Worth Reading: Hyper Moore’s Law

Over the last year in particular, we have documented the merger between high performance computing and deep learning and its various shared hardware and software ties. This next year promises far more on both horizons and while GPU maker Nvidia might not have seen it coming to this extent when it was outfitting its first GPUs on the former top “Titan” supercomputer, the company sensed a mesh on the horizon when the first hyperscale deep learning shops were deploying CUDA and GPUs to train neural networks. —The Next Platform

The post Worth Reading: Hyper Moore’s Law appeared first on 'net work.

Worth Reading: Marai Strikes Again

More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts. —Krebs on Security

The post Worth Reading: Marai Strikes Again appeared first on 'net work.

Worth Reading: Social Media is Entertainment

Like TV it now increasingly entertains us, and even more so than television it amplifies our existing beliefs and habits. It makes us feel more than think, and it comforts more than challenges. The result is a deeply fragmented society, driven by emotions, and radicalized by lack of contact and challenge from outside. This is why Oxford Dictionaries designated “post-truth” as the word of 2016: an adjective “relating to circumstances in which objective facts are less influential in shaping public opinion than emotional appeals.” —MIT Technology Review

The post Worth Reading: Social Media is Entertainment appeared first on 'net work.

Worth Reading: SF Subway Hacked

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You are Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location. —Krebs on Security

The post Worth Reading: SF Subway Hacked appeared first on 'net work.

Reaction: Openflow and Software Based Switching

Over at the Networking Nerd, Tom has an interesting post up about openflow—this pair of sentences, in particular, caught my eye—

The side effect of OpenFlow is that it proved that networking could be done in software just as easily as it could be done in hardware. Things that we thought we historically needed ASICs and FPGAs to do could be done by a software construct.

I don’t think this is quite right, actually… When I first started working in network engineering (wheels were square then, and dirt hadn’t yet been invented—but we did have solar flares that caused bit flips in memory), we had all software based switching. The Cisco 7200, I think, was the ultimate software based switching box, although the little 2ru 4500 (get your head out of the modern router line, think really old stuff here!) had a really fast processor, and hence could process packets really quickly. These were our two favorite lab boxes, in fact. But in the early 1990’s, the SSE was introduced, soldered on to an SSP blade that slid into a 7500 chassis.

The rest, as they say, is history. The networking world went to chips designed to switch Continue reading

Worth Reading: Kraken

How do you know how well your systems can perform under stress? How can you identify resource utilization bottlenecks? And how do you know your tests match the condititions experienced with live production traffic? You could try load modeling (simulation), but it’s not really feasible to model systems undergoing constantly evolving workloads, frequent software release cycles, and complex dependencies. —the morning paper

The post Worth Reading: Kraken appeared first on 'net work.

Worth Reading: The Dangers of the New UK Investigatory Powers Act

There is an old adage that trust takes years to build, seconds to break, and forever to repair. When it comes to the Internet and its users, the same holds true. For average Internet users, trust in the Internet has to be built. They have to gain confidence in the safety of their private information online. When a user’s private online information is made public, they lose trust in the Internet and its services. —The Internet Society

The post Worth Reading: The Dangers of the New UK Investigatory Powers Act appeared first on 'net work.

Traffic Pattern Attacks: A Real Threat

Assume, for a moment, that you have a configuration something like this—

Some host, A, is sending queries to, and receiving responses from, a database at C. An observer, B, has access to the packets on the wire, but neither the host nor the server. All the information between the host and the server is encrypted. There is nothing the observer, B, can learn about the information being carried between the client and the server? Given the traffic is encrypted, you might think… “not very much.”

A recent research paper published at CCS ’16 in Vienna argues the observer could know a lot more. In fact, based on just the patterns of traffic between the server and the client, given the database uses atomic operations and encrypts each record separately, it’s possible to infer the key used to query the database (not the cryptographic key). The paper can be found here. Specifically:

We then develop generic reconstruction attacks on any system supporting range queries where either access pattern or communication volume is leaked. These attacks are in a rather weak passive adversarial model, where the untrusted server knows only the underlying query distribution. In particular, to perform our attack Continue reading

Worth Reading: Navigating the Pentest World

The demand for penetration testing and security assessment services worldwide has been growing year-on-year. Driven largely by Governance, Risk, and Compliance (GRC) concerns, plus an evolving pressure to be observed taking information security and customer privacy seriously, most CIO/CSO/CISO’s can expect to conduct regular “pentests” as a means of validating their organizations or product’s security —CircleID

The post Worth Reading: Navigating the Pentest World appeared first on 'net work.

