https://shattered.io Website Logo
This blog is for us true geeks!! (All others will be bored.)
It was announced today that the cryptographic hash function SHA-1 is susceptible to collisions. Although this has been theorized for a number of years, there has been no proof of a collision. Well…until today, that is. Teams from CWI Amsterdam and Google have been working together for the last couple of years, and have demonstrated an actual collision.
What is a cryptographic collision? It’s when two different files have the same hash signature. In other words, if you run a hash function against a file, the resulting hash is a “signature” for that file. Change anything in that file, and the hash result will be very different. However, these teams were able to manipulate two different files and get the same hash signature. NOT good at all. The security implications for this is HUGE!
SHA-1 has already been deprecated, and is on it’s way out…today’s announcement adds urgency to it. You should move to SHA-256 or SHA-3.
For some really good reading on this, check out the following links…
At death’s door for years, widely used SHA1 function is now dead
Sun microsystems logo
For those of you that have been involved in the IT industry for a long time, then you know the impact that Sun SPARC systems (and the Solaris operating system) has had on the industry and the Internet. It used to be that if you had an application that was critical or important, then it ran on UNIX and custom RISC processors, and that usually meant Sun hardware and software.
Early in my career, I managed several Sun systems that handled email, firewall (remember the early days of Checkpoint??), and critical databases….it was a lot of work, but the Sun platforms just rocked!! I remember hearing horror stories from other Admin’s about how buggy or poor performing their systems were (especially Windows NT Admin’s), and I just smiled…my SPARC systems and the Solaris OS never let me down!!
Back in 2010, Oracle bought Sun and tried to keep it going, but it’s not going to happen. I just saw this NetworkWorld article today…
Game Over for Solaris and SPARC?
One other memory…way back in my early days in this industry, I was working on the Smart Valley project (in the San Francisco Bay area)…this would have been in the mid-1990’s. I was handling the installation of Internet circuits and related equipment for the many schools in the Silicon Valley area, getting them hooked up to the “Internet”. I was green, and still had a lot to learn, but Sun assigned a number of their Network Engineers to the project and I remember how sharp and helpful they were. They showed a lot of patience to me, and I learned a lot…I am forever in their debt.
Yes, I know…it has been a long time since my last post. Sorry…I’ve been busy.
This afternoon, I was doing some configuration work on one of my Internet facing routers, and I noticed a large amount of scanning, looking for an open Telnet port (scanning for ports 23 and 2323)…take a look…
A lot of “knocking” on ports 23 and 2323
I was wondering if it was just this router, so I checked several other routers on my network and they are all seeing exactly the same thing, and it all started at roughly the same time. VERY interesting! (Note…you may notice that there are two different ACL’s involved…that’s because I have two Internet facing ports…a primary circuit and a backup circuit, each with their own custom ACL.)
This activity might be related to the recent Mirai malware attacks on the “Internet of Things” (IoT), and the use of port 23 for C&C (Command & Control) traffic. Hard to say really…maybe it’s just ET trying to phone home…
Have a great day!!
If you ever need some help in designing a network, wondering what’s the best practices for security or wireless, then Cisco has some very helpful information for you! Over the years, Cisco has put together a bunch of official network designs that you can review and use to assist with your own network design challenges. Cisco calls them CVD’s…or, Cisco Validated Designs. When they first started out, the designs were very technical and written in a bit of a bland manner (written by CCIE’s no doubt). Now, however, they are very colorful, lots of visuals and slick copy art, but…they are still technical and very helpful!! (I would imagine they are still written by a bunch of CCIE’s, but then filtered through a design/publishing group of some sort.)
Take a look at this link: Cisco Validated Designs
I’m in the process of reviewing and upgrading my core VTI/DMVPN infrastructure, and I’m reading through the CVD “Intelligent WAN Technology Design Guide”….
Cover page for the CVD iWAN guide
This design guide is NOT light reading…it’s 287 pages of very technical information and sample configurations…VERY cool. It’s going to take me several days to digest this thing…but already it has answered several questions that I’ve been wondering about.
When you’re viewing the CVD webpage, scroll down near the bottom to the “Design guides by category”…as you can see, there are a ton of options which should cover just about anything you are interested in.
I found myself today working on my main SYSLOG server, which runs Linux (CentOS to be exact). I needed to change some startup scripts and update my CRONTAB entries. Note…CRONTAB is the process which will automatically run commands and scripts whenever you want it to…it can handle a lot of work when you are not around.
