Worth Reading: Social Media for Social Influence

A global conference of senior military and intelligence officials taking place in London this week reveals how governments increasingly view social media as “a new front in warfare” and a tool for the Armed Forces. The overriding theme of the event is the need to exploit social media as a source of intelligence on civilian populations and enemies; as well as a propaganda medium to influence public opinion. —Motherboard

The post Worth Reading: Social Media for Social Influence appeared first on 'net work.

On the ‘Net: BGP Security, LACNOG 26

The post On the ‘Net: BGP Security, LACNOG 26 appeared first on 'net work.

Worth Reading: Security and BYOD

According to the Identity Theft Resource Center, more than 169 million personal records were exposed as a result of 781 publicized security breaches across the financial, business, education, government and health-care sectors in 2015. As shocking as these numbers are, they may not fully convey the scope of the threat: Any company or consumer that connects to the Internet is at risk of becoming a victim of a cyberattack. The challenge of protecting networks from these attacks has been exacerbated by the bring-your-own-device phenomenon, which opens the door to new vulnerabilities for many organizations daily. More and more, business is taking place over personal devices as employees work from home or travel. For some staff members, relying on their own laptops, tablets and smartphones is simply a matter of personal preference. —Data Center Journal

The post Worth Reading: Security and BYOD appeared first on 'net work.

Worth Reading: Hacking WiFi for $25

US and Chinese security researchers have discovered that it is possible to detect a user’s private information by studying the radio signals emitted to provide Wi-Fi internet coverage and how they interact with a person’s body movements. Researchers from Shanghai Jaio Tong University, the University of Massachusetts Boston and the University of South Florida have developed the WindTalker system, which can analyse sophisticated contemporary Wi-Fi networks and sneakily detect and record passwords by looking at the directions that radio waves travel to provide wireless internet coverage. —International Business Times

The post Worth Reading: Hacking WiFi for $25 appeared first on 'net work.

Worth Reading: Cybersecurity Due Diligence

Cybersecurity is no longer a corporate or private affair. What once was simply good business practice is now a legal obligation for ISPs, large and small. In Europe, this is the direct consequence of the upcoming EU Network and Information Security (NIS) Directive, to be implemented into national laws within the next few years, but such obligations are reflected in other international and national documents describing contemporary policies and future laws.

The post Worth Reading: Cybersecurity Due Diligence appeared first on 'net work.

Worth Reading: Personalized Ransomware

Smart entrepreneurs have long employed differential pricing strategies to get more money from customers they think will pay a higher price. Cyber criminals have been doing the same thing on a small scale with ransomware: demanding a larger ransom from individuals or companies flush with cash, or organizations especially sensitive to downtime and service disruptions. But now it appears cyber criminals have figured out how to improve their ROI by attaching basic price discrimination to large-scale, phishing-driven ransomware campaigns. So choosing to pay a ransom could come with an even heftier price tag in the near future. —Cloud Security Alliance

The post Worth Reading: Personalized Ransomware appeared first on 'net work.

Light Blogging Week

This week I’m working on a paper for a PhD seminar, as well as some other things I need to catch up on… I’m just going to be posting worth reading and pointers to some presentations and such in other places. Will return next week with a more normal schedule.

The post Light Blogging Week appeared first on 'net work.

Worth Reading: Installing a back door on locked PCs

You probably know by now that plugging a random USB into your PC is the digital equivalent of swallowing a pill handed to you by a stranger on the New York subway. But serial hacker Samy Kamkar‘s latest invention may make you think of your computer’s USB ports themselves as unpatchable vulnerabilities—ones that open your network to any hacker who can get momentary access to them, even when your computer is locked. Today Kamkar released the schematics and code for a proof-of-concept device he calls PoisonTap: a tiny USB dongle that, whether plugged into a locked or unlocked PC, installs a set of web-based backdoors that in many cases allow an attacker to gain access to the victim’s online accounts, corporate intranet sites, or even their router. —Wired

The post Worth Reading: Installing a back door on locked PCs appeared first on 'net work.

Worth Reading: Vehicle CAN denial of service

Contemporary vehicles are getting equipped with an increasing number of Electronic Control Units (ECUs) and wireless connectivities. Although these have enhanced vehicle safety and efficiency, they are accompanied with new vulnerabilities. In this paper, we unveil a new important vulnerability applicable to several in-vehicle networks including Control Area Network (CAN), the de facto standard in-vehicle network protocol. Specifically, we propose a new type of Denial-of-Service (DoS), called the busoff attack, which exploits the error-handling scheme of in-vehicle networks to disconnect or shut down good/uncompromised ECUs. —University of Michigan Research

The post Worth Reading: Vehicle CAN denial of service appeared first on 'net work.

Worth Reading: Backdoor in Android phones

For about $50, you can get a smartphone with a high-definition display, fast data sendee and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence. —NY Times

The post Worth Reading: Backdoor in Android phones appeared first on 'net work.

Gate

The post Gate appeared first on 'net work.

