Phoenix, AZ: CloudFlare’s 64th data center

Three years and 46 data centers later our expansion returns to the United States. Phoenix, the latest addition to the CloudFlare network, is our 10th point of presence in North America, and the start of our effort to further regionalize traffic across the continent. This means faster page loads and transaction speeds for your sites and applications, as well as for the 6 million Internet users throughout the Southwestern US that use them.

Eat Surf local

The vast majority of Internet traffic in the US is exchanged in only a small handful of cities: Los Angeles, the San Francisco Bay Area, Dallas, Chicago, Miami, Ashburn (Virginia) and New York. These locations evolved into key interconnection points largely as a result of their status as population and economic centers. However, if you're one of the 236 million Americans that live outside of these metro areas, you have to hike quite a bit further to access your favorite content on the Internet.

To illustrate this, we measured the level of local interconnection between a handful of our Tier 1 Internet providers—NTT, TeliaSonera, Tata Communications and Cogent—in different metro areas. For the uninitiated, Tier 1 networks are the group of networks that Continue reading

Docs Spotlight: Tower API Guide

blog-header-docspotlight

As you may already know, Ansible Tower 2.3.0's release offers a bundled installer for Red Hat Enterprise Linux and CentOS systems. This all-in-one installer contains everything you need to get Tower started in one bundle, including the bootstrapping of Ansible for you, if it is not already installed. If Ansible is already installed, ensure that it is the latest stable version before proceeding with your Tower installation.

In addition to other bug fixes and performance improvements, the documentation for the Tower 2.3.0 release also included a few updates.

The biggest update for the Tower Documentation Set hits the Tower API Guide

The REST API in Tower is browsable and simple to use, but you must be logged into your Tower instance to view the endpoints. Now, for the very first time, the Tower API endpoints have been included for easy review. 

For example, the Ping Endpoint, which is fairly simple as an example, includes the following information:

Ping_API_Endpoint

Another feature we are trying out for the Tower 2.3.0 Documentation Set is a new custom search.  At the bottom right of your browser screen, a new "search this site" button appears that scrolls the Continue reading

Deploying application whitelisting? NIST has some advice for you

If you're trying to bar the door to malware infections, automated application whitelisting is a tactic that the U.S. National Institute of Standards and Technology thinks you should try -- and the agency wants to help you implement it in an effective way.The Department of Commerce agency, which is tasked with developing standards and recommendations including in the area of IT security, has published a guide to application whitelisting that explains the technology in detail and offers practical advice for how it should be used.For one, before looking at third-party products, organizations should consider using the application whitelisting mechanisms included in the operating systems they use on their desktops, laptops and servers. The reason is that they're easier to use, can be centrally managed and their use keeps additional costs minimal.To read this article in full or to leave a comment, please click here

How AI is improving consumer engagement and customer experience

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Artificial intelligence (AI) – when computers behave like humans – is no longer science fiction. Machines are getting smarter and companies across the globe are beginning to realize how they can leverage AI to improve consumer engagement and customer experience.

Gartner research indicates that in a few years 89% percent of businesses will compete mainly on customer experience. Within five years consumers will manage 85% of their relationships with an enterprise without interacting with a human – moving to the “DIY” customer service concept.

To read this article in full or to leave a comment, please click here

Are you overlooking tokenization as a data security measure?

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  As a security technology that obfuscates clear text data, tokenization is the red-headed stepchild compared to encryption. That's changing, however, as tokenization has a key role in enabling mobile payment systems such as Apple Pay, Samsung Pay and Android Pay. If you use any of these smartphone-based payment applications, tokenization is already at work for you.Unless you're in the payments industry, you might not even know what tokenization is, or how it can protect sensitive data. Yes, there are uses for the technology beyond securing payment data. I'll talk use cases in a minute, but first let me explain what tokenization is.To read this article in full or to leave a comment, please click here

Large scale BGP hijack out of India

BGP hijacks happen every day, some of them affect more networks than others and every now and then there’s a major incident that affects thousands of networks. Our monitoring systems keep an eye out for our users and if you would like to have a general idea of what’s going on in the world of BGP incidents, keep an eye on BGPstream.com. Earlier today we detected one of those major incidents that affected thousands of networks.

Starting at 05:52 UTC, AS9498 (BHARTI Airtel Ltd.) started to claim ownership for thousands of prefixes by originating them in BGP. This affected prefixes for over two thousand unique organizations (Autonomous systems).

Our systems detected origin AS changes (hijacks) for 16,123 prefixes. The scope and impact was different per prefix but to give you an idea, about 7,600 of these announcements were seen by five or more of our peers (unique peers ASns) and 6,000 of these were seen by more than 10 of our peers.

One of the reasons this was so widespread is because large networks such as AS174 (Cogent Communications) and AS52320 (GlobeNet Cabos Submarinos VZLA) accepted and propagated these prefixes to their peers and customers.

