All app developers should learn from WhatsApp-v-Brazil incident and defend against it

So Brazil forced the ISPs to shutdown WhatsApp (a chat app) for 48 hours, causing more than a million of their customers to move to Telegram (another chat app). Apparently, this was to punish WhatsApp for not helping in a criminal investigation.




Well, this is similar to how ISPs block botnets. Botnets, the most common form of malware these days, have a command-channel back to the hacker that controls all the bots in the network. ISPs try to block the IP address and/or DNS name in order to block access to the botnet.

Botnets use two ways around this. One way is "fast-flux DNS", where something like "www.whatsapp.com" changes its IP address every few minutes. This produces too many IP addresses for ISPs to block. WhatsApp can keep spinning up new cloud instances at places like Amazon Web Services or Rackspace faster than ISPs can play whack-a-mole.

But ISPs can also block the domain name itself, instead of the IP address. Therefore, an app can also choose to Continue reading

Environmental metrics with Cumulus Linux

Custom metrics with Cumulus Linux describes how to extend the set of metrics exported by the sFlow agent and used the export of BGP metrics as an example. This article demonstrates how environmental metrics (power supplies, temperatures, fan speeds etc.) can be exported.

The smonctl command can be used to dump sensor data as JSON formatted text:
cumulus@cumulus$ smonctl -j
[
    {
        "pwm_path": "/sys/devices/soc.0/ffe03100.i2c/i2c-1/1-004d", 
        "all_ok": "1", 
        "driver_hwmon": [
            "fan1"
        ], 
        "min": 2500, 
        "cpld_path": "/sys/devices/ffe05000.localbus/ffb00000.CPLD", 
        "state": "OK", 
        "prev_state": "OK", 
        "msg": null, 
        "input": 8998, 
        "type": "fan", 
        "pwm1": 121, 
        "description": "Fan1", 
        "max": 29000, 
        "start_time": 1450228330, 
        "var": 15, 
        "pwm1_enable": 0, 
        "prev_msg": null, 
        "log_time": 1450228330, 
        "present": "1", 
        "target": 0, 
        "name": "Fan1", 
        "fault": "0", 
        "pwm_hwmon": [
            "pwm1"
        ], 
        "driver_path": "/sys/devices/soc.0/ffe03100.i2c/i2c-1/1-004d", 
        "div": "4", 
        "cpld_hwmon": [
            "fan1"
        ]
    },
    ...
The following Python script, smon_sflow.py, invokes the command, parses the output, and posts a set of custom sFlow metrics: 
#!/usr/bin/env python
import json
import socket
from subprocess import check_output

res = check_output(["/usr/sbin/smonctl","-j"])
smon = json.loads(res)
fan_maxpc = 0
fan_down = 0
fan_up = 0
psu_down = 0
psu_up = 0
temp_maxpc = 0
temp_up = 0
temp_down = 0
for s in smon:
  type = s["type"]
  if(type ==  Continue reading

Using Cloud-Init to Register an Instance into Consul

This post describes a method for using cloud-init to register a cloud instance into Consul on provisioning. I tested this on OpenStack, but it should work on any cloud platform that supports metadata services that can be leveraged by cloud-init.

I worked out the details for this method because I was interested in using Consul as a means to provide a form of “dynamic DNS” for OpenStack instances. (You can think of it as service registration and discovery for OpenStack instances.) As I’ll point out later in this post, there are a number of problems with this approach, but—if for no other reason—it was helpful as a learning exercise.

The idea was to automatically register OpenStack instances into Consul as they were provisioned. Since Consul offers a DNS interface, other instances and/or workloads could use DNS to look up these nodes’ registration. Consul offers an HTTP API (see here for details), so I started there. I used Paw (a tool I described here) to explore Consul’s HTTP API, building the necessary curl commands along the way. Once I had the right curl commands, the next step was to build a shell script that would pull the current Continue reading

IoT startup Afero goes end to end for security

Internet of Things startup Afero says it can secure small and large IoT devices with a Bluetooth radio module and a cloud service.Afero's platform is just the latest approach to building an infrastructure that ties together a variety of connected devices. The company says its system can be applied to both the home and enterprise realms of IoT and encrypts data all the way from devices to the cloud.The Internet of Things is widely expected to blossom into billions of devices for consumers, cities and businesses in the next few years. Along with those connected objects in the field, software, networks and analytics will be critical components of IoT. Bringing all those components together may pose a steep challenge for consumer electronics makers, as well as for enterprises that want to reap benefits in efficiency, savings and profits.To read this article in full or to leave a comment, please click here

Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases

There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft.This is the result of a scan performed over the past few days by John Matherly, the creator of the Shodan search engine for Internet-connected devices.Matherly originally sounded the alarm about this issue back in July, when he found nearly 30,000 unauthenticated MongoDB instances. He decided to revisit the issue after a security researcher named Chris Vickery recently found information exposed in such databases that was associated with 25 million user accounts from various apps and services, including 13 million users of the controversial OS X optimization program MacKeeper.To read this article in full or to leave a comment, please click here

Rapid7 disclosed 6 XSS and SQLi flaws in 4 Network Management Systems, 2 unpatched

Rapid7 disclosed six vulnerabilities affecting four Network Management Systems, two of which are not patched. The vendors are Opsview, Spiceworks, Ipswitch, and Castle Rock, with the latter having neither issued a security bulletin nor a fix for two vulnerabilities in its NMS.An “an array of cross-site scripting (XSS) and SQL injection (SQLi)” vulnerabilities found in NMS products were discovered by Rapid7’s Deral Heiland, aka Percent_X, and independent researcher Matthew Kienow, aka HacksForProfit. The flaws were responsibly disclosed to the vendors and CERT.To read this article in full or to leave a comment, please click here

Acts of terrorism could push Congress toward encryption backdoors in 2016

Despite the risks to online commerce, international high-tech sales, security of trade secrets and the fact that it won’t actually make encryption useless to criminals, decryption backdoors to let law enforcement access encrypted communications could become U.S. law in 2016 – and a nightmare to enterprises – especially if terrorists succeed in carrying out major acts of violence.So far the arguments against such a law have prevailed, but that could change if public opinion turns strongly in favor of it, which is more likely in the wake of events that generate fear.+More on Network World: 20 years ago: Hot sci/tech images from 1995 | Read all the stories that predict what is to come in 2016 +To read this article in full or to leave a comment, please click here

How Does the Use of Docker Effect Latency?

A great question came up on the mechanical-sympathy list that many others probably have as well: 

I keep hearing about [Docker] as if it is the greatest thing since sliced bread, but I've heard anecdotal evidence that low latency apps take a hit. 

Who better to answer than Gil Tene, Vice President of Technology and CTO, Co-Founder, of Azul Systems? Like Stephen Curry draining a deep transition three, Gil can always be counted on for his insight:

And here's Gil's answer:

Putting aside questions of taste and style, and focusing on the effects on latency (the original question), the analysis from a pure mechanical point of view is pretty simple: Docker uses Linux containers as a means of execution, with no OS virtualization layer for CPU and memory, and with optional (even if default is on) virtualization layers for i/o. 

CPU and Memory

From a latency point of view, Docker's (and any other Linux container's) CPU and memory latency characteristics are pretty much indistinguishable from Linux itself. But the same things Continue reading

Inside AT&T’s grand dynamic network plan

AT&T is pouring billions into its network to make it more dynamic, which is resulting in new capabilities for enterprise customers. Network World Editor in Chief John Dix recently stopped by AT&T headquarters in Dallas to talk to Josh Goodell, VP of Network on Demand, about what the company is learning from early adopters of its Switched Ethernet on Demand service and what comes next. Among other things, Goodell explains how provisioning now takes days vs. weeks, service profiles can be changed in seconds, and how he expects large shops to use APIs to connect their network management systems directly to AT&T controls. Oh, and a slew of virtual functions are on the horizon that will enable you to ditch all those appliances you’ve been accumulating.To read this article in full or to leave a comment, please click here

Vulnerability in popular bootloader puts locked-down Linux computers at risk

Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.GRUB, which stands for the Grand Unified Bootloader, is used by most Linux distributions to initialize the operating system when the computer starts. It has a password feature that can restrict access to boot entries, for example on computers with multiple operating systems installed.This protection is particularly important within organizations, where it is also common to disable CD-ROM, USB and network boot options and to set a password for the BIOS/UEFI firmware in order to secure computers from attackers who might gain physical access to the machines.To read this article in full or to leave a comment, please click here

Share And Share Alike

ShareArrows

Every once in a while, I like to see who is clicking through to my blog. It helps me figure out what’s important to write about and who reads things. I found a recent comment that made me think about what I’m doing from a different perspective.

The Con Game

I get occasional inbound traffic from Reddit. The comments on Reddit are a huge reason to follow threads on the site. In one particular thread on /r/networking linked back to my blog as a source of networking news and discussion. But a comment gave me pause:

https://www.reddit.com/r/networking/comments/3mpjpz/networking_websites/cvgyfye

And I quote:

Cons : they almost all know each other and tend to promote each other content.

This was a bit fascinating to me. Of the people in that particular comment, I’ve only ever met one in person. I do know quite a few people in the networking space as part of my career, both related to Tech Field Day and just through writing.

It is true that I share quite a bit of content from other writers. My day job notwithstanding, I feel it is my duty to identify great pieces of writing or thought-provoking ideas and share it Continue reading

1 3,178 3,179 3,180 3,181 3,182 3,809