Shellshock, appropriately and of course punnily named, is ravaging the
Internet right now. Active exploits continue to grow in number and in
While there are multiple avenues through which this vulnerability can be
exploited, the most active one at the moment appears to be via vulnerable
Internet-facing systems running web applications.
Register For DevOps Summit FREE (before Friday) ▸ Here
These attacks take advantage of the lax constraints on HTTP headers that
allow strings of nearly limitless length to be passed not just to the web
server, but on to the system via CGI. Once passed, a 22 year old GNU Bash
vulnerability allows the code embedded in the HTTP header to be executed.
That code can be just about anything. A quick GIS will net you hundreds of
sites documenting actual attempts at exploits including complete shell
scripts designed to download and... (more)
JANUARY 8, 2014 02:00 PM EST
When we talk about the impact of BYOD and BYOA and the Internet of Things, we
often focus on the impact on data center architectures. That's because there
will be an increasing need for authentication, for access control, for
security, for application delivery as the number of potential endpoints
(clients, devices, things) increases. That means scale in the data center.
What we gloss over, what we skip, is that before any of these "things" ever
makes a request to access an application it had to execute a DNS query.
Every. Single. Thing.
Maybe that's ... (more)
One of the more popular methods of dealing with not just with the explosion
of devices but the growing challenge of dealing with growth of compute
devices under management in general is virtual desktop infrastructure (VDI).
While VDI has been overshadowed of late by newer and shinier TLAs like SDN
and IoT, it remains nonetheless a critical component of most organizations
As the technology behind VDI has matured, many organizations have begun to
reconsider their initial, early decisions to go with one technology over
another. That's natural, as it often takes tim... (more)
#HTTP #HTTP2.0 Why that version number is so very important ....
It's no surprise that HTTP is the new TCP. Inarguably, more applications are
delivered via HTTP than any other. That's including mobile apps, by the way,
which are more often than not using HTTP to talk to REST-based APIs on the
But what we don't often say is that HTTP 1.x is the new TCP. That distinction
is important (some might say imperative) as HTTP 2.0 moves toward becoming
the official, ratified standard.
You see, backwards compatibility is not something that's part and parcel of
HTTP 2.0 any more t... (more)
#SDAS #HTTP #webperf #SSL De facto standards can be as difficult to
transition off of as official ones
If you haven't heard about HTTP 2.0 it's time to start paying attention. It
is anticipated that in November the latest version of the specification will
become "the standard" for applications.
It includes enhancements designed to improve the security and performance of
web applications, which have become critical strategic components to just
about every organization on the planet. Go ahead, name an organization that
doesn't rely on at least one web-based application to conduct b... (more)