Archive

Category Archives for "Russ White"

Worth Reading: Class breaks

There’s a concept from computer security known as a class break. It’s a particular security vulnerability that breaks not just one system, but an entire class of systems. Examples might be a vulnerability in a particular operating system that allows an attacker to take remote control of every computer that runs on that system’s software. Or a vulnerability in Internet-enabled digital video recorders and webcams that allow an attacker to recruit those devices into a massive botnet. —Schneier on Security

The post Worth Reading: Class breaks appeared first on 'net work.

Worth Reading: Class breaks

There’s a concept from computer security known as a class break. It’s a particular security vulnerability that breaks not just one system, but an entire class of systems. Examples might be a vulnerability in a particular operating system that allows an attacker to take remote control of every computer that runs on that system’s software. Or a vulnerability in Internet-enabled digital video recorders and webcams that allow an attacker to recruit those devices into a massive botnet. —Schneier on Security

The post Worth Reading: Class breaks appeared first on 'net work.

Worth Reading: Elements and principles of graphic design

Knowing the key basics of design will help you to create better, more aesthetically pleasing works of art. When creating a design, there are both elements and principles to pay attention to. Knowing both pieces of the puzzle and how to successfully incorporate them into your designs will help you to create more beautiful pieces. —Line25

The post Worth Reading: Elements and principles of graphic design appeared first on 'net work.

Worth Reading: Elements and principles of graphic design

Knowing the key basics of design will help you to create better, more aesthetically pleasing works of art. When creating a design, there are both elements and principles to pay attention to. Knowing both pieces of the puzzle and how to successfully incorporate them into your designs will help you to create more beautiful pieces. —Line25

The post Worth Reading: Elements and principles of graphic design appeared first on 'net work.

Worth Reading: Let’s encrypt with DANE

If you looked at the realm of security, and X.509 certificate-based secure systems, we appear to be in the worst of all worlds: it can be expensive, inherently compromisable and slow to set up and access. So somehow, we’ve managed to achieve “Security: Poor, Slow and Expensive!”. However, this environment is changing, and it may no longer be the case. In this post, I’d like to walk through the process of setting up good, inexpensive and accessible security using several public tools. —APNIC

The post Worth Reading: Let’s encrypt with DANE appeared first on 'net work.

Worth Reading: The state of DNS security

Did you know that 89% of top-level domains are now signed with DNSSEC? Or that over 88% of .GOV domains and over 50% of .CZ domains are signed? Were you aware that over 103,000 domains use DANE and DNSSEC to provide a higher level of security for email? Or that 80% of clients request DNSSEC signature records in DNS queries? All these facts and much more are available in our new State of DNSSEC Deployment 2016 report. —The Internet Society

The post Worth Reading: The state of DNS security appeared first on 'net work.

BGP Flowspec Indirection

While Flowspec has been around for a while (RFC5575 was published in 1999), deployment across AS boundaries has been somewhat slow. The primary concerns in deploying flowspec are the ability to shoot oneself in the foot, particularly as poening Flowspec to customers can also open an entirely new, and not well understood, attack surface, and the simple cost of filtering packets. In theory, ASICs can filter packets based on a variety of parameters cheaply. Theory doesn’t always easily translate to practice, however.

Regardless, recent work in Flowspec is quite interesting; particularly the ability to redirect flows, rather than simply filtering them. Of course, the original RFCs did allow for the redirection of flows into a VRF on the local router, but this leaves a good bit to be desired. To make such a system work, you must actually have a VRF into which to redirect traffic; for one-off situations, such as directing attack traffic to a honey pot, building the VRF and populating it can be more work than capturing the traffic is worth. A newer draft, draft-ietf-idr-flowspec-path-redirect, aims to resolve this.

Before getting to the draft specifics, however, it is useful to review the basic concept of Continue reading

Worth Reading: The FTC’s IoT challenge

One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC). —Krebs on Security

The post Worth Reading: The FTC’s IoT challenge appeared first on 'net work.

Worth Reading: Bleaker times for DNS registrars?

Verisign’s spent the best part of 2016 putting out warnings. The .COM operator and domain industry heavyweight highlighted its Q3 earnings report with a stern “Ending Q4 ’16 Domain Name Base expected to decrease by between 1.5M to 2.8M registrations from the end of Q3 ’16”. A forecast which the company said was based on “on historical seasonality and current market trends.” As 2016 drew to a close, the downturn seemed to materialize with specialist blog The Domains running a story on December 29 entitled “.Com Registrations Loses Another 1 Million Domains In Less Than 2 Weeks; Now Under 127 Million”. —CircleID

The post Worth Reading: Bleaker times for DNS registrars? appeared first on 'net work.

