Drupal sites at risk due to insecure update mechanism

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an update check has failed, for example due to inability to access the update server. Instead, the back-end panel will continue to report that the CMS is up to date, even if it's not.This can be a problem, considering that hackers are quick to exploit vulnerabilities in popular content management systems like Drupal, WordPress or Joomla, after they appear. In one case in 2014, users had only a seven-hour window to deploy a critical Drupal patch until attackers started exploiting the vulnerability that it fixed.To read this article in full or to leave a comment, please click here

My Experiences With Cisco’s VIRL

Since it has been out for more than a year, and has been developed and improved tremendously during that time, I decided to finally take the plunge and buy a year’s subscription to the Cisco VIRL software. Part 1: Comparing and Tweaking VIRL Until now, I have been using any combination of real hardware, CSR1000Vs, and IOL […]

The post My Experiences With Cisco’s VIRL appeared first on Packet Pushers.

My Experiences With Cisco’s VIRL

Since it has been out for more than a year, and has been developed and improved tremendously during that time, I decided to finally take the plunge and buy a year’s subscription to the Cisco VIRL software. Part 1: Comparing and Tweaking VIRL Until now, I have been using any combination of real hardware, CSR1000Vs, and IOL […]

The post My Experiences With Cisco’s VIRL appeared first on Packet Pushers.

Worth Reading: Broadband Investment in a Slump

Reports suggest that spending could continue to be tight among broadband carriers. Bloomberg, for instance, suggests that 2016 could be a more-of-the-same year after a slowdown of 8.1 percent in 2015. A good case in point is AT&T. Seeking Alpha reports that Evercore predicts that the carrier’s wireless investments this year may end up being 21 percent lower than in 2014. via it business edge

The post Worth Reading: Broadband Investment in a Slump appeared first on 'net work.

Continued support for MD5 endangers widely used cryptographic protocols

The old and insecure MD5 hashing function hasn't been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including TLS, therefore weakening their security.Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.They showed that man-in-the-middle attackers can impersonate clients to servers that use TLS client authentication and still support MD5 hashing for handshake transcripts. Intercepting and forwarding credentials through protocols that use a TLS channel binding mechanism is also possible.To read this article in full or to leave a comment, please click here

Does a data breach really affect your firm’s reputation?

The long-held view is that breached companies are cast aside by consumers, investors and shareholders. A breach isn’t just a temporary glitch – it’s a mistake, a faux pas, which you can’t just shake off.This warning that has been used by information security professionals over the course of the last five years and for good reason; nothing gets a CEO or CFO’s attention on security matters more than "this is losing us money".However, on closer inspection, it could be argued that this reputation argument is a falsehood.Over the course of the last 18 months, we’ve seen some of the biggest, most widespread, data breaches in the history of the Internet.To read this article in full or to leave a comment, please click here

Overcoming stubborn execs for security sake

Even with the greater awareness for strong security within organizations—and the high-profile hacks that have contributed to that increased awareness—security executives still encounter significant hurdles in doing their jobs to protect data and systems.Clashes with senior business executives as well as those at lower levels of organizations make it more challenging for CSOs and CISOs to create a secure environment, and yet they continue to happen.Many of the conflicts that occur between security and business executives are due to ongoing philosophical differences regarding risk, says Dave Dalva, vice president at Stroz Friedberg, who has worked in the position of CISO for a number of clients.To read this article in full or to leave a comment, please click here

MANET: Mobile Ad Hoc Networks

The MANET stands for mobile ad hoc network; in practice, the term generally applies to ad hoc wireless networks of sufficient complexity that some internal routing mechanism is needed to enable full connectivity. The term mesh network is also used for MANETs. MANET nodes communicate by radio signals with a finite range, as in the Figure – […]

The post MANET: Mobile Ad Hoc Networks appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

MANET: Mobile Ad Hoc Networks

The MANET stands for mobile ad hoc network; in practice, the term generally applies to ad hoc wireless networks of sufficient complexity that some internal routing mechanism is needed to enable full connectivity. The term mesh network is also used for MANETs. MANET nodes communicate by radio signals with a finite range, as in the Figure – […]

The post MANET: Mobile Ad Hoc Networks appeared first on Network Design and Architecture.

What is Routing Loop and How is Routing Loop Prevented ?

A potential problem to packet forwarding is a possibility of a routing loop. It occurs because some packets circulate endlessly due to the set of entries in the forwarding table. Figure – 1 For example, in the Figure -1 we would have a routing loop if, for (nonexistent) destination G, A forwarded to B, B forwarded to D, D forwarded to E, E forwarded to C, and C […]

The post What is Routing Loop and How is Routing Loop Prevented ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

New Webinar: BGP-LS and PCEP

I was often asked about two emerging technologies that enable standard controller-based WAN traffic engineering: BGP-LS to extract the network topology and PCEP to establish end-to-end tunnels from a controller.

Unfortunately, I never found time to explore these emerging technologies and develop a webinar. However, after Julian Lucek from Juniper did such a great job on the NorthStar podcast, I asked him whether he would be willing to do a deep dive technology webinar on the two technologies and he graciously agreed to do it.

Read more ...

There and back again – After the Cloud, the Fog

Everything old is new again. That applies to most industries, trends and businesses, so why wouldn’t it apply to how we use resources and where they are placed.

A history lesson

In the 1970’s, IBM developed the first time sharing service implementation via virtual machines and the VM OS.

A few years back, everyone was building data centers.

Then, computing power and data storage were moved to a place everyone called “Cloud” but no one actually knew what it was and that in fact represented a new name for an old dream Douglas Parkhill was writing about it in 1966 in “The Challenge of Computer Utility”. The term became popular starting 2006, when Amazon launched its EC2 (Elastic Cloud Compute) service. In 2008, Microsoft followed the footsteps and launched Azure, their own Cloud service and in 2013 IBM announced the acquisition of SoftLayer, forming the IBM Cloud Services Division.

cloud floppy father

IoT is the new hit

Now, there’s the mighty Internet of Things, which promises to connect everything, but brings us back at least to the partial decentralization of resources and leads the way for the so called “Fog”. IoT is estimated to connect approximately 50 billion devices by 2020, according to Continue reading

1 3,204 3,205 3,206 3,207 3,208 3,853