SHA-1 Deprecation: No Browser Left Behind

Welcome to the Internet. All Browsers Welcome

After December 31, 2015, SSL certificates that use the SHA-1 hash algorithm for their signature will be declared technology non grata on the modern Internet. Google's Chrome browser has already begun displaying a warning for SHA-1 based certs that expire after 2015. Other browsers are mirroring Google and, over the course of 2016, will begin issuing warnings and eventually completely distrust connections to sites using SHA-1 signed certs. And, starting January 1, 2016, you will no longer be able to get a new SHA-1 certificate from most certificate authorities.

For the most part, that's a good thing. Prohibitively difficult to forge certificate signatures are part of what keeps encryption systems secure. As computers get faster, the risk that, for any given hashing algorithm, you can forge a certificate with the same signature increases. If an attacker can forge a certificate then they could potentially impersonate the identity of a real site and intercept its encrypted traffic or masquerade as that site.

Deprecating Old Standards

This isn't the first time we've been through this exercise. The original hashing algorithm used for most certificate signatures in the early days of the web was MD5. In 2008, researchers demonstrated they were able to Continue reading

NASA, Google reveal quantum computing leap

The black box sitting at the heart of NASA's Advanced Supercomputing facility in Silicon Valley isn't much to look at. The size of a garden shed, it's smaller than a conventional supercomputer, but inside something quite impressive is happening.The box is a D-Wave 2X quantum computer, one of the most advanced examples yet of a new type of computer based on quantum mechanics, which can theoretically be used to solve complex problems in seconds rather than years.MORE ON NETWORK WORLD: 13 awesome and scary things in near Earth space Quantum computers rely on fundamentally different principles to today's computers, in which each bit represents either a zero or a one. In quantum computing, each bit can be both a zero and a one simultaneously. So while three conventional bits can represent any of eight values (2^3), three qubits, as they're called, can represent all eight values at once. That means calculations can theoretically be performed at much higher speeds.To read this article in full or to leave a comment, please click here

6 Reasons Your Network Isn’t Ready For SDN

Companies implementing software-defined networking in the data center risk failing if they don't address infrastructure and organizational issues first.

8 Signs You Need A Better Data Center Interconnect

As cloud applications, devices, and traffic grow, the networks between and within your data centers may be showing their age.

Featured Webinar: vSphere 6 Networking Deep Dive

The featured webinar of December 2015 is vSphere 6 Networking, a 6-hour deep dive into vSphere 6 networking features covering almost every single vSphere network-related feature.

What does this mean?

Trial subscribers get free access to select videos from this webinar (those marked with a yellow star in this listing) and can purchase it at significant discount.

Using a proxy to feed metrics into Ganglia

The GitHub gmond-proxy project demonstrates how a simple proxy can be used to map metrics retrieved through a REST API into Ganglia's gmond TCP protocol.

The diagram shows the elements of the Ganglia monitoring system. The Ganglia server contains runs the gmetad daemon that polls for data from gmond instances and stores time series data. Trend charts are presented through the web interface. The transparent gmond-proxy replaces a native gmond daemon and delivers metrics in response to gmetad's polling requests.

The following commands install the proxy on the sFlow collector - an Ubuntu 14.04 system that is already runnig sFlow-RT:

wget https://raw.githubusercontent.com/sflow-rt/gmond-proxy/master/gmond_proxy.py
sudo mv gmond_proxy.py /etc/init.d/
sudo chown root:root /etc/init.d/gmond_proxy.py
sudo chmod 755 /etc/init.d/gmond_proxy.py
sudo service gmond_proxy.py start
sudo update-rc.d gmond_proxy.py start

The following commands install Ganglia's gmetad collector and web user interface on the Ganglia server - an Ubuntu 14.04 system:

sudo apt-get install gmetad
sudo apt-get install ganglia-webfrontend
cp /etc/ganglia-webfrontend/apache.conf /etc/apache2/sites-enabled

Next edit the /etc/ganglia/gmetad.conf file and configure the proxy as a data source:

data_source "my cluster" sflow-rt

Restart the Apache and gmetad daemons:

sudo service gmetad restart
sudo service apache2  Continue reading

Best way to check for malware

InfoWorld.com columnist Roger A. Grimes presents a screencast on the quickest and best way to check your system for malware.

Pluribus Networks Debuts Virtualized Networking Fabric

The company’s latest SDN product is a new component of its open switch platform.

Instead of news, UK paper delivered ransomware

A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday."We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."To read this article in full or to leave a comment, please click here

Gotta give stealthy 128 Technology credit for cleverness on $20M funding filing

128 Technology, a stealthy software startup that "is on a mission to fix the Internet," has quietly and cleverly filed an SEC form regarding a fresh $20M in funding on, of all days, 12/8.The Burlington, Mass., startup has also jazzed up its website since I looked at it last week while prepping to attend the Xconomy "Enterprise Tech Strikes Back" event in Boston at which 128 CEO and Co-founder Andy Ory took part on a panel discussing "Building the Next Great Infrastructure Company."To read this article in full or to leave a comment, please click here

Network Break 65: HPE’s London Debut, ACI Meets Docker

The Network Break reports on HPE's coming-out party in London, looks into news that Dell will sell assets to reduce debt, digs into Cisco's recent upgrades to ACI, hears Steve Ballmer shouts from the sidelines about Microsoft's cloud revenue, and watches OpenFlow competitor P4 get attention from chip manufacturers.

