Heartbleed Revisited

Heartbleed Revisited
Heartbleed Revisited

In 2014, a bug was found in OpenSSL, a popular encryption library used to secure the majority of servers on the Internet. This bug allowed attackers to abuse an obscure feature called TLS heartbeats to read memory from affected servers. Heartbleed was big news because it allowed attackers to extract the most important secret on a server: its TLS/SSL certificate private key. After confirming that the bug was easy to exploit, we revoked and reissued over 100,000 certificates, which highlighted some major issues with how the Internet is secured.

As much as Heartbleed and other key compromise events were painful for security and operations teams around the world, they also provided a learning opportunity for the industry. Over the past seven years, Cloudflare has taken the lessons of Heartbleed and applied them to improve the design of our systems and the resiliency of the Internet overall. Read on to learn how using Cloudflare reduces the risk of key compromise and reduces the cost of recovery if it happens.

Keeping keys safe

An important tenet of security system design is defense-in-depth. Important things should be protected with multiple layers of defense. This is why security-conscious people keep spare house Continue reading

Is It Illegal To Be Called “Engineer” Without Having An Engineering Degree?

Some engineers are called engineers because they went through a rigorous process recognized in their industry. The stuff they do tends to affect lives, and so the title of engineer is not awarded until a bunch of other people agree it’s deserved. Engineers in those disciplines sometimes take exception to IT engineers being called such, as there is no industry-wide process one follows to become an IT engineer. So should we be disallowed from using the term?

The post Is It Illegal To Be Called “Engineer” Without Having An Engineering Degree? appeared first on Packet Pushers.

A quick FAQ about NFTs

I thought I'd write up 4 technical questions about NFTs. They may not be the ones you ask, but they are the ones you should be asking. The questions:

  • What does the token look like?
  • How does it contain the artwork? (or, where is the artwork contained?)
  • How are tokens traded? (How do they get paid? How do they get from one account to another?)
  • What does the link from token to artwork mean? Does it give copyrights?
I'm going to use 4 sample tokens that have been sold for outrageous prices as examples.

#1 What does the token look like?

An NFT token has a unique number, analogous to:

  • your social security number (SSN#)
  • your credit card number
  • the VIN# on your car
  • the serial number on a dollar bill
  • etc.

This unique number is composed of two things:

  • the contract number, identifying the contract that manages the token
  • the unique token identifier within that contract
Here are some example tokens, listing the contract number (the long string) and token ID (short number), as well as a link to a story on how much it sold for recently.

Heavy Networking 569: New Metro Architectures For 5G, IoT, And Low Latency Services (Sponsored)

5G, IoT, and low-latency virtualized edge services present a major opportunity for providers and enterprises to build and consume new services in the metro network. On today's Heavy Networking episode, sponsor Juniper Networks is here to share its vision of new metro architectures. Our guests are Amit Bhardwaj, Sr. Director Product Management; and Mats Nordlund, Sr. Director Product Management.

Heavy Networking 569: New Metro Architectures For 5G, IoT, And Low Latency Services (Sponsored)

5G, IoT, and low-latency virtualized edge services present a major opportunity for providers and enterprises to build and consume new services in the metro network. On today's Heavy Networking episode, sponsor Juniper Networks is here to share its vision of new metro architectures. Our guests are Amit Bhardwaj, Sr. Director Product Management; and Mats Nordlund, Sr. Director Product Management.

The post Heavy Networking 569: New Metro Architectures For 5G, IoT, And Low Latency Services (Sponsored) appeared first on Packet Pushers.

You Can’t Think If You’re Always Thinking

On the March 25, 2021 edition of his Daily Check-In podcast, Ned Bellavance talks about feeling like he’s putting too many inputs into his brain, and not leaving enough time to hear his own thoughts. I have had similar concerns for myself.

