Just some quick points about DHCP

Okay, so everybody knows DHCP pretty well.

I just want to point out a few little details as background for a future post:

DHCP Relays Can Change Things
The first point is about those times when the DHCP client and server aren't on the same segment.

In these cases, a DHCP relay (usually running on a router) scoops up the helpless client's broadcast packets and fires them at the far away DHCP server. The server's replies are sent back to the relay, and the relay transmits them onto the client subnet.

The DHCP relay can change several things when relaying these packets:
  • It increments the bootp hop counter.
  • It populates the relay agent field in the bootp header (The DHCP server uses this to identify the subnet where the client is looking for a lease).
  • It can introduce additional DHCP options to the request.
The last one is particularly interesting. When a DHCP relay adds information to a client message, it can be used by the DHCP server for decision-making or logging purposes. Alternatively, the added information can be used by the DHCP relay itself: Because the relay's addition will be echoed back by the server, the relay can parse Continue reading

Study names the five most hackable vehicles

A study released by a forensic consultancy has singled out the top five vehicles most susceptible to hacking.The results of the study, by PT&C|LWG Forensic Consulting Services, were based on published research by hackers, vehicle recall information and media reports.The most hackable list includes the 2014 Jeep Cherokee, the 2014 Infiniti Q50, the 2015 Cadillac Escalade, the 2010 and 2014 Toyota Prius and the 2014 Ford Fusion.To read this article in full or to leave a comment, please click here

How Uber Scales Their Real-time Market Platform

Reportedly Uber has grown an astonishing 38 times bigger in just four years. Now, for what I think is the first time, Matt Ranney, Chief Systems Architect at Uber, in a very interesting and detailed talk--Scaling Uber's Real-time Market Platform---tells us a lot about how Uber’s software works.

If you are interested in Surge pricing, that’s not covered in the talk. We do learn about Uber’s dispatch system, how they implement geospatial indexing, how they scale their system, how they implement high availability, and how they handle failure, including the surprising way they handle datacenter failures using driver phones as an external distributed storage system for recovery.

The overall impression of the talk is one of very rapid growth. Many of the architectural choices they’ve made are a consequence of growing so fast and trying to empower recently assembled teams to move as quickly as possible. A lot of technology has been used on the backend because their major goal has been for teams to get the engineering velocity as high as possible.

After a understandably chaotic (and very successful) start it seems Uber has learned a lot about their business and what they really need to Continue reading

Intel sets up talking shop to improve automotive security

The dramatic hack of a Jeep Cherokee, which resulted in Fiat Chrysler Automobile recalling over one million vehicles, has also prompted Intel to take action.Security researchers Charlie Miller and Chris Valasek remotely hacked their way into the Jeep's Uconnect navigation and entertainment system via its connection to Sprint's wireless network, taking control of it while a reporter for Wired magazine was at the wheel.The hack prompted Fiat Chrysler to issue a recall notice for 1.4 million vehicles in order to patch the software bug exploited by the researchers.To read this article in full or to leave a comment, please click here

Attackers go on malware-free diet

To avoid detection, some hackers are ditching malware and living "off the land" -- using whatever tools are already available in the compromised systems, according to a new report from Dell SecureWorks.In fact, this has been the case for nearly all the intrusions analyzed by the Dell SecureWorks’ Incident Response Team last year.The cyber criminals typically start out with compromised credentials, said Phil Burdette, senior security researcher at Atlanta-based Dell SecureWorks, Inc."For example, they might use phishing attacks," he said. "They'll send an email purporting to be from the IT staff, asking users to log in and test their credentials because the IT staff has just created a new email server. Once a user logs in, those same credentials would then be used to access the company's virtual private network solutions."To read this article in full or to leave a comment, please click here

