or perhaps the friday fifteen …
Injection of counterfeit electronics into the market is only a subset of vulnerabilities that exist in the global IC supply chain. Other types of attacks include trojans built into the circuitry, piracy of intellectual property, and reverse engineering.
2020 saw governments on three continents take action against the dominance of the biggest tech platforms, with a flurry of pro-competition rules, investigations and lawsuits. As exciting as this is, it’s just the beginning.
Defining and measuring programmer productivity is something of a great white whale in the software industry. It’s the basis of enormous investment, the value proposition of numerous startups, and one of the most difficult parts of an engineering manager or CTO’s job description.
On August 10 and 11, 2016, Mansoor received an SMS text messages on his iPhone promising “new secrets” about detainees tortured if he clicked on an included link. Instead of clicking, Mansoor sent the messages to the Canadian Citizen Lab researchers.
This switch to public resolvers is driven by the fact that they offer services beyond just resolving a DNS request, like malware filtering or privacy protections like DNS-over-HTTPS that aren’t offered by ISP resolvers.
But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it.
One of the software success stories of the COVID-19 pandemic era has been videoconferencing service Zoom. Despite already existing in a crowded field of both startups and mature competitors, Zoom became a household name for anyone stuck at home to avoid the coronavirus. But as Zoom boomed, so did Dark Web sales of zero-day vulnerabilities in its software.
these last three are in the political/policy realm, and hence may be a bit controversial
The internet is in crisis, and you can lead your organization to help solve the problem. You’ll be well compensated, and you’ll enjoy massive public relations benefits. I fear that if you don’t, global governments will force your hand.
But if somebody would have expected that the Covid-19-Desaster is a wake-up call for the world to be more united, work hand in hand, and pool resources reducing risks of a borderless threat, this “somebody” was wrong
In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory Thursday “Detecting Abuse of Authentication Mechanisms.” This advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud.
Data analytics isn’t just for large organizations anymore. As businesses and community collectives increasingly move their operations into digital spaces, the vast amounts of data being collected pose an opportunity for them to get to know their stakeholders better.
In one of his most famous studies, 54 volunteers were served tomato soup. Half were served from normal bowls and half from “bottomless bowls” which had hidden tubes that imperceptibly refilled the bowls.
For all its breadth, depth, and skillful insertion via the supply chain, the latest hack of critical departments of the U.S. government—and of many leading corporations from around the world — should come as no surprise.
Let’s face it–Most enterprises aren’t building their own Internet of Things (IoT) systems. Very few organizations have the scale to develop and deploy IoT devices of their own in their environments — the hardware tends to be specialized, most of the software doesn’t look like the stuff their corporate horde of Java developers use to write code, and there just isn’t enough value for risky projects like that to make sense.
The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks.
The May 2017 WannaCry ransomware attack caused a great deal of damage across Europe and Asia, wreaking particular havoc with Britain’s National Health Service. The attack exploited a Microsoft Windows vulnerability that had been discovered and exploited by the U.S. National Security Agency.
Over the last few years, the idea of patching systems to correct flaws has graduated from an annoying business disruption to a top priority. With all of the notorious vulnerabilities that can wreak total havoc, the time it takes to patch becomes a minor inconvenience when weighed against both the technical challenges and possible regulatory penalties of not patching.
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.
On December 31, Flash died. Adobe stopped updates and now recommends you uninstall it. This end has been a long time coming—since June 2017, officially; unofficially, since April 2010, when Apple’s Steve Jobs announced that Flash would not run on the iPhone.
If you’re reading this, you might have read the juicy piece that Elle dropped this weekend chronicling how a former Bloomberg reporter torched her entire career after falling for the longtime subject of her reporting—professional-tool-turned-convicted-securities-fraudster Martin Shkreli. And if you know about that article, you probably know about The Ad.
Internet Society Chapters in Europe are warning the European Commission that its recent plea for Member States to help find ways to access encrypted communications could make millions of citizens and countries more vulnerable to harm and terrorism online.
Every Christmas season the Mozilla Foundation reviews a list of IoT devices that do not protect privacy. It seems like almost anything we buy today that includes electronics also connects to the Internet.
