Spousetivities at VMworld EMEA

Spousetivities returns to VMworld EMEA this year with a new set of activities. If you haven’t registered yet, here’s a quick look at the pretty impressive set of tours and activities that are planned.

  • Montserrat and Wine Country: The famous Monastery of Montserrat, one of the black Madonnas of Europe, Santa Cova, a fantastic lunch of local Catalan country cuisine, and wine tasting. What more could one want?
  • Costa Brava and Medieval Girona: It’s not every day you get the opportunity to tour a medieval walled city founded by the Romans in the 1st century.
  • Wines of Catalunya: Personal tours with local, resident wine makers arranged exclusively for Spousetivities participants.
  • Medieval mountain village and panoramic trails: Cobblestone streets and stone houses in a medieval mountain village, then a four-course lunch in a traditional Catalan country restaurant followed by a light hike to some great look-outs, streams, rivers, and waterfalls.

For more detailed descriptions of the activities, I encourage you to visit the Spousetivities site. When you’re ready to get signed up, head on over to the registration page. These are some pretty great activities!

Zerodium’s million dollar iOS9 bounty

Zerodium is offering a $1 million bounty for a browser-based jailbreak. I have a few comments about this. The two keywords to pick up on are "browser-based" and "untethered". The word "jailbreak" is a red-herring.

It's not about jailbreaks. Sure, the jailbreak market is huge. It's really popular in China, and there are reports of $1 million being spent on jailbreaks. But still, actually getting a return on such an investment is hard. Once you have such a jailbreak, others will start reverse engineering it, so it's an extremely high risk. You may get your money back, but there's a good chance you'll be reverse-engineered before you can.

The bigger money is in the intelligence market or 0days. A "browser-based" jailbreak is the same as a "browser-based" 0day. Intelligence organizations around the world, from China, to Europe, and most especially the NSA, have honed their tactics, techniques, and procedures around iPhone 0days. Terrorist leaders are like everyone else, blinging themselves out with status displays like iPhones. Also, iPhone is a lot more secure than Android, so it's actually a good decision (intelligence organizations have hacked Android even more).

Every time Apple comes out with a new version (like iOS9), they Continue reading

How Rapid Spanning Tree Protocol (RSTP) Handles Topology Changes

For this exploration I'm using Arista's Virtual Extensible Operating System (vEOS) version 4.15.0F running in GNS3(Which is pretty awesome).  The virtual switches have been configured in rapid-pvst mode.

Here is the topology:


EtherSwitches have been added only to capture traffic off monitoring sessions set up on Switch1 and Switch2 to look at in Wireshark.  The Ubuntu server can be ignored for the purposes of this blog entry.

Only VLAN 1 is present on all switches and Switch1 is configured to be the primary root, while Switch2 is configured to be the secondary. Here's the current state of the network:


First it's important to note that only a single thing will trigger a topology change event - the transition of a non-Edge port from a non-Forwarding to a Forwarding state. Why?  Because this newly Forwarding port could possibly provide a better path to a given destination MAC address than there was before, and the CAM table will need to be updated to reflect that and prevent the same MAC being displayed on more than one port.  It sounds strange that a loss of a Forwarding port doesn't trigger a topology change event, but think about it - in a Continue reading

Volkswagen has a technology problem: It fixes things by hiding them

Volkswagen is in a lot of trouble for installing software on some of its diesel cars that figures out when they are undergoing emissions tests so it can adjust the cars to put out nitrogen oxide at acceptable levels.That’s likely to win the company billions of dollars in fines, but it’s not the first time the company has hidden problems rather than fix them.Just last month, security researchers delivered a paper that showed three ways to get around the Volkswagen lockout system that prevents its cars from being started unless the correct key with the correct chip embedded is used to crank it over.The paper was noteworthy for the ingenuity of the three attacks it outlines but also for the length of time it sat on the shelf before being delivered to the public. It was ready to go back in 2013 but Volkswagen got a court order to block it then, and that was nearly a year after the researchers had told the manufacturers of the hardware about it under the principle of responsible disclosure.To read this article in full or to leave a comment, please click here

Adding a Full API to PicOS

Pica8′s PicOS is a Linux network OS based on Debian. This makes it easy for our customers to integrate their own tools or applications within PicOS. We are compatible with all the leading DevOps tools, such as Puppet, Chef, and Salt; and of course, we support OpenFlow.

But what if you would like to have an application on the switch itself to manipulate its data path? This is beyond the standard DevOps model and is not aligned with the traditional OpenFlow model, which uses a centralized controller.

Typically the requirement for such an application would be:
- A switch using traditional L2/L3, as well as an API to override those L2/L3 forwarding decisions.
- The API could be called on the switch itself while the application is running on the switch (that requirement would forbid a centralized OpenFlow controller).

For this use case, most network equipment vendors have an SDK (Software Development Kit) to program native applications running directly on the switch. A good example would be the Arista EOSSdk.

