April 2004 Archives

Getting your budget priorities wrong

|

Hack Your Way to Hollywood

|

Hack Your Way to Hollywood Heather Robinson, 25, sure has moxie. She turned her youthful indiscretions with a stolen credit card into a movie deal. Now she's trying to land another, this one based on her electronic snooping through AOL's customer database. Xeni Jardin reports from Los Angeles.

Sounds like a movie script, but apparently its true !

Kilkenny Rhytm and Roots festival

|

Breda and I are looking forward to wandering around Killkenny this weekend and checking out some of the bands at the 7th Kilkenny Tourism-Carlsberg Country Roots Festival. With bands from allover Europe and the USA it should make for an eclectic experience.

EZchip delivers Network Processor with 10 1-Gigabit ports

|

EZchip Delivers Network Processor Based Platform with Ten 1-Gigabit Ports for Software Application Vendors

"EZchip announced the availability of a complete hardware/software platform, named EZsystem, based on its NP-1c 10-Gigabit network processor. The system is a stand-alone, self-contained box with ten 1-Gigabit ports that can be tailored by software vendors to a wide variety of networking applications to deliver unmatched performance levels. Applications include firewall, intrusion detection, load balancing, network management, VOIP gateways, content inspection and traffic analysis. The system has been delivered to early customers and is now generally available."

EZchip approach is quiet different to Intel and IBM in that they remove most of the low level programming from the end user. Instead the user is presented with a suite of programming libraries. Depending on your requirements this, may or may not suit.

Given the complexity of NP's this approach is quickly gaining popularity as it shortens the timeline in developing a solution.

TCP flaw could bring down parts of the NET

|

Flaw Puts TCP Data Transfer At Risk

"If an attacker were to send a Reset (RST) packet, for example, they could cause the TCP session between two endpoints to terminate without any further communication," the advisory said. "In the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended."

BGP is an external routing protocol used between Autonomous systems. It utilises the TCP protocol and is vulnerable to this attack. BGP is used extensively throughout the NET and software such as looking glass allows you to view the BGP tables.

The fact that we rely on a protocol that was designed for the academic community back in the 70's and 80's does raise some concern for its robustness.
The beauty of TCP is its simplicity and adaptability e.g sliding windows etc the problem is inherent trust. The solution maybe to fix the layer 3 protocol by moving across to IPv6 and utilsing ESP extension headers. At the moment as far as I'm aware only 2 ISP's are offerring IPv6, one in Japan and the other in the netherlands. As part of the degree in Software development and Multimedia studies in Tipperary Institute study TCP and Ipv6 in their year 3 module. This is a shared class and leads to some interesting cross exchange of views of data communications.

Google jobs in Ireland

|

Google Global Job Opportunities

Google has a campus in city west in Dublin. Unlike their jobs on their moonbase this is a bona fide advertisement.

Googles approach of utilising a 100,000 pc's to service search requests is creating waves in the research community. IEEE publications such as Micro has carried articles about their novel clustering approach.

Computer hacking 'costs billions' Three-quarters of UK companies are hit by security breaches in their computer systems, a survey finds.


Having worked in the secuirty industry, this headline comes as no surprise. As most companies seem to be under the impression that the cost of a system is the installation cost only. Very few companies seem to consider the ongoing cost of maintenance and monitoring. With the advent of broadband more and more companies are plugging into the NET with a fixed ip which makes the crackers job even easier as they can concentrate on running a batch of Linux scripts against the IP to expoit the machine.

The other problems that company face, is the fact that their firewall rules may be perfect in that they only allow in port 80 traffic to their web server. This creates a false sense of comfort as they believe that they are now safe. This to a certain extent may be true, however bugs in the webserver or database server are often the weakest link. So even though you may have the correct firewall rules, you may still be open to exploits.

Companies need to adopt a proactive approach and check the daily cert advisories.  Also the OS should be updated on a regular basis.

LG Electronics Ships Mindspeed Network Processor with Multi-Service Switch

Guaranteeing 40Gbps with QoS is quiet a feat. What is interesting is that the network processor technology is finding its way into switches. The NP is shaping the ATM traffic through the use of several techniques. Using MPLS end to end Qos can be setup to utilise the TOS field in the IP header to label a traffic flow and have the NP treat this label with a certain priority

NETI to Examine Net's Strengths

|

NETI to Examine Net's Strengths Georgia Tech researchers want thousands of computer users to install their program to help them monitor traffic patterns on the Internet. They plan to use the data to strengthen the Net and unblock bottlenecks. By Michelle Delio.



From personal experience, having access to this type of data would be invaluable as it would allow one to create more accurate models. Currently there are four large routing tables available to researchers for the creation of simulated networks. Having access to response times and bandwidth is something that is currently not available.


As part of my research for a number of papers on QoS we used ethereal to capture realtime traffic and parse the data into interpacket delay and burst size. The data above would have been alot more useful.



 

Europe drags heels in war on spam

|

Europe drags heels in war on spam Infosecurity Europe 2004


Many countries have dragged their heels on implementing EU rules. The European Commission has issued warnings to eight countries - Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland - for not implementing the directive in time.


NP market revivial

|

The market for NP's is expected to rise from $120 million in 2004 from $85 million last year. This is according to a report from the linley group. AMCC is currently leading the field with Intel in second place.

What is strange about this report is the fact that older products that are still selling well even though the product development for them stopped in early 2003.

These estimates for performance are certainly more conservative when compared to a few years ago, but they are encouraging.

Nvidia buy a Network Processor Company

|

Nivida took a side ways step when they bought the network processor company iReady. This further confirms what was discussed at the network processor conference NP3, that the shift in market from the core to the edge for network processor units. Logically it makes sense to invest in technology that promotes high bandwidth and configurability.

At the panel session at the end of NP3 the predicitions for network processors was that they would find their niche at the edge, being firewalls or storage area networks. This accquistion by Nvidia confirms this.

Lightweight MTA Authentication Protocol (LMAP)

|

SPAM is being taken very seriously by the IRTF (Internet Research Task Force).
A draft document has been published outlining their proposal for dealing with this problem.

In essence this solution proposes the following:

"LMAP is based on two concepts: publication of authentication data by a domain, and application of that data by a recipient MTA. The combination of these concepts permits SMTP recipients to establish more reliably whether mail putatively from a domain is actually from that domain and that there is a responsible contact in case of questions or problems with the domain's mail."

There has been some confusion as to whether the IRTF are adopting only 1 solution. They have issued a press release to state that are not however. Microsoft, Yahoo and a number of other email providers have provided the IRTF with their proposed solutions. More than likely it will be a hybrid of several proposals.

Go Phish

|

It seems that 5% of all emails last month were "phishing" for identity details. What is worrying is the amount of people who do supply details via email. This form of social engineering attack is becoming more and more common to the point where you can't even trust emails from your own domain due to domain name spoofing. It is estimated that over the past 18 months 1m stg has been scammed.

Blas 2004

|

I am looking forward to Blas 2004 which will be hosted by the Irish World Music Centre inthe University of Limerick. In particular to the master classes in guitar playing for Trad music.

I play a seagull guitar at the moment using the DADGAD tuning. I would recommend Sarah McQuaids book, if you are interested in learning DADGAD.

Welcome

|

Finally this blog is up and running. I hope to cover areas including Trad music, network processors and communication technology.

About this Archive

This page is an archive of entries from April 2004 listed from newest to oldest.

May 2004 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Influenced by:

Irish Eyes
Jabit
Mike Maunsell
Buzzblog
Tom Raftery I.T. views
Damien Mulley
James Corbett (Eirepeneur)
Powered by Movable Type 4.12