Weekend Reads 012723

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.

Going into 2023, phishing is still as large a concern as ever. “If it ainâ€t broke, donâ€t fix it,” seems to hold in this tried-and-true attack method.

This follow-up post describes what techniques exist to enumerate subdomains in a DNSSEC-enabled zone and what countermeasures exist to prevent it. DNSSEC itself is not explained further, however, some relevant record types are briefly described.

In 1987 economics Nobel Laureate Robert Solow said that the computer age was everywhere—except in productivity data. A similar thing could be said about AI today: It dominates tech news but does not seem to have boosted productivity a whit.

Names such as Novelli, orangecake, Pirat-Networks, SubComandanteVPN, and zirochka are unlikely to mean anything to a vast majority of enterprise security teams.

Decision-makers might wonder — is investing time and resources in Resource Public Key Infrastructure (RPKI) worth it? What is the effectiveness of RPKI Route Origin Validation (ROV)? In the last year, a number of interesting reports were published.

In Continue reading

Hedge 163: Netops, Mapping, and Working Hard

It’s one of those episodes where Tom, Eyvonne, and Russ just sit around and talk about the news of the day. We cover three topics in this show. The first is Netops, automation, and where this is all going. The second is on the FCC mapping process and the reality of broadband in the US. The third—perhaps a little controversial—is about IT work habits, innovation, and adding value.

download

Writing An IETF Draft: Formatting, Authorship, And Submissions

This series started by discussing the history of the IETF and some of the tools you might use to build submissions to the IETF process. This, the second, post, will consider document formatting and two of the (sometimes) more difficult sections of an IETF draft to fill in. Formatting Just using one of the acceptable […]

The post Writing An IETF Draft: Formatting, Authorship, And Submissions appeared first on Packet Pushers.

Controversial Reads 012023

As this technology is perfected, AI writing may render most of the English composition curriculum and other writing skills irrelevant. Like penmanship being displaced by word processors, and memorization by books or databases, writing itself may soon be seen as an archaic novelty.

How to properly balance the commercial rights of a complainant with the free speech rights of a respondent has challenged a generation of Uniform Domain Name Dispute Resolution Policy (UDRP) panelists.

New York City Mayor Eric Adams responded to criticism over increasing the use of facial recognition technology by declaring, Big Brother is protecting you!

Whether someone will get a loan for buying a house is dependent on the opaque policy instantiated in some black box algorithm. Ditto whether someone’s parole application will get approved, some startup entrepreneur will get capital for his venture, or someone on an organ donation waitlist will get his life-saving treatment.

Blaise Arcas, the head of Google’s AI group in Seattle, recently argued that although large language models (LLMs) may be driven by statistics, statistics do amount to understanding.

Crypto bros still blather on about how their Bitcoin, Ethereum or what have you will go to the Moon. They also insist that Continue reading

Weekend Reads 012023

However, since growing online content consumption put networks under increasing pressure during the peaks of the Coronavirus lockdowns, some political support in Europe seems to have been garnered (e.g. France, Italy, and Spain).

On the other hand, the digital sphere has become a dangerous space. The Ukrainian war pulled cyber into real military fighting.

The recent adoption at the end of December of the new EU Directive for a high level of cybersecurity across the Union—commonly referred to as “NIS2”—paved the way for important updates to the domain name system (DNS).

Domain names are associated with the full spectrum of internet content, from legitimate use by brands or individuals, to infringing or criminal activity. CSC has observed that certain TLDs get used more for egregious content.

Heata has developed a novel way to use the waste heat generated by servers: mounting them on domestic hot water tanks to cut energy bills for homeowners.

It’s time for you and your colleagues to become more skeptical about what you read. That’s a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news.

Randy Anders is VP Continue reading

Hedge 162: Geoff Huston and Going Dark

Encrypt everything! Now! We don’t often do well with absolutes like this in the engineering world–we tend to focus on “get it down,” and not to think very much about the side effects or unintended consequences. What are the unintended consequences of encrypting all traffic all the time? Geoff Huston joins Tom Ammon and Russ White to discuss the problems with going dark.

download

Infrastructure Privacy Live Webinar

I’m teaching a three-hour webinar on infrastructure privacy this coming Friday. From the description—

Privacy is important to every IT professional, including network engineers—but there is very little training oriented towards anyone other than privacy professionals. This training aims to provide a high-level overview of privacy and how privacy impacts network engineers. Information technology professionals are often perceived as “experts” on “all things IT,” and hence are bound to face questions about the importance of privacy, and how individual users can protect their privacy in more public settings.