Worth Reading: The long decline of online freedom

“Freedom on the Net,” Freedom House’s annual study on internet freedom around the world, sheds light on the fact that in many parts of the world, access to the free and open internet is simply not a reality. While this is due to a number of factors, for many people government-mobilized access restrictions and shutdowns present a significant barrier to the tremendous benefits of the internet. —The Internet Society

The post Worth Reading: The long decline of online freedom appeared first on 'net work.

Worth Reading: Scoring the DNS Root Servers

The process of rolling the DNS Root’s Key Signing Key of the DNS has now started. During this process, there will be a period where the root zone servers’ response to a DNS query for the DNSKEY resource record of the root zone will grow from the current value of 864 octets to 1,425 octets. Does this present a problem? Let’s look at the DNS Root Server system and score it on how well it can cope with large responses. —APNIC

The post Worth Reading: Scoring the DNS Root Servers appeared first on 'net work.

The One Car

Imagine, for a moment, that you could only have one car. To do everything. No, I don’t mean, “I have access to a moving van through a mover, so I only need a minivan,” I mean one car. Folks who run grocery stores would need to use the same car to stock the shelves as their employees use to shuffle kids to school and back. The only thing about this car is this—it has the ability to add knobs pretty easily. If you need a new feature to meet your needs, you can go to the vendor and ask them to add it—there is an entire process, and it’s likely that the feature will be added at some point.

How does this change the world in which we live? Would it improve efficiency, or decrease it? Would it decrease operational costs (opex) or increase it? And, perhaps, another interesting question: what would this one car look like?

I’m guessing it would look a lot like routers and switches today. A handful of models, with lots of knobs, a complex CLI, and an in depth set of troubleshooting tools to match.

Of course, we actually have many different routers in the Continue reading

Worth Reading: High Speed Optical Networking

The alchemists of our age, scientists and engineers, have transformed chemical compounds like gallium-arsenide, indium-phosphide, and silicon into miniaturized lasers, light detectors, and thin tubes of glass that combine to communicate information over long distances at unimaginably fast speeds. The raw power and extraordinarily efficient cost performance of high-speed optical networking underlies our global internet economy. We are surrounded by countless consumer, industrial, financial, and social applications that depend on reliable and inexpensive communications – spanning interactions among people, between people and machines, and increasingly, among the machines themselves. —ECI

The post Worth Reading: High Speed Optical Networking appeared first on 'net work.

Worth Reading: SAN and NAS Basics

You can learn about Storage Area Network and Network Attached Storage storage basics with the training videos on this page. I’ve also included full explanations with text and screenshots. The videos are mainly designed for systems or network engineers who want to understand the theory of how SAN and NAS works. I’ve included practical examples so you can also see how SAN and NAS are implemented in real-world deployments. —Flackbox

The post Worth Reading: SAN and NAS Basics appeared first on 'net work.

Spirals

The post Spirals appeared first on 'net work.

Worth Reading: Regulating IoT

Your security on the Internet depends on the security of millions of Internet-enabled devices, designed and sold by companies you’ve never heard of to consumers who don’t care about your security. The technical reason these devices are insecure is complicated, but there is a market failure at work. The Internet of Things is bringing computerization and connectivity to many tens of millions of devices worldwide. —Schneier on Security

The post Worth Reading: Regulating IoT appeared first on 'net work.

Worth Reading: Large BGP Communities

But there is one sub-area of BGP which can’t handle 4-byte ASNs: the BGP communities mechanism. BGP uses special sub-packets inside the protocol to exchange values that encode as 32-bit values, and use one of these 32-bit values to associate two 16-bit numbers; one identified as an ASN and the other as an arbitrary community tag. This permits a relationship between the two values to be specified cleanly and permit BGP routing decisions to be informed by the community tag associated with a given ASN. —APNIC

The post Worth Reading: Large BGP Communities appeared first on 'net work.

On the ‘Net: The Internet Protocol Journal

The latest IPJ has been published—the first in a while. Ole is just putting the publication back on a sound footing; hopefully we’ll start seeing new editions of this excellent resource on a regular basis. Two good articles this month—

Comprehensive Internet E-Mail Security
William Stallings

At its most fundamental level, the Internet mail architecture consists of a user world in the form of Message User Agents (MUA), and the transfer world, in the form of the Message Handling Service (MHS), which is composed of Message Transfer Agents (MTA). The MHS accepts a message from one user and delivers it to one or more other users, creating a virtual MUA-to-MUA exchange environment. This architecture involves three types of interoperability.

Cloudy-Eyed: Complexity and Reality with Software-Defined Networks
Russ White and Shawn Zandi

Software-Defined Networks (SDN) are promoted as a way to eliminate the complexity of distributed control planes, increase network responsiveness to specific applications and business requirements, and reduce operational and equipment cost. If this description sounds like the classic “too good to be true” situation, that’s because it might just be.

The post On the ‘Net: The Internet Protocol Journal appeared first on 'net work.