I tend to have something going most of the time. Podcasts in the morning before settling into my office. Music during the day, typically something familiar or non-intrusive so that it’s not too distracting while I write and research. YouTube or a Boston Celtics basketball game in the evenings while I eat dinner and unwind from Zoomday. (Zoomday is everyday! ???) Before I go to bed, I read mentally engaging things. Books, a mix of fiction and non-fiction, currently Aldous Huxley’s Brave New World. Blogs like Astral Codex Ten plus a myriad of tech writers. When the sleepies finally hit, I turn off the glowing doom rectangle and hope my dreams aren’t unfathomable. Like the one two days ago where I was inside a commercial jet taxing rapidly through a city, the jet being chased by emergency vehicles that kept inexplicably bursting into flames. My dreams are fun. But I digress.

Like Ned outlined in his podcast, Continue reading

Servant Leadership and Standing Out

LonePawn

My son is fifteen and he’s the typical teenager that either thinks he’s being asked to do way too much or he’s not getting recognized for what he’s accomplished. That last part is hard for him because he’s a bit humble and doesn’t like to tout his own work. I once told him that he didn’t need to do that because he stands out to the people that matter. He did the typical teenager thing where he fought me and said that no one noticed anything he did. I told him that if you do things the way they’re supposed to be done and don’t spend your whole day crowing about what you’re doing that the right people will most assuredly notice.

The worry that your work is going unnoticed isn’t unfounded among teenagers or adults. How many times have we asked ourselves in our daily work roles if we matter? It takes about two weeks worth of meetings in a typical IT department for you to see how things go. There are those that coast by with the knowledge they obtained years ago that have their niche and they intend to fill it. Their entire purpose is to avoid Continue reading

Introducing Super Bot Fight Mode

Introducing Super Bot Fight Mode
Introducing Super Bot Fight Mode

Almost half of the Internet’s traffic is powered by bots. Bots have scoured the net for years, relentlessly hacking into bank accounts, scooping up Bruno Mars tickets, and scraping websites for data. The problem is so widespread that we launched Bot Fight Mode in 2019 to fight back. Since then, over 150,000 individuals and small businesses have used the product, and we’ve received countless requests for more functionality. More analytics, more detections, and more controls.

Introducing Super Bot Fight Mode.

Beginning immediately, any Cloudflare user with a Pro or Business site can take new action against bots. We’ve added advanced features in the dashboard and some exciting updates to analytics. Free customers will retain all the benefits they've enjoyed with Bot Fight Mode, and our Enterprise Bot Management product will continue to push the needle on innovation.

In the Dashboard

Our bot solutions have a new home. The features we discuss in this blog post go beyond a single toggle, so we created a hub for bot protection. Head to the Firewall app and select the “Bots” subtab to get started.

The new hub is live for all users, including those with Enterprise Bot Management.

Pro Plan Features

First up: Continue reading

Announcing API Abuse Detection

Announcing API Abuse Detection
Announcing API Abuse Detection

APIs are incredibly important. Throughout the 2000s, they formed the backbone of popular web services, helping the Internet become more useful and accessible. In the 2010s, APIs played a larger role in our lives, allowing personal devices to communicate with the digital world. Many of our daily activities, like using rideshare services and paying for lattes, are dependent on this form of modern communication. Now we are approaching a post-pandemic world in which APIs will be more important than ever.

Unfortunately, as any technology grows, so does its surface area for abuse. APIs are no exception. Competing rideshare services might monitor each other’s prices via API, spawning a price war and a waste of digital resources. Or a coffee drinker might manipulate an API for a latte discount. Some companies have thousands of APIs — including ones that they don’t even know about. Cloudflare can help solve these problems.

Today, we are announcing early access to API Discovery and API Abuse Detection.

Background

Before going further, it’s important to explain why we need a solution for APIs. Traditional security tools, including Rate Limiting and DDoS Protection, can be wonderfully useful. But these approaches were not built to act Continue reading

Mitigating Bot Attacks against Cloudflare

Mitigating Bot Attacks against Cloudflare
Mitigating Bot Attacks against Cloudflare

The word “bots” on the Internet is a fairly loaded one. My earliest ‘bot’ experience was on IRC, where bots were quite helpful in making sure your favorite channel didn’t get taken over by malicious users and allowed for fun games of trivia. Around five years ago, “bots” were often referencing text chats in combination with AI and messaging platforms/apps as a new way to interact with customers. Today most of the connotations around bots on the Internet, particularly in the security space, are negative and we have a number of vendors offering new ways to detect and block bots.

