Weekend Reads 060923

That is because IoT is a fundamentally different technology than existing systems—a technology with plenty of attack surfaces. Each sensor and device connected to an IoT network presents a possible security risk, opening up an attack vector into an individual or company’s hardware, software, and/or data.

Like their mathematical counterparts, the unsolved problems in brand protection will present significant benefits for any service providers able to develop and offer comprehensive solutions.

The most annoying thing about ReDoS vulnerabilities is that they’re not caused by careless coding but by an obscure edge case in the regex engine. I place the blame squarely on the regex library and not the developer who used it.

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices.

Insider threats are an updated version of the wolf in sheep’s clothing – the people we rely on to safeguard systems and data can sometimes be the ones who pose the greatest risk.

Thus, teams need to go one step further and move from a visibility-centric approach to a remediation-centric approach. To accomplish this, the focus should be stopping attackers at choke Continue reading

Updated Public Domain Network Icons

I’ve updated the generic icon set I use in all my presentations to include a Wi-Fi router, an antenna, and a few other things. You can always find them on this page, as well.

Weekend Reads 060223

When processing multiple transactions at the same time, the database needs to decide whether the transactions can see each other’s changes, how much they can see, etc.

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month.

Resecurity threat researchers discovered a new ransomware they’ve dubbed “Nevada” being sold on the RAMP underground community.

A mission-critical design objective of power autonomy, however, does not shield data center operators from problems that affect utility power systems.

At the moment, the most powerful Arm processor on the planet is the 48-core A64FX processor from Fujitsu, which was created as the heavily vectored

UK operator group BT plans to shed more than 40 percent of staff, all in the name of agility. The revelation appeared as a small bullet point in the telco’s full-year results – published on Thursday – under a section outlining BT’s transformation plans for the rest of this decade.

A computer that is not networked to anything and never turned on is likely safe from most cybersecurity attacks but is also not particularly Continue reading

Hedge 181: Roundtable

It’s time for Eyvonne, Tom, and Russ to talk about some current stories in the world of networking—the May roundtable. Yes, I know it’s already June, and I’m a day late, but … This month we talk about the IT worker shortage, Infiniband, and the “next big thing.”

So draw up a place to sit and hang out with us as we chat.

download

Writing An IETF Draft: Document Streams And Document Status

So far in this series we’ve discussed the history of the IETF, some of the tools you might want to use when building an IETF submission, and document formatting. There are other seemingly mystical concepts in the IETF process as well—for instance, what is a “document stream,” and what is a document’s “status?” Let’s look […]

The post Writing An IETF Draft: Document Streams And Document Status appeared first on Packet Pushers.

Controversial Reads 052723

The net’s long decline into “five giant websites, each filled with screenshots of the other four” isn’t a mystery. Nor was it by any means a forgone conclusion. Instead, we got here through a series of conscious actions by big businesses and lawmakers that put antitrust law into a 40-year coma.

The federal government should not have warrantless, backdoor access to private communication systems like Twitter.

My experiences in the War on Terror provided me with a glimpse of the AI revolution that is now remaking America’s political system and culture in ways that have already proved incompatible with our system of democracy and self-government and may soon become irreversible.

America has a monopoly problem. Most industries in the United States have consolidated in recent decades,1 and markups and profits have dramatically increased since around 1980.

If the fabric is error-free, and can send and receive between hosts at interface speed with no buffering or delay, a case can be made for a different kind of stream protocol, which implies perhaps less overhead per host to manage that stream of data.

The real problem Altman is trying to solve—and everyone knows this—is how to use the power of the federal Continue reading

Weekend Reads 052623

Communities installing WiFi that spans an entire property. From tennis courts to pools, from fields to lakes, Hotwire says the new hybrid work-from-home lifestyle means homeowners are working from everywhere within a community.

BGP is the Internet’s de facto routing protocol – but relatively few have a deep understanding of its vulnerabilities.

Since its invention by Bob Metcalf and David Boggs back in 1973, Ethernet has continuously been expanded and adapted to become the go-to Layer 2 protocol in computer networking across industries.

However, it is important to acknowledge that passwords have long been identified as one of the weakest elements in the security chain.

Ready to live on the edge? In my last network design post we talked about remote access VPN but in this instalment, we will take a detailed look at designs for the network edge.

Intel has launched a field-programmable gate array—Agilex 7 with R-Tile—that features PCIe 5.0 and CXL capabilities for processing networking workloads.

Speaking of the existential threat of AI is science fiction, and bad science fiction for that matter because it is not based on anything we know about science, logic, and nothing we even know about ourselves.

