Weekend Reads 062218: Bitcoin and Security Flaws

But, as with all new technology, security risks can be found beneath the hype. Indeed, threat actors are finding new targets amid the rise of blockchain as they serve up social-engineering attacks, malware, and exploits to businesses and consumers, according to a recently published report by McAfee’s Advanced Threat Research Team. —Kelly Sheridan @Dark Reading

After last Thursday’s regulatory news that bitcoin and ether were not considered securities, which was widely considered a win for crypto enthusiasts, digital currencies had failed to hold on to gains, a sign the bear market is firmly intact. However, investors were hoping Monday’s move above the post-SEC-statement high will be the start of a more fruitful period for digital currency owners. —Aaron Hankin @MarketWatch

Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in order to fix the flaw and keep their customers protected. The company has not yet released technical details about the vulnerability, but since the vulnerability resides in the CPU, the flaw affects all devices running Intel Core-based microprocessors regardless of the installed operating systems, except some modern versions of Continue reading

Road by the Mountain

Worth Reading: The VPNFilter Bot

VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. It’s an impressive piece of work. —Bruce Schneier

Worth Reading: Meet Bro

In a nutshell, Bro transforms network traffic — in all its volume, variety, and downright weirdness — into exceptionally useful real-time data for security operations. Through deep packet inspection, Bro can extract hundreds of security-relevant fields from dozens of protocols and present them in a way that makes sense to security operations center engineers. —Greg Bell @Dark Reading

Worth Reading: Eight SDN platforms

The architecture of SDN is highly dynamic, manageable, cost-effective and adaptable, and hence is well suited to high-bandwidth, dynamic applications. SDN architectures decouple network control and forwarding functions, enabling the former to become directly programmable, so all IT infrastructure gets abstracted from applications and network services. —Dr. Anand Nayyar

Worth Reading: Bypassing security with IPv6

As of last year, IPv6 has become an Internet standard, meaning that technology and processes are now in place allowing organizations to make a relatively smooth transition. As someone immersed in penetration testing and the ways cybercriminals can leverage technological change to their advantage, global IPv6 implementation at a varied pace piqued my curiosity. —John Anderson @Dark Reading

Worth Reading: Spam domains

Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. @Krebs on Security

Research: Lessons from Evolve or Die

Google runs what is probably one of the largest networks in the world. Because of this, network engineers often have two sorts of reactions to anything Google publishes, or does. The first is “my network is not that big, nor that complicated, so I don’t really care what Google is doing.” This is the “you are not a hyperscaler” (YANAH) reaction. The second, and probably more common, reaction is: whatever Google is doing must be good, so I should do the same thing. A healthier reaction to both of these is to examine these papers, and the work done by other hyperscalers, to find the common techniques they are applying to large scale networks, and then see where they might be turned into, or support, common network design principles. This is the task before us today in looking at a paper published in 2016 by Google called Evolve or Die: High Availablility Design Principles Drawn from Google’s Network Infrastructure.

The first part of this paper discusses the basic Google architecture, including a rough layout of the kinds of modules they deploy, the module generations, and the interconnectivity between those modules. This is useful background information for understanding the remainder Continue reading

Worth Reading: Serverless impacts on business

Serverless technologies are gaining traction in both enterprise and startup environments, at a pace much faster than seen with containers, which was the last widespread industry adoption rollout. —Mark Boyd @The New Stack

Worth Reading: Measurement in the gigabit era

Now is an opportune time for those of us in the technical and research communities to explore the implications of the expanding deployment of gigabit per second (Gbps) end-user connection speeds (throughput capacity of an end-user’s connection) for large-scale measurement systems. —Jason Livingood @APNIC

Worth Reading: Cable management and air damming

As data centers increasingly become the heart of businesses, proper distribution and cable management have also taken on new importance. Traditional methods of preventing air damming, cooling vital components and ensuring proper containment simply fail to deliver. —Jeff Hodges @Data Center Journal

Off the Cuff: Microsoft Purchases Github

Last week, Eyvonne, Donald, Alistair, and I sat and talked about the recent purchase of Github by Microsoft. Will this be the end of git as a widely used open source repository, or will we all look back in five years and think “move along, nothing to see here?”

Worth Reading: Looking forward at session encryption

With TLSv1.3 approved and in the IETF publication queue, it’s time to think about deployment options and obstacles, and planning for changes inherent in this revision. —Kathleen Moriarty @APNIC

Weekend Reads 061518: A 51% attack materializes

In recent days the nightmare scenario for any cryptocurrency is playing out for Bitcoin Gold, as an attacker has taken control of its blockchain and proceeded to defraud cryptocurrency exchanges. All the Bitcoin Gold in circulation is valued at $786 million, according to data provider Coinmarketcap. Blockchains are designed to be decentralized but when an individual or group acting in concert controls the majority of a blockchain’s processing power, they can tamper with transactions and pave the way for fraud. This is known as a 51% attack.—Joon Ian Wong @Quartz

We have also discovered a new stage 3 module that injects malicious content into web traffic as it passes through a network device. At the time of our initial posting, we did not have all of the information regarding the suspected stage 3 modules. The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user’s knowledge). With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network Continue reading

Seated at the Foot

Worth Reading: IPv6 Tables

iptables is a popular utility that allows system administrators to configure tables provided by the Linux kernel firewall and the chains and rules it stores. It is the most common and widely used Linux firewall for IPv4 traffic and it has a version called ip6tables, which is used for IPv6 traffic. Both versions need to be configured separately. —Imtiaz Rahman @APNIC

History of Networking: The History of Email (part 1)

In this episode of the History of Networking, we sit with Steve Crocker to discuss the history of email. This was a long session, so we split it up into two episodes; the next episode should be published next week.

Worth Reading: Advances in IPv6 Network Reconnaissance

During the recent TROOPERS18 conference in Heidelberg, Germany, and the subsequent x33fcon conference in Gdynia, Poland, I presented some findings from an IPv6 network reconnaissance project I’ve been working on, along with a number of tools that have been recently incorporated into the SI6 Networks’ IPv6 Toolkit that I maintain. —Fernando Gont @APNIC

Worth Reading: Defeating AMD’s SEV

German security researchers claim to have found a new practical attack against virtual machines (VMs) protected using AMD’s Secure Encrypted Virtualization (SEV) technology that could allow attackers to recover plaintext memory data from guest VMs. —Mohit Kumar @The Hacker News

On the ‘net: Clarifying Disaggregation

Software Defined Networks (SDNs), Network Function Virtualization (NFV), white box, and large-scale fabrics built out of small fixed configuration devices are all trends that seem to be “top of mind” right now in the network engineering world. While these four trends appear to be completely different ideas, they are closely related through a single concept: disaggregation. This article will consider the meaning of disaggregation, and then how this single concept applies to the four previously noted movements. @SearchSDN