Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)
Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

On September 29, 2021, the Apache Security team was alerted to a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. The vulnerability, in some instances, can allow an attacker to fully compromise the web server via remote code execution (RCE) or at the very least access sensitive files. CVE number 2021-41773 has been assigned to this issue. Both Linux and Windows based servers are vulnerable.

An initial patch was made available on October 4 with an update to 2.4.50, however, this was found to be insufficient resulting in an additional patch bumping the version number to 2.4.51 on October 7th (CVE-2021-42013).

Customers using Apache HTTP Server versions 2.4.49 and 2.4.50 should immediately update to version 2.4.51 to mitigate the vulnerability. Details on how to update can be found on the official Apache HTTP Server project site.

Any Cloudflare customer with the setting normalize URLs to origin turned on have always been protected against this vulnerability.

Additionally, customers who have access to the Cloudflare Web Application Firewall (WAF), receive additional protection by turning on the rule with the following IDs:

Video: Theoretical View of Network Addressing

After explaining the basics of (network) names, addresses and routes, I wasted a few minutes of everyone’s time discussing the theoretical aspects of layered addressing, and then got back to practical issues like address scopes, namespaces, and address provisioning.

The video ends with a simple (and unappreciated) truth: if you have a point-to-point link between two nodes you don’t need data-link-layer addresses. The consequences of that fact are left as an exercise for the viewer (or you can wait till the next video ;)

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.

Video: Theoretical View of Network Addressing

After explaining the basics of (network) names, addresses and routes, I wasted a few minutes of everyone’s time discussing the theoretical aspects of layered addressing, and then got back to practical issues like address scopes, namespaces, and address provisioning.

The video ends with a simple (and unappreciated) truth: if you have a point-to-point link between two nodes you don’t need data-link-layer addresses. The consequences of that fact are left as an exercise for the viewer (or you can wait till the next video ;)

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.

Cisco: Networking, security, collaboration at heart of hybrid workforce concerns

When it comes to supporting the emerging hybrid workforce, getting the network and security right is top of mind among enterprise IT leaders.That's one finding detailed in Cisco’s new Hybrid Work Index, which the company says will be updated quarterly to gauge how worker and technology habits are evolving as the COVID-19 pandemic continues.The 10 most powerful companies in enterprise networking 2021 Cisco says the index gleans information from anonymized customer data points culled from a number of its products, including Meraki networking, ThousandEyes internet visibility, Webex collaboration, and security platforms Talos, Duo and Umbrella. The index also incorporates third-party survey data from more than 39,000 respondents across 34 countries.To read this article in full, please click here

The Slow But Tectonic Shifts In Datacenter Infrastructure

One of the more interesting trends in infrastructure that we try to get a handle on every once in a while is how much of the server and storage capacity is being deployed in bare metal, standalone fashion and how much is being sold to run utility style, cloud environments.

The Slow But Tectonic Shifts In Datacenter Infrastructure was written by Timothy Prickett Morgan at The Next Platform.

In a win for the Internet, federal court rejects copyright infringement claim against Cloudflare

In a win for the Internet, federal court rejects copyright infringement claim against Cloudflare
In a win for the Internet, federal court rejects copyright infringement claim against Cloudflare

Since the founding of the Internet, online copyright infringement has been a real concern for policy makers, copyright holders, and service providers, and there have been considerable efforts to find effective ways to combat it. Many of the most significant legal questions around what is called “intermediary liability” — the extent to which different links in the chain of an Internet transmission can be held liable for problematic online content — have been pressed on lawmakers and regulators, and played out in courts around issues of copyright.

Although section 230 of the Communications Decency Act in the United States provides important protections from liability for intermediaries, copyright and other intellectual property claims are one of the very few areas carved out of that immunity.

