ProtonMail comes back online, shores up DDoS defenses

ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week.The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline.Now it has partnered with Radware, which offered its DDoS mitigation service for a "reasonable price," allowing service to resume, ProtonMail wrote in a blog post on Tuesday."The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future," the company wrote.To read this article in full or to leave a comment, please click here

A Handy CLI Tool for Working with JSON

While I was at Kubecon this past week, one of the presenters showed off a handy CLI tool for working with JSON. It’s called jq, and in this post I’m going to show you a few ways to use jq. For the source of JSON output, I’ll use the OpenStack APIs.

If you’re not familiar with JSON, I suggest having a look at this non-programmer’s introduction to JSON. Also, refer to this article on using cURL to interact with a RESTful API for a bit more background on some of the commands I’m going to use in this post.

Let’s start by getting an authorization token for OpenStack, using the following curl command:

curl -d '{"auth":{"passwordCredentials":
{"username": "admin","password": "secret"},
"tenantName": "customer-A"}}' 
-H "Content-Type: application/json" 
http://192.168.100.100:5000/v2.0/tokens

This will return a pretty fair amount of JSON in the response, and it presents the first opportunity to use jq. Let’s say you only wanted the authorization token, and not all the other output. Simply add the following jq command to the end of your curl request:

curl -d '{"auth":{"passwordCredentials":
{"username": "admin","password": "secret"},
"tenantName": "customer-A"}}' 
-H "Content-Type: application/json" 
http://192.168.100.100:5000/v2.0/tokens | 
 Continue reading

Anycast For DMVPN Hubs

Dynamic assignment of DMVPN spoke tunnel addresses isn't just a matter of convenience. It provided the foundation for a recent design which included the following fun requirements:
  • There are many hub sites.
  • Spokes will be network-near exactly one hub site.
  • Latency between hub sites is high.
  • Bandwidth between hub sites is low.
  • Spoke routers don't know where they are in the network.
  • Spoke routers must connect only to the nearest hub.
The underlay topology in this environment1 made it safe for me to anycast the DMVPN hubs, so that's what I did. This made the "connect to the nearest hub" problem easy to solve, but introduced some new complexity.

Hub Anycast Interface
Each DMVPN router has a loopback interface with address 192.0.2.0/32 assigned to the front-door VRF. It's configured something like this:

 interface loopback 192020
  description DMVPN hub anycast target  
  ip vrf forwarding LTE_TRANSIT  
  ip address 192.0.2.0 255.255.255.255

The 192.0.2.0 /32 prefix was redistributed into the IP backbone. If this device were to fail, then the next-nearest instance of 192.0.2.0 would be selected by the IGP.

Spoke Configuration
Spokes look pretty much exactly like Continue reading

CCIE Three Months Later

A short take on my journey to becoming CCIE #49800. This wouldn't be possible without the so very important people in my life. Thank You!...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Patch Tuesday November 2015: Microsoft releases 12 fixes, 4 rated critical

For Patch Tuesday November 2015, Microsoft released 12 security bulletins, four rated as critical and the remaining 8 rated as important.Rated CriticalMS15-112 is the cumulative fix for remote code execution flaws in Internet Explorer. Microsoft lists 25 CVEs, most of which are IE memory corruption vulnerabilities. 19 are called Internet Explorer memory corruption vulnerabilities, with three CVEs labeled slightly different as Microsoft browser memory corruption vulnerabilities. Of the remaining CVEs, one involves Microsoft browser ASLR bypass, one is for an IE information disclosure flaw, and one is a scripting engine memory corruption vulnerability. You should deploy this as soon as possible.To read this article in full or to leave a comment, please click here

Three indicted in JPMorgan hacking case

On Tuesday, Manhattan US Attorney Preet Bharara's office unsealed an indictment against three individuals charged with hacking several financial institutions, financial news publishers, and other companies.In a statement to Reuters, JPMorgan confirmed that the recently unsealed indictment is connected to last year's hack, which impacted 83 million households.Monday's indictment focuses on Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein.In court documents shared with CSO Online, the prosecutors say that between 2012 and 2015, the three pulled off "the largest theft of customer data from a U.S. financial institution in history" by stealing the personal information of more than 100 million people.To read this article in full or to leave a comment, please click here

ARM is bringing some much needed security to the Internet of Things

If you believe what the tech industry tells us, everything is coming online. From pacemakers to washing machines to street lights, all will be networked together and feeding data into the cloud. If this Internet of Things comes to pass, we're going to need a lot more security than we have today.Chip design company ARM announced plans Tuesday for a new line of chips intended to help secure those devices. ARM is best known for designing the microprocessors in smartphones and tablets, but it also designs smaller chips, called microcontrollers, that feature heavily in IoT. Some four billion ARM microcontrollers were shipped by ARM licensees last year.To read this article in full or to leave a comment, please click here

Sponsored Post: StatusPage.io, Digit, iStreamPlanet, Instrumental, Redis Labs, Jut.io, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • Senior Devops Engineer - StatusPage.io is looking for a senior devops engineer to help us in making the internet more transparent around downtime. Your mission: help us create a fast, scalable infrastructure that can be deployed to quickly and reliably.