However, it has been a long time since I last worked with CRON and CRONTAB, and I needed to clear out some old cobwebs in the brain and refresh my memory on how all of this worked. I found a really good webpage that had some great explanations and examples for CRON and CRONTAB, and I was able to quickly get my changes completed and tested.
Check it out when you have a chance: https://www.pantz.org/software/cron/croninfo.html
And remember, if you need to test your SYSLOG server, check out SYSLOGGEN.
I’ve just recently completed an enterprise wide wireless upgrade to Meraki AP’s. I have to say it brought joy to my heart to get rid of all those old (very old!!) Cisco AP’s. Wow…they were such boat anchors! Now we have a state of the art, cloud managed, wireless infrastructure that will support my company for many years to come. And management is SO much easier now…all from a single pane of glass. To be honest, I’m not a huge preacher for “cloud” management solutions…but for a wireless network, Meraki’s cloud management interface is incredible!!
To get you started, you should check this out: Meraki Wireless Basics and Best Practices
Lots of great articles and best practices for wireless networks
Make sure to click on all three tabs…Guides, Articles and Most Popular. Lots of great information, and a fair of amount of it pertains to generic wireless networks, not just Meraki.
Adding one little letter should be easy!!
There is a large push for all websites to move to HTTPS, instead of the traditional HTTP. Although there is just one letter difference, it’s a big move…ultimately affecting 10’s of thousands of websites, including the one you are reading now.
Why the big push? Security!! (Hence the letter “S” in HTTPS.) Is this really necessary? Do readers care if my static website blogs are sent in plain text? Should I have to worry about fixing a BUNCH of links in my website? Ugh…and it begs the question…is it even worth trying to fix?
I could write a large blog on the pros and cons of HTTPS, but I don’t have the time or energy, and I doubt it would be that good. However, Ars Technica already did…today in fact. I would encourage you to read HTTPS is not a magic bullet for Web security, by Scott Gilbertson! He did a great job of detailing out the reasons for the move to HTTPS, as well as reasons not too….it will make you think.
As for me…I have a feeling I will be moving to HTTPS one of these days. Probably sooner rather than later.
And…let’s be kind to one another.
Do you ever wonder how the Internet is performing? Latency, packet loss, etc??? I do…mainly because I’m a curious type of guy. I’ve looked for different monitoring sites on the Internet, but most seem to be crude, simplistic, or just plain dumb! However, I did find this site that actually has valuable information in a simple presentation…
Internet Health Report
The “Focus” settings don’t really do much, but do play with the “Metric” and “Period” settings…there is some very interesting data you can get doing this. And when you hover above a cell, a small pop-up shows additional information. This site is hosted by “Keynote by Dynatrace”…I’m not familiar with them, but they provide solutions in the programming area concerning mobile application testing…very cool!!
We use a lot of Cisco 7941 phones at my work, and as you might know, they were end-of-life by Cisco back in 2009, and no longer had hardware RMA support as of January 2015. (For you curious types, here is the EOL announcement for the 7941 phones, TAC login not needed.) Since then, we have been using a third party company for hardware replacement…and for the most part it has worked out well. Occasionally though, we will get an old replacement 7941 phone that boots up with an “Auth Fail” error message.
What this means is the phone is running a firmware version that is too old to upgrade to the existing version that our Call Manager is pushing out. The fix is simple…you need to upgrade the phone to an intermediate firmware version, then upgrade it to the current version. First step is to figure out what older version of firmware to use…for me it’s “SCCP41.8-5-2S”.
Next, go to Call Manager and find the phone in question…scroll down the page and you will see something like this…
Blank phone load field
Next, copy the intermediate firmware name into the field…
Phone load field with intermediate firmware version
Then click “Save” and reset the phone. When the phone comes back up, it will then proceed to properly upgrade the firmware to the intermediate version. Once that is complete, go back to Call Manager and clear the Phone Load field…click “Save” and reset the phone again.
Now when the phone boots up, it will successfully upgrade to the current firmware version.
I participate every year in completing the salary survey for ComputerWorld…it doesn’t take long to fill out, and I like knowing that I help contribute to the data that makes up their annual salary report. It is always a good read, with helpful information on average salaries for various IT positions, along with trends in the IT marketplace, and what IT careers are hot (and what are not). I’m not looking for another job, but I like knowing where I stand in terms of salary and benefits, and what my fellow IT workers are seeing. Gaining and maintaining knowledge about your career is always a good thing!!
ComputerWorld Salary Survey 2016
If you are not signed up for ComputerWorld’s newsletters and monthly digital magazine, I would encourage you to do so here.