You have probably heard the saying: “If you are not paying for the product, you ARE the product”. Nowhere is this more acute than on the internet when our personal data is collected, analyzed and used to persuade us to buy products or ideas, many times without our explicit knowledge or permission.
Due to its growing popularity, identifying which addresses are anycasted and from where they are announced is becoming fundamentally important to provide a more accurate assessment of the Internet’s resilience.
Privacy plays an important part in the development of NLnet Labs products. For Unbound this manifests itself by being in the front line of the development of privacy preserving features like QNAME minimization, auth-zones, and DNS-over-TLS (DoT).
The 2020 (ISC)2 Cybersecurity Workforce Study looks at the effect of this transition to remote work and how organizations have fared. It also analyzes the impact of the pandemic and the resultant transition to remote work on cybersecurity professionals.
Our recent annual surveys found that racks with densities of 20 kW and higher are becoming a reality for many data centers (we asked about highest rack density) — but not to the degree forewarned. Year-over-year, most respondents said their highest density racks were in 10-19 kW range, which is not enough to merit wholesale technical changes.
Domain spoofing is a very common form of a security breach wherein a cybercriminal tries to impersonate a company’s business email domain to carry out a range of malicious activities by forging the sender’s address.
Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password.
One of these questions was posed first to DNS resolver operators in the middle of the last decade, and is now being brought to authoritative name server operators: “to encrypt or not to encrypt?” It’s a question that Verisign has been considering for some time as part of our commitment to security, stability and resiliency of our DNS operations and the surrounding DNS ecosystem.
Chances are, by now you have heard about the controversy surrounding TikTok, the popular social media video app. The controversy stems from allegations that TikTok complies with Chinese Communist Party’s request to provide user data for purposes of surveillance and intelligence gathering. And yes, that data is purported to include US user data.
Large-scale phishing attacks remain a key threat to Internet users and organizations, both due to the direct harm these attacks can cause, such as identity theft or account compromise, and other collateral damage, such as risks due to password reuse across services or simply the necessity of mitigations.
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system.
In their report “Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?,” for instance, Siemens and the Ponemon Institute found that 64% of respondents considered sophisticated attacks against the utilities sector a top challenge. Slightly less than that (54%) said that they expected an attack on CNI would occur in the next year.
The Open Platform Communications Unified Architecture (OPC UA) protocol is a prime candidate for secure future industrial communication. While the protocol’s security features are widely attested, it requires extensive configuration to achieve the promised security level.
You’ve probably heard about the new Man in the Middle (MITM) vulnerability in Kubernetes. If you’re unfamiliar, a MITM vulnerability works by redirecting a victim’s legitimate network traffic through a secret attacker on the network, where the attacker can eavesdrop or actively tamper with the victim’s data before sending it to its intended destination.
The easiest way to understand the concept is with an example. Consider a passive optical fiber network where up to 32 homes share the same neighborhood fiber. In the most common GPON technology, the customers on one of these neighborhood nodes (called a PON) share a total of 2.4 gigabits of download data.
The push to develop and deploy applications faster has evolved from simply a goal for developers to a business-level priority that affects every organization’s bottom line. To meet this goal, companies have begun to de-silo development, operations, and security, moving toward a DevSecOps model to deliver
In a survey of 603 free and open source software (FOSS) contributors, the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard University (LISH) discovered that the average FOSS developer only spent 2.3% of their time on improving the security of their code.
Chris Lewis joins EFF hosts Cindy Cohn and Danny O’Brien as they discuss how our access to knowledge is increasingly governed by click-wrap agreements that prevent users from ever owning things like books and music, and how this undermines the legal doctrine of “first sale” – which states that once you buy a copyrighted work, it’s yours to resell or give it away as you choose.
Exfiltration is the action of exporting sensitive data out of the network by connecting to an external destination and/or using covert channels. The latter is commonly used to exfiltrate information while being undetected or avoid any measure in place to stop the migration of data.
In our previous post we discussed the changes to the Registration Data Access Protocol (RDAP) architecture to scale to multiple cloud deployments to improve round-trip-times (RTT) by dynamically steering traffic to the Google Cloud Platform (GCP) Kubernetes cluster closest to the request.
