Russ

Author Archives: Russ

Weekend Reads 031722


We should instead be choosing authentication processes that appropriately match site risks; using a password should be the last thing you want to rely on.


Public companies would have to report material cybersecurity incidents no later than four business days after they occur if a rule proposed by the Securities and Exchange Commission (SEC) on Wednesday takes effect.


Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.


The directive was accompanied by a catalog of known exploited vulnerabilities maintained by CISA that includes mandatory remediation deadlines. Essentially, it means “fix these fast or else” for applicable agencies and organizations.


Just being aware of surveillance has chilling effects in how we exercise speech, which is often under attack by all sorts of actors from criminals to our own governments.


Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1.


Since its birth, Yara has become a common ground to exchange threat Continue reading

BGP Policies (Part 2)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

There are many reasons an operator might want to select which neighboring AS through which to send traffic towards a given reachable destination (for instance, 100::/64). Each of these examples assumes the AS in question has learned multiple paths towards 100::/64, one from each peer, and must choose one of the two available paths to forward along.

In the following network—

From AS65004’s perspective…

Transit providers primarily choose the most optimal exit from their AS to reduce the amount of peering settlement they are paying by using and maintaining settlement-free peering where possible and reducing the amount of time and distance traffic is carried through their network (through hot potato routing, discussed in more detail below).
If, for instance, AS65004 has a paid peering relationship with AS65002, and a contract with AS65003 which Continue reading

Weekend Reads 031122


The big ISPs all lobbied hard against the net neutrality rules, but the CEO of every big ISP was on the record at least once saying that the net neutrality rules were not a big deal and that they could live with net neutrality. So why did the big carriers lobby so hard about what the FCC was doing?


VESA, which makes the DisplayPort spec, today announced a certification program aimed at helping consumers understand if a DisplayPort 2.0 cable, monitor, or video source can support the max refresh rates and resolutions the spec claims.


Over the past week, the Akamai researchers said, they have detected multiple DDoSes that used middleboxes precisely the way the academic researchers predicted. The attacks peaked at 11Gbps and 1.5 million packets per second.


The metaverse, as Microsoft Corp. and Facebook parent Meta Platforms Inc. would have us call it, raises a remarkable prospect: For the first time, all of the technology giants are going to compete over the same turf.


A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the “first side-channel attack” on homomorphic encryption that could be exploited to Continue reading

Hedge 121: Computing in the Network with Marie-Jose Montpetit

Can computation be drawn into the network, rather than always being pushed to the edge of the network? Taking content distribution networks as a starting point, the COIN research group is looking at ways to make networks more content and computationally aware, bringing compute into the network itself. Join Alvaro Retana, Marie-Jose Montpetit, and Russ White, as we discuss the ongoing research around computing in the network.

download

BGP Policies (part 1)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

In the following network—

There are many reasons an operator might want to select which neighboring AS through which to send traffic towards a given reachable destination (for instance, 100::/64). Each of these examples assumes the AS in question has learned multiple paths towards 100::/64, one from each peer, and must choose one of the two available paths to forward along.

Examining this from AS65006’s Perspective …

Assuming AS65006 is an edge operator (commonly called enterprise, but generally just originating and terminating traffic, and never transiting traffic), there are several reasons the operator may prefer one exit point (through an upstream provider), including:

  • An automated system may determine AS65004 has some sort of brownout; in this case, the operator at 65006 has configured the system to prefer the exit through AS65005
  • The traffic Continue reading

Weekend Reads 030422


The notion that email security should be prioritized is emphasized during this time where more and more businesses are still working in a remote or hybrid dynamic environment.


After quizzing 8,000 job applicants and 2,250 hiring managers in the U.S., Germany, and Great Britain, researchers at Harvard Business School, working with the consultancy Accenture, discovered that many tens of millions of people are being barred from consideration for employment by résumé screening algorithms that throw out applicants who do not meet an unfeasibly large number of requirements, many of which are utterly irrelevant to the advertised job.


We developed attacks that exploit the transparency of the DNS lookups to tunnel injection payloads over DNS records. These attacks exploit two key factors. Firstly, DNS resolvers do not alter the DNS records received in lookups, so the malicious payload is preserved intact


In response to what industry observers call the second quantum revolution, Israel announced on Feb. 15 an ambitious goal to build its first quantum computer within a year.


PCIe 6.0 was announced on January 11, 2022, so at the earliest, we’re looking at PCIe 6.0 products rolling out at the end of 2022 or early 2023.


Continue reading

Hedge 120: Information Centric Networking with Dirk Kutscher

In today’s Internet, packets are at the core of information flows. Routers only know (very minimally) about what is in the packets they’re carrying around. Caching and content distribution networks (CDNs) are used to place information at various locations throughout the ‘net for users to access, making the distribution of this information more efficient. Information Centric Networking “flips the script,” making named information, rather than packets, the core construct of networks.

Join Dirk Kutscher, Alvaro Retana, and Russ White, as they discuss this interesting research area at the future edge of networking. You can find out more about ICN here.

download

Weekend Reads 022522


To some degree, cyber AI suffers from the pressures exerted by the quest for never-ending sales growth.


The websites for several banks in Ukraine, the Ministry of Defense, and Armed Forces were hit with a distributed denial-of-service (DDoS) attack on Feb. 15.


