KPN Certificate Authority Hacked

by ·0 Comment

7th November 2011

KPN Certificate Authority Hacked

Dutch certificate authority KPN has announced that it will cease issuing certificate operations after discovering a security breach on one of its servers. The server in question, which has now been replaced, appears to have been infected with malware which could have caused it to particpate in Denial of Service botnet style attacks. A third party company is currently investigating the breach to understand if any certificates that have been issued by KPN could have been compromised.

This is just part of a slew of recent attacks against compaines issuing certificates and has prompted worldwide calls for a review of the entire certificate management process.

Barry Hesk

Researchers find “massive” security flaws in cloud architectures

by ·0 Comment

October 27th 2011

Researchers find “massive” security flaws in cloud architectures

Very interesting article published by Network World today highlighting the massive security flaws discovered in many cloud architectures.
The full article is here

Moving services to the cloud can save businesses money and can convert capex costs to ongoing opex, however major consideration does need to be given in the critical areas of security of your data, and service availability. The preceding article suggests that the integrated security architectures of some cloud services is not as good as the vendors would like you to think they are.

Barry Hesk

Cisco IOS Subnet Calculator

by ·0 Comment

Oct 24 2011

Cisco IOS Subnet Calculator

Quick one this morning. IOS has loads of pretty much undocumented features (e.g. using the “do” command in config mode) that make life so much easier. We’ve come across another one – the “terminal ip netmask-format” command. This allows you to display the netmask on an interface is one of three formats – bit-count (slash notation), decimal and hex. Avoids the constant use of all of those subnet calculators!

Router#terminal ip netmask-format bit
Router#show int f0/0.1
FastEthernet0/0.1 is up, line protocol is up
Hardware is Gt96k FE, address is 001b.d58f.76de (bia 001b.d58f.76de)
Internet address is 10.1.200.254/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1.
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of “show interface” counters never
Router#terminal ip netmask-format decimal
Router#show int f0/0.1
FastEthernet0/0.1 is up, line protocol is up
Hardware is Gt96k FE, address is 001b.d58f.76de (bia 001b.d58f.76de)
Internet address is 10.1.200.254 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1.
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of “show interface” counters never
Router#terminal ip netmask-format hex
Router#show int f0/1.1
FastEthernet0/0.1 is up, line protocol is up
Hardware is Gt96k FE, address is 001b.d58f.76de (bia 001b.d58f.76de)
Internet address is 10.1.200.254 0xFFFFFF00
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1.
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of “show interface” counters never

Barry Hesk