In April 2020, APNIC announced the initial release of Registration Data Access Protocol (RDAP) to the cloud using the Google Cloud Platform (GCP) in the Sydney region. Today, we’d like to announce the expansion of this service to a multi-regional cloud deployment with the addition of new Google Kubernetes Engine (GKE) clusters hosting RDAP in Singapore and North Virginia.
Hey, did you get that sketchy email? You know, the one from that malicious hacker trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh.
A couple of vulnerabilities that a security researcher from China-based Singular Security Lab disclosed at this week’s Black Hat Europe 2020 virtual event has highlighted once again why it’s dangerous for organizations to underestimate the threat from old, overlooked bugs in commonly used software products.
If you live in a city where AT&T is the incumbent telephone company, the chances are high that the cable company is now a broadband monopoly. Unless some other ISP is building fiber, you no longer have a choice of broadband provider – it’s the cable company or nobody. When AT&T announced that it is no longer connecting DSL customers as of October 1, the company has fully ceded its historic telephone properties to its cable company competitors.
Amazon Web Services has begun designing its own rack-level uninterrupted power supply (UPS) units for its data centers, a move that will dramatically improve the power efficiency of its cloud computing operations, the company said this week.
Millions of Americans have spent this year working from home, and employers have realized just how smoothly things can get done when they trust their staff to work remotely. But for those fortunate enough to work from home, will COVID-19 have a lasting effect on how we do our jobs? Or will millions of commuters return to cities if and/or when vaccines are made available?
Consumers in the U.S. face an infuriating lack of transparency when it comes to purchasing broadband services. Bills are convoluted, featuring complex pricing schemes. Roughly 7 in 10 U.S. adults surveyed by Consumer Reports who have used a cable, internet, or phone service provider in the past two years said they experienced unexpected or hidden fees. Unsurprisingly, 96 percent of those who had experienced hidden fees found them annoying.
The first part of this report on the handling of large DNS responses looked at the behaviour of the DNS, and the interaction between recursive resolvers and authoritative name servers in particular and examined what happens when the DNS response is around the Internet’s de facto MTU size of 1,500 octets.
Figure 1 depicts measured last-mile queuing delay for two major ISPs, Comcast in the US (AS7922) and NTT OCN in Japan (AS4713). The x-axis shows the time of the day (UTC) and the y-axis is the median last-mile queuing delay in milliseconds.
Google used to have a simple motto: Don’t be evil. Now, with the firing of a data scientist whose job was to identify and mitigate the harm that the company’s technology could do, it has yet again demonstrated how far it has strayed from that laudable goal.
In one form or another, C has influenced the shape of almost every programming language developed since the 1980s. Some languages like C++, C#, and objective C are intended to be direct successors to the language, while other languages have merely adopted and adapted C’s syntax. A programmer conversant in Java, PHP, Ruby, Python or Perl will have little difficulty understanding simple C programs, and in that sense, C may be thought of almost as a lingua franca among programmers.
This is a rather oversized edition of the weekend reads… because I seem to have saved up a lot more links than usual.
There comes a time in every developer’s life (or daily routine, we’re not here to judge) where they have to go and fix a bug. Back in the days when I used to be a developer, I distinctly remember how each time I would go face to face with a bug, my favorite method to fix it was to add log lines. I mean, why not, right?
Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US.
The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn’t look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad and MS paint.
Cybersecurity may be far from many of our minds this year, and in light of a pandemic and catastrophic economic disruption, remembering to maintain our own personal privacy and security online isn’t necessarily a priority.
The Tor anonymity network has generated controversy almost constantly since its inception almost two decades ago. Supporters say it’s a vital service for protecting online privacy and circumventing censorship, particularly in countries with poor human rights records. Critics, meanwhile, argue that Tor shields criminals distributing child-abuse images, trafficking in illegal drugs, and engaging in other illicit activities.
Phishing websites rely on camouflage. They need to mimic the real websites as closely as possible, so they can trick people into providing their login information. But there are differences between genuine and fake websites, which can be used to detect them.
Juniper Threat Labs is seeing active attacks on Oracle WebLogic software using CVE-2020-14882. This vulnerability, if successfully exploited, allows unauthenticated remote code execution. As of this writing, we found 3,109 open Oracle WebLogic servers using Shodan.
Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform functions can be hacked by light.