There is a recording for anyone who registers.

Register here.

Weekend Reads 011323

Want to be Bigger? Faster? Stronger? Such questions are a staple in exercise and health media, but those same questions are raised in the tech industry as well.

TAU-SAT3, launched Tuesday on a SpaceX rocket from Cape Canaveral in Florida, will pave the way towards quantum communication via a nanosatellite, Tel Aviv University reported on Wednesday.

If you deal with Web Performance, youâ€ve probably heard about HTTP resource prioritization. This is especially true since last year, as Chromium added so-called “Priority Hints” with the new fetchpriority attribute, which allow you to tweak said prioritizations.

Last Fall, SpaceX broadened the definition of Gen2 to include three configurations, designated F9-1, F9-2, and Starship.

eBPF brought with it a vast amount of software, including software-defined networking (SDNs), observability projects, and security-based software.

Historically, the only option to connect processor cores and memory have been proprietary interconnects such as InfiniBand, PCI Express and other protocols that connect compute clusters with offloads but for the most part that wonâ€t work with AI and its workload requirements.

Over the next few months, we found as many car-related vulnerabilities as we could. The following writeup details our work exploring the security of telematic systems, automotive Continue reading

Hedge 161: Going Dark with Geoff Huston

Encrypt everything! Now! We don’t often do well with absolutes like this in the engineering world–we tend to focus on “get it down,” and not to think very much about the side effects or unintended consequences. What are the unintended consequences of encrypting all traffic all the time? Geoff Huston joins Tom Ammon and Russ White to discuss the problems with going dark.

download

Weekend Reads 010623

Undersea cables between the U. S. and Cuba have long been intertwined with politics.

People like to tout NISTâ€s SP 800-207 [Zero Trust Architecture] as the hot new thing, but the fact is, zero trust network models have been around for over a decade.

As Russian ground troops prepared to enter Ukraine in February 2021, Ukrainian governmental departments, online media organizations, financial firms, and hosting providers were slammed with a surge of distributed denial-of-service (DDoS) attacks.

Prosecutors said the five IT officials of the public administration department had failed to check the security of the system and update it with the most recent antivirus software.

What exactly is the edge? What makes something an edge appliance? These are trickier questions than you might think, and depending on who you ask — and honestly, what theyâ€re trying to sell you — the answers can vary wildly.

Youâ€ve likely been hearing about the World Wide Web Consortiumâ€s (W3C) Web Authentication (WebAuthn) and considering whether youâ€re ready to implement it in your environment.

In this episode of PING, Luuk Hendricks and Willem Toorop from NLNet Labs discuss applying Express Data Path (XDP) to the DNS protocol.

A recent Continue reading

Hedge 160: Avishai Ish-Shalom and Jurassic Cloud

Cloud might seem shiny and new—but that’s just the way it looks on the outside. Most cloud services are still built on decades old technology, from networking to file access. Avishai Ish-Shalom joins Tom Ammon and Russ White to discuss the impact of changes in hardware on the design of operating systems, and think through how things will need to change to continue the drive for more performance.

download

original article on USENIX here

2022 Working Environment

The change of the year is always a good time to reflect. This year I’ve made major changes in my physical environment by reshaping many of the things about this house we recently moved to in Knoxville. Besides ripping out the entire kitchen, replacing all the floors, and reworking the fireplace, it was a good chance to rethink the office I work in every day. I’m rather persnickety about the lighting, layout, and tools I use (although a lot of people still think I’m crazy for using fairly standard tools, like Word, for writing).

This is my space, pretty much—

I use an adjustable height desk where I’m either leaning or standing—if I want to sit to read something, I normally grab a tablet and sit in the red chair off to the side, or even go someplace else in the house. I prefer not to read on my main computer screen most of the time. I normally keep ambient light to a minimum, and turn my monitor brightness down to pretty minimal, as well—below 20%.

