Weekend Reads 081018: Security and Privacy in Focus

It started with a lengthy email to the NANOG mailing list on 25 June 2018 — independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, which he referred to as a “Hijack Factory”. —Doug Madory @APNIC

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. @Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). @Krebs on Security

Last month, 360 cyber crime experts from 95 countries gathered in Strasbourg to attend the Octopus Conference. The event sounds like something from James Bond, and when you Continue reading

Arched Way

Worth Reading: Understanding FR Routing

Free Range Routing (FRR) is an open source routing project. It’s designed to provide a full routing stack that can run on top of a network OS. FRR is itself a fork from the Quagga routing project. @Packet Pushers

Short Take: SDN is not DevOps

Worth Reading: Network engineers and WISP startups

Many startup WISPs are often borne out of necessity – fast, reliable or economical Internet access – one or more of these is missing in the areas we see WISPs develop. —Kevin Myers @stubarea51

Worth Reading: Hedgehogs and Foxes

There were several reasons for this: foxes were more willing to be self-critical thinkers, possessing intellectual humility. More importantly, they were willing to update their beliefs when presented with new evidence, and were more skeptical of grand explanations. —Ilana R. Akresh @Heterodox Academy

On the ‘net: A Riff on RIFT

Today, an update on some compelling projects at IETF 102. Ours guest are Jeff Tantsura and Russ White. We review the following projects to see what’s new and understand what problems they’re solving: RIFT (Routing In Fat Trees), BIER (Bit Indexed Explicit Replication), PPR (Preferred Path Routing), and YANG data modeling. We also look at the state of SD-WAN, which is a bit of the Wild West, to look at standards and interoperability efforts underway. @Packet Pushers

Network Collective: Security and Analytics

In this community roundtable, Eyvonne and I talk to Eric Osterweil about the increasing reliance on analytics in the realm of security.

Worth Reading: Honeypot DDoS monitoring

The first flaw allows an attacker to spoof requests to a vulnerable service in the name of the victim; the second flaw causes the vulnerable service to answer this request immediately. —Johannes Krupp @APNIC

Worth Reading: Compelling reasons for hybrid cloud

Hybrid cloud is actually straightforward. It’s simply the combination of private-cloud resources in a private data center with additional resources in a public-cloud platform such as Azure or AWS. —Scott Sanders @Data Center Journal

On the ‘net: Subsidiarity and Control Planes

A social principle might seem like an odd link to network engineering, design and software-defined networking, but seemingly unrelated principles often address a concept that can be applied in other contexts. In this case, the social subsidiarity principle can shed light on the use of network control planes and SDN model design. @TechTarget

History of Networking: Vint Cerf

In this recording of the History of Networking, Donald Sharp, Jordan Martin, and I sit with Vint Cert to discuss the origins of the Internet, and it’s commercialization.

Worth Reading: Existential Neediness

Many of us seek to fill our existential neediness with something from the world and find that others and circumstances never deliver enough to extinguish the ache. The more recognition, the more appreciation we seek from the world, the more we ache. —Barry Brownstein @The Intellectual Takeout

Worth Reading: Looking at Edge Computing

And yet, despite all of the activity and discussion surrounding the edge, it really lacks a single, accepted definition. It’s closer to the consumer, sure, and edge locations typically are smaller, but beyond those facts, the edge seems to be different things to different people. —Martin T. Olsen @The Data Center Journal

Research: Covert Cache Channels in the Public Cloud

One of the great fears of server virtualization is the concern around copying information from one virtual machine, or one container, to another, through some cover channel across the single processor. This kind of channel would allow an attacker who roots, or otherwise is able to install software, on one of the two virtual machines, to exfiltrate data to another virtual machine running on the same processor. There have been some successful attacks in this area in recent years, most notably meltdown and spectre. These defects have been patched by cloud providers, at some cost to performance, but new vulnerabilities are bound to be found over time. The paper I’m looking at this week explains a new attack of this form. In this case, the researchers use the processor’s cache to transmit data between two virtual machines running on the same physical core.

The processor cache is always very small for several reasons. First, the processor cache is connected to a special bus, which normally has limits in the amount of memory it can address. This special bus avoids reading data through the normal system bus, and this is (from a networking perspective) at least one hop, and often several Continue reading

Worth Reading: Electronics are leaving the plane

As in-plane shrinkage has become more challenging, however, electronics companies are looking to stack multiple circuit layers vertically to boost speed and functionality, while reducing power consumption and size. —Don Monroe @ACM

Sunset over the Dance Hall

Worth Reading: Every Silver Lining has a Cloud

All the tools you built during those last two years work only because they have direct knowledge of the system components down to the metal, or at least as close to the metal as possible. Once you move a system into the cloud, your application is sharing resources with other, competing systems, and if you are taking advantage of elastic pricing, then your machines may not even be running until the cloud provider deems them necessary. —George V. Neville-Neil @ACM

Security and Analytics

Worth Reading: The Next Stop on the Metro

5G technology really will herald the arrival of a range of truly exciting and revolutionary new services – for consumers, for businesses, for industry and for public services. And with these new services come major opportunities for service providers keen to diversify their service portfolios and create new ways to generate revenue. —Moshe Shimon @ECI