Worth Reading: Backdoor in Android phones

For about $50, you can get a smartphone with a high-definition display, fast data sendee and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence. —NY Times

The post Worth Reading: Backdoor in Android phones appeared first on 'net work.

Gate

The post Gate appeared first on 'net work.

Worth Reading: The long decline of online freedom

“Freedom on the Net,” Freedom House’s annual study on internet freedom around the world, sheds light on the fact that in many parts of the world, access to the free and open internet is simply not a reality. While this is due to a number of factors, for many people government-mobilized access restrictions and shutdowns present a significant barrier to the tremendous benefits of the internet. —The Internet Society

The post Worth Reading: The long decline of online freedom appeared first on 'net work.

Worth Reading: Scoring the DNS Root Servers

The process of rolling the DNS Root’s Key Signing Key of the DNS has now started. During this process, there will be a period where the root zone servers’ response to a DNS query for the DNSKEY resource record of the root zone will grow from the current value of 864 octets to 1,425 octets. Does this present a problem? Let’s look at the DNS Root Server system and score it on how well it can cope with large responses. —APNIC

The post Worth Reading: Scoring the DNS Root Servers appeared first on 'net work.

The One Car

Imagine, for a moment, that you could only have one car. To do everything. No, I don’t mean, “I have access to a moving van through a mover, so I only need a minivan,” I mean one car. Folks who run grocery stores would need to use the same car to stock the shelves as their employees use to shuffle kids to school and back. The only thing about this car is this—it has the ability to add knobs pretty easily. If you need a new feature to meet your needs, you can go to the vendor and ask them to add it—there is an entire process, and it’s likely that the feature will be added at some point.

How does this change the world in which we live? Would it improve efficiency, or decrease it? Would it decrease operational costs (opex) or increase it? And, perhaps, another interesting question: what would this one car look like?

I’m guessing it would look a lot like routers and switches today. A handful of models, with lots of knobs, a complex CLI, and an in depth set of troubleshooting tools to match.

Of course, we actually have many different routers in the Continue reading

Worth Reading: High Speed Optical Networking

The alchemists of our age, scientists and engineers, have transformed chemical compounds like gallium-arsenide, indium-phosphide, and silicon into miniaturized lasers, light detectors, and thin tubes of glass that combine to communicate information over long distances at unimaginably fast speeds. The raw power and extraordinarily efficient cost performance of high-speed optical networking underlies our global internet economy. We are surrounded by countless consumer, industrial, financial, and social applications that depend on reliable and inexpensive communications – spanning interactions among people, between people and machines, and increasingly, among the machines themselves. —ECI

The post Worth Reading: High Speed Optical Networking appeared first on 'net work.

Worth Reading: SAN and NAS Basics

You can learn about Storage Area Network and Network Attached Storage storage basics with the training videos on this page. I’ve also included full explanations with text and screenshots. The videos are mainly designed for systems or network engineers who want to understand the theory of how SAN and NAS works. I’ve included practical examples so you can also see how SAN and NAS are implemented in real-world deployments. —Flackbox

The post Worth Reading: SAN and NAS Basics appeared first on 'net work.

Spirals

The post Spirals appeared first on 'net work.

Worth Reading: Regulating IoT

Your security on the Internet depends on the security of millions of Internet-enabled devices, designed and sold by companies you’ve never heard of to consumers who don’t care about your security. The technical reason these devices are insecure is complicated, but there is a market failure at work. The Internet of Things is bringing computerization and connectivity to many tens of millions of devices worldwide. —Schneier on Security

The post Worth Reading: Regulating IoT appeared first on 'net work.

Worth Reading: Large BGP Communities

But there is one sub-area of BGP which can’t handle 4-byte ASNs: the BGP communities mechanism. BGP uses special sub-packets inside the protocol to exchange values that encode as 32-bit values, and use one of these 32-bit values to associate two 16-bit numbers; one identified as an ASN and the other as an arbitrary community tag. This permits a relationship between the two values to be specified cleanly and permit BGP routing decisions to be informed by the community tag associated with a given ASN. —APNIC

The post Worth Reading: Large BGP Communities appeared first on 'net work.

On the ‘Net: The Internet Protocol Journal

The latest IPJ has been published—the first in a while. Ole is just putting the publication back on a sound footing; hopefully we’ll start seeing new editions of this excellent resource on a regular basis. Two good articles this month—

Comprehensive Internet E-Mail Security
William Stallings

At its most fundamental level, the Internet mail architecture consists of a user world in the form of Message User Agents (MUA), and the transfer world, in the form of the Message Handling Service (MHS), which is composed of Message Transfer Agents (MTA). The MHS accepts a message from one user and delivers it to one or more other users, creating a virtual MUA-to-MUA exchange environment. This architecture involves three types of interoperability.