Threat actors are using software and developer infrastructure, platforms, and providers as valuable entry points into governments, corporations, and critical infrastructure.


Cybercriminals and nation-state actors adapted to defenders’ tactics and became more efficient in 2021, with attackers relying more on data leaks combined with ransomware to extort increasing sums of money from companies — and in some cases using data leaks without encrypting data to force a company to pay, according to two analyses published this week.


Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive.


Imagine that you run an organization out of a building. Imagine that the landlord comes one day and says, “Oh I didn’t know you are a resident of country X or dealing with anybody from country X. I have to close Continue reading

Hedge 119: Product Marketing with Cathy Gadecki

Marketing is an underappreciated (and even demonized) part of the process in creating and managing networking products. Cathy Gadecki of Juniper joins Russ White and Tom Ammon on this episode of the Hedge to fill in the background and discuss the importance of marketing, and some of the odd corners where marketing impacts product development.

download

Controversial Reads 021921


The main purpose of algorithms, like digital programs and datacenters more broadly, is not to make money or influence thoughts, but to control people—in a direct and alien way hostile to our core beliefs and principles.


But as I testified to the Senate last week, you can basically reidentify anything. “Anonymity” is an abstraction.


Many people think that NoSQL databases are the “next big thing” in technology, and that we should write all of our core applications using them. However, NoSQL databases actually predate relational databases, and common relational databases were established to solve the problems that NoSQL brings.


One reason is that the most widely used methods of recycling more traditional batteries, like lead-acid batteries, don’t work well with Li batteries. The latter are typically larger, heavier, much more complex and even dangerous if taken apart wrong.


Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale.


The problem is Web3 is not all that distributed, nor is it particularly equitable or transparent. It is highly centralized, despite being touted as a decentralized alternative to the web.


But rampant misinformation and days-long internet Continue reading

Weekend Reads 021821


A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device’s software.


A simulated phishing attack against more than 82,000 workers found that emails with a personal impact resulted in more clicks and that technical teams — such as IT workers and DevOps teams — clicked just as often and reported suspected phishing attacks less often compared with nontechnical teams


Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users’ browsing habits into approximately 350 topics.


NFTs continue to explode in popularity, reaching $25 billion in sales in 2021 as reported by Reuters. NFTs, or non-fungible tokens, are cryptoassets in which each token is unique.


The use in almost every aspect of human activity adds value to the need of UAS evolution, but it also increases security risks. Imagine what can happen when smart and cheap drones that anyone can easily purchase from a local hobby store become weapons at the hands of adversaries and cyber criminals.


Researchers have demonstrated a new type of fingerprinting technique that exploits a machine’s graphics Continue reading

Hedge 118: Integrating New Ideas with William Collins

When vendors build something new—or when you decide to go a different direction in your network—you have to figure out how to integrate these new things. Integration of this type often includes cultural, as well as technical, changes. William Collins joins Tom Ammon and Russ White to discuss his experience in integrating new technologies on Hedge 118.

Infrastructure Privacy Webinar

I’m teaching a three-hour webinar on privacy over at Safari Books on Friday. From the description there—

Privacy is important to every IT professional, including network engineers—but there is very little training oriented towards anyone other than privacy professionals. This training aims to provide a high-level overview of privacy and how privacy impacts network engineers. Information technology professionals are often perceived as “experts” on “all things IT,” and hence are bound to face questions about the importance of privacy, and how individual users can protect their privacy in more public settings.

Please join me for this—it’s a very important topic largely ignored in the infrastructure space.

Providers and Privacy at NANOG 84

I’m speaking (in person) at NANOG84 on providers and privacy—

Privacy is a hot topic, but there’s little information for the networking professional in this area. This presentation will provide a quick overview and thoughts on the area of privacy aimed at transit provider operations personnel, including packet processing and logging. Note this presentation does not constitute legal advice, but rather just presents general concepts and thoughts from the perspective of a network engineer in an area of interest.

DC Fabric Intelligence Panel at DCD

On the 10th of February (next week) I’m participating in a panel discussing—

A networking strategy involving disaggregation deployment, overlay network virtualization, automation, and visibility can remedy the complexities with better utilization and performance and ultimately enable network slicing and self-healing abilities. Cloudification of the network is here, but how far do we need to go, and what is the impact on the hardware?

You can find more information about joining here.

Weekend Reads 012822


DigiTimes reports that processor prices are set to increase “substantially” in 2022 due to a boost in foundry costs. Specifically, processors based on the sub-7nm process nodes are expected to be more expensive moving forward.


For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.


Although the advisory discussed above is specific to Russian threat actors, the lessons learned and approaches to preparedness, detection, and prevention are generically applicable to a wide range of threats for both IT and OT.


An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.


HTTPS serves as a critical infrastructure for web security, protecting the privacy and integrity of communications between networks. An important aspect of the extension is the authentication process, which is powered by Web PKI via digital certificates that are issued by Certificate Authorities (CAs).


Their intention is to expand Continue reading

Hedge 116: Schofield’s Laws of Computing

Jack Schofield, a prolific journalist covering computers and computing, developed three “laws” across his thirty years of reporting that have come to be known as Schofield’s Laws of Computing. What are these laws, and how do they apply to the modern computing landscape—especially for the network engineer? Join Tom Ammon and Russ White as they discuss Schofield’s Laws of Computing.

download

1 16 17 18 19 20 162