In a recent workshop Continue reading

Hedge 180: Network Operations Survey with Josh S

What has been happening in the world of network automation—and more to the point, what is coming in the future? Josh Stephens from Backbox joins Tom Ammon, Eyvonne Sharp, and Russ White to discuss the current and future network operations and automation landscape.

You can read Backbox’s report on network automation here.

download

Weekend Reads 051923

When it comes to understanding what exactly confidential computing entails, it all begins with a trusted execution environment (TEE) that is rooted in hardware.

So, just for fun, we pulled out the trust Excel spreadsheet and tried to estimate what the feeds and speeds of the MI300 and the MI300A GPUs, the latter of which will be at the heart of the El Capitan system might be. Y

The popular PC storage manufacturer, Western Digital, has confirmed that it experienced a network security breach earlier this year, in which an unauthorized third party gained control of several of its systems.

How bad is the human security weakness problem? Verizon’s 2022 Data Breaches Investigations Report says 82 percent of data breaches have human involvement.

On 13 April 2023, through our recently launched Threat Intelligence Data Feeds (TIDF), we identified more than 1 million suspicious and malicious domains that figured in phishing, malware distribution, spam, and other cyber attacks, such as brute-force and distributed denial-of-service (DDoS) attacks.

Although honeypots are an effective solution for tracking attackers and preventing data theft, they have yet to be widely adopted due to their setup and maintenance difficulties.

If you want to get a sense of Continue reading

Hedge 179: The State and Future of SONiC with Michael V Dvorkin

SONiC is a long-standing open source network operating system. While it cannot (quite) compete with a full-blown commercial network operating system, SONiC+FR/R can solve a lot of the problems network operators face today. Mike V Dvorkin joins Tom Ammon and Russ White to talk about the current state and future of SONiC.

download

Hedge 178: Defined Trust Transport with Kathleen Nichols

The Internet of Things is still “out there”—operators and individuals are deploying millions of Internet connected devices every year. IoT, however, poses some serious security challenges. Devices can be taken over as botnets for DDoS attacks, attackers can take over appliances, etc. While previous security attempts have all focused on increasing password security and keeping things updated, Kathleen Nichols is working on a new solution—defined trust transport in limited domains.

Join us on for this episode of the Hedge with Kathleen to talk about the problems of trusted transport, the work she’s putting in to finding solutions, and potential use cases beyond IoT.

download

You can find Kathleen at Pollere, LLC, and her slides on DeftT here.

Weekend Reads 051223

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.

Enter OpenTelemetry, which provides a vendor-neutral standard for telemetry data, as well as the necessary tools to collect and export data from cloud-native applications.

DevEx drives business performance through increased efficiency, product quality, and employee retention.

Last January, thousands of users of two popular open source libraries, “faker” and “colors,” were shocked to see their applications breaking and showing gibberish data after being infected with a malicious package.

Netskope, a leader in Secure Access Service Edge (SASE), today unveiled new research confirming that attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware.

In keeping with WhoisXML API’s mission to make the Internet a transparent and safe place for users, we expanded the list of IoCs in hopes of identifying social media pages that could already be serving or used to serve as fraud vehicles.

According to research carried out across a sample of over failed 17,000 hard drives, the failure occurred after only two years and 6 months. Continue reading

Upcoming Course: Data Center Fabrics

On the 19th and 22nd (Friday and Monday) I’m teaching the two-part series on Data Center Fabrics and Control Planes over at Safari Books Online. This is six hours total training covering everything from Clos fabrics to eVPN.

Register here.

If you register for the course you can access a recording at a later date. From Safari:

This class consists of two three-hour sessions. The first session will focus on the physical topology, including a short history of spine-and-leaf fabrics, the characteristics of fabrics (versus the broader characteristics of a network), and laying out a spine-and-leaf network to support fabric lifecycle and scaling the network out. The first session will also consider the positive and negative aspects of using single- and multi-forwarding engine (FE) devices to build a fabric, and various aspects of fabric resilience. The second session will begin with transport considerations and quality of experience. The session will then consider underlay control planes, including BGP and IS-IS, and the positive and negative aspects of each. Routing to the host and the interaction between the control plane and automation will be considered in this session, as well. EVPN as an overlay control plane will be considered next, and finally Continue reading

Weekend Reads 050523

The past decade has seen numerous reports of so-called cloud “repatriations”–the migration of applications back to on-premises venues following negative experiences with, or unsuccessful migrations to, the public cloud.

While agile software development is often associated with specific methodologies, such as Scrum, Kanban, and Extreme Programming it is not enough to just follow such a methodology.

The heady, exciting days of ChatGPT and other generative AI and large-language models (LLMs) is beginning to give way to the understanding that enterprises will need to get a tight grasp on how these models are being used in their operations or they will risk privacy, security, legal, and other problems down the road.

