PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood

On this Packet Pushers Priority Queue, we interview Rob Sherwood, CTO of Big Switch Networks, to gain an alternate view on OpenFlow TTPs (table type patterns). We first talked about TTPs in Weekly 220 in a discussion with Curt Beckmann back in January 2015. While Curt was fairly enthused that TTPs were going to move the ball forward, Rob is not convinced that TTPs are the long-term answer to make it easier for OpenFlow controllers and switches to share capabilities.

The post PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood appeared first on Packet Pushers.

PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood

On this Packet Pushers Priority Queue, we interview Rob Sherwood, CTO of Big Switch Networks, to gain an alternate view on OpenFlow TTPs (table type patterns). We first talked about TTPs in Weekly 220 in a discussion with Curt Beckmann back in January 2015. While Curt was fairly enthused that TTPs were going to move the ball forward, Rob is not convinced that TTPs are the long-term answer to make it easier for OpenFlow controllers and switches to share capabilities.

The post PQ Show 64: OpenFlow TTPs Won’t Save Us with Rob Sherwood appeared first on Packet Pushers.

Are vendors on the wrong path where smart plant security is concerned?

As the number of smart plants that use M2M, sensors, and other ICT continue to rise, so too does the lure for attackers. Manufacturing, energy, and utilities sectors are reportedly spending a combined 206.51 billion Euros globally on ICT in 2019, says Shuba Ramkumar, senior research analyst, Frost & Sullivan. Organizations are connecting systems to the Internet that they once kept purposely siloed for safety. “Smart plants face new challenges due to the ever-expanding connectivity of their control systems as they link into and rely on business operations and remote monitoring and management,” says Graham Speake, lead trainer at the SANS Institute and a 30-year cyber security industry veteran.To read this article in full or to leave a comment, please click here(Insider Story)

Governments Want Cheap Interception and Cheap Politics

The US, UK and Australian governments have all introduced legislation that effectively co-opts Internet Providers/Carriers to become legal surveillance arms for secret services. Why are governments pushing forward to use private companies to perform activities that were previously restricted to secret services such as the NSA, GCHQ and DSD ?

The post Governments Want Cheap Interception and Cheap Politics appeared first on EtherealMind.

Get Coding!

So lets start off with I am an old dog and I am learning new tricks.  My entire career I have avoided the dreaded programing.  In college I slid by my degree requirement for a coding class by taking Visual Basic for Industrial applications.  I hated it.  Debugging drove me nuts and there is still …

A tale of two women: same birthday, same Social Security number, same big-data mess

It's a case that would seem to defy the odds many times over: Two Florida women born on the same day, in the same state, and given almost the same name. Though no one realized it at the time, it turns out they were also given the same Social Security number.Joanna Rivera and Joannie Rivera only recently discovered the problem, according to a report this week, but in the meantime it's caused no end of trouble for them. Credit applications have been denied; tax returns have been rejected.Identity theft might have been a likely assumption, but in this case, it was something different.To read this article in full or to leave a comment, please click here

IPv6 and SSL for Yandy.IO

Thanks to Digitalocean the site is now fully IPv6 capable. Also, thanks to the awesome service at Cloudflare, just because I can, Yandy.IO is also now SSL encrypted. Your browser should redirect to...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Risky Business #389 — US law: CFAA isn’t a bug, it’s a feature!

On this week's show we're chatting with computer crime lawyer extraordinaire Tor Ekeland! He's worked on a number of high profile CFAA cases. Most recently he's been defending former Reuters and LA Times journalist Matthew Keys on some pretty hefty CFAA charges. He's also the guy who got Andrew Aurenheimer out of jail so he could go and live a free life as a Nazi troll. (Is that really a win?) He also defended Lauri Love... basically if you're a hacker who's fallen foul of the CFAA, this is the guy you want on your team.

read more

sFlow Test

sFlow Test has been released on GitHub, https://github.com/sflow-rt/sflow-test. The suite of checks is intended to validate the implementation of sFlow on a data center switch. In particular, the tests are designed to verify that the sFlow agent implementation provides measurements under load with the accuracy needed to drive SDN control applications, including:
Many of the tests can be run while the switches are in production and are a useful way of verifying that a switch is configured and operating correctly.

The stress tests can be scaled to run without specialized equipment. For example, the recommended sampling rate for 10G links in production is 1-in-10,000. Driving a switch with 48x10G ports to 30% of total capacity would require a load generator capable of generating 288Gbit/s. However, dropping the sampling rate to 1-in-100 and generating a load of 2.88Gbit/s is an equivalent test of the sFlow agent's performance and can be achieved by two moderately powerful servers with 10G network adapters.

For example, using the test setup above, run an iperf server on Server2: 
iperf -su
Then run the following sequence of tests on Server1: 
#!/bin/bash
RT="10.0.0. Continue reading

Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.The flaw is located in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation. The library is used by default in multiple Java application servers and other products including Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS.The flaw is specifically in the Collections component of Apache Commons and stems from unsafe deserialization of Java objects. In programming languages, serialization is the process of converting data to a binary format for storing it in a file or memory, or for sending it over the network. Deserialization is the reverse of that process.To read this article in full or to leave a comment, please click here

1 3,182 3,183 3,184 3,185 3,186 3,773