A Novel Theory of Liability

Over the years, copyright holders have sometimes sought to hold Cloudflare liable for infringing content on websites using our services. This never made much sense to us. We don’t host the content of the websites at issue, we don’t aggregate or promote the content or in any way help end users find it, and our services are not even necessary for the content’s availability online. Infrastructure service providers like Cloudflare are Continue reading

DDoS protection quickstart guide

DDoS Protect is an open source denial of service mitigation tool that uses industry standard sFlow telemetry from routers to detect attacks and automatically deploy BGP remotely triggered blackhole (RTBH) and BGP Flowspec filters to block attacks within seconds.

This document pulls together links to a number of articles that describe how you can quickly try out DDoS Protect and get it running in your environment:

Installing Cilium via a ClusterResourceSet

In this post, I’m going to walk you through how to install Cilium onto a Cluster API-managed workload cluster using a ClusterResourceSet. It’s reasonable to consider this post a follow-up to my earlier post that walked you through using a ClusterResourceSet to install Calico. There’s no need to read the earlier post, though, as this post includes all the information (or links to the information) you need. Ready? Let’s jump in!

Prerequisites

If you aren’t already familiar with Cluster API—hereafter just referred to as CAPI—then I would encourage you to read my introduction to Cluster API post. Although it is a bit dated (it was written in the very early days of the project, which recently released version 1.0). Some of the commands referenced in that post have changed, but the underlying concepts remain valid. If you’re not familiar with Cilium, check out their introduction to the project for more information. Finally, if you’re not familiar at all with the idea of ClusterResourceSets, you can read my earlier post or check out the ClusterResourceSet CAEP document.

Installing Cilium via a ClusterResourceSet

If you want to install Cilium via a ClusterResourceSet, the process looks something like this:

  1. Create Continue reading

The Advantages and Challenges of Going ‘Edge Native’

As the internet fills every nook and cranny of our lives, it runs into greater complexity for developers, operations engineers, and the organizations that employ them. How do you reduce latency? How do you comply with the regulations of each region or country where you have a virtual presence? How do you keep data near where it’s actually used? For a growing number of organizations, the answer is to use the edge. In this episode of the New Stack Makers podcast, Sheraline Barthelmy, head of product,  marketing and customer success for Cox Edge, were joined by The Advantages and Challenges of Going ‘Edge Native’ Also available on Google Podcasts, PlayerFM, Spotify, TuneIn The edge is composed of servers that are physically located close to the customers who will use them — the “last Continue reading

Waiting Room: Random Queueing and Custom Web/Mobile Apps

Waiting Room: Random Queueing and Custom Web/Mobile Apps
Waiting Room: Random Queueing and Custom Web/Mobile Apps

Today, we are announcing the general availability of Cloudflare Waiting Room to customers on our Enterprise plans, making it easier than ever to protect your website against traffic spikes. We are also excited to present several new features that have user experience in mind — an alternative queueing method and support for custom web/mobile applications.

First-In-First-Out (FIFO) Queueing

Waiting Room: Random Queueing and Custom Web/Mobile Apps

Whether you’ve waited to check out at a supermarket or stood in line at a bank, you’ve undoubtedly experienced FIFO queueing. FIFO stands for First-In-First-Out, which simply means that people are seen in the order they arrive — i.e., those who arrive first are processed before those who arrive later.

When Waiting Room was introduced earlier this year, it was first deployed to protect COVID-19 vaccine distributors from overwhelming demand — a service we offer free of charge under Project Fair Shot. At the time, FIFO queueing was the natural option due to its wide acceptance in day-to-day life and accurate estimated wait times. One problem with FIFO is that users who arrive later could see long estimated wait times and decide to abandon the website.

We take customer feedback seriously and improve products based on it. A frequent request Continue reading

From the Desk of the CEO: Pluribus Raises $20M from Morgan Stanley Expansion Capital to Fuel Growth

To the Pluribus Networks community:

Today, Pluribus Networks announced a funding round of $20 million led by Morgan Stanley Expansion Capital. This is an extremely exciting time for our company and for the industry, and the capital raised during this round will enable Pluribus to increase R&D and add sales and marketing capacity to accelerate its growth in the distributed cloud market, as well as expand into adjacent segments. In the coming months, we’ll be announcing a number of new product and partner initiatives that reflect the market’s increasing need for cost-effective and highly-automated data center networking fabric solutions.

