Risky Business #386 — Katie Moussouris on the (groan) disclosure debate

On this week's show we're checking in with Katie Moussouris of HackerOne. She's an ex Microsoftie who's spent something like a decade working on vulnerability disclosure policies. She even helped get a vuln disclosure ISO standard ratified!

And she'll be joining us this week to discuss disclosure politics, I guess you'd call it... for those of us who've been around infosec for a while, most of us would rather stick our face in a blender than talk about it, but Katie will be along to point out why people should fight their "disclosure debate fatigue" and get involved.

read more

Many vulnerabilities in older Huawei 3G routers won’t get patched

Huawei doesn't plan to patch more than a dozen models of 3G routers that have severe software vulnerabilities.The flaws could allow an attacker to change DNS (Domain Name System) settings, upload new firmware without logging into the device and conduct a denial-of-service attack.The models of affected routers, distributed by ISPs in 21 countries, are now considered out of Huawei's support cycle, said Pierre Kim, a security researcher who found the issues and listed the models on his blog.To read this article in full or to leave a comment, please click here

Brocade BNA API

Brocade Network Advisor (BNA) has a REST API for accessing Fibre Channel-related data. The documentation includes a sample Python script showing how to connect to the API to retrieve Fabric info. The script given only works with Python 3.x. It’s also a pain to copy out of the documentation as you end up with a few extra characters in there. Here’s a version that will work with Python 2.7. I’ve also made a few other modifications – in this one, you can set the BNA IP, Username & Password at the top of the script.  I’ve also made it PEP8-compliant.

#!/usr/bin/env python

import httplib
import json
import sys

BNAServer = "10.200.5.181"
BNAUsername = "Administrator"
BNAPassword = "password"

# Create HTTPConnection object and connect to the server.
connection = httplib.HTTPConnection(BNAServer)

###########################
# Log in to Network Advisor
###########################

# Send login request
connection.request(
    'POST',
    '/rest/login',
    headers={
        "WSUsername": BNAUsername,
        "WSPassword": BNAPassword,
        "Accept": "application/vnd.brocade.networkadvisor+json;version=v1"}
    )

print()
print("Sending login request to Network Advisor...")

# Get the response
response = connection.getresponse()
# Display the response status print()
print ("Status= ", response.status)
# If successful (status = 200), display the returned session token
if response.status  Continue reading

Intelligent Bandwidth Decisions at the WAN Edge

Business Critical Applications and Intelligent Decision Making at the WAN Edge….. these are the things I’ve been focusing on in the past few blogs.  To me, PfRv3 and DMVPN are the dynamic duo of Cisco’s IWAN that help you learn about and avoid impairments (delay, loss, jitter) along the path that business critical traffic takes.

Let’s take this even further though.  How else can IWAN’s Intelligent Path Control help us apply the mentality of the  7Ps (“Prior proper preparation prevents piss poor performance”)  to our network and to business critical traffic?

Knowledge… information gathering… awareness. These are the first steps.  Once you have the knowledge you can make intelligent decisions based on that knowledge at the WAN edge.

What knowledge?  :)  How about the bandwidth of your WAN links?  Wouldn’t it be nice to have facts, such as what their current bandwidth utilization is, be a  part of the Intelligent decision making at the WAN edge?

shm_exits

 

 

 

 

We can do that for you now.  We can use what your current egress utilization is on your WAN links in the intelligent decision making process that PfRv3 does for you at Continue reading

MikroTik CCR1072-1G-8S+ Review – Part 3 – 80 Gbps Throughput testing

[adrotate banner=”5″]

 

[metaslider id=249]

The 80 Gbps barrier has finally been broken (and yes we are rounding up) !!!!

Well at least it has been reached by someone other than MikroTik. It’s taken us quite a while to get all the right pieces to push 80 Gbps of traffic through the CC1072 but with the latest round of servers that just got delivered to our lab, we were able to go beyond our previous high water mark of 54 Gbps all the way to just under 80 Gbps. There have been a number of questions about this particular router and what the performance will look like in the real world. While this is still a lab test, we are using non-MikroTik equipment and iperf which is considered an extremely accurate performance measuring tool for TCP and UDP.

Video of the CCR1072-1G-8S+ in action  (Turn up your volume to hear the roar of the ESXi servers as they approach 80 Gbps)

How we did it – The Hardware 

CCR1072-1G-8S+ – Obviously you can’t have a test of the CCR1072 without one to test on. Our CCR1072-1G-8S+ is a pre-production model so there are some minor differences between it and the Continue reading

MikroTik CCR1072-1G-8S+ Review – Part 3 – 80 Gbps Throughput testing

[adrotate banner=”5″]

 

[metaslider id=249]

The 80 Gbps barrier has finally been broken (and yes we are rounding up) !!!!

Well at least it has been reached by someone other than MikroTik. It’s taken us quite a while to get all the right pieces to push 80 Gbps of traffic through the CC1072 but with the latest round of servers that just got delivered to our lab, we were able to go beyond our previous high water mark of 54 Gbps all the way to just under 80 Gbps. There have been a number of questions about this particular router and what the performance will look like in the real world. While this is still a lab test, we are using non-MikroTik equipment and iperf which is considered an extremely accurate performance measuring tool for TCP and UDP.

Video of the CCR1072-1G-8S+ in action  (Turn up your volume to hear the roar of the ESXi servers as they approach 80 Gbps)

How we did it – The Hardware 

CCR1072-1G-8S+ – Obviously you can’t have a test of the CCR1072 without one to test on. Our CCR1072-1G-8S+ is a pre-production model so there are some minor differences between it and the Continue reading

Dispelling the myths of hybrid hosting

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

When the Amazon Web Services platform failed recently some of the internet’s biggest sites -- including Netflix and Tinder – suffered extended outages. The culprit? AWS's NoSQL database DynamoDB, where increased error rates led to increased errors and latency in more than 20 AWS services.

