Windows vulnerability can compromise credentials

A vulnerability found in the late 1990s in Microsoft Windows can still be used to steal login credentials, according to a security advisory released Monday.A researcher with security vendor Cylance, Brian Wallace, found a new way to exploit a flaw originally found in 1997. Wallace wrote on Monday the flaw affects any PC, tablet or server running Windows and could compromise as many as 31 software programs.He wrote the flaw was not resolved long ago, but that “we hope that our research will compel Microsoft to reconsider the vulnerabilities.”The vulnerability, called Redirect to SMB, can be exploited if an attacker can intercept communications with a Web server using a man-in-the-middle attack.To read this article in full or to leave a comment, please click here

Windows vulnerability can compromise credentials

A vulnerability found in the late 1990s in Microsoft Windows can still be used to steal login credentials, according to a security advisory released Monday.A researcher with security vendor Cylance, Brian Wallace, found a new way to exploit a flaw originally found in 1997. Wallace wrote on Monday the flaw affects any PC, tablet or server running Windows and could compromise as many as 31 software programs.He wrote the flaw was not resolved long ago, but that “we hope that our research will compel Microsoft to reconsider the vulnerabilities.”The vulnerability, called Redirect to SMB, can be exploited if an attacker can intercept communications with a Web server using a man-in-the-middle attack.To read this article in full or to leave a comment, please click here

Saltstack – Using Pillars and starting to template

In our last post about SaltStack, we introduced the concept of grains.  Grains are bits of information that the Salt minion can pull off the system it’s running on.  SaltStack also has the concept of pillars.  Pillars are sets of data that we can push to the minions and then consume in state or managed files.  When you couple this with the ability to template with Jinja, it becomes VERY powerful.  Let’s take a quick look at how we can start using pillars and templates. 

Prep the Salt Master
The first thing we need to do is to tell Salt that we want to use Pillars.  To do this, we just tell the Salt master where the pillar state files are.  Let’s edit the salt master config file…

vi /etc/salt/master

Now find the ‘Pillar Settings’ section and uncomment the line I have highlighted in red below…

 
Then restart the salt-master service…

systemctl restart salt-master

So we just told Salt that it should use the ‘/srv/pillar/’ directory for pillar info so we need to now go and create it…

mkdir /srv/pillar/

Now we’re all set.  Pillar information is exported to the Continue reading

The Verizon SuperCookie Won’t Go Away

It's been pointed out to me that Relevant Mobile Advertising (RMA - the thing responsible for the SuperCookie) and Customer Proprietary Network Information (CPNI) are not the same thing. That may be, but the link in the opt out instructions on Verizon's RMA info page goes to the CPNI settings below. If there's an RMA opt-out lever available to me somewhere on verizonwireless.com, I sure can't find it. I spoke with a new Verizon phone rep today. She claims to have sorted things out. My HTTP traffic still has the extra header attached. We'll see if that changes in the next few days...

Auvik April Release Notes – WMI Support and Printer Monitoring!

Fun With Route-Maps And BGP

I’ve always been a little bit hazy on the circumstances under which a BGP neighbour needs to be cleared. This extremely informative page from Cisco casts a bit of light on the situation. Especially, the section on when to clear a BGP neighbourship.

The official line is any in/outbound policy update will require the BGP session to be cleared to take effect. Obviously, this depends on the direction the policy is applied when you clear the neighbourship in/outbound.

So my question is whether a new route-map constitutes a policy update. Now this may sound like a stupid question (remember the title of the blog please dear reader). But someone legitimately asked me if applying a new policy constituted an update. So let’s find out.