Butterfly

The post Butterfly appeared first on 'net work.

Worth Reading: Akamai on the Krebs DDoS

Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated. —Krebs on Security

The post Worth Reading: Akamai on the Krebs DDoS appeared first on 'net work.

Worth Reading: 4G and 5G Mobile Backhaul

The aim of LTE was to make anytime, anywhere services a reality. To achieve this, LTE increased capacity, improved coverage and provided high-speed mobile data. Demand for data has since increased beyond all expectations and today there is a tidal wave of traffic on mobile networks. This growth has been driven by the availability of rich multimedia content and consumers using their mobile devices to run multiple, always up services including streaming video, internet applications and connection to sensors in their homes and cars. This growth shows no sign of slowing down and the industry consensus forecasts that traffic on mobile networks is going to continue growing dramatically for the rest of this decade. —ECI

The post Worth Reading: 4G and 5G Mobile Backhaul appeared first on 'net work.

On the ‘Net: Engineer Versus Complexity

The post On the ‘Net: Engineer Versus Complexity appeared first on 'net work.

Worth Reading: How do I start an IXP?

The hard part with establishing an IXP is not really the technical part, but building a community and trust. Also, an IXP needs to be sustainable beyond the establishment phase. This includes having enough funds to operate and to upgrade equipment in the future as technology develops and traffic grows. Most IXPs ensure this by setting up a mutual or membership association so that the users of the IXP have equal say in the operation of the IXP. This is by far the most successful model of IXPs today. —APNIC

The post Worth Reading: How do I start an IXP? appeared first on 'net work.

Worth Reading: When will SD-WAN be Adopted?

The survey respondents were given a wide range of options and asked to indicate which options described their company’s approach to implementing an SD-WAN. Their responses, which are shown in Figure 1, show that there is broad interest in SD-WANs. For example, only a quarter of the respondents (26%) work for companies that have not yet made any analysis of SD-WANs and only a tenth of the respondents work for companies that have looked at SD-WANs but decided to not take any additional steps over the next year. However, that broad interest has not yet translated into broad adoption as only 5% of the survey respondents indicated that they currently have SD-WAN functionality running in their production networks. —ECI

The post Worth Reading: When will SD-WAN be Adopted? appeared first on 'net work.

Worth Reading: Social Media for Social Influence

A global conference of senior military and intelligence officials taking place in London this week reveals how governments increasingly view social media as “a new front in warfare” and a tool for the Armed Forces. The overriding theme of the event is the need to exploit social media as a source of intelligence on civilian populations and enemies; as well as a propaganda medium to influence public opinion. —Motherboard

The post Worth Reading: Social Media for Social Influence appeared first on 'net work.

On the ‘Net: BGP Security, LACNOG 26

The post On the ‘Net: BGP Security, LACNOG 26 appeared first on 'net work.

Worth Reading: Security and BYOD

According to the Identity Theft Resource Center, more than 169 million personal records were exposed as a result of 781 publicized security breaches across the financial, business, education, government and health-care sectors in 2015. As shocking as these numbers are, they may not fully convey the scope of the threat: Any company or consumer that connects to the Internet is at risk of becoming a victim of a cyberattack. The challenge of protecting networks from these attacks has been exacerbated by the bring-your-own-device phenomenon, which opens the door to new vulnerabilities for many organizations daily. More and more, business is taking place over personal devices as employees work from home or travel. For some staff members, relying on their own laptops, tablets and smartphones is simply a matter of personal preference. —Data Center Journal

The post Worth Reading: Security and BYOD appeared first on 'net work.

Worth Reading: Hacking WiFi for $25

US and Chinese security researchers have discovered that it is possible to detect a user’s private information by studying the radio signals emitted to provide Wi-Fi internet coverage and how they interact with a person’s body movements. Researchers from Shanghai Jaio Tong University, the University of Massachusetts Boston and the University of South Florida have developed the WindTalker system, which can analyse sophisticated contemporary Wi-Fi networks and sneakily detect and record passwords by looking at the directions that radio waves travel to provide wireless internet coverage. —International Business Times

The post Worth Reading: Hacking WiFi for $25 appeared first on 'net work.

Worth Reading: Cybersecurity Due Diligence

Cybersecurity is no longer a corporate or private affair. What once was simply good business practice is now a legal obligation for ISPs, large and small. In Europe, this is the direct consequence of the upcoming EU Network and Information Security (NIS) Directive, to be implemented into national laws within the next few years, but such obligations are reflected in other international and national documents describing contemporary policies and future laws.

The post Worth Reading: Cybersecurity Due Diligence appeared first on 'net work.