These and other sites wouldn’t have had a problem if they used hybrid hosting, the best way to architect modern apps. Hybrid hosting lets businesses set up their databases on dedicated servers, put their front-end Web apps in the cloud, then tie everything together with a single click.

To read this article in full or to leave a comment, please click here

IDG Contributor Network: ‘Culture of denial’: Nuclear industry’s cybersecurity shortcomings revealed in new report

Many nuclear power facilities aren't air-gapped from the Internet, and many "critical infrastructure components" can be identified via search engines. These are just two of the graphic warnings made in a recent report on the nuclear power industry by think tank Chatham House.The international policy institute has just released a report (PDF) on cybersecurity at civil nuclear facilities worldwide, including those in the U.S. The report is scathing.To read this article in full or to leave a comment, please click here

Webinar Q&A: Docker Overview

Thanks everyone who joined us during our Docker Overview webinar. During this webinar, we gave a high level introduction to Docker, and let the audience see the platform in action during a live demo. The recording of the webinar is available … Continued

IP was Middle School, Named Data Networking is College

Named Data Networking Project Van Jacobson: "In vocabulary terms, IP is like a good middle school education. There’s a lot of things you can say and communicate in society but it’s not so great for writing a poetry volume or a thesis... The real goal of NDN was to get us into college." Much of the Named Data Networking (NDN) project codebase is still at the Version zero-dot-something level. But things are nevertheless starting to get real for this content-centric architecture designed to blast past today’s host-based and point-to-point Internet scheme to one more suited for accessing applications across hugely scalable networks that are mobile and extend to all sorts of sensor-equipped things.To read this article in full or to leave a comment, please click here

NetDevOps: Networking Methods with a DevOps Mindset

DevOps brings together software developers and IT operations through mutual and organic cooperation and collaboration. In legacy IT shops, the roles of developers and IT operations are logically segregated, which stifles progress and prohibits progressive integration efforts. Products that leverage DevOps provide developers self-service capabilities they’ve never had before — eliminating provisioning bottlenecks and adapting to changes quickly. The platform becomes highly scalable and flexible, removing much of the “red tape” in getting things done.

This is all well and good, and is often sufficient for most, but networking is often neglected as a part of the DevOps model. Common questions that arise include the following:

  • Is your current networking strategy holding you back from scaling new projects quickly?
  • Is your network topology designed to quickly add and remove compute infrastructure?
  • How can your network integrate in a DevOps orchestrated world?

This is where including DevOps for networking comes in, or “NetDevOps.” Traditional networking infrastructure can be difficult to manage when requiring agility with updated tools. If your organization is already implementing DevOps principles or has an organization that is flat or non-siloed, integrating networking into your framework may be right for you.

NetDevOps extends what you’re already doing Continue reading

Feature Spotlight: System Tracking

Ansible_Feature_Spotlight

During the second installment of our webinar series about Ansible Tower features, we highlighted system tracking, a functionality which was just added to Tower with our 2.2. release.

System Tracking was created to give administrators the necessary tools to audit and verify that machines are in compliance. Use the tool to see how a machine has changed over time, or compare machines in your cluster to see how they are different.

system_tracking_image

For example, you may need to determine whether a set of machines had a security patch applied, or determine when a patch was applied. The System Tracking tools can help you do that. They can also help you evaluate your infrastructure for compliance against specific requirements, and periodically examine machines for unexpected changes.

When you run a scan, you’ll be able to see packages, services, and Ansible facts side-by-side for comparison. All differences in Ansible facts are highlighted in red for easy reference.

You can also expand this function by writing your own Ansible module that gathers the custom facts you want to see. Simply implement a module that returns the “ansible_facts” key, as described in the Ansible documentation.

Our goal with system tracking was to empower you Continue reading

SHA-1 hashing algorithm could succumb to $75K attack, researchers say

Researchers have found a new way to attack the SHA-1 hashing algorithm, still used to sign almost one in three SSL certificates that secure major websites, making it more urgent than ever to retire it, they said Thursday.SHA-1 is a cryptographic hashing function designed to produce a fingerprint of a document, making it easy to tell if a document has been modified after the fingerprint was calculated.Weaknesses had already been identified in SHA-1, and most modern Web browsers will no longer accept SSL certificates signed with it after Jan. 1, 2017. That date was chosen based on the ever-decreasing cost of the computing power required to attack the algorithm.To read this article in full or to leave a comment, please click here

Lyft’s CTO accused of hacking Uber

Uber recently submitted new court filings seeking more information on an IP address believed to be involved in a hack that was made public in February, in which the names and email addresses of 50,000 of its drivers were stolen. And two anonymous sources reportedly told Reuters that the IP address points to Chris Lambert, the chief technology officer of Uber's main competitor, Lyft.In court papers, Uber claims the Comcast IP address was used to access a security key in the breach, and is seeking more information to identify who was using the address. U.S. Magistrate Judge Laurel Beeler has said that the information Uber is seeking with the subpoena is "'reasonably likely' to help reveal the 'bad actor' responsible for the hack," according to Reuters.To read this article in full or to leave a comment, please click here

PQ 58: Alibi Routing With UMD’s Dave Levin

In this podcast, Packet Pushers co-host Ethan Banks gets a bit into the weeds with University of Maryland's Dave Levin in this detailed discussion of Alibi Routing, a privacy-driven research project to prove that traffic flowing between a particular source and destination did not traverse a specific geographic region.

The post PQ 58: Alibi Routing With UMD’s Dave Levin appeared first on Packet Pushers.

1 3,303 3,304 3,305 3,306 3,307 3,852