This is my topology:

This is what I’m doing:
– Loopback0 (10.1.1.1/32) is advertised into OSPF on R1 along with the 1.1.1.0/30 network.
– The 1.1.1.0/30 network is advertised into OSPF on R2.
– BGP is used to advertise the 3.3.3.0/24 network using a peer-group TEST.
– R1 and R2 have an iBGP peering in AS 65000 using the physical addresses of Continue reading

New CCIE SPv4, CCIE RSv5 & Multicast Classes This Week

This week I will be running the following free online classes:

• CCIE Service Provider v4 Kickoff – Tues April 14th @ 09:00 PDT (16:00 UTC)
• CCIE Routing & Switching v5 Overview and Preparation – Thurs April 16th @ 09:00 PDT (16:00 UTC)
• Intro to IPv4 & IPv6 Multicast^* – Fri April 17th @ 09:00 PDT (16:00 UTC)

^*Free for AAP Members

INE will also be offering the following free upcoming online classes:

• CCNA R&S Overview and Preparation – Tues April 21st @ 09:00 PDT (16:00 UTC)
• CCNP R&S Overview and Preparation – Thurs April 23rd @ 09:00 PDT (16:00 UTC)
• CCNP R&S TSHOOT Overview and Preparation – Thurs April 30th @ 09:00 PDT (16:00 UTC)

More information on these classes can be found here.

This class marks the kickoff of INE’s CCIE SPv4 product line for the New CCIE Service Provider Version 4 Blueprint, which goes live May 22nd 2015!  In this class we’ll cover the v3 to v4 changes, including exam format changes and topic adds and removes, recommended readings and resources, INE’s new CCIE SPv4 hardware specification and CCIE SPv4 Workbook, and the schedule for INE’s upcoming CCIE Service Continue reading

New bill would invalidate FCC’s net neutrality rules

A group of Republican lawmakers has introduced a bill that would invalidate the U.S. Federal Communications Commission’s recently passed net neutrality rules.The legislation, introduced by Representative Doug Collins, a Georgia Republican, is called a resolution of disapproval, a move that allows Congress to review new federal regulations from government agencies, using an expedited legislative process.The resolution is the quickest way to stop what Collins called heavy-handed regulations that will hamper broadband deployment and could increase taxes and fees, he said in a statement. “We’ll all be paying more for less,” he added.To read this article in full or to leave a comment, please click here

Turing manuscript sells for $1 million

A 56-page notebook manuscript by Alan Turing, the English mathematician considered to be the father of modern computer science, was sold at auction Monday for US$1.025 million. The manuscript is almost certainly the most extensive by Turing, in his own hand, in existence, experts at Bonhams auction house said. Turing apparently wrote in the notebook in 1942 when he was working in Bletchley Park, England, trying to break German military code. The bidding took place at Bonhams on Madison Avenue in New York, with about 50 bidders present in the auction room and lines open for bids coming in by phone and Internet. The winning bid was from a private collector who did not wish to be identified.To read this article in full or to leave a comment, please click here

Microsoft brings DelBene back for strategy and planning

Kurt DelBene, who left his role as president of Microsoft’s Office Division back in 2013, is returning to Microsoft as executive vice president of corporate strategy and planning, and will report to CEO Satya Nadella.Following his departure from Microsoft, DelBene was tapped by President Obama to take charge of the troubled rollout of the HealthCare.gov website at the Department of Health and Human Services.To read this article in full or to leave a comment, please click here

New cyberthreat information sharing bill may be more friendly to privacy

A new bill designed to encourage businesses and government agencies to share information about cyberthreats with each other may go farther toward protecting the privacy of Internet users than other recent legislation in the U.S. Congress.The National Cybersecurity Protection Advancement NCPA Act, introduced Monday in the House of Representatives by two Texas Republicans, appears to do a “much better job” at protecting privacy than two bills that have passed through the House and Senate Intelligence Committees, said Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute.To read this article in full or to leave a comment, please click here

7 ways to save money with hybrid cloud backup

IDG Contributor Network: Open source a driver for merchant chips

Incumbent networking gear makers have often designed their own chips. It's what has created differentiation between products.That custom networking chip design, in some cases, was also behind growth in the technology bubble of the '90s. Some companies were considered better than others because of their silicon design.However, a new breed of manufacturers aren't doing this custom work. Those suppliers, like up-and-coming player Arista, are simply using off-the-shelf silicon.Their ASIC, or Application-Specific Integrated Circuits, are still designed for networking, but they are generic. They're called "merchant" chips, or merchant silicon. They're in switches, along with the included software to run them.To read this article in full or to leave a comment, please click here

