Skip to content

Archives

Links for 2013-02-01

  • IPMI: Freight Train To Hell

    ‘Intel’s Intelligent Platform Management Interface (IPMI), which is implemented and added onto by all server vendors, grant system administrators with a means to manage their hardware in an Out of Band (OOB) or Lights Out Management (LOM) fashion. However there are a series of design, utilization, and vendor issues that cause complex, pervasive, and serious security infrastructure problems. The BMC is an embedded computer on the motherboard that implements IPMI; it enjoys an asymmetrical relationship with its host, with the BMC able to gain full control of memory and I/O, while the server is both blind and impotent against the BMC. Compromised servers have full access to the private IPMI network The BMC uses reusable passwords that are infrequently changed, widely shared among servers, and stored in clear text in its storage. The passwords may be disclosed with an attack on the server, over the network network against the BMC, or with a physical attack against the motherboard (including after the server has been decommissioned.) IT’s reliance on IPMI to reduce costs, the near-complete lack of research, 3rd party products, or vendor documentation on IPMI and the BMC security, and the permanent nature of the BMC on the motherboard make it currently very difficult to defend, fix or remediate against these issues.’ (via Tony Finch)

    (tags: via:fanf security ipmi power-management hardware intel passwords bios)

  • java – Given that HashMaps in jdk1.6 and above cause problems with multi-threading, how should I fix my code – Stack Overflow

    Massive Java concurrency fail in recent 1.6 and 1.7 JDK releases — the java.util.HashMap type now spin-locks on an AtomicLong in its constructor. Here’s the response from the author: ‘I’ll acknowledge right up front that the initialization of hashSeed is a bottleneck but it is not one we expected to be a problem since it only happens once per Hash Map instance. For this code to be a bottleneck you would have to be creating hundreds or thousands of hash maps per second. This is certainly not typical. Is there really a valid reason for your application to be doing this? How long do these hash maps live?’ Oh dear. Assumptions of “typical” like this are not how you design a fundamental data structure. fail. For now there is a hacky reflection-based workaround, but this is lame and needs to be fixed as soon as possible. (Via cscotta)

    (tags: java hashmap concurrency bugs fail security hashing jdk via:cscotta)

  • High Scalability – geo-aware traffic load balancing and caching at CNBC.com

    Dyn’s anycast DNS service, as used by CNBC.com

    (tags: anycast dns scalability dyn failover geographical load-balancing)