On the ‘net: Is Proprietary Dead?

A new age of openness is coming upon us. At least that’s what we’re being told. For instance — “The reign of closed solution suites is over, shifting to the rise of open, heterogeneous software ecosystems.” Maybe it’s my 30 years in the information technology business (how many people remember Thomas-Conrad ARCnet hardware?), but I’m not convinced. It’s worth taking a moment to consider the case. —CircleID

The post On the ‘net: Is Proprietary Dead? appeared first on 'net work.

Worth Reading: Notes on the lawsuit against D-Link

Today, the FTC filed a lawsuit[*] against D-Link for security problems, such as backdoor passwords. I thought I’d write up some notes. The suit is not “product liability”, but “unfair and deceptive” business practices for promising “security”. In addition, they interpret “security” different from the cybersecurity community. This needs to be stressed because right now in our industry, there is a big discussion of product liability, insisting that everything attached to the Internet needs to be secured. People will therefore assume the FTC action is based on “liability”. Instead, all six counts are based upon the fact that D-Link offers its products for securing networks, and claims they are secure. Because they have backdoor passwords, clear-text passwords, command-injection bugs, and public private-keys, the FTC feels the claims of security to be untrue. —Errata Security

The post Worth Reading: Notes on the lawsuit against D-Link appeared first on 'net work.

Worth Reading: The quiet revolution of apprenticeships

Higher education is a popular target for reformers. For at least a decade there have been protests over student debt, which averages well into five figures per student (six figures is not uncommon). Blame is lobbed everywhere. Tuition has risen faster than any other good – more than 500% in the last few decades – fueled by growing demand fueled by subsidy and government-backed loans fueled by a belief that, without college credentials, everyone will be poor and have fewer career options. Ironically, credential-chasing is making people poorer and limiting their options. —Intellectual Takeout

The post Worth Reading: The quiet revolution of apprenticeships appeared first on 'net work.

One Weird Trick to really be Smarter

For some reason, I seem to be a bit of a question magnet. Not that I mind, of course, because… Well, you’ll discover why in just a moment. I was reminded of this, this week, when someone asked me—”how do you know so much about so many different things?” Before I answered them, Steve Hood published his first post on his journey to the CCNA. Buried in this post is something very important in relation to the question in hand—

Further, over the last six months I have worked, for the first time, in environments in which I am not the sole networking professional. Simply being able to say “hey, what do you think of doing ____?” has been awesome. Before joining a networking team I could only see my own perspective and the things I thought to google. Now I have the advantage of a reply from someone with more or different experience.

This completely exposes one of my primary pathways to knowing a lot of stuff about a lot of stuff. If you don’t see it yet, here it is in plain language, one weird trick that will really make you smarter.

Make certain you are Continue reading

Worth Reading: Why did we think anonymity was the problem?

Despite the experimental evidence, the misconception of online anonymity as a primary cause of social problems has stuck. Since the 1980s, anonymity has become an easy villain to blame for whatever fear people hold about social technology, even though lab experiments now point in a different direction. —The Coral Project

The post Worth Reading: Why did we think anonymity was the problem? appeared first on 'net work.

Worth Reading: DRM versus civil liberties

Imagine a world where your Internet-connected car locks you in at the behest of its manufacturer—or the police. Where your media devices only let you consume mass media, not remix it to publish a counter-narrative or viral meme. Where your phone is designed to report on your movements and communications. Where your kid’s toy tells them it’s their friend, then talks about how much it loves sponsored products and transmits everything it hears in your home back to its manufacturer. Where your phone stops working if the police or the manufacturer ask it to. Where these backdoors are vulnerable to hacking, so anyone with the right resources can take advantage of them. —CircleID

LinkedInTwitterGoogle+Facebook

The post Worth Reading: DRM versus civil liberties appeared first on 'net work.

Woth Reading: Domain name proxies for privacy

Privacy/proxy services carry no per se stigma of nefarious purpose, although when first introduced circa 2006 there was some skepticism they could enable cybersquatting and panelists expressed different views in weighing the legitimacy for their use. Some Panels found high volume registrants responsible for registering domain-name-incorporating trademarks. Others rejected the distinction between high and low volume as a determining factor. WWF-World Wide Fund for Nature aka WWF International v. Moniker Online Services LLC and Gregory Ricks, D2006-0975 (WIPO November 1, 2006) expresses the consensus, namely that use of these services “does not of itself indicate bad faith; there are many legitimate reasons for proxy registration services”). —Circle ID

LinkedInTwitterGoogle+Facebook

The post Woth Reading: Domain name proxies for privacy appeared first on 'net work.

1 102 103 104 105 106 161