Upcoming Training: How the Internet Really Works Part 1

I’m teaching How the Internet Really Works over on Safari Books Online on the 24th of March—in a couple of weeks. From the description:

This live training will provide an overview of the systems, providers, and standards bodies important to the operation of the global Internet, including the Domain Name System (DNS), the routing and transport systems, standards bodies, and registrars. For DNS, the process of a query will be considered in some detail, who pays for each server used in the resolution process, and tools engineers can use to interact DNS. For routing and transport, the role of each kind of provider will be considered, along with how they make money to cover their costs, and how engineers can interact with the global routing table (the Default Free Zone, of DFZ). Finally, registrars and standards bodies will be considered, including their organizational structure, how they generate revenue, and how to find their standards.

Register here.

Weekend Reads 031123

Featuring 18 different participating member companies, the Ethernet Alliance interoperability demo in booth #5417 spans diverse Ethernet technologies ranging from 10 Gigabit Ethernet (GbE) to 800GbE

Every few months, an important ceremony takes place. It’s not splashed all over the news, and it’s not attended by global dignitaries. It goes unnoticed by many, but its effects are felt across the globe. This ceremony helps make the internet more secure for billions of people.

Major cloud platforms, such as Google Cloud Platform (GCP), fail to adequately log the event data that could facilitate the detection of compromises and the forensic analysis during post-compromise response, according to an analysis.

Software dependencies, or a piece of software that an application requires to function, are notoriously difficult to manage and constitute a major software supply chain risk. If you’re not aware of what’s in your software supply chain, an upstream vulnerability in one of your dependencies can be fatal.

As a primary working interface, the browser plays a significant role in today’s corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices.

For years, the domain registrar and Web hosting company Continue reading

Hedge 169: Network Address Translation with Steinn

Network Address translation is one of those phrases that strikes fear into the hearts of some network engineers … and joy into the hearts of others! Steinn Bjarnarson joins us to discuss the history of NAT, its uses, its misuses, and how NAT fits into the big picture of network design today. Steinn just finished writing a paper on the history of NAT.

download

Controversial Reads 030423

Privacy campaigners say such systems could be used as tools of oppression. In Moscow, Vyborov and countless others now face that oppression on a daily basis.

The general problem statement for technological standards is how to avoid the power imbalance of a single source for essential goods and services; in other words, standards are a line of defense against concentration risk. Interoperability is the goal, and multiple suppliers is the proof.

In this episode, they focus particularly on how social media has become a place where predators will search and highlight childrenâ€s vulnerabilities — which so many young people share online.

Tech policy, however, has its own set of “culture war issues” including net neutrality and encryption that largely serve as a distraction from the real issues at stake. Victims of child porn are now caught in the fray.

A major escalation in official online censorship regimes is progressing rapidly in Brazil, with implications for everyone in the democratic world. Under Brazil’s new government headed by President Lula da Silva, the country is poised to become the first in the democratic world to implement a law censoring and banning “fake news and disinformation” online, and then punishing those deemed Continue reading

Weekend Reads 030323

https://cacm.acm.org/magazines/2023/3/270206-a-turning-point-for-cyber-insurance/fulltext
Insuring against the consequences of cybersecurity seems too good to be true given the underlying problem has perplexed researchers and practitioners for going on 50 years.

https://cacm.acm.org/magazines/2023/3/270207-mapping-the-privacy-landscape-for-central-bank-digital-currencies/fulltext
Payment records paint a detailed picture of an individual’s behavior. They reveal wealth, health, and interests, but individuals do not want the burden of deciding which are sensitive or private.

https://cacm.acm.org/magazines/2023/3/270211-the-ai-tech-stack-model/fulltext
Presently, enterprises have implemented advanced artificial intelligence (AI) technologies to support business process automation (BPA), provide valuable data insights, and facilitate employee and customer engagement.

https://www.theregister.com/2023/02/22/google_milestone_quantum/
Google is claiming a new milestone on the road to fault-tolerant quantum computers with a demonstration that a key error correction method that groups multiple qubits into logical qubits can deliver lower error rates, paving the way for quantum systems that can scale reliably.

https://telecoms.com/520115/mwc-2023-whats-the-point-of-5g/
Four years into the 5G era, the technology is still struggling to find an identity. 3G was about the introduction of mobile data, which matured in the form of 4G, but what is 5G all about?

https://www.theregister.com/2023/02/24/europe_gigabit_transformation_consultation/
The European Union yesterday decided it’s time to start “laying the ground for the transformation of the connectivity sector” in the region Continue reading

Hedge 168: Roundtable

It’s roundtable time! In February’s roundtable, Eyvonne joins Tom and Russ to talk about Network as a Service, innovation, and marketing. Then we jump into the topic of the year at this point—ChaptGPT. Finally, we talk about proposals to eliminate noncompete agreements in the United States. What would this mean? Would it be better for tech, or worse?