One big issue with those SDKs is that they are “sticky.” Once you develop your application, it only runs on the SDK provided by your vendor, so you Continue reading

Michigan sues HP over $49 million project that’s still not done after 10 years

Hewlett-Packard has faced no end of financial and legal woes in recent months, and on Friday it was hit with one more: A new lawsuit filed by the state of Michigan over a $49 million project the state says is still not completed after 10 years.The contract dates back to 2005 and called for HP to replace a legacy mainframe-based system built in the 1960s that is used by more than 130 Secretary of State offices.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers HP was given a 2010 deadline to deliver a replacement, but it failed to do so, the state says, leaving the Michigan Department of Technology, Management and Budget and SOS staff dependent on the old technology for functions such as vehicle registration.To read this article in full or to leave a comment, please click here

3 times Facebook has genuinely scared me

There's no doubt Facebook is a wonder of engineering, a site that brings on vast amounts of data for a user despite it being scattered throughout data centers and external sources. No question, Mark Zuckerberg and crew have engineered a marvel.But there are times when it really spooks me. It comes with friend recommendations. Somehow, this site has the capacity to recommend people that I know in real life but have absolutely no online connections to whatsoever. It's happened so often it can't be a coincidence, either. Three recent examples come to mind: Example 1: While closing the suggestion box for recommended friends, up popped the name of my acupuncturist, whom I haven't seen in six months. She is not in my Outlook contact list, only on my cellphone. Now, I frequently share stories about holistic news and have my naturopathic doctor among my friend's list, but why of the dozens of acupuncturists in northern Orange County did she come up?To read this article in full or to leave a comment, please click here

Critical Flash Player updates patch 23 flaws

Adobe Systems released new updates for Flash Player to patch critical vulnerabilities that could allow attackers to install malware on computers.The updates fix a total of 23 flaws, of which 18 can potentially be exploited to execute malicious code on the underlying systems. Adobe is not aware of any exploits being publicly available for the fixed vulnerabilities.The other flaws could lead to information disclosure, bypassing of the same-origin policy mechanism in browsers and memory leaks. Two of the patches are adding or improving protections against vector length corruptions and malicious content from vulnerable JSONP callback APIs used by JavaScript programs running in browsers.To read this article in full or to leave a comment, please click here

Blog Migrated!

Hi!

I have decided to migrate my blog from wordpress.com to a private environment. The main reasons being that I felt that I had outgrown the normal wordpress.com site. I wanted to be able to install plugins and get more accustomed to running my own environment. These days it can’t hurt picking up some Linux skills.

The other reason is that I haven’t made a dime on the blog, in fact since I’ve had to pay hosting costs I’ve been losing money on the blog every year. By placing some ads I hope I can make enough for the hosting and anything extra would help me in getting things I need to generate more content.

The blog should now be reachable over both v4 and v6 and have SSL enabled.

Please bear with me if you find any things that are broken. I have migrated the content but I’m sure things will pop up. If they do, please notify me.

/Daniel

China ‘must stop’ cyberespionage, warns US National Security Advisor Rice

China's government must halt economic espionage in cyberspace, U.S. National Security Advisor Susan Rice warned on Monday, days before Chinese President Xi Jinping is due in Washington, D.C., on an official visit.The issue has become a major thorn in the side of U.S.-China relations in the last year, especially in the wake of the breach of personal information of tens of millions of U.S. government workers at the Office of Personnel Management. The U.S. hasn't publicly accused China of that hack but has done so privately. China denies any involvement."This isn’t a mild irritation," Rice said in a speech at George Washington University. "It’s an economic and national security concern to the United States. It puts enormous strain on our bilateral relationship and it is a critical factor in determining the future trajectory of U.S.-China ties."To read this article in full or to leave a comment, please click here

Cyber insurance rejects claim after BitPay lost $1.8 million in phishing attack

If you bought cyber insurance so you’d be covered if you were hacked, and then had $1.8 million stolen after being hacked, wouldn’t you expect your insurance claim to be paid? If so, then think again as the claim can be denied due to the wording of the risk insurance contract.BitPay, a Bitcoin payment processor, had purchased cyber insurance from Massachusetts Bay Insurance Company (MBIC), but BitPay was in for a rude awakening.In December 2014, an unknown hacker pulled off a social engineering attack; he spearphished BitPay’s Chief Financial Officer, managed to capture corporate credentials, then used the hacked email account to spoof emails to the CEO; the hacker tricked BitPay into making three separate transfer transactions over two days to the tune of 5,000 bitcoins, which were valued at $1,850,000. Well at least the company had cyber insurance, right? No; the insurance company denied the claim due to the wording in the contract; BitPay then sued the insurance company.To read this article in full or to leave a comment, please click here

Uber Goes Unconventional: Using Driver Phones as a Backup Datacenter

In How Uber Scales Their Real-Time Market Platform one of the most intriguing hints was how Uber handles datacenter failovers using driver phones as an external distributed storage system for recovery.

Now we know a lot more about how that system works from Uber's Nikunj Aggarwal and Joshua Corbin, who gave a very interesting talk at the @Scale conference: How Uber Uses your Phone as a Backup Datacenter.

Rather than use a traditional backend replication scheme where databases sync state between datacenters to achieve a measure of k-safety, Uber did something different, what they do is store enough state on driver phones so that if a datacenter failover occurs trip information can not be lost on the failover.

Why choose this approach? The traditional approach would be much simpler. I think it is to make sure the customer always has a good customer experience and losing trip information for an active trip would make for a horrible customer experience. 

By building their syncing strategy around the phone, even thought it's complicated and takes a lot work, Uber is able to preserve trip data and make for a seamless customer experience even on datacenter failures. And making the customer Continue reading

1 3,349 3,350 3,351 3,352 3,353 3,877