FDA accepts application for micro-chipped pill that tells doc if you took meds

Some people with schizophrenia might be inclined to believe “they” are watching them, that “they” are tracking them, and ironically now “they” really might be via a “digital” pill that contains an ingestible sensor which gives doctors and caregivers the ability to track if and when a patient takes his medicine.According to an announcement by Otsuka Pharmaceutical and Proteus Digital Health: This is the first time an FDA-approved medication (ABILIFY) has been combined and submitted for approval with a sensor within the medication tablet (the Proteus ingestible sensor) to measure actual medication-taking patterns and physiologic response. This objective information is communicated to the patient – and with the consent of the patient – to the patient’s physician and/or caregiver.To read this article in full or to leave a comment, please click here

Expert mocks ‘expert’ who warns Earthlings to avoid infecting alien computers

I don’t know how I missed this story last week, but I did, and through that inattentiveness I may have inadvertently subjected some innocent alien being’s computer to a virus.How, you ask. I don’t know. And neither does genuine human security expert Graham Cluley, who read about the concerns of an Oxford University researcher and addresses them in this video (which is amusing though longer than it needs to be).To read this article in full or to leave a comment, please click here

It’s been 5 years!!

Hard to believe I have been blogging for 5 years! If I didn’t have a record of it I probably wouldn’t believe it! Last year saw another 30 new blogs posts published, and that doesn’t count my 4 posts for the SolarWinds Thwack Ambassador program or my blog post or two for the Cisco Champion […]

Leverage Micro-Segmentation to Build a Zero Trust Network

Applications are a vital component of your business…but are your applications and data safe?  Have you considered implementing a Zero Trust model at your organization to protect your vital resources?  Join this hour-long webcast on Tuesday, September 29, 2015 at 11:00 AM PST / 2:00 PM EST to find out how to leverage micro-segmentation to build a true Zero Trust data center network.

Join our guest speaker, John Kindervag, VP and Principal Analyst at Forrester Research, as he discusses the results of the August 2015 commissioned research study, “Leverage Micro-segmentation To Build A Zero Trust Network”, conducted on behalf of VMware. Kindervag will cover Forrester’s three key findings from the study:

  • Security gaps and disconnects are the unfortunate norm across Enterprises today.
  • Network virtualization helps to reduce risk and supports a higher-level security strategy.
  • Micro-segmentation provided through network virtualization paves the way for implementing a Zero Trust model.

Protecting your data doesn’t have to be difficult! Reserve your spot for this webcast today.

Micro-Segmentation and Security at Tribune Media

And to learn more about how other leading organizations are using micro-segmentation to build a Zero Trust Model, watch the video below from David Giambruno, CIO of Continue reading

Experts to IoT makers: Bake in security

CAMBRIDGE, Mass. -- Makers of Internet of things devices need to incorporate security into them during the design phase to make them less of a threat when connected to networks, according to speakers at an IoT security forum.In addition they need to consider early on what regulations the devices will have to comply with so those requirements can be baked in and not added later when they would be less effective, according to advice delivered at the Security of Things Forum 2015. RSA Conference Josh CormanTo read this article in full or to leave a comment, please click here

Information wants to be protected: Security as a mindset

George-Orwell-house-big-brotherI was teaching a class last week and mentioned something about privacy to the students. One of them shot back, “you’re paranoid.” And again, at a meeting with some folks about missionaries, and how best to protect them when trouble comes to their door, I was again declared paranoid. In fact, I’ve been told I’m paranoid after presentations by complete strangers who were sitting in the audience.

Okay, so I’m paranoid. I admit it.

But what is there to be paranoid about? We’ve supposedly gotten to the point where no-one cares about privacy, where encryption is pointless because everyone can see everything anyway, and all the rest. Everyone except me, that is—I’ve not “gotten over it,” nor do I think I ever will. In fact, I don’t think any engineer should “get over it,” in terms of privacy and security. Even if you think it’s not a big deal in your own life, engineers should learn to treat other people’s information with the utmost care.

In moving from the person to the digital representation of the person, we often forget it’s someone’s life we’re actually playing with. I think it’s time for engineers to take security—and privacy—personally. It’s time Continue reading

1 3,238 3,239 3,240 3,241 3,242 3,756