Russ

Author Archives: Russ

Side Channel Attacks in the Wild: The Smart Home

Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post.

Side channel attacks are more common, and more dangerous, than many engineers understand. In this post, I’ll take a look at a 2017 research paper that builds and exploits a side channel attack against several smart home devices to see how such a side channel attack plays out. They begin their test with a series of devices, including a children’s sleep monitor, a pair of security cameras, a pair of smart power plugs, and a voice based home assistant.

The attack itself takes place in two steps. The first is to correlate individual traffic flows with a particular device (where a traffic flow is a 5 tuple. The researchers did this in three different ways. First, they observed the MAC address of each device talking on the network, comparing the first three octets of this address to a list of known manufacturers. Most home device manufacturers use a Continue reading

Weekend reads 031618: Notes on memcache, GDPR and whois, and the end of Symantec certificates

ICANN has consistently said its intention in complying with the European Union’s General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database “to greatest extent possible.” On February 28, ICANN published its proposed model. —Brian Winterfeldt @CircleID

We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to replace these certificates will result in site breakage in upcoming versions of major browsers, including Chrome. @Google

I’ve been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of “crypto zealots”. He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet’s protocols behind session level encryption as it possibly can. He argues that ETSI’s work on middlebox security protocols is a more responsible approach, and the enthusiastic application of TLS in IETF protocol Continue reading

Low Latency Networking

Low latency is coming to a network near you. In fact, it’s probably coming to your network, whether or not you realize it.

While bandwidth has always been the primary measure of a network, and cross sectional or non-contending bandwidth for data center fabrics, further research and reflection has taught large scale network operators that latency is actually much more of a killer for application performance than lack of bandwidth—and not only latency, but its close cousin, jitter. Why is this?

To understand, it is useful to return to an example given by Tanenbaum in his book Computer Networks. He includes a humorous example of calculating the bandwidth of a station wagon full of VHS tapes, with each tape containing the maximum amount of data possible. For those young folks out there who didn’t understand a single word in that last sentence, think of an overnight delivery box from your favorite shipping service. Now stuff the box full of high density solid state storage of some kind, and ship it. You can calculate the bandwidth of the box by multiplying the number of devices you can stuff in there by the capacity of each device, and then dividing by roughly Continue reading

Weekend Reads 030918: Botnet Avalanche, DNS Security, and IoT Privacy

It’s been a busy few weeks in cybercrime news, justifying updates to a couple of cases we’ve been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in 2016. @Krebs on Security

Reflection amplification is a technique that allows cyber attackers to both magnify the amount of malicious traffic they can generate, and obfuscate the sources of that attack traffic. For the past five years, this combination has been irresistible to attackers, and for good reason. —Carlos Morales @Arbor

For years, we’ve been pioneering the use of DNS to enforce security. We recognized that DNS was often a blind spot for organizations and that using DNS to enforce security was both practical and effective. Why? Because DNS isn’t optional. It’s foundational to how the internet works and and is used by every single device that connects to the network. If you’re considering using DNS for security, it’s important to understand the facts so you can combat the fiction. —Kevin Rollinson @Cisco

Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using Continue reading

1 62 63 64 65 66 162