Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmHow the NSA snooped on encrypted Internet traffic for a decade | Ars Technica2016-08-19T20:37:33+00:00
http://arstechnica.com/security/2016/08/cisco-firewall-exploit-shows-how-nsa-decrypted-vpn-traffic/
jmIn a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls. The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic.
]]>nsa hacks exploits pix cisco securityhttps://pinboard.in/https://pinboard.in/u:jm/b:5c49c733d7be/Facebook introduce “Wedge” and “FBOSS"2014-06-19T10:42:59+00:00
https://code.facebook.com/posts/681382905244727/introducing-wedge-and-fboss-the-next-steps-toward-a-disaggregated-network/
jma new top-of-rack network switch, code-named “Wedge,” and a new Linux-based operating system for that switch, code-named “FBOSS.” These projects break down the hardware and software components of the network stack even further, to provide a new level of visibility, automation, and control in the operation of the network. By combining the hardware and software modules together in new ways, “Wedge” and “FBOSS” depart from current networking design paradigms to leverage our experience in operating hundreds of thousands of servers in our data centers. In other words, our goal with these projects was to make our network look, feel, and operate more like the OCP servers we've already deployed, both in terms of hardware and software.
Sayonara, Cisco, and good riddance.]]>cisco juniper wedge fboss facebook tor switches racks networking datacenter routershttps://pinboard.in/https://pinboard.in/u:jm/b:965f752b5d75/Stalled SCP and Hanging TCP Connections2014-04-15T09:47:38+00:00
https://blogs.kent.ac.uk/unseenit/2013/10/18/stalled-scp-and-hanging-tcp-connections/
jmIt looks like there’s a firewall in the middle that’s doing additional TCP sequence randomisation which was a good thing, but has been fixed in all current operating systems. Unfortunately, it seems that firewall doesn’t understand TCP SACK, which when coupled with a small amount of packet loss and a stateful host firewall that blocks invalid packets results in TCP connections that stall randomly. A little digging revealed that firewall to be the Cisco Firewall Services Module on our Canterbury network border.
(via Tony Finch)]]>via:fanf cisco networking firewalls scp tcp hangs sack tcpdumphttps://pinboard.in/https://pinboard.in/u:jm/b:4774b16849b8/The US fears back-door routes into the net because it's building them too | Technology | The Observer2013-10-13T21:09:26+00:00
http://www.theguardian.com/technology/2013/oct/13/us-scared-back-door-routes-computers-snowden-nsa?CMP=twt_gu
jmone of the most obvious inferences from the Snowden revelations published by the Guardian, New York Times and ProPublica recently is that the NSA has indeed been up to the business of inserting covert back doors in networking and other computing kit.
The reports say that, in addition to undermining all of the mainstream cryptographic software used to protect online commerce, the NSA has been "collaborating with technology companies in the United States and abroad to build entry points into their products". These reports have, needless to say, been strenuously denied by the companies, such as Cisco, that make this networking kit. Perhaps the NSA omitted to tell DARPA what it was up to? In the meantime, I hear that some governments have decided that their embassies should no longer use electronic communications at all, and are returning to employing couriers who travel the world handcuffed to locked dispatch cases. We're back to the future, again.
]]>politics backdoors snowden snooping networking cisco nsa gchqhttps://pinboard.in/https://pinboard.in/u:jm/b:179eb9c9496b/Juniper Adds Puppet support2013-08-27T14:46:59+00:00
http://packetpushers.net/pull-my-strings-im-your-puppet-juniper-bringing-devops-to-networking/
jmssh cli automation networking networks puppet ops juniper ciscohttps://pinboard.in/https://pinboard.in/u:jm/b:dd0799ce4597/Google Translate of "Lorem ipsum"2013-06-28T14:14:56+00:00
http://translate.google.ie/#la/en/Lorem%20ipsum%20dolor%20sit%20amet%2C%20consectetur%20adipiscing%20elit.%20Proin%20tristique%20rhoncus%20nulla%2C%20vel%20dignissim%20ligula%20vulputate%20nec.%20Donec%20velit%20mauris%2C%20ultricies%20quis%20elit%20non%2C%20pulvinar%20feugiat%20dolor.%20Vestibulum%20ante%20ipsum%20primis%20in%20faucibus%20orci%20luctus%20et%20ultrices%20posuere%20cubilia%20Curae%3B%20Class%20aptent%20taciti%20sociosqu%20ad%20litora%20torquent%20per%20conubia%20nostra%2C%20per%20inceptos%20himenaeos.%20Morbi%20nec%20porta%20nisl.%20Donec%20eget%20leo%20quis%20ante%20vehicula%20consectetur.%20Donec%20commodo%20ut%20ligula%20eget%20tincidunt.%20Sed%20congue%20in%20arcu%20in%20ullamcorper.%20Nullam%20et%20tincidunt%20erat.%20Mauris%20semper%20porttitor%20leo%2C%20porttitor%20lobortis%20odio%20hendrerit%20id.%20Nullam%20aliquet%20metus%20ut%20est%20placerat%20eleifend
jmWe will be sure to post a comment. Add tomato sauce, no tank or a traditional or online. Until outdoor environment, and not just any competition, reduce overall pain. Cisco Security, they set up in the throat develop the market beds of Cura; Employment silently churn-class by our union, very beginner himenaeos. Monday gate information. How long before any meaningful development. Until mandatory functional requirements to developers. But across the country in the spotlight in the notebook. The show was shot. Funny lion always feasible, innovative policies hatred assured. Information that is no corporate Japan
]]>lorem-ipsum boilerplate machine-learning translation google translate probabilistic tomato-sauce cisco funnyhttps://pinboard.in/https://pinboard.in/u:jm/b:ba5b034812ef/Cisco SCE 8000 Series Service Control Engine - Products & Services - Cisco Systems2010-10-14T10:44:15+00:00
http://www.cisco.com/en/US/products/ps9591/index.html
jmdpi upc ireland isps cisco networking internethttps://pinboard.in/u:jm/b:c99046413810/Common Errors Causing DKIM Verification Failures2009-10-27T21:26:58+00:00
http://blogs.cisco.com/security/comments/common_errors_causing_dkim_verification_failures/
jmdkim errors typos cisco domainkeys via:boxofmeathttps://pinboard.in/u:jm/b:638bde563dc9/