Archive

Category Archives for "Russ White"

Hedge 255: Open Multi-perspective Issuance

One of the various attack surfaces in encryption is insuring the certificates used to share the initial set of private keys are not somehow replaced by an attacker. In systems where a single server or source is used to get the initial certificates, however, it is fairly easy for an attacker to hijack the certificate distribution process.

Henry Birge-Lee joins us on this episode of the Hedge to talk about extensions to existing certificate systems where a certificate is pulled from more than one source. You can find his article here.

download

Weekend Reads 011025


Wi-Fi 8 is coming, but it looks set to focus on greater reliability rather than on pushing the bandwidth ever higher, as the most recent updates to the venerable wireless local network technology have done.


Policymakers need to carefully guide the future consumption of electricity by AI datacenters, according to a report that considers four potential scenarios and suggests a number of guiding principles to prevent it from spiraling out of control.


In one of the quiet announcements that might eventually be a huge deal, the FCC voted to open the entire 6 GHz WiFi frequency band to very low-power devices (VLP – just in case you needed another new acronym to remember).


Gaining a clear view of the DDoS landscape is vital for developing effective countermeasures against this prolific form of attack. A new study, carried out through collaboration between researchers from several institutions, helps bring DDoS into perspective.


Salt Typhoon’s latest victims include Charter, Consolidated, and Windstream, underscoring the widening scope of China’s cyberespionage campaign against critical US infrastructure.

Weekend Reads 111524


Techno-futurists love to dream up visions of the future. Invariably, these are worlds where everything is under control—where every problem has a solution, and the future unfolds exactly as planned. We do seem to be moving toward some sort of centralized loss of agency.


The representational structures of the Internet governance institutions are highly varied (indicating once again that there is no “multistakeholder model”), but they all have one thing in common: decision-making power is vested in non-state actors.


The rapid expansion of AI and generative AI (GenAI) workloads could see 40% of data centers constrained by power shortages by 2027, according to Gartner.


Chiplets and 3D devices, long discussed in the future tense, are a growing sector of the market. Moore’s Law? It’s still alive, but manufacturers and designers are following it by different means than simply shrinking transistors.


Monitoring traffic at Internet Exchange Points (IXPs) is a long-standing operational practice. It is essential for several reasons related to the entire Internet infrastructure’s stability, security, and efficiency.


If you want to sell a lot of hardware to support AI workloads, then the best way to do that is to convince every country on Earth that AI is so important Continue reading

Weekend Reads 110924


Toward the end of August 2024, a customized malware dubbed “Voldemort” based on strings found in its code was used in a cyber espionage campaign targeting various countries.


Until 2019, it was a Google partner running full Android. Then it forked its own version of Android, called it HarmonyOS, stopped including Google proprietary apps, and set up its own Android app store.


As previously discussed in this post, Xiong’an New Area (Xiong’an), a pilot city established in 2017 about 100 kilometres west of Beijing, aims to be a model for future digital cities, built with IPv6-only infrastructure from the start.


A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft.


Today, we’re excited to announce the launch of Kentik’s Cloud Latency Map, a public service that uses Kentik Synthetics to continuously measure latency between the regions of the biggest cloud providers.


Data can undergo a similar transformation—two pieces of data, linked, such that changing one has an impact on the other. Think of this as “spooky data at a distance.”


In this work, we aim to Continue reading

Weekend Reads 110124


Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?


Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday.


More evidence has emerged that AI-driven demand for energy to power datacenters is prolonging the life of coal-fired plants in the US.


The Regional Internet Registries (RIRs) together ensure the stability of the Internet Numbers Registry System. In order to strengthen their accountability, efforts are under way to revise the criteria for the accreditation of RIRs, and the obligations they must continuously meet.


What happens on the network if you’re joining a Microsoft Active Directory domain? Which protocols are used? As I suspected, it’s a bit more complex than just seeing a single known protocol like HTTPS.


The demand for optical interconnects is so high, given the immense bandwidth bottlenecks for accelerator-to-accelerator and accelerator to memory needs, that raising venture funding is not a problem.


The basic approach to resolving the Continue reading

Weekend Reads 101324


A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.


This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice.


In the quest to revolutionize medicine, our bodies are becoming living laboratories. By 2030, itメs estimated that bioprinting could address up to 20% of the organ transplant waiting list globally.


Consider this: For every 1,000 human users in your organization, you likely have 10,000 non-human connections or credentials. Some estimates suggest the ratio could be as high as 45-to-1.


The U.S. Department of Justice (DOJ) is considering recommending a federal judge to force Google to sell parts of its business in a bid to eliminate its alleged monopoly on online search, according to a court filing Tuesday.


A US jury has found that employment practices at Cognizant constitute discriminatory conduct toward non-Indian workers in a case that originated in 2013 and claimed the tech giant favored H-1B visa holders from India over local workers.


Consumers are victims of online Continue reading

Weekend Reads 100624


Thanks to the popularity and widespread success of ChatGPT, most IT users are familiar with the concept of a large language model (LLM). But how does an LLM apply to network operations?


If you don’t know what you’re operating on, or what the expected output range might be, then maybe you ought not to be operating on that data in the first place. But now these languages have gotten into the wild and we’ll never be able to hunt them down and kill them soon enough for my liking, or for the greater good.


We then analyze ten data sets spanning industry and academic sources, across four years (2019-2023), to find and explain discrepancies based on data sources, vantage points, methods, and parameters.


Phishing attacks, which trick users into sharing private data, have been a major security threat for years. According to a 2023 FBI report, it is the top digital crime type.


A test account that’s shared among many can be used by anyone who happens to have the password. This leaves a trail of poorly managed or unmanaged accounts that only increases your attack surface.


As radio host Mark Davis put it recently, “ultimately everything AI does is Continue reading

Weekend Reads 092824


Instead, Broadcom is now experimenting with co-packaging the optics directly into the GPUs themselves.


With K-12 schools back in session across the nation, millions of students are adjusting to a new learning environment — a cellphone-free classroom or, in some cases, a phone-free school day.


Being at the core of the Internet places the DNS under a lot of pressure. New forms of DNS abuse emerge each year, disputes over domain names persist, and all the while, the Internet just keeps getting bigger.


The censorship war has hit a flashpoint. Late last month, Brazil banned Elon Musk’s social media site, X, after Musk refused a government order to suppress seven dissident accounts.


This raises a question. If someone is situated in South America and wants to access youtu.be, is their performance going to be impacted (assuming he has to do the entire recursive lookup with no cache)?


ODA focuses on identifying macroscopic Internet outages, such as outages that affect a significant portion of the population within either a geographic region or an Autonomous System (AS).


For practitioners, this study provides a rich set of criteria that can be used for evaluating their projects, as well as strong evidence of Continue reading

Hedge 243: The Open Radio Area Network (RAN)

The cellular network world is similar enough to the IP networking world to feel familiar, but different enough to require learning new terms and ideas. Tom Nadeau joins Tom Ammon and Russ White to discuss one element of this networking world, the RAN network, and the current move towards open source and white box disaggregated solutions.

download

1 2 3 164