In its most simple form, a bot is an automated piece of software that replaces human interaction. In the examples above, this is done so we can scale a process to be faster or more extensive than a single manual action. Search Engine bots exist because it is impossible (or at the very least, impractical) to crawl the Internet one curl at a time. The benefit of scale can be used for both good and for bad, by attacking a property on the Internet. Bots are used for attacks at scale — they can be deployed to attack an Continue reading

Interview: Will AI Replace the Networking Engineers?

In the second half of my chat with David Bombal we focused on automation and AI in networking. Even though we discussed many things, including the dangers of doing a repeatable job, and how to make yourself unique, David chose a nice click-bait headline Will AI Replace the Networking Engineers?. According to Betteridge’s law of headlines the answer is still NO, but it’s obvious AI will replace the low-level easy-to-automate jobs (as textile workers found out almost 200 years ago).

While pondering that statement, keep in mind that AI is more than just machine learning (the overhyped stuff). According to one loose definition, “Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions

Full disclosure: the web site with this definition had and ad for Lego Friends set next to it, making it extra-trusty. I couldn’t find a similarly oversimplified definition on Wikipedia… probably for a good reason.
Read more …

Interview: Will AI Replace the Networking Engineers?

In the second half of my chat with David Bombal we focused on automation and AI in networking. Even though we discussed many things, including the dangers of doing a repeatable job, and how to make yourself unique, David chose a nice click-bait headline Will AI Replace the Networking Engineers?. According to Betteridge’s law of headlines the answer is still NO, but it’s obvious AI will replace the low-level easy-to-automate jobs (as textile workers found out almost 200 years ago).

While pondering that statement, keep in mind that AI is more than just machine learning (the overhyped stuff). According to one loose definition, “Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions

Full disclosure: the web site with this definition had and ad for Lego Friends set next to it, making it extra-trusty. I couldn’t find a similarly oversimplified definition on Wikipedia… probably for a good reason.
Read more …

How to Find Reviews on Amazon?

Amazon, the company that formerly started as an online book store, has become one of the most influential companies around the globe. Over the last decade, the company has managed to expand its dealership by stepping into different sectors. Today, Amazon is recognized, as one of the leading e-commerce stores that have outshined Walmart, thus taking away its title as Americas most valued retailer. From creating a mega e-market to boosting digital streaming and AI, it has positioned itself as one of the most prominent profit-making megacorps, followed by Facebook and Google.

The speedy delivery system and product credibility are two factors that have won amazon roughly around hundred million followers universally. With the advancement in technology and high availability of online marketplaces, people find it convenient to order stuff online than buying it physically. In this case, Amazon has become the most preferred and trusted e-commerce site among the masses.

How to Find My Reviews on Amazon?

To have full access on the website, like any other user you must have created an Amazon account to make your purchases. Also, upon quick package delivery and blue ribbon product quality, it is a common practice to do the five-star rating. Continue reading

5G: Time to get real about what it will be used for

We all know the old saw about pushing a strand of spaghetti uphill, and I’ve got to wonder whether that’s what we’re now doing with 5G.  5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises First, 5G is going to happen because of the orderly process of modernizing wireless networks.  It doesn’t need “justifying”. The problem is that vendors want 5G to be revolutionary and transformational, rather than orderly. Second, that need to seem revolutionary has pushed 5G stories to the boundaries of sensibility.To read this article in full, please click here

IDC: Moving to the cloud could save 1B+ metric tons of CO2 emissions

IDC has released a new study, the first of its kind, that predicts that cloud computing could help to prevent more than one billion metric ton of carbon dioxide (CO2) emissions in the next three years.The forecast uses IDC data on server distribution and cloud and on-premises software use along with third-party information on data center power usage, carbon dioxide emissions per kilowatt-hour, and emission comparisons of cloud and non-cloud data centers.[Get regularly scheduled insights by signing up for Network World newsletters.] IDC's forecast includes upper and lower bounds for the estimated reduction in emissions. If the percentage of green cloud data centers today stays where it is, just the migration to cloud itself could save 693 million metric tons over the four-year time period.To read this article in full, please click here

1 711 712 713 714 715 3,789