As always, you can listen to the show on just about any podcatcher, you can listen right here, or you can download the show to listen later.

download

Weekend Reads 022423

A decade ago, waferscale architectures were dismissed as impractical. Five years ago, they were touted as a fringe possibility for AI/ML. But the next decade might demonstrate waferscale as one of only a few bridges across the post-Mooreâ€s Law divide, at least for some applications.

This is not a ‘silver bullet’, however. In comparison to the sophisticated deception available in traditional IT security, deception in ICS still faces some challenges.

As a numbers guy, Iâ€m always intrigued by the Ookla Speedtest Global Index since it provides an interesting look at broadband speeds in the U.S. and around the world.

Two new separate sets of research released this month underscore real, hidden dangers to physical operations in today’s OT networks from wireless devices, cloud-based applications, and nested networks of programmable logic controllers (PLCs) — effectively further dispelling conventional wisdom about the security of network segmentation as well as third-party connections to the network.

As organizations strengthen their defenses and take a more proactive approach to protection, attackers are adapting their techniques and increasing the sophistication of their operations.

As the security of the Android Platform has been steadily improved, some security researchers have shifted their focus towards other Continue reading

Hedge 167: Christopher Wood and masque

For last week’s show, we had Christopher Wood on to talk about oDoH. This week, Chris joins us again to talk about Multiplexed Application Substrate over QUIC Encryption, or masque, which is a more generalized privacy proxy. You can find more about masque at the IETF WG page.

download

Chatbot Attack Vectors

My monthly post is up over at Packet Pushers—

Machine learning systems “learn” from existing data pools and user interactions and are given “guardrails” by the system’s designers. Let’s look at some possible attack vectors and failure modes of these systems, specifically how training data, interaction with users, and the choice of guardrails might interact with security and privacy.

Chatbot Attack Vectors And Failure Modes In Networking And IT

With the release of ChatGPT as a product, Microsoft brought Machine Learning (ML) and Artificial Intelligence (AI) back into focus for millions of users—including network operators, coders, and other folks in information technology. People are once against asking if this technology will make them redundant or how it might change their day-to-day jobs. As always, […]

The post Chatbot Attack Vectors And Failure Modes In Networking And IT appeared first on Packet Pushers.

Weekend Reads 021723

In Emoi Services LLC v. Owners Insurance Company, the Ohio Supreme Court recently found software is an intangible item that cannot experience direct physical loss or damage and, therefore, the plaintiffâ€s inability to access or use its software during a ransomware attack was outside the scope of its “businessowners” policy.

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.

Here’s a provocative question: Is it possible, given the vast array of security threats today, to have too many security tools?

This debate has proved futile for two reasons. First, the characteristics of any specific application will dictate which venue is more expensive — there is no simple, unequivocal answer. Second — the question implies that a buyer would choose a cloud or on-premises data center primarily because it is cheaper. This is not necessarily the case

The RISC-V architecture looks set to become more prevalent in the high performance computing (HPC) sector, and could even become the dominant architecture, at least according to some technical experts in the field.

Major US carriers are exaggerating the availability Continue reading

Hedge 166: Oblivious DoH with Chris Wood

DNS over HTTPS, or DoH, is designed to protect the end user’s DNS queries from last mile providers—but recursive servers (or resolvers) also have full access to what a user is asking for. How can users preserve their privacy against data collection at recursive servers? ODoH provides one answer. Listen in as Tom Ammon, Chris Wood, and Russ White discuss how ODoH works, and what this means for user privacy.

download

Upcoming Course: How Routers Really Work

I’m teaching a course on router internals over at Safari Books Online on the 24th (in 10 days). From the descriptions:

A network device—such as a router, switch, or firewall—is often seen as a single “thing,” an abstract appliance that is purchased, deployed, managed, and removed from service as a single unit. While network devices do connect to other devices, receiving and forwarding packets and participating in a unified control plane, they are not seen as a “system” in themselves.

The course is three hours. I’m in the process of updating the slides … or rather, I need to get to updating the slides in the next couple of days.

Register here.

