DevCentral Top 5: Feb 25, 2015
The articles on DevCentral have been absolutely fantastic as of late. Understandably, readers can expect to find great F5-related technical content here at DevCentral, but several industry-relevant pieces are also found in this community. These articles provide the perfect blend of technical thought leadership that’s sure to excite and inform. It’s always a fun challenge to select the “top 5” articles, and here are my choices:
CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE
In his first DevCentral article, MegaZone lifts the veil of confusion that so prominently exists regarding two recent POODLE CVEs. The first POODLE vulnerability is tied specifically to SSLv3 while the second is tied to TLSv1.x. Officially, F5 refers to the second CVE as the “TLS 1.x Padding Vulnerability” but you know how these things go…many of the scan tools around the world today refer to this CVE as “TLS POODLE” and it’s essentially impossible to put the toothpaste back in the tube on this one. So, as it stands, we have two very different vulnerabilities with two very similar names. Thanks to MegaZone, we also have a fantastic article that explains the differences and even gives mitigation steps for those who are affected by one or both of these critical vulnerabilities. I speak for us all when I say, “Thanks MegaZone…I hope this is the first in a long line of articles we will see from you on DevCentral!”
Why You Should Tap the Hardware Random Number Generator in your BIG-IP
David Holmes gives us a peek into his existential attitude in this very interesting article about how to achieve true randomness for your cryptography keys. Every time a computer generates a crypto key, it needs hundreds of bytes of entropy. The problem is…computers have a really hard time finding truly random numbers. Some try to make up randomness, but that always turns out to be a bad idea. So, what to do, right? The good news is that you can utilize your BIG-IP to accomplish this much-needed random number generation. David even provides an iRule that will mine the BIG-IP hardware for random data. While humans struggle to find meaning in life, computers struggle to find lack of meaning. Oh, what a tangled web we weave…
IE Universal XSS Vulnerability Mitigation
Does anyone still use Internet Explorer? Yes they do. Although the usage trend for IE is headed in a downward direction, many thousands of people still use the browser. In this article, Jason Rahm highlights an important and potentially dangerous Cross Site Scripting vulnerability that is known to affect IE 11 (but Jason also confirmed it’s success on IE 10 using Windows 7). The good news is that you can use a simple LTM policy or an iRule to mitigate this vulnerability. You gotta love the flexibility and power of iRules! Who knows when Microsoft will patch this…but you can patch it in about 2 minutes when you follow the steps that Jason lays out in this short but powerful article.
Lizard Squad Leaked Database
Oz Elisyan is another first-time author on DevCentral…and his article already has 5 upvotes! It’s easy to see why you all like Oz’s inside look at the Lizard Squad database hack. This article is a great example of the breadth of great content you will find on DevCentral because it doesn’t mention F5 at all. It’s just a phenomenal write up about a hack against the not-so-friendly Lizard Squad. Lizard Squad provides a “DDoS for hire” service, and many of their members were recently arrested following a high profile attack against Xbox and others. Well, turnabout is fair play. In this case, someone used several Cross Site Scripting vulnerabilities to gain access to the Lizard Squad database of attacked DDoS targets (dare I suggest that Lizard Squad should have used Jason Rahm’s XSS iRule mentioned in the last article?). Anyway, you can read all about the Lizard Squad database and even check to see if your company is listed among the targets. Great job on this article, Oz!
Can network infrastructure be immutable infrastructure?
We all love disposable stuff…plates, napkins, contact lenses, batteries, cameras, and…network infrastructure? Lori MacVittie reminds us that we have a tendency to throw away just about everything. As technology trends move from the nucleus of business today - application development - to the very nether regions of the application data path - the network - it makes sense to ask whether or not network infrastructure can ever be immutable? Lori provides a phenomenal, thought-provoking look at reasons you might want to consider implementing a disposable infrastructure (or, at least, pieces of infrastructure) one day.
- Vader123_194029NimbostratusGreat list