Russ

Author Archives: Russ

Worth Reading: Antivirus as spyware

What does an antivirus program do? It scans every file in your device looking for *signatures*, and then uploads those files which match the signatures for further analysis by the antivirus provider. So hacking antivirus involves 2 steps: produce signatures for files you want to steal, and then exfiltrate those files. The hard work of scanning for those files is already automated by the antivirus program! —Henry Baker @RISKS

Worth Reading: Firewall Policies

Every firewall policy starts simple and with the best of intentions, only to grow and change until it no longer resembles its former self. Firewall management is so vital that it is the first requirement in the Payment Card Industry (PCI) Data Security Standard. Even if you are not required to be audited against PCI or similar standards, we can borrow some aspects to increase the security of any network. —Jamie Gillespie @APNIC

Weekend Reads 011918: IoT, Cyberthreat Thinking, and Techlash

Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large. —Krebs on Security

The cybercrime and cyber terrorism raging today are the most visible symptoms of a more pervasive problem concerning cyber security. How to establish a fair and just governance regime in cyberspace and establish international rules spark a storm of controversy. The controversy reflects the competing interests and demands of three distinct cyberspace actors: the state, the citizen, and the international community. By focusing only on one’s own interests, each actor ignores the interests of the other two, resulting in the current situation in which each sticks to its own argument and refuses to reconcile. —Hao Yeli

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the Continue reading

IETF 101

I will be at IETF 101 in London in March. If you have never been to an IETF before and live in the London area, this is a great chance to come see how the standardization process works, and even get involved for the long term.

Worth Reading: The software defined future of the data center

“Future proofing” was once synonymous with long-range planning—essentially, life-cycle management that enables data center facilities and hardware investments to deliver full value before redevelopment or replacement. The definition has steadily evolved to connote a flexible, resilient architecture capable of supporting accelerated business-driven digital transformation. —Paul Mercina @The Data Center Journal

On the ‘web: The Value of MANRS

Route leaks and Distributed Denial of Service (DDoS) attacks have been in the news a good deal over the last several years; but the average non-transit network operator might generally feel pretty helpless in the face of the onslaught. Perhaps you can buy a DDoS mitigation service or appliance, and deploy the ubiquitous firewall at the edge of your network, but there is not much else to be done, right? Or maybe wait on the Internet at large to “do something” about these problems by deploying some sort of BGP security. But will adopting a “secure edge,” and waiting for someone else to solve the problem, really help? @ECI

The Overoptimization Meltdown

In simple terms Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month’s worth of payroll.

There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either one. What is the solution? Station robbers along both sides of the branch, and wait to see which one the driver chooses. When you know, pull the resources from one branch to the other, so you can effectively rob the stage. This is much the same as a modern processor handling a branch—the user could have put anything into some field, or retreived anything from a database, that might cause the software to run one of two sets of instructions. There is no way for the processor to know, so it runs both of them.

To run both sets of instructions, the processor will pull in the contents of specific memory locations, and begin exexuting code across these memory locations. Some of these memory locations might not be pieces of memory the currently running software is supposed to be able to access, but this is not Continue reading

1 68 69 70 71 72 162