NetworkingNexus.net

YouTube flaw allowed copying comments from one video to another

An Egypt-based security researcher said Google has fixed an interesting vulnerability he and a colleague found in YouTube.Ahmed Aboul-Ela wrote on his blog that he and a fellow researcher, Ibrahim Mosaad, wanted to find a problem in a feature on YouTube “that not many bug hunters have tested.”They focused on a setting in YouTube that holds comments for review before they’re published. If that feature is enabled, comments are then listed in a control panel labeled “held for review.”Aboul-Ela wrote he intercepted the http request that is sent to Google when a comment is approved. The request contains two parameters: “comment_id” and “video_id.”To read this article in full or to leave a comment, please click here

CCNP RS – a road traveled

A former colleague who started following the blog asked about the study program used for the CCNP R/S. By the time an email reply was typed up I realized I had a blog post. Since this is fresh on the brain, here’s a breakdown. Important note: I took the previous version of these exams. In […]

Author information

Quentin Demmon

Network Engineer at Healthcare Specialty Benefits Management company

Quentin Demmon is a network engineer, hobbyist weightlifter (Olympic style), and wannabe philosopher. He is excited to be blogging about his CCIE journey in gory, melodramatic detail. Follow him on twitter, facebook, and instagram.

The post CCNP RS – a road traveled appeared first on Packet Pushers Podcast and was written by Quentin Demmon.

Dropbox to pay security researchers for bugs

Dropbox said Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty.“In addition to hiring world class experts, we believe it’s important to get all the help we can from the security research community, too,” wrote Devdatta Akhawe, a Dropbox security engineer.Facebook, Google, Yahoo and many other large companies pay researchers rewards that are often determined by the seriousness of the software flaw. Running such programs are more efficient than hiring more security engineers since a company’s applications are analyzed by a larger number of people with diverse security skills.To read this article in full or to leave a comment, please click here

AirDroid app fixes severe authentication vulnerability

AirDroid, a popular management tool for Android devices, has fixed a severe authentication software flaw in its Web interface that could give a hacker complete control over a mobile phone.The problem was fixed in an update released last month, wrote Matt Bryant, a consultant with the security company Bishop Fox, who discovered the flaw. Versions 3.0.4 and earlier of the tool are affected.AirDroid lets people manage their phone from a Windows or Mac tablet or through a Web interface. To do that, it asks for a lot of permissions, such as the ability to send text messages, turn on a camera and have access to the phone, among many others.To read this article in full or to leave a comment, please click here

ISDN error codes

000 0001 1 Unallocated (unassigned) number 000 0010 2 No route to specified transit network 000 0011 3 No route to destination 000 0110 6 Channel Unacceptable 000 0111 7 Call awarded and being delivered in an established channel 001 0000 16 Normal call clearing 001 0001 17 User busy 001 0010 18 No user […]

ISDN error codes

France: Matchmaker to Nokia and Alcatel-Lucent?

Nokia shoots and scores, with assists from Sprint and the French government.

Dynamic Kubernetes installation/configuration with SaltStack

I’ve been playing more with SaltStack recently and I realized that my first attempt at using Salt to provision my cluster was a little shortsighted. The problem was, it only worked for my exact lab configuration. After playing with Salt some more, I realized that the Salt configuration could be MUCH more dynamic than what I had initially deployed. That being said, I developed a set of Salt states that I believe can be consumed by anyone wanting to deploy a Kubernetes lab on bare metal. To do this, I used a few more of the features that SaltStack has to offer. Namely, pillars and the built-in Jinja templating language.

My goal was to let anyone with some Salt experience be able to quickly deploy a fully working Kubernetes cluster. That being said, the Salt configuration can be tuned to your specific environment. Have 3 servers you want to try Kubernetes on? Have 10? All you need to do is have some servers that meet the following prerequisites and tune the Salt config to your environment.

Environment Prerequisites
-You need at least 2 servers, one for the master and one for Continue reading

Netflow on Cisco Switches: Netflow V9 Configuration for Cisco Catalyst 3850

Original Post in Thwack donthomas The Cisco Catalyst 3850 is a fixed, stackable GE (Gigabit Ethernet) access layer switch that

WWDC 2015 to kick off on June 8

Apple yesterday announced that WWDC 2015 will kick off on June 8 and run through June 12. The event will take place at San Francisco's Moscone West event center and, per usual, will showcase upcoming versions of OS X and iOS.“The App Store ignited an app ecosystem that is simply amazing, forever changing the lives of customers and creating millions of jobs worldwide,” Apple's Phil Schiller said in a press release. “We’ve got incredible new technologies for iOS and OS X to share with developers at WWDC and around the world, and can’t wait to see the next generation of apps they create.”To read this article in full or to leave a comment, please click here