Driven by PC gaming, pandemic upgrading and potentially cryptocurrency miners, GPU units hit a healthy 13.4-percent increase in sales over the previous quarter, respected graphics analyst firm Jon Peddie Research said in a report released Tuesday.
Let me be direct: We should be happy that this software, one of the worst ever to plague our lives from a security perspective, is going away, and at the same time, Flash was not a fluke. Security has come a long way, but the ecosystem that allowed Flash to become a software security serial killer still exists and is ready to let it happen again. This time, the stakes are infinitely higher.
The joys of researching and building computing systems are manifold and very individualized. They come at various stages of the whole process. The initial rush when you think you have the germ of a new idea. That rush is a tremendous rush, no matter how many times one has had it. The rumination of the idea adds to the joy … so it is not simply a momentary rush.
A pair of researchers will demonstrate at Black Hat Europe next week how they were able to bypass ML-based, next-generation anti-malware products. Unlike previous research that reverse-engineered the next-generation endpoint tool — such as Skylight’s bypass of Cylance’s endpoint product in 2018 — the researchers instead were able to cheat the so-called static analysis malware classifiers used in some next-gen anti-malware products without reverse engineering them.
Here’s the scenario: A state-sponsored attacker uses a zero day to breach the environment. This foothold lets him run previously unknown, fileless attacks originating from an exploited process. Fortunately, his evil plan is foiled by our next-generation, AI-powered security tool that detected and prevented it in nanoseconds!
In this post, we analyse the hardware that they use to connect to IXPs. We investigate 24 IXPs distributed across fifteen countries, from the EU, US, Africa and Brazil, which together interconnect more than six thousand IXP members. Our goal is to determine if there is market dominance by the some of the hardware vendors among IXP members.
First introduced back in 2005, SP 800-53 has gone through five revisions since its initial release. The fourth revision, released in 2013, featured updated security controls and focused on topics such as insider threats, software security, mobile devices, supply chain security, and privacy. Revision four also gave us the now familiar “eighteen control families,” which have been adopted by numerous federal agencies as well as the private sector.
Over the years, cybercriminals have grown more sophisticated, adapting to changing business practices and diversifying their approaches in non-traditional ways. We have seen security threats continue to evolve in 2020, as many businesses have shifted to a work from home posture due to the COVID-19 pandemic. For example, the phenomenon of “Zoom-bombing” video meetings and online learning sessions had not been a widespread issue until, suddenly, it became one.
When I started writing about science decades ago, artificial intelligence seemed ascendant. IEEE Spectrum, the technology magazine for which I worked, produced a special issue on how AI would transform the world. I edited an article in which computer scientist Frederick Hayes-Roth predicted that AI would soon replace experts in law, medicine, finance and other professions.
Because of the fact that even when all RTR servers die simultaneously we still fail safely (falling back to NotFound), a common misconception is that the entire software stack is completely fail-safe and no harm can be done when some of it fails. Because of this, a network operator may arrive at the erroneous conclusion that neither redundancy nor monitoring is really required (or a priority). Unfortunately, this is not true and other failure scenarios in the software stack have to be considered.
According to last year’s Gartner forecast, public cloud services are anticipated to grow to $USD 266.4 billion by the end of this year, up from $USD 227.8 billion just a year ago. Clearly, cloud computing is making its way to cloud nine, (See what I did there?) leveraging the sweet fruits of being in the spotlight for a decade. However, the threats to public cloud security are growing at the same rate.
Often in technology, we assume that everyone else is as excited about our product as we are. This tends to be a problem across the board in the tech sector (and even amongst teams, like security and developers, or operations and developers).
Developer mistakes and indirect dependencies are the two main sources of vulnerabilities in open source software projects, which together are expected to cause the majority of security alerts in the next year, according to GitHub’s annual Octoverse report, published today.
Edsger Dijkstra’s 1988 paper “On the Cruelty of Really Teaching Computer Science” (in plain text form here) is one of the most well-cited papers on computer science (CS) education. It’s also wrong. A growing body of recent research explores the very topic that Dijkstra tried to warn us away from — how we learn and teach computer science with metaphor.
As convenient as their technology is, the emergence of such dominant corporations should ring alarm bells—not just because they hold so much economic power but also because they wield so much control over political communication.