The BGPplay visualization Continue reading

Android security update focuses on media files

In light of Android's mediaserver issues, Google’s latest Android security update focused on flaws related to the operating system's treatment of media files. Android’s current flaws are similar to problems that cropped up with Windows more than a decade ago.Google addressed seven vulnerabilities as part of this month’s Android security update, released this week. Of the critical vulnerabilities, one was in the libutils component (CVE-2015-6609) near where Stagefright flaws were found over the summer, and the other was in the Android mediaserver component (CVE-2015-6609). They were rated as critical, as they could allow remote code execution when handling malformed media files.To read this article in full or to leave a comment, please click here

Cox to pay $595,000 for Lizard Squad data breach

Cox Communications has agreed to pay US$595,000 and submit to seven years of computer security compliance monitoring by the Federal Communications Commission to settle an investigation into whether the cable TV and Internet operator failed to safeguard the personal information of its customers.The investigation relates to a hack of Cox in 2014 by "EvilJordie," a member of the "Lizard Squad" hacker collective, and is the FCC's first privacy and data security enforcement action against a cable operator.The FCC's investigation found that by posing as a Cox IT staffer, the hacker convinced a Cox customer service representative and contractor to enter their account IDs and passwords into a fake website, the FCC said Thursday.To read this article in full or to leave a comment, please click here

EU tells US it must make next move on new Safe Harbor deal

The European Union put the onus firmly on the U.S. to make the next move in negotiating a replacement for the now-defunct Safe Harbor Agreement on privacy protection for transatlantic personal data transfers. "We need a new transatlantic framework for data transfers," said Vĕra Jourová, the European Commissioner for Justice and Consumers, emphasizing the urgency of the situation. However, she said at a news conference in Brussels on Friday, "It is now for the U.S. to come back with their answers." EU law requires that companies guarantee the same privacy protection for the personal information of EU citizens that they hold, wherever in the world they process it.To read this article in full or to leave a comment, please click here

Video: Control Plane Protocols in OpenFlow-Based Networks

One of the typical questions I get in my SDN workshops is “how do you run control-plane protocols like LACP or OSPF in OpenFlow networks?”.

I wrote a blog post describing the process two years ago and we discussed the details of this challenge in the OpenFlow Deep Dive webinar. That part of the webinar is now public: you’ll find the OpenFlow Use Cases: Control-Plane Protocols video on the ipSpace.net Free Content web site.

Watch the video

Stuff The Internet Says On Scalability For November 6th, 2015

Hey, it's HighScalability time:


Cool geneology of Relational Database Management Systems.

  • 9,000: Artifacts Uncovered in California Desert; 400 Million: LinkedIn members; 100: CEOs have more retirement assets than 41% of American families; $160B: worth of AWS; 12,000: potential age of oldest oral history; fungi: world's largest miners 

  • Quotable Quotes:
    • @jaykreps: Someone tell @TheEconomist that people claiming you can build Facebook on top of a p2p blockchain are totally high.
    • Larry Page: I think my job is to create a scale that we haven't quite seen from other companies. How we invest all that capital, and so on.
    • Tiquor: I like how one of the oldest concepts in programming, the ifdef, has now become (if you read the press) a "revolutionary idea" created by Facebook and apparently the core of a company's business. I'm only being a little sarcastic.
    • @DrQz: +1 Data comes from the Devil, only models come from God. 
    • @DakarMoto: Great talk by @adrianco today quote of the day "i'm getting bored with #microservices, and I’m getting very interested in #teraservices.”
    • @adrianco: Early #teraservices enablers - Diablo Memory1 DIMMs, 2TB AWS X1 instances, in-memory databases and analytics...
    • @PatrickMcFadin: Average DRAM Contract Price Continue reading

ProtonMail recovers from DDoS punch after being extorted

The last few days have not been easy for ProtonMail, the Geneva-based encrypted email service that launched last year. Earlier this week, the service was extorted by one group of attackers, then taken offline in a large distributed denial-of-service (DDoS) attack by a second group that it suspects may be state sponsored. ProtonMail offers a full, end-to-end encrypted email service. It raised more than US$500,000 last year after a blockbuster crowdfunding campaign that sought just $100,000.  Now, it bills itself as the largest secure email provider, with more than 500,000 users. Creating an account is free, although ProtonMail plans to eventually introduce a paid-for service with additional features.To read this article in full or to leave a comment, please click here

How a mobile app company found the XcodeGhost in the machine

Nick Arnott couldn't figure out recently why Apple kept rejecting an update to a mobile app his company developed.It turned out the problem was a ghost in the machine.His company, Possible Mobile, is well versed in the App Store submission rules and has built apps for JetBlue, Better Homes & Gardens and the Major League Soccer.The rejection came after it was discovered in mid-September that thousands of apps in the App Store had been built with a counterfeit version of an Apple development tool, Xcode.The fake version, dubbed XcodeGhost and probably developed in China, had been downloaded by many developers from third-party sources, apparently because getting the 4GB code from Apple took too long.To read this article in full or to leave a comment, please click here

007 Tips for keeping your business as secure as MI6

As James Bond has shown, even a sophisticated MI6 operative with a nearly limitless budget and an array of hi-tech gadgets has to take into account existing security measures when formulating a plan to infiltrate a building or system. And while online criminal organizations don’t have Bond’s resources, they are sophisticated and well funded, which means you have to continually up your efforts to reduce the threat surface of your business.As you begin planning for 2016, here are 007 tips for bringing your business closer to an MI6 level of security, without a nation-state budget:1. Auto expiring credentials for new recruits: While we hope your corporate hiring process isn’t as intense as that of a secret agent, at the end of the day not everyone who signs up ends up making the final cut. To minimize your risk of rogue access, implement a policy that requires system admins to always create expiring credentials for new hires. It’s best practice to implement this for any temporary hires, but if your company offers an employment grace period, consider applying the expiration for the end of that time period, just in case. It’s always easier to re-implement than revoke once things Continue reading

1 3,189 3,190 3,191 3,192 3,193 3,773