Which is more secure, Android or iOS? The answer isn’t that simple

Which is more secure, Android or iOS? The answer isn’t that simple

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.We love to ask the question, “Which is more secure: iOS or Android?” But if you really want to drive secure mobile productivity you’re going to have to start looking at the bigger picture.The longstanding Android vs. iOS debate is understandable because these mobile OSes power the majority of devices employees bring to work today. But two trends in the mobile world are uprooting the traditional arguing points -- and changing the mobile security landscape overall. They highlight our need for an actionable, multi-layer security approach, not just putting your hope in the OSes of two major mobile players.To read this article in full or to leave a comment, please click here

Ansible at PyCon – Achieving Continuous Delivery: An Automation Story (Video)

James Cammarata spoke at PyCon 2015 this past week and presented his talk, Achieving Continuous Delivery: An Automation Story. 

And his slides:

Creating Uplink Port-Channels in UCS Manager

Setup:

Procedure:

interface port-channel5
description To ucs6248-a
switchport mode trunk
switchport trunk allowed vlan 1-50
spanning-tree port type edge trunk
vpc 5
!
interface Ethernet1/5
description To ucs6248-a
switchport mode trunk
switchport trunk allowed vlan 1-50
channel-group 5 mode active
no shutdown
!
interface Ethernet1/6
description To ucs6248-a
switchport mode trunk
 Continue reading

Spaced out tech auction: 8 vintage space items go on the block

Saturn V Launch Vehicle Digital Computer (LVDC) Memory ModuleImage by RR Auction It’s not often that vintage space memorabilia becomes available, but if you have any money left after paying your taxes or that refund is burning a hole in your pocket, starting April 16th you might want to check out RR Auction’s Online Space Exploration Auction. They’ve got stuff that’s been in orbit and to the moon and back. What’s that piece of hardware? It’s the Saturn V Launch Vehicle Digital Computer (LVDC) Memory Module, which has a starting bid of just $500! So, here’s some insanely cool space stuff that you probably didn’t know existed and never thought would be available.To read this article in full or to leave a comment, please click here

5 things I learned living with just a smartphone for two weeks

I recently returned from a 12-day vacation in Peru and, because I was going to be moving around a lot, I decided to brave the trip with just my iPhone 6 Plus. No laptop. No tablet. And only the lowest-level AT&T Passport international roaming plan: $30 for 30 days of $1/min phone calls, unlimited texting, and a minuscule 120MB of data.As it turned out, I did pretty well. Since this was a vacation, I wasn't planning on doing any real work, just monitoring email to make sure nothing important was blowing up back home, and passing along urgent (and semi-urgent) emails that couldn't wait for my return.To read this article in full or to leave a comment, please click here

CloudFlare is now a Google Cloud Platform Technology Partner

We’re excited to announce that CloudFlare has just been named a Google Cloud Platform Technology Partner. So what does this mean? Now, Google Cloud Platform customers can experience the best of both worlds—the power and protection of the CloudFlare community along with the flexibility and scalability of Google’s infrastructure.

We share many mutual customers with Google, and this collaboration makes it even easier for Google Cloud Platform customers to get started with CloudFlare.

How does it work?

When CloudFlare is enabled, Google Cloud Platform customers have their infrastructure extended directly to the network edge, giving them faster content delivery as well as heightened optimization and security.

Benefits Include:

• 2x Web Performance Speed - CloudFlare uses advanced caching and the SPDY protocol to double web content transfer speeds, making web content transfer times significantly faster.

• Datacenters at Your Customer’s Doorstep - CloudFlare’s global edge network caches static files close to their destination, meaning that content always loads fast no matter where customers are located. Also, CloudFlare peers with Google in strategic locations globally, improving response times for Google Cloud Platform services.

• Protection Against DDoS and SQL Injection Attacks - Because CloudFlare sits on the edge, customers are protected from malicious traffic Continue reading