Merry Christmas 2017

I won’t be publishing anything here from the 25th through the 29th, so the next post here will be next year, in 2018.

Weekend Reads 122217

Because this is the last “weekend reads” of the year, I’m supersizing it, and including a few articles at the end on culture I found interesting. The majority of the other stories relate to security, as always.

San Diego, Calif., Dec. 12, 2017 — Computer scientists have built and successfully tested a tool designed to detect when websites are hacked by monitoring the activity of email accounts associated with them. The researchers were surprised to find that almost 1 percent of the websites they tested had suffered a data breach during their 18-month study period, regardless of how big the companies’ reach and audience are. “No one is above this—companies or nation states— it’s going to happen; it’s just a question of when,” said Alex C. Snoeren, the paper’s senior author and a professor of computer science at the Jacobs School of Engineering at the University of California San Diego. —UC San Diego

GPS has become such an ingrained part of our culture that many of us don’t even think about it anymore. If you want to go check out a new restaurant but don’t know where it is, search for it in Google Maps. Want to map your running route? There are tons of apps that use GPS to do that. Don’t want to be tracked at all? Just turn GPS off. But, what if I told you that you could be tracked without using GPS? What if there was a way for an app to narrow down exactly where you are, how fast you’re traveling, and what kind of vehicle you’re in— all without accessing your GPS location or you being aware? That’s pretty scary, right? —Android Authority

In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store. —Krebs on Security

Only a few years ago, DDoS attacks targeted certain industries, gaming and finance being at the top of the list. What’s changed is the consistent drumbeat of attacks. Today, they are pervasive, impacting businesses of all sizes, across all industries and geographies. The driver for this remains the ready availability of free attack tools that can turn anyone with an internet connection and a grudge into a DDoS attacker. The bull market in DDoS attack services is also a significant factor. —Arbor

Section 1201 of the Digital Millennium Copyright Act (DMCA 1201) gives device manufacturers a legal tool to keep you from understanding and modifying the things you buy. While DMCA 1201’s stated goal was to prevent copyright infringement by punishing people for breaking the technological mechanisms companies put on their material to protect it, the law has been used against artists, researchers, technicians, and users, even when the reasons why they were trying to circumvent digital locks were completely lawful. —EFF

In the days of shrink-wrapped software, customers had no option but to provide perimeter security — firewalls, intrusion detection, antivirus, web application firewalls — since they had no access to proprietary source code, he explained. In 15 years in the security industry, most recently at FireEye, where he was seeing about 100,000 new pieces of malware a day, reacting to threats doesn’t make sense in an environment where development teams are releasing software multiple times a day. —The New Stack

For IT conference speakers, making an offering to the Demo Gods has become almost customary, a ritual that reinforces the hope that their barely-functioning prototype will dazzle onlookers without crashing and leaving them proverbially naked in front of the audience. No one, however, has ever had a tighter relationship with these demo deities than Douglas Engelbart, who on Dec. 9, 1968, laid out a long view of the future of computing in an astounding set of demos, one that included the mouse, Google Docs, the internet, and video conferencing. Engelbart and the work of his team laid out the path forward for all of the software, years before Xerox PARC even existed. —The New Stack

It is often said that California foretells the nation’s future. If so, we should really be worried about the cost of living. Wednesday’s New York Times ran an article about California that was candid about the high cost of living there although opaque about the reasons for it. It recognized that in the last seven years the state has lost more than two million people over twenty five years old to other states. And the reasons for fleeing many give is the cost of living with the largest number going to Texas, a state renowned for a low cost of living. —Liberty Law Site

In a world of serial storytelling, characters commonly outlive the actors who play them. Makers of film and television find ways to respond to the death of an actor, from recasting a role without comment (like Dumbledore in the Harry Potter films) to making the changeover of lead actors a central motif of a series (the Doctor in Doctor Who). Disney pioneered a new response in its latest Star Wars movie: resurrecting a deceased actor to reprise a role from beyond the grave. The technology on display here is impressive. But it both denigrates the craft of acting and violates the dignity of the human body by treating it as a mere puppet. —The New Atlantis

How do we make sense of our political moment? There has been no dearth of commentary on the meaning of the 2016 American presidential election and its political aftermath. Pundits, scholars, and others have expressed alarm about the degree of fragmentation and polarization, the increase in vulgarity in political discourse and the loss of political civility, the weakening of traditional international alliances, the abuse of basic ethics in governing, and the resurgence of nativism, populism, isolationism, and nationalism, all of which could encourage authoritarian behavior among those in or seeking power. There are good reasons to be uneasy. —The Hedgehog Review

On the ‘net: Just Two Switches?

Deploying two switches provided by a vendor seems, on the surface, to be a very simple solution. The vendor’s solution is going to provide a strong suite of vertically integrated solutions, such as layer 2 overlays and link aggregation. There will only be two devices to manage, as well, which (probably) means less chance for having more than one version of code, one set of CLI commands to master. In fact, there is likely a vendor based solution at this scale that can be reduced to a “GUI and a wizard”—a simple to automate, vendor driven architecture that will reduce costs by removing the need for engineers, which can be replaced with a few administrators and the occasional visit from a consultant or vendor representative. —Search Networking

Do We Really Need a New BGP?

From time to time, I run across (yet another) article about why BGP is so bad, and how it needs to be replaced. This one, for instance, is a recent example.

cross posted at APNIC and CircleID

It seems the easiest way to solvet this problem is finding new people—ones who don’t make mistakes—to work on BGP configuration, building IRR databases, and deciding what should be included in BGP? Ivan points out how hopeless of a situation this is going to be, however. As Ivan says, you cannot solve people problems with technology. You can hint in the right direction, and you can try to make things a little more sane, and a little less complex, but people cannot be fixed with technology. Given we cannot fix the people problem, would replacing BGP itself really help? Is there anything we could do to make things better?