The post Network Break 65: HPE’s London Debut, ACI Meets Docker appeared first on Packet Pushers.

Network Break 65: HPE’s London Debut, ACI Meets Docker

The post Network Break 65: HPE’s London Debut, ACI Meets Docker appeared first on Packet Pushers.

Google Fiber eyes Chicago and L.A.

Google Fiber could be coming to Chicago and Los Angeles, where more than 6 million people live, Google announced Tuesday.The company invited the two cities to get the 1Gbps service, then plans to work with city leaders to collect detailed information on factors that would affect construction, such as topography and city streets.“While we can’t guarantee that we’ll be able to bring Fiber to Chicago and L.A., this is a big step for these cities and leaders,” said Jill Szuchmacher, director of Google Fiber Expansion, in the blog.MORE ON NETWORK WORLD: 5 free Ethernet tools you should check out Google Fiber currently serves three metro areas: Kansas City (in both Kansas and Missouri), Austin, Texas, and Provo, Utah. Six more cities are listed by Google as “upcoming” Fiber cities and 11 others are potential cities, including L.A. and Chicago.To read this article in full or to leave a comment, please click here

Cyberattacks will compromise 1-in-3 healthcare records next year

Consumers will see an increase in successful cyberattacks against their online health records next year; supercomputers like IBM's Watson will reduce patient deaths and treatment costs by 10% in 2018; and virtual healthcare will soon become routine.Those are some of the predictions made by IDC's Health Insights group in a new report.The report claims that because of a legacy of lackluster electronic security in healthcare and an increase in the amount of online patient data, one in three consumers will have their healthcare records compromised by cyberattacks in 2016.To read this article in full or to leave a comment, please click here

Microsoft updates trust list after private key for Xbox Live leaks

On Tuesday, Microsoft updated their Certificate Trust List (CTL) after the private key for xboxlive.com was leaked to the Web. The company didn't explain how the leak happened, but the exposed certificates were immediately revoked and replaced."Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks," the software giant explained in their advisory."To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate."To read this article in full or to leave a comment, please click here

2016 January Online CCDE Bootcamp

Due to the high level of demand for my early CCDE bootcamps, the increase of individuals pursuing the CCDE and very high passing rate of my class (75%) I have [...]

The post 2016 January Online CCDE Bootcamp appeared first on Network Design and Architecture.

Patch Tuesday: Microsoft released 12 patches, 8 rated critical, 1 for a zero-day

Way to go! Congratulations on suffering through another year of deploying security patches. Microsoft released 12 security bulletins for the last Patch Tuesday of 2015, eight of which are rated as critical for remote code execution vulnerabilities. Hopefully none will result in exceedingly uncool changes like Microsoft snuck into Windows 10 last month to reset privacy settings and default programs.Although Microsoft regards MS15-135 only as “important,” it would be wise to jump on this one as it is the fix for a zero-day vulnerability in the Windows kernel that attackers are exploiting to escalate privilege, according to Qualys CTO Wolfgang Kandek. You wouldn’t know it by its Microsoft-rated “important” status, as Redmond’s security team mentioned that it resolves flaws in Windows kernel-mode drivers. Nils Sommer of bytegeist, working with Google Project Zero, is credited with reporting three CVE’s associated with this patch.To read this article in full or to leave a comment, please click here

Juniper Networks adds an edge to its router

Juniper Networks this week upgraded its edge routers with hardware and software designed to boost performance and enable network automation. Juniper Networks Juniper's MX2020 edge router The enhancements to Juniper’s MX series 3D Universal Edge routers are aimed at improving the port density and operational efficiency of the systems as businesses and consumers demand HD video, cloud services and network-based collaboration from their service providers. Larger enterprises building hybrid cloud networks and placing more emphasis on IT as a competitive differentiator are also targets for the upgraded routers.To read this article in full or to leave a comment, please click here

Chrome for Android blocks access to malware and scam websites

If you've ever seen the scary red pages in Google Chrome that prevent you from visiting a dangerous website, and wished you had them on your phone, then you're in luck: Google has extended Safe Browsing, the technology behind those security alerts, to Android.Safe Browsing is now integrated into Google Play Services, starting with version 8.1, and apps are able to use it. Chrome for Android is the first to do so.As in the desktop version of Chrome, Safe Browsing protects against websites that are known to host malware, potentially unwanted programs as well as phishing and other scams.If you've surfed from an Android phone extensively you've probably been bombarded with persistent ads claiming that your phone is not running properly, that your battery drains too fast or that the device is insecure. All of them try to push some application that allegedly solves the made-up problems.To read this article in full or to leave a comment, please click here

Darkode forum is back, but a shadow of its former self

Last summer, law enforcement agencies from 20 countries joined forces to shut down the notorious Darkode hacking forum. Organizers said they would be back, stronger than ever.Security researchers have been keeping an eye out for its resurgence ever since and finally found it last week, but instead of being stronger than ever, it's actually insecure and badly configured.According to Loucif Kharouni, senior threat researcher at Damballa, it feels like a "bad Darkode imitation" that is "just not worth anyone's time."At its peak, Darkode had hundreds of users who were heavy-weights in the cybercriminal world.To read this article in full or to leave a comment, please click here

« Previous 1 … 3,234 3,235 3,236 3,237 3,238 … 3,855 Next »