Cloudy-Eyed: Complexity and Reality with Software-Defined Networks
Russ White and Shawn Zandi

Software-Defined Networks (SDN) are promoted as a way to eliminate the complexity of distributed control planes, increase network responsiveness to specific applications and business requirements, and reduce operational and equipment cost. If this description sounds like the classic “too good to be true” situation, that’s because it might just be.

The post On the ‘Net: The Internet Protocol Journal appeared first on 'net work.

On the ‘Net: The Shifting Job of the Network Engineer

As more companies examine the cloud, network engineering tools are changing, requiring engineers to rethink and recraft their job descriptions. —Tech Target

The post On the ‘Net: The Shifting Job of the Network Engineer appeared first on 'net work.

Worth Reading: Beware of Linking Ads

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person’s online behavior across a range of devices, including phones, TVs, tablets, and computers. The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can’t be heard by the human ear, nearby tablets and smartphones can detect it. —ARS Technica

The post Worth Reading: Beware of Linking Ads appeared first on 'net work.

Worth Reading: Cheap IoT Threatens the Internet

Bring a screwdriver and build your own PC: chassis here, power supply there, motherboard, overclocked processor, liquid cooling for the tortured chip, fans, neon lights… Those were the PC organ bank days. Today, we have the promise of another gold rush: The Internet of Things. You buy into the dream and decide to start a company that will build and sell security cameras…the baby monitor and toaster will follow. —Monday Note

The post Worth Reading: Cheap IoT Threatens the Internet appeared first on 'net work.

Worth Reading: IPv6 Inside LinkedIn

One person, or a small team, can install, configure, and manage a limited number of devices (servers, switches, routers, etc.) manually. In any large network, with hundreds or even thousands of devices, it gets more complicated, and you will want to start automating some of these functions. This is one dimension of scaling your infrastructure. And as teams grow, more and more people are doing the same work on the same devices, so it’s necessary to have tools that ensure knowledge is transmitted, changes are reviewed, etc. This is another dimension of scaling. —LinkedIn Engineering Blog

The post Worth Reading: IPv6 Inside LinkedIn appeared first on 'net work.

Worth Reading: Can Technology be Morally Neutral?

“Technology is neutral. It’s only how it’s used that can be good or bad.” Back in the 1960s and even up to the 1970s, a statement along those lines was often the standard response you got from an engineer or scientist if you raised questions about the dangers or moral implications of a given invention. The neutrality argument was used to defend radio, television, computers, and even nuclear energy. But Sheila Jasanoff, for one, would disagree. —MercatorNet

The post Worth Reading: Can Technology be Morally Neutral? appeared first on 'net work.

Reactive Malicious Domain Detection (ENTRADA)

One interesting trend of the last year or two is the rising use of data analytics and ANI (Artificial Narrow Intelligence) in solving network engineering problems. Several ideas (and/or solutions) were presented this year at the IETF meeting in Seoul; this post takes a look at one of these. To lay the groundwork, botnets are often controlled through a set of domain names registered just for this purpose. In the same way, domain names are often registered just to provide a base for sending bulk mail (SPAM), phishing attacks, etc. It might be nice for registrars to make some attempt to remove such domains abused for malicious activities, but it’s difficult to know what “normal” activity might look like, or for the registrar to even track the usage of a particular domain to detect malicious activity. One of the papers presented in the Software Defined Network Research Group (SDNRG) addresses this problem directly.

The first problem is actually collecting enough information to analyze in a useful way. DNS servers, even top level domain (TLD) servers collect a huge amount of data—much more than most engineers might suspect. In fact, the DNS system is one of those vast sources of information Continue reading

Worth Reading: SDN versus NMS

Under the new paradigm, the standards bodies have said that it may be a long time before optical equipment has a standardized set of open protocols that can comprehensively control all possible options. Instead, carriers and vendors have agreed to support a tiered architecture where domain controllers understand specific parts of the network and a parent controller understands how all of the parts of the network fit together. —ECI

The post Worth Reading: SDN versus NMS appeared first on 'net work.

Worth Reading: IoT Goes Nuclear

Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. —Eyal Ronen

The post Worth Reading: IoT Goes Nuclear appeared first on 'net work.

BGP Tools for the DFZ (2)

In the last post in this series, I looked at the whois database to make certain the registration information for a particular domain name is correct. Now it’s time to dig a little deeper into the DFZ to see what we can find. To put this series in the widest context possible, we will begin by assuming we don’t actually know the Autonomous System number associated with the domain name we’re looking for—which means we will need to somehow find out which AS number belongs to the organization who’s routes we are trying to understand better. The best place to start in our quest for an AS number that matches a domain name is peeringdb. The front page of peeringdb looks like this—

As the front page says, peeringdb primarily exists to facilitate peering among providers. Assume you find you are a large college, and you find you have a lot of traffic heading to LinkedIn—that, in fact, this traffic is consuming a large amount of your transit traffic through your upstream provider. You would really like to offload this traffic in some way directly to LinkedIn, so you can stop paying the transit costs to this particular network. But Continue reading