Weekend Reads 021023

Threat actors have been targeting Zoom and its users since the platformâ€s launch, and itâ€s easy to see why—the latest stats show it accounts for 3.3 trillion annual meeting minutes worldwide.

To get a sense of how fragile the innovation business is, keep in mind the popular wisdom that teaches us how nine out of ten startups will fail.

Over a 30-month period, cybercriminal gangs and threat groups posted more than 200,000 advertisements seeking workers with skills in software development, maintaining IT infrastructure, and designing fraudulent sites and email campaigns.

On 24-27 April, a 33-year-old international organisation of ICT organisations will convene a meeting at London under ETSI auspices after a four-year hiatus.

As the topic of domain-driven design (DDD) recently came up at my current job, I decided to get more familiar with the topic by reading Eric Evanâ€s book “Domain-Driven Design: Tackling Complexity in the Heart of Software”. This was a mistake.

Big Tech results reinforced concerns a boom in cloud services is easing, limiting a lucrative source of profit when a slowing economy has hit the companies’ other businesses and prompting a bet on artificial intelligence as the next growth driver.

And all Continue reading

Hedge 165: Low Earth Orbit with Dan York

Have you ever wondered about Starlink and similar Low Earth Orbit (LEO) satellite systems? How are they different from geosynchronous satellites? What about the delay of sending traffic through satellites? And the future of satellites? Join Tom Ammon, Dan York, and Russ White as we discuss the ins and outs of satellite technologies.

download

Weekend Reads 020323

Yann LeCun, Metaâ€s chief AI scientist, is not impressed by ChatGPT, the wildly popular artificial intelligence technology that is making headlines daily.

German antitrust enforcers known for leveling charges against high-profile tech companies have a new target for accusations of dominant market position abuse: PayPal.

Data anonymization is an important tool for organizations to protect the personal data of individuals, while averting the onerous requirements of the EU and U.K.

Phishing is a big deal, with a State of Phishing report from security firm SlashNext claiming that there were more than 255 million phishing attacks in 2022, a 61% increase from the year before.

The goal of the CGA is to highlight and reduce damages done to all utilities when working underground.

More than 91% of malware utilizes DNS communication at some point during its attack lifecycle, making DNS an invaluable choke point in the fight against cyber threats.

When it comes to operating systems and now CPU instruction sets, there is proprietary, there is licensable and modifiable with a standard base of functionality with room for some originality, and there is true open source.

Since 2017, China has held at least seven of these competitions—called Robot Hacking Continue reading

Hedge 164: Threat Modeling with Chris Romeo

For this week’s episode of the Hedge, Tom Ammon and Russ White are joined by Chris Romeo to talk about the importance of the human element in threat modeling. If you’ve ever wondered about the importance of threat modeling or how to get started in threat modeling, this episode will guide you on your way.

download

Weekend Reads 012723

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.

Going into 2023, phishing is still as large a concern as ever. “If it ainâ€t broke, donâ€t fix it,” seems to hold in this tried-and-true attack method.

This follow-up post describes what techniques exist to enumerate subdomains in a DNSSEC-enabled zone and what countermeasures exist to prevent it. DNSSEC itself is not explained further, however, some relevant record types are briefly described.

In 1987 economics Nobel Laureate Robert Solow said that the computer age was everywhere—except in productivity data. A similar thing could be said about AI today: It dominates tech news but does not seem to have boosted productivity a whit.

Names such as Novelli, orangecake, Pirat-Networks, SubComandanteVPN, and zirochka are unlikely to mean anything to a vast majority of enterprise security teams.

Decision-makers might wonder — is investing time and resources in Resource Public Key Infrastructure (RPKI) worth it? What is the effectiveness of RPKI Route Origin Validation (ROV)? In the last year, a number of interesting reports were published.

In Continue reading

Hedge 163: Netops, Mapping, and Working Hard

It’s one of those episodes where Tom, Eyvonne, and Russ just sit around and talk about the news of the day. We cover three topics in this show. The first is Netops, automation, and where this is all going. The second is on the FCC mapping process and the reality of broadband in the US. The third—perhaps a little controversial—is about IT work habits, innovation, and adding value.

download

Writing An IETF Draft: Formatting, Authorship, And Submissions

This series started by discussing the history of the IETF and some of the tools you might use to build submissions to the IETF process. This, the second, post, will consider document formatting and two of the (sometimes) more difficult sections of an IETF draft to fill in. Formatting Just using one of the acceptable […]

The post Writing An IETF Draft: Formatting, Authorship, And Submissions appeared first on Packet Pushers.