out that encryption is the best way to funnel all the world’s information through their servers so it can be properly indexed and used to its maximum commercial value?

But the truth about where the giants of tech stand on user privacy is another matter entirely. No organizations on earth have exploited users more than Google (GOOGL) and Facebook (FB) have in their zealous quest to boost ad revenues by providing users’ personal data – demographics, searches, email and location, among others – to an ever-growing list of digital advertisers.

Russ’ take: The truth is probably out there someplace, but I doubt it’s as clean cut as either of these articles Continue reading

1 3,144 3,145 3,146 3,147 3,148 3,755