Nokia/Alcatel-Lucent just as John Chambers predicted

ALLEN, TX -- Nokia’s $16.6 billion acquisition of Alcatel-Lucent is an example of the industry shifting just as Cisco predicted, its CEO said this week.Cisco CEO John Chambers has said that the IT industry in in for some “brutal” consolidation with perhaps only two or three of the top five companies standing in five years. Alcatel-Lucent may be vanishing if Nokia’s offer to swallow the company up is approved.“The market is playing out just as we expected,” Chambers said during an exclusive interview with Network World at Cisco IT Data Center Day here. “It’s going to be brutal, with some musical chairs. They missed market transitions so now they have to move rapidly.”To read this article in full or to leave a comment, please click here

Nokia/Alcatel-Lucent just as John Chambers predicted

The many ‘modes’ of multimode

Fiber types are differentiated as multimode or single mode. Single mode was always easy for me to understand but I could never quite understand what ‘multimode’ actually meant. I’m written some notes for myself on this topic that I thought I’d … Continue reading →

The post The many ‘modes’ of multimode appeared first on The Network Sherpa.

Highlights from the Docker Project’s first open-source-a-thon

Today we are nearing the end of the Docker Open-Source-a-Thon that kicked off with the Docker birthday party! Here’s an update about the fun times we’ve had so far. We have had over 20 fantastic events across the world, with … Continued

Masscanning for MS15-034

So Microsoft has an important web-server bug, so naturally I'd like to scan the Internet for it. I'm running the scan now, but I'm not sure it's going to give any useful results.

The bug comes from adding the following header to a web request like the following

Range: bytes=0-18446744073709551615

As you can see, it's just a standard (64-bit) integer overflow, where 18446744073709551615 equals -1.

That specific header is harmless, it appears that other variations are the ones that may cause a problem. However, it serves as a useful check to see if the server is patched. If the server is unpatched, it'll return the following error:

HTTP/1.1 416 Requested Range Not Satisfiable

From the PoC's say, a response that looks like the following means that it is patched:

The request has an invalid header name

However, when I run the scan across the Internet, I'm getting the following sorts of responses from servers claiming to be IIS:

HTTP/1.1 200 OK
HTTP/1.1 206 Partial Content
HTTP/1.1 301 Moved Permanently
HTTP/1.1 302 Object moved
HTTP/1.1 302 Found
HTTP/1.1 302 Redirect
HTTP/1.1 401 Unauthorized
HTTP/1.1 403 Forbidden
HTTP/1.1 404 Object Not Found
Continue reading

Running an etcd 2.0 Cluster on Ubuntu 14.04

In this post, I’m going to show you how to set up a cluster of three nodes running etcd 2.0 (specifically, etcd 2.0.9). While I’ve discussed etcd before, that was in the context of using etcd with CoreOS Linux. In this case, I’ll use Ubuntu 14.04 as the base OS, along with the latest released version of etcd.

To help you follow along, I’ve created a set of files that will allow you to use Vagrant to turn up an etcd 2.0 cluster on Ubuntu 14.04 (on your laptop, if so desired). You can find all these files in the “etcd-2.0” directory of my learning-tools GitHub repository.

Installing the Base OS

You don’t need anything special when setting up etcd; a straightforward Ubuntu Server 14.04 x64 installation will work just fine. If you’re using the files in my learning-tools repository, you’ll see that Vagrant simply turns up a VM based on a plain-jane Ubuntu 14.04 box. If you’re building this from scratch (why?!), simply create a VM and install Ubuntu 14.04 into it. As long as it has Internet connectivity, that’s all that’s needed.

Installing etcd

Installing etcd Continue reading

43% of Slashdotters call ISPs liars

I know what you’re thinking: Only 43%?But we’re talking here about a single question: “How do your actual ISP speeds compare to the advertised speed?”And as you can see from the screen capture of the poll results above, roughly four in 10 of some 5,000 Slashdotters who bothered to weigh in say their actual speeds are slightly lower or significantly lower than what their ISPs advertise.Yes it’s an online poll and hence a self-selected sample, but these are people who by and large care more and are better equipped to make this judgment than other ISP customers.To read this article in full or to leave a comment, please click here

Intel Backs Skyport’s Security Dream Team in $30M Round

Big names, big money, but few details on an actual product.

Transition to IP network creates cybersecurity challenges for FAA

The Internet hasn’t totally invaded the nation’s air traffic control system, but as it does the Federal Aviation Administration faces a growing challenge to make sure the network is locked down secure.The security issues arise as the agency moves from a point-to-point legacy air traffic control structure to a new IP-based system commonly known as NextGen or Next Generation Air Transportation System. NextGen in a nutshell will move the current radar-based air traffic system to one that is based on satellite navigation and automation.+More on Network World: The most magnificent high-tech flying machines+To read this article in full or to leave a comment, please click here

Transition to IP network creates cybersecurity challenges for FAA

« Previous 1 … 3,392 3,393 3,394 3,395 3,396 … 3,696 Next »