  • Digit Game Studios, Irish’s largest game development studio, is looking for game server engineers to work on existing and new mobile 3D MMO games. Our most recent project in development is based on an iconic AAA-IP and therefore we expect very high DAU & CCU numbers. If you are passionate about games and if you are experienced in creating low-latency architectures and/or highly scalable but consistent solutions then talk to us and apply here.

  • As a Networking & Systems Software Engineer at iStreamPlanet you’ll be driving the design and implementation of a high-throughput video distribution system. Our cloud-based approach to video streaming requires terabytes of high-definition video routed throughout the world. You will work in a highly-collaborative, agile environment that thrives on success and eats big challenges for lunch. Please apply here.

  • As a Scalable Storage Software Engineer at iStreamPlanet you’ll be driving the design and implementation of numerous storage systems including software services, analytics and video Continue reading

IDG Contributor Network: How magnetic ID cards are becoming indestructable

One of the problems with traditional magnetic storage has always been that, because it's written with magnetic fields, it can be wiped by those fields too.That makes for a pretty unstable medium—though convenient and more efficient than many.Magnetic storage is used in ID and credit cards too, but the environments that the cards encounter are brutal on the media.So is space travel, and indeed the residential living rooms with magnet-containing home theatre speakers, for example. Remember the mysteriously deteriorating cassette tape?Yet magnetic media has its favorable qualities—it's more secure than Radio Frequency (RF) chips, for example.To read this article in full or to leave a comment, please click here

Gathering No MOS

mossBall1

If you work in the voice or video world, you’ve undoubtedly heard about Mean Opinion Scores (MOS). MOS is a rough way of ranking the quality of the sound on a call. It’s widely used to determine the over experience for the user on the other end of the phone. MOS represents something important in the grand scheme of communications. However, MOS is quickly becoming a crutch that needs some explanation.

That’s Just Like Your Opinion

The first think to keep in mind when you look at MOS data is that the second word in the term is opinion. Originally, MOS was derived by having selected people listen to calls and rank them on a scale of 1 (I can’t hear you) to 5 (We’re sitting next to each other). The idea was to see if listeners could distinguish when certain aspects of the call were changed, such as pathing or exchange equipment. It was an all-or-nothing ranking. Good calls got a 4 or even rarely a 5. Most terrible calls got 2 or 3. You take the average of all your subjects and that gives your the overall MOS for your system.

voip-qualitypbx

When digital systems came along, MOS took Continue reading

Five Functional Facts about TACACS+ in ISE 2.0

The oft-requested and long awaited arrival of TACACS+ support in Cisco’s Identity Services Engine (ISE) is finally here starting in version 2.0. I’ve been able to play with this feature in the lab and wanted to blog about it so that existing ISE and ACS (Cisco’s Access Control Server, the long-time defacto TACACS+ server) users know what to expect.

Below are five facts about how TACACS+ works in ISE 2.0.

Continue reading

Announcing Universal DNSSEC: Secure DNS for Every Domain

CloudFlare launched just five years ago with the goal of building a better Internet. That’s why we are excited to announce that beginning today, anyone on CloudFlare can secure their traffic with DNSSEC in just one simple step.

This follows one year after we made SSL available for free, and in one week, more than doubled the size of the encrypted web. Today we will do the same with DNSSEC, and this year, we’ll double the size of the DNSSEC-enabled web, bringing DNSSEC to millions of websites, for free.

If DNS is the phone book of the Internet, DNSSEC is the unspoofable caller ID. DNSSEC ensures that a website’s traffic is safely directed to the correct servers, so that a connection to a website is not intercepted by a man-in-the-middle.

Solving A Decades-Old Vulnerability In DNS

Every website visit begins with a DNS query. When I visit cloudflare.com, my browser first needs to find the IP address:

cloudflare.com. 272 IN A 198.41.215.163

When DNS was invented in 1983, the Internet was used by only a handful of professors and researchers, and no one imagined that there could be foul play. Thus, DNS relies on Continue reading

1 3,214 3,215 3,216 3,217 3,218 3,804