I’m currently running an LG 38in curved monitor. I don’t game, so I care a lot more about resolution than refresh rate, etc. My Continue reading

Hedge 159: Roundtable on SONiC, Antipatterns, and Resilience through Acquisition

In this last episode of 2022, Tom, Eyvonne, and Russ sit around and talk about some interesting things going on in the world of network engineering. We start with a short discussion about SONiC, which we intend to build at least one full episode about sometime in 2023. We also discuss state and antipatterns, and finally the idea of acquiring another company to build network resilience.

download

Weekend Reads 121622

Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2022 closed with 349.9 million domain name registrations across all top-level domains, a decrease of 1.6 million domain name registrations, or 0.4%, compared to the second quarter of 2022.

Since 2019, unpatched ESXi servers have been targets of ongoing in-the-wild attacks based on two vulnerabilities in the ESXiâ€s OpenSLP service: CVE-2019-5544 and CVE-2020-3992.

In many cases, once a high-risk security vulnerability has been identified in a product, a bigger challenge emerges: how to identify the affected component or product by its assigned name in the National Vulnerability Database (NVD).

A developer’s cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you’re installing.

Hashing is one of the pillars of cybersecurity. From securing passwords to sensitive data, there are a variety of use cases for hashing.

Cloud gaming needs wide access to 5G networks to thrive. Performance requirements for streaming the latest AAA titles on mobile devices are already high and Continue reading

Hedge 158: The State of DDoS with Roland Dobbins

DDoS attacks continue to be a persistent threat to organizations of all sizes and in all markets. Roland Dobbins joins Tom Ammon and Russ White to discuss current trends in DDoS attacks, including the increasing scope and scale, as well as the shifting methods used by attackers.

download

Thoughts On Switch Failures

What can we learn from a Microsoft study of switch failures in its data centers? Hardware failures are more common that software failures, the law of large numbers can overwhelm your resiliency and redundancy planning, and open-source software can be admirably robust.

The post Thoughts On Switch Failures appeared first on Packet Pushers.

Controversial Reads 121022

Simply put, we have been right all along, and we now have the conflicting circuit court precedent to prove it. The Supreme Court needs to consider the Fourth Circuitâ€s arguments and address this split between circuits.

Do we let Big Tech have access to our private communications and free email accounts because itâ€s so easy? Once youâ€ve said yes — and who among us has not? — itâ€s not a stretch to think that Big Data already has almost all your information, so why get picky at the next juncture?

Internet infrastructure services—the heart of a secure and resilient internet where free speech and expression flows—should continue to focus their energy on making the web an essential resource for users and, with rare exceptions, avoid content policing.

Then Elon announced Apple, the most powerful company in the world, threatened to remove Twitter from the app store.

A California judge has cleared the way for a potentially massive class-action lawsuit against Google, which stands accused – again – of anticompetitive practices surrounding its Play store.

There is a growing trend in American culture of what the literary theorist Peter Brooks calls “storification.”

Targeted advertisingâ€s days Continue reading

Weekend Reads 120922

In this article, I will explain how SSHFP DNS records can help mitigate such risks and share the results of our large-scale analysis.

A vulnerability in IBM Cloud databases for PostgreSQL could have allowed attackers to launch a supply chain attack on cloud customers by breaching internal IBM Cloud services and disrupting the hosted system’s internal image-building process.

Amazon Web Services has signaled that the future of cloud computing cannot rely alone on general-purpose chips with its new Graviton3E silicon, joining AMD and Intel in introducing specialized central processing units that are meant to perform certain applications faster and more efficiently.

A recent statement from Italyâ€s data protection authority, the Garante, opens a new chapter in the never-ending story of profiling cookies.

While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.

Biometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and the only universally positive thing to say about them is they’re better than nothing.

Geolocation providers usually focus on locating end user devices at Continue reading

Hedge 157: Vendor Lock-in with Frank Seesink

Vendor lock-in has been an issue in networking for the entire time I’ve been working in the field—since the late 1980s. I well remember the arguments over POSIX compliance, SQL middleware standards, ADA, and packet formats. It was an issue in electronics, which is where I worked before falling into a career in computer networks, too. What does “vendor independence” really mean, and what are the ways network operators can come close to having it? Frank Seesink joins Russ White and Tom Ammon to rant about—and consider—solutions to this problem.

download

Hedge December 22 Update

The Hedge December update contains information about upcoming episodes and training—listen in for the inside scoop!

download