Weekend Reads 101521


Russia is the source of the lion’s share of nation-state cyberattacks Microsoft has observed in the past year (58%), followed by North Korea (23%), Iran (11%), China (8%), and South Korea, Vietnam, and Turkey all with less than 1% representation, a new pool of data reveals.


Equinix has been testing the use of liquid cooling in its data centers, and hopes to use the technology in its Equinix Metal service to create a high-density, energy efficient computing platform.


As a rule, the English term “computer” and the equivalent German term “Rechner” describe calculating machines. But until the middle of the 20th century, computers were, in fact, humans who performed calculations.


The job-killing robots are almost at the door, we are told, mere moments away from replacing the last traces of human inefficiency and heralding the dawn of a world without work.


The technological breakthroughs and intelligence superiority of the Israel Defense Force’s Unit 8200 position it, and Israel, as a world leader, at the same level as the United States, Russia, or China.


New PCIe 6.0 technology is in the works, and according to nonprofit electronics industry consortium PCI-SIG, it’s in the final draft stages.


Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network.


An industry group calling itself 5G Americas has published a whitepaper that touts the advantages of a smart auto grid powered by 5G and the C-V2X technology.


It’s coming towards the end of 2021 already, which means it’s nearly time again for one of my favourite Internet quirks: A DNSSEC Key Signing Key (KSK) Ceremony, number 43 to be exact.


Across every industry, competition, reputation and customer satisfaction are all impacted by experience. And for most organizations, the network plays a significant role in determining the level and type of service that they can provide.


Thunderbolt 4 technology is still relatively new, but Intel is already working on its successor: Thunderbolt 5 (or whatever Intel decides to call it).


For years, it restricted its G-Sync variable refresh rate technology to monitors that included a dedicated (and costly) proprietary module, instead of adopting the open-source FreeSync developed by AMD.


The important thing to understand about a certificate graph is that the boxes represent entities (meaning an X.500 Distinguished Name and public key).


Despite a dramatic increase in ransomware attacks, enterprise storage and backup environments have a dangerously weaker security posture than the compute and network layers of the IT infrastructure, new research shows.


On Sept. 30, a root certificate provided by digital certificate authority (CA) Let’s Encrypt expired, meaning that the tens of millions of websites and devices that used the cert had to have updated to a new root before then — or run into problems.

Posted in WEEKEND READS

Hedge 104: Automation with David Gee

Automation is often put forward as the answer to all our problems—but without a map, how can we be certain we are moving in the right direction? David Gee joins Tom Ammon and Russ White on this episode of the Hedge to talk about automata without a map. Where did we come from, what are we doing with automation right now, and what do we need to do to map out a truly better future?

download

Posted in HEDGE, LONG AUDIO

Live Stream: The Journey to Architect

On Thursday the 19th of October at 1PM ET, I’ll be joining Keith Bogart for the em>INE Live live stream. You can find the details on their web site.

In this session, Keith Bogart will interview prolific author and Network Architect, Russ White Ph.D. One of only a handful of people who have attained CCAr status, Russ White has authored several books such as “Practical BGP”, “The Art of Network Architecture” and “Computer Networking Problems And Solutions”. During this session we’ll find out about his journey to becoming a Network Architect and how his passion for technology can inspire you!

Posted in SCHEDULE

Weekend Reads 100821

first, a few interesting stories on the facebook outage


Facebook says that a configuration error broke its connection to a key network backbone, disconnecting all of its data centers from the Internet and leaving its DNS servers unreachable, the company said.


Following the Facebook outage that took place on 4 October, we saw people looking to BGPlay to get a better view of what went on. Here’s a look at what the RIPEstat visualisation has to show us about the event in question.


On October 4th Facebook managed to achieve one of the more impactful of outages of the entire history of the Internet, assuming that the metric of “impact” is how many users one can annoy with a single outage. In Facebook’s case the 6-hour outage affected the services it provides so some 3 billion users, if we can believe Facebook’s marketing hype.


But surely the bigger lesson is that we are all too dependent on too few Really Big providers. EU Competition Commissioner told Reuters “Facebook’s (FB.O) six-hour outage the previous day shows “the repercussions fn relying on just a few big players and underscores the need for more rivals.”

and other stories, as usual


Email is the most popular vector through which to initiate successful cyberattacks. Statistics indicate that anywhere between 90% and 95% of all such attacks involve email, whether to deliver malware, to hoodwink a user into visiting a website from which ransomware will be downloaded, or simply to imitate a CEO or CFO and demand that a multimillion-dollar payment be expedited forthwith.


It looked like a calculator app. But it was actually spyware recording my every keystroke — the type of data that would give a stalker unfettered access to my private life.


Many organizations lag in patching high-severity vulnerabilities, according to a new study that reveals more than 50% of servers scanned have a weak security posture weeks and months after a security update is released.


In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.


Nvidia revealed a new feature coming to RTX 2000 and RTX 3000 graphics cards called DLAA.


Bad actors have accelerated their purchase of domains that look similar to the brands of the largest 2,000 companies in the world, with 60% of such domains registered to risky third parties, not the companies themselves,.


By declaring that they are in line with the chosen security standard, businesses can demonstrate much higher credibility when faced with stakeholders, insurance providers, potential clients, and potential partners. This is just one of many benefits that come with achieving standards.


On Tuesday, D-Wave released its roadmap for upcoming processors and software for its quantum annealers. But D-Wave is also announcing that it’s going to be developing its own gate-based hardware, which it will offer in parallel with the quantum annealer.


Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years.


While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk.


Most people only ever give common vulnerabilities and exposures (CVEs) a passing glance. They might look at the common vulnerability scoring system (CVSS) score, determine whether the list of affected products is a concern for them, and move on.

Posted in WEEKEND READS

Hedge 103: BGP Security with Geoff Huston

Our community has been talking about BGP security for over 20 years. While MANRS and the RPKI have made some headway in securing BGP, the process of deciding on a method to provide at least the information providers need to make more rational decisions about the validity of individual routes is still ongoing. Geoff Huston joins Alvaro, Russ, and Tom to discuss how we got here and whether we will learn from our mistakes.

download

Posted in BGP, HEDGE, LONG AUDIO, SECURITY