The timing around this funding news is truly ideal. Industry analysts are consistently forecasting an increase in market opportunities around data center switching as digital transformation continues to accelerate globally – Dell ’Oro Group expects the market to surpass $20 billion by 2025. Furthermore, research completed this year by Enterprise Management Associates shows that the majority of enterprises are increasing their number of data center sites and over 80% intend to deploy active-active data centers to support availability zones. In that same research enterprises identify their top two challenges as network operational complexity and network architecture complexity. Pluribus Networks’ Netvisor® Continue reading

What’s new in Ansible Automation Platform 2: automation content navigator

AAP 2 gray sliding a

With the introduction of Red Hat Ansible Automation Platform 2, several new key components are being introduced as a part of the overall developer experience. This includes automation execution environments, introduced to provide predictable environments during automation runtime. All collection dependencies are contained within the execution environment to make sure that automation created in development environments runs the same as in production environments.

Building execution environments is now easier with the introduction of the execution environment builder (ansible-builder) tool included with Ansible Automation Platform, while the updates to automation controller help IT teams leverage execution environments.

Considering the shift towards containerized execution of automation, the automation development workflow and pre-existing tooling must be reimagined. In short, ansible-navigator replaces ansible-playbook and other ansible-*` command line utilities.

However, ansible-navigator serves a much greater purpose than just a drop in replacement or alias to ansible-playbook. With this release, ansible-navigator is introduced as an application exclusively for developing and executing automation. Ansible-playbook has long been one of the first utilities that is leveraged in an Ansible automated environment. Building on the ease of use, the automation content navigator exposes automation runs in greater detail. Apart from debugging Continue reading

Ananki startup tries to simplify private 5G

A startup using open-source components to offer software-defined private 5G as a service hopes to attract enterprises with an architecture that it says is as simple as Wi-Fi's. 5G resources How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises Called Ananki, the company requires little of enterprises in order to deploy the service: Customers set up small-cell 5G radios on-site, point them toward a cloud network running the Ananki software, install SIMs on the enterprise hardware that will tap into the service, and Ananki’s automation remotely configures the radios and provisions the SIMs.To read this article in full, please click here

Kioxia seeks to make the SSD more programmable

NAND flash maker Kioxia has expanded its Software-Enabled Flash technology to bring a greater degree of programmability to NAND storage. The move will benefit hyperscalers the most but will have benefits for enterprises and SMBs as well.Kioxia (formerly Toshiba) first introduced SEF last year. It’s an open-source API that operates as a new kind of hardware flash controller to offload some functions to a controller, thus freeing up the CPU, while allowing large data-center environments to manage at scale.Because the API is open source, competitors in the flash space can adopt the API and customize it for their hardware. Hyperscalers think about SSDs in terms of deploying and serving workloads at scale. Kioxia notes that cloud providers often have different types of drives they deploy for different use cases, like block storage versus file storage or ZNS.To read this article in full, please click here

Kioxia seeks to make the SSD more programmable

NAND flash maker Kioxia has expanded its Software-Enabled Flash technology to bring a greater degree of programmability to NAND storage. The move will benefit hyperscalers the most but will have benefits for enterprises and SMBs as well.Kioxia (formerly Toshiba) first introduced SEF last year. It’s an open-source API that operates as a new kind of hardware flash controller to offload some functions to a controller, thus freeing up the CPU, while allowing large data-center environments to manage at scale.Because the API is open source, competitors in the flash space can adopt the API and customize it for their hardware. Hyperscalers think about SSDs in terms of deploying and serving workloads at scale. Kioxia notes that cloud providers often have different types of drives they deploy for different use cases, like block storage versus file storage or ZNS.To read this article in full, please click here

1 649 650 651 652 653 3,841