#heartbleed #infosec #SSL
There are a variety of opinions on the seriousness of Heartbleed being put
forth ranging from "it's not the end of the world" to "the sky is falling,
duck and cover." Usually the former cites the relatively low percentage of
sites impacted by Heartbleed, pegged at about 17% or 500,000 sites by
Netcraft. The latter cite the number of consumers impacted, which is a way
bigger number to be sure. Sites tracking the impact to users suggest many of
the largest sites have potentially been impacted, translating into many
millions of users.
And then there’s the impact on gadgets and devices we might not immediately
think of being vulnerable. A wide variety of smart phones, IP phones,
switches and routers have been identified as being vulnerable. Home internet
routers and that nifty system you had put in that lets you mess with your
house’s tempera... (more)
OpenStack. OpenDaylight. SDN. Cloud. It's all about abstraction, about APIs
and "software-defined" (which really means software-controlled, but this is
neither the time or place to get into that debate).
It's about jailbreaking the network. Enabling access to features and
functionality in a way that results in new services, increased responsiveness
and overall, the operationalization of the network.
The term jailbreaking is generally used with respect to mobile phones, in
particular Apple's iOS line of phones.
"Jailbreaking permits root access to the iOS file system and manager, ... (more)
One of the most common phrases heard when new technology is introduced is
that it's going to "bridge the gap" between X and Y. X and Y are almost
always one of three IT groups: development, operations and networking. And
while that goal is admirable (and indeed there are techno-cultural issues
that have and continue to cause friction between these groups) one of the
biggest obstacles standing in the way of rainbow-and-unicorn harmony between
these groups is terminology.
It's not just a case of difference of opinions on pronunciation, a la "you
say toh-mah-toh I say tah-may-toh",... (more)
Despite claims that there exists (or will, look out!) a mythical "god box"
for the enterprise data center, capable of performing every data center
function imaginable, it remains, well, mythical. Efforts to effectively
secure the data center and the applications it delivers therefore requires a
collaborative approach between best-of-breed technologies.
But if collaboration across functional IT groups - development, operations,
network and security - remains as elusive as nirvana, then collaboration
across products has traditionally been seen as likely as sighting the Loch
Ness M... (more)
Nick Lippis, who writes the eponymously named Lippis Report, had a
fascinating report on the differences between enterprise and service provider
environments with respect to network virtualization.
He observes, through a survey of the ONUG (Open Networking User Group)
membership, that what the enterprise needs is Network Service Virtualization
(NSV), which he and ONUG define as the virtualization of "enterprise
appliances, such as firewalls, load balancers, application accelerators,
application delivery controllers, Intrusion Protection Systems, WAN
optimizers, call ... (more)