SDN meets the real world: implementation benefits and challenges

This report underwritten by: Nuage Networks 1Executive Summary Software-defined networking (SDN) is an enabling technology shift that mimics for networking what server virtualization brought to data centers. From little more than a research project a decade or so ago, SDN has become one of the biggest trends in the data center, and for good reason. ...

Bringing in-memory transaction processing to the masses: an analysis of Microsoft SQL Server 2014 in-memory OLTP

1Executive Summary The emerging class of enterprise applications that combine systems of record and systems of engagement has geometrically growing performance requirements. They have to support capturing more data per business transaction from ever-larger online user populations. These applications have many capabilities similar to consumer online services such as Facebook or LinkedIn, but they need ...

Confessions of a Full Stack DevOp

In an interesting post from Jeff Knupp, he laments the increasing tendancy for development and operations roles to merge into one: Rather than temporarily taking on a single role for a short period of time, then transitioning into the next role, they are meant to be performing all the roles, all the time. And here’s what ...

How I used Heartbleed to steal a site’s private crypto key

Extracting keys from unpatched servers requires skill, but it’s eminently doable. Aurich Lawson / Thinkstock By now everyone knows about the OpenSSL Heartbleed vulnerability: a missing bounds check in one of the most popular TLS implementations has made millions of Web servers (and more) leak all sorts of sensitive information from memory. This can leak login credentials, authentication cookies, ...

Should you always pass just the bare minimum data into a function?

A look at two ways to the get a similar result—but one way is superior. Stack Exchange This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Anders Holmström asks: Let’s say I have a function IsAdmin that checks ...

Private crypto keys are accessible to Heartbleed hackers, new data shows

Four people have been able to see server keys and certificates in a test. Aurich Lawson / Thinkstock Contrary to previous suspicions, it is possible for hackers exploiting the catastrophic vulnerability dubbed Heartbleed to extract private encryption keys from vulnerable websites, Web services firm Cloudflare reported Saturday. As recently as yesterday, Cloudflare published preliminary findings that seemed to indicate that ...

The OpenSSL Heartbleed Bug: What It Means To You

Below are steps for a Heartbleed resolution Heartbleed Resolution Steps for Symantec, GeoTrust, RapidSSL, Comodo and Thawte Step 1: To determine if you are vulnerable due to the Heartbleed bug, enter your domain name onhttps://www.ssllabs.com/ssltest/index.html. If your site is in the clear, then no action is needed J. However, if it is determined that your site ...

Here’s everything you need to know about the Heartbleed web security flaw

  photo: Thinkstock / aetb SUMMARY:Researchers have discovered a serious flaw known as Heartbleed that affects the security software that runs on about two-thirds of the servers on the internet and could expose user data, including passwords. Here’s what you need to know about it It seems as though every week or so there’s a new ...

Heartbleed vulnerability may have been exploited months before patch [Updated]

Fewer servers now vulnerable, but the potential damage rises. Aurich Lawson / Thinkstock Update: Errata Security’s Robert Graham has acknowledged that he was mistaken in his assessment, and that private keys could be at risk. The original story below has been marked up accordingly. There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly ...

Cisco finds 13 products (so far) vulnerable to Heartbleed—including phones

Collaboration products, router OS have OpenSSL bug; Cisco still checking others Cisco has issued a security bulletin for customers about the Heartbleed bug in the OpenSSL cryptography code, and it’s not about Web servers. So far, the company has unearthed 11 products and 2 services susceptible to attack through the vulnerability, which can be used to retrieve ...