To understand the answer to these questions, it is important to tear down a major misconception about BGP. The misconception?

BGP is a routing protocol in the same sense as OSPF, IS-IS, or EIGRP.


BGP was not designed to be a routing protocol in the way other protocol were. It was designed to provide a loop free path through a series of independently operated networks, each with its own policy and business goals. In the sense that BGP provides a loop free route to a destination, it provides routing. But the “routing” it provides is largely couched in terms of explicit, rather than implicit, policy (see the note below). Loop free routes are not always the “shortest” path in terms of hop count, or the “lowest cost” path in terms of delay, or the “best available” path in terms of bandwidth, or anything else. This is why BGP relies on the AS Path to prevent loops. We call things “metrics” in BGP in a loose way, but they are really explicit expressions of policy.

Consider this: the primary policies anyone cares about in interdomain routing are: where do I want this traffic to exit my AS, and where do I want this traffic to enter my AS? The Local Preference is an expression of where traffic to this particular destination should exit this AS. The Multiple Exit Disciminator (MED) is an expression of where this AS would like to receive traffic being forwarded to this destination. Everything other than these are just tie breakers. All the rest of the stuff we do to try to influence the path of traffic into and out of an AS, like messing with the AS Path, are hacks. If you can get this pair of “things people really care about” into your head, the BGP bestpath process, and much of the routing that goes on in the DFZ, makes a lot more sense.

It really is that simple.

How does this relate to the problem of replacing BGP? There are several things you could improve about BGP, but automatic metrics are not one of them. There are, in fact, already “automatic metrics” in BGP, but “automatic metrics” like the IGP cost are tie breakers. A tie breaker is a convenient stand-in for what the protocol designer and/or implementor thinks the most natural policy should be. Whether or not they are right or wrong in a specific situation is a… guess.

What about something like the RPKI? The RPKI is not going to help in most situations where a human makes a mistake in a transit provider. It would help with transit edge failures and hijacks, but these are a different class of problem. You could ask for BGPsec to counter these problems, of course, but BGPsec would likely cause more problems than it solves (I’ve written on this before, here, here, here, here, and here, to start; you can find a lot more on rule11 by following this link).

Given replacing the metrics is not a possibility, and RPKI is only going to get you “so far,” what else can be done? There are, in fact, several practical steps that could be taken.

You could specify that BGP implementations should, by default, only advertise routes if there is some policy configured. Something like, say… RFC8212?

Giving operators more information to understand what they are configuring (perhaps by cleaning up the Internet Routing Registries?) would also be helpful. Perhaps we could build a graph overlay on top of the Default Free Zone (DFZ) so a richer set of policies could be expressed, and policies could be better observed and understood (but you have to convince the transit providers that this would not harm their business before this could happen).

Maybe we could also stop trying to use BGP as the trash can of the Internet, throwing anything we don’t know what else to do with in there. We’ve somehow forgotten the old maxim that a protocol is not done until we have removed everything that is not needed. Now our mantra seems to be “the protocol isn’t done until it solves every problem anyone has ever thought of.” We just keep throwing junk at BGP as if it is the abominable snowman—we assume it’ll bounce when it hits bottom. Guess what: it’s not, and it won’t.

Replacing BGP is not realistic—nor even necessary. Maybe it is best to put it this way:

  • BGP expresses policy
  • Policy is messy
  • Therefore, BGP is messy

We definitely need to work towards building good engineers and good tools—but replacing BGP is not going to “solve” either of these problems.

P.S. I have differentiated between “metrics” and “policy” here—but metrics can be seen as an implicit form of policy. Choosing the highest bandwidth path is a policy. Choosing the path with the shortest hop count is a policy, too. The shortest path (for some meaning of “shortest”) will always be provably loop free, so it is a useful way to always choose a loop free path in the face of simple, uniform, policies. But BGP doesn’t live in the world of simple uniform policies; it lives in the world of “more than one metric.” BGP lives in a world where different policies not only overlap, but directly compete. Computing a path with more than one metric is provably at least bistable, and often completely unstable, no matter what those metrics are.

P.P.S. This article is a more humorous take on finding perfect people.

Weekend Reads 121517

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology. —Krebs on Security

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate. —Krebs on Security

As the European Union General Data Protection Regulations (GDPR) looms, a privacy stripping email setting continues in widespread use around the world. It threatens sensitive communications that containing personally-identifiable information, intellectual property, financial information, and your most intimate photos. —Free Code Camp

This week, the Supreme Court will hear a case with profound implications on your security and privacy in the coming years. The Fourth Amendment’s prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our computerized and networked world. The Supreme Court can either update current law to reflect the world, or it can further solidify an unnecessary and dangerous police power. —Schneier on Security

It is true, as both Mendelsohn and Connolly state, that video is a far more powerful medium to deliver information. In that truth, though, lies a grave danger. It is far easier to manipulate the emotions through video than it is through the written word. Video conveys information through something akin to osmosis, the recipient need only to open his eyes and ears for the information transfer. Reading, on the other hand, requires an active participant, it demands the recipient of information think through and imagine the arguments or story, and to digest the meaning over time. —Intellectual Takeout

It is the mixture of private and communal property that is of interest. Aristotle writes that systems that take the best from both private and collective ownership are “already present in outline form in some city-states, which implies that it is not impracticable.” He mentions Sparta particularly, including a provision for collective property providing “when on a journey in the countryside, they may take what provisions they need from the fields.” —Law and Liberty