When deploying changes to an application, there are several strategies you can use.

The sad story of OAuth 2.0 and open standards.

Payment Card Industry Data Security Standard (PCI DSS) was developed and established to foster a safe cardholder data practice in the industry.

While the DNS (Web2) has been a reliable and trusted internet standard for decades, Web3 platforms (such as ENS, Handshake and Unstoppable) are a relatively new technology deployment that presents unique and different features.

In this blog post, we at the University Grenoble Alpes (France) Continue reading

Hedge 177: Mike Dvorkin and the Cloud

On this episode of the Hedge, Mike Dvorkin joins Russ White to talk about the cloud, tradeoffs, rethinking the cloud value proposition, and the road to becoming an architect. A key point—it is harder to fix hardware in production than it is to fix software in production.

download

Weekend Reads 042823

There has always been some concern about undersea fibers. Countries fear that sabotage of the fibers connected to their shores could result in being isolated from the Internet.

Do your employees use unauthorized SaaS apps? The average organization has over 100 SaaS apps, many unsanctioned by IT, posing a serious security risk.

A proposed permanent network of electromagnetic monitoring stations across the continental US, operating in tandem with a machine learning (ML) algorithm, could facilitate accurate predictions of geomagnetic disturbances (GMDs).

We may be seeing an equally dramatic transformation of chip design right now, this time with the use of AI to drive designs.

But for now it”s exciting to see what ChatGPT has already been able to do. At some level it”s a great example of the fundamental scientific fact that large numbers of simple computational elements can do remarkable and unexpected things.

He”s sharing the story of JSON, his discovery of JavaScript”s good parts, and his approach to finding a simple way to build software.

Back in January of this year, we studied the infrastructure of Ducktail, a malware that trailed its sights on Facebook business owners and advertisers.

The Philippines is an archipelago comprising three major island Continue reading

Hedge 176: OpenAI, ChatGPT, and the Cost of a Data Center

It’s time for the April Hedge roundtable! This month Eyvonne, Russ, and Tom are talking about OpenAI, the hype around AI, the “pause letter” and the lack of a real conversation, and the rising costs of building and operating a data center. As always, let us know if you have topics you’d like to hear us talk about, or guests you’d like to hear.

Thanks for listening!

download

Controversial Reads 042223

Tech companies are embedding these deeply flawed models into all sorts of products, from programs that generate code to virtual assistants that sift through our emails and calendars.

On the morning of October 14, 2020, I caught a firsthand glimpse of what itâ€s like for a traditional media outlet to go up against the vast agglomeration of economic and digital power known as Big Tech—and to do so without the benefit of what economist John Kenneth Galbraith defined as countervailing power.

Former Google CEO Eric Schmidt said that artificial intelligence could hurt American politics and needs to be reined in.

The National Assemblyâ€s decision to greenlight the bill followed months of debate about one section in particular — Article 7 — which permits the use of AI-assisted video surveillance technology by law enforcement during and up to six months after the Games.

Calling a business, civic organization, or even school a family may be well-intended but comes with unintended consequences that do an injustice to the necessary commitments that should be made to our actual families.

If normal means mass layoffs, empty office buildings, confusing return-to-office policies, AI panic, and the whiplash-y feeling that just when employees were Continue reading

Weekend Reads 042123

A new report from analyst firm Omdia suggests operators’ best chance of growth in the consumer market comes from partnering with Big Tech.

In a 2023 survey of cybersecurity leaders, 51% said they believe an AI-based tool like ChatGPT will be used in a successful data breach within the next year.

When folks ask me for an estimate of the cost of building aerial fiber, I always say that the cost is dependent upon the amount of required make-ready needed. Make-ready is well-named – itâ€s any work that must be done on poles to be ready to string the new fiber.

On 10 February 2023, Reddit announced it suffered a security incident where a phishing campaign led an employee to a website that imitated the network’s intranet gateway.

This video looks at various Kubernetes vulnerabilities and their severity scores to help you understand how to evaluate CVEs so you can prioritize remediation. It also shows different options and sources of CVEs.

It is almost 25 years since the Internet was privatized by the U.S. government. ICANN was formed by Esther Dyson and Jon Postel as a California-based non-profit with the responsibility to administer the Internet.

The series glamourized Continue reading

Hedge 175: Mike B on Personal Superpowers

When the economy starts contracting, career advisors start talking about the importance of “soft skills.” What are “soft skills,” exactly—and why are they “soft?” Mike Bushong joins Tom Amman and Russ White to talk about why these skills are important, why they are not “soft,” and how we should talk about people skills instead. They are superpowers,” and there isn’t anything “soft” about them.

 
download