Worth Reading: Looking at Edge Computing

And yet, despite all of the activity and discussion surrounding the edge, it really lacks a single, accepted definition. It’s closer to the consumer, sure, and edge locations typically are smaller, but beyond those facts, the edge seems to be different things to different people. —Martin T. Olsen @The Data Center Journal

Research: Covert Cache Channels in the Public Cloud

One of the great fears of server virtualization is the concern around copying information from one virtual machine, or one container, to another, through some cover channel across the single processor. This kind of channel would allow an attacker who roots, or otherwise is able to install software, on one of the two virtual machines, to exfiltrate data to another virtual machine running on the same processor. There have been some successful attacks in this area in recent years, most notably meltdown and spectre. These defects have been patched by cloud providers, at some cost to performance, but new vulnerabilities are bound to be found over time. The paper I’m looking at this week explains a new attack of this form. In this case, the researchers use the processor’s cache to transmit data between two virtual machines running on the same physical core.

The processor cache is always very small for several reasons. First, the processor cache is connected to a special bus, which normally has limits in the amount of memory it can address. This special bus avoids reading data through the normal system bus, and this is (from a networking perspective) at least one hop, and often several Continue reading

Worth Reading: Electronics are leaving the plane

As in-plane shrinkage has become more challenging, however, electronics companies are looking to stack multiple circuit layers vertically to boost speed and functionality, while reducing power consumption and size. —Don Monroe @ACM

Sunset over the Dance Hall

Worth Reading: Every Silver Lining has a Cloud

All the tools you built during those last two years work only because they have direct knowledge of the system components down to the metal, or at least as close to the metal as possible. Once you move a system into the cloud, your application is sharing resources with other, competing systems, and if you are taking advantage of elastic pricing, then your machines may not even be running until the cloud provider deems them necessary. —George V. Neville-Neil @ACM

Security and Analytics

Worth Reading: The Next Stop on the Metro

5G technology really will herald the arrival of a range of truly exciting and revolutionary new services – for consumers, for businesses, for industry and for public services. And with these new services come major opportunities for service providers keen to diversify their service portfolios and create new ways to generate revenue. —Moshe Shimon @ECI

Worth Reading: The Jargon

One enduring and complex piece of jargon is the use of “free” in relation to software. In fact, the term is so ambiguous that different terms have evolved to describe some of the variants—open source, FOSS, and even phrases such as “free as in speech, not as in beer.” But surely this is a good thing, right? —Mike Bursell @Opensource.com

Short Take: Education is Useless

Worth Reading: Securing Our Interconnected Infrastructure

In late June, the House of Representatives passed legislation specifically aimed at securing the industrial control systems that run our nation’s most critical infrastructure, from oil pipelines to water treatment facilities to the grid. —Dave Weinstein @Dark Reading

Worth Reading: Optical Outlook in the Data Center

Optical signal to noise imposes a limit that caps the aggregate data that can be transported over a single fiber. We’ve been testing this limit for almost a decade, first in long-haul (inter–data center) and now short-range (intra–data center) connections with speeds of 200Gbps and above to accommodate the appetite for 5G, IoT, big data, quantum computing, and other emerging technologies. —Tim Dixon @The Data Center Journal

On the ‘net: The Little Green Lock

Users—particularly those who do not understand technology as well—have long been taught to “look for the green lock in your web browser” to be certain they are communicating with a “trusted” site. For instance, here and here are articles stating that one way you know you can trust a site is by looking for the “green lock.” @Search Networking

Worth Reading: Monitoring BGP Anomalies

While ‘fat-fingers’ and malicious actors are often reported as being responsible for many BGP ‘anomalies’, there are other common sources that network operators should be aware of, including unassigned BGP AS numbers, BGP attribute 21, and broken 4-byte implementation. —Martin Winter @APNIC

Worth Reading: SD-WAN Evolution

One of the questions raised by the onrush of interest in SD-WAN is where SDN is. Obviously, two things whose acronyms start with “software-defined” should be related in some way, and I’ve noted in other blogs that SD-WAN and SDN may converge in the longer term. —Tom Nolle @CIMI

Research; HTTPS Interceptions

I have written elsewhere about the problems with the “little green lock” shown by browsers to indicate a web page (or site) is secure. In that article, I considered the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the “green lock” paradigm—the impact of HTTPS interception. In theory, a successful HTTPS session means the session between host and the server has been encrypted, which means no third party can read the contents of the packets passing between the two.

This works, modulo the trustworthiness of the certificates involved in encrypting the traffic, so long as there is no-one in the middle of the connection encrypting packets from the receiver, and re-encrypting them towards the transmitter. This “man in the middle,” or MITM, can read the contents of all the packets in the exchange, even though the data is encrypted on transmit. Surely such MITM situations are rare, right?

Right.

The researchers in this paper set out to discover just how often HTTPS (LTS) sessions are terminated and re-encrypted by some device or piece of software in the middle. To discover how often Continue reading

Worth Reading: The History of GREP

The original Unix Programmer’s Manual calls grep one of “the more memorable mini-revolutions” that Unix experienced, saying it irrevocably ingrained the “tools” outlook into Unix. —David Cassel @The New Stack

Weekend Reads 072718

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. @Krebs on Security

Open-plan offices have taken off because of a desire to increase interaction and collaboration among workers. But an innovative new study has found that employees in open-plan offices spend 73% less time in face-to-face interactions. Email and messaging use shot up by over 67%. —Libby Sander @Intellectual Takeout

There’s a misconception that everything will benefit from running in the cloud. All workloads are not equal, and not all workloads will see a measurable effect on the bottom line from moving to the cloud. —Jason Baker @Opensource.com

One way or another we’ve been working on various aspects of securing the Internet’s inter-domain routing system for many years. I recall presentations dating back to the late ’90’s that point vaguely to using some form of digital signature on BGP updates that would allow a BGP speaker to assure themselves as to the veracity of a route advertisement. The concept is by no means a new one, and even Continue reading

The Wind Blows

Worth Reading: AI is not a silver bullet for security

If you’re using AI to better detect threats, there’s an attacker out there who had the exact same thought. Where a company is using AI to detect attacks with greater accuracy, an attacker is using AI to develop malware that’s smarter and evolves to avoid detection. —Tomas Honzak @Dark Reading

Networks Without Operators