But as we recognized in the 2019 Global Internet Report, trends of consolidation in the Internet economy, particularly at the application layer and in web services, have spurred concerns and public debates on the need to regulate Big Tech. Among the proposed measures by policymakers, academics, and other thought leaders across the world is for software services and systems to be legally required to provide interoperability or open interfaces.
Giant tech companies have come under a great deal of well-deserved criticism from across the political spectrum on a variety of concerns over their actions. On market power, privacy, political bias and disinformation, they are under a microscope. One area where their actions deserve even more scrutiny — and opposition — is their war on the patent rights of inventors and startups.
If we look at previous mobile generations and perhaps start at 3G, we can see that with this technology, it became possible to access the Internet — however that was far from adequate for the technology explosion that happened around smartphones in the late 00s.
The Data Center Frontier Show podcast tells the story of the data center industry and its future. Our podcast is hosted by Rich Miller, editor of Data Center Frontier, who is your guide to the ongoing digital transformation.
Working remotely was growing more common even before the coronavirus pandemic accelerated the trend. As workers increasingly settle into their home offices, they still need access to company networks and office hardware — particularly printers. In fact, the pandemic led to a spike in the sale of home office printers, according to Deloitte.
In a previous blog on Getting Started with Modern Data Center Fabrics, we discussed the common modern DC architecture of an IP fabric to provide base connectivity, overlaid with EVPN-VXLAN to provide end-to-end networking. Before rolling out your new fabric, you will design your overlay. In this blog, we discuss the Collapsed Spine/Core architecture.
Following the pandemic, at least 70% of companies will permit a significant portion of their employees to work from home at least two days a week — requiring a revamped cybersecurity model, according to a new report by Forrester Research.
A recent review of nearly a dozen inexpensive video doorbells sold via online markets such as Amazon and eBay uncovered multiple security vulnerabilities in each device. The most serious among them was the practice by some of the devices to send Wi-Fi names, passwords, location information, photos, video, email, and other data back to the manufacturer for no obvious reason.
HTTPS resource records (HTTPS RRs) are a new type of Domain Name System (DNS) record. The standard is still in progress and covers various intended use cases, mostly around delivering configuration information and parameters for how to access a service.
The rising demand for cybersecurity professionals is fueling the development of undergraduate security degree programs at colleges and universities across the country. Many programs are thinking beyond traditi
For many in the African region, Internet interruptions or service degradations occur frequently, which results in a disjointed Internet experience. In order to help improve this experience, we need to track and measure various Internet characteristics through network telemetry.
A group of major telecommunications companies — Vodafone, BT, Telefonica and Deutsche Telekom — recently announced something a bit unexpected. In the Open BNG Operator Position Paper, they call for a fundamental, industry-wide change to the way broadband networks are built.
Privacy is in for a turbulent 2021, with companies facing more privacy regulations, continued attempts to create backdoors in encrypted communications, and the introduction of a variety of privacy-focused technologies.
For a group that works on network technologies it was always a bit odd that the IETF met in person three times a year. Didn’t we have enough trust in the efficacy in the technologies that we work on? I don’t think that is the case. I think the bandwidth of in-person meetings is exceptionally high, and we just cannot cram all that into a virtual world. In this rather exceptional year the IETF has joined its conference brethren in virtual meetings. The latest, IETF 109, was held in mid-November. I’m going to pick just one presentation from each of a small collection of the week’s working group meetings and explore that topic in a little more detail.
Researchers at Huntress Labs have uncovered what they described as a really clever use of Windows batch scripting by the authors of Trickbot to try and sneak the latest version of their malware past automated detection tools.
Every three years, the Copyright Office holds a rulemaking process where it grants the public permission to bypass digital locks for lawful purposes. In 2018, the Office expanded existing protections for jailbreaking and modifying your own devices to include voice-activated home assistants like Amazon Echo and Google Home, but fell far short of the broad allowance for all computerized devices that we’d asked for.
Juniper Networks developed the Junos OS® Evolved disaggregated network operating system (NOS) building on the strengths of the Junos operating system, to bring industry leading routing and switching solutions to a native Linux environment. Junos OS Evolved provides a modern, programmable, highly available and resilient platform and at the same time, delivers a secure execution environment.
The Data Center Frontier Show podcast tells the story of the data center industry and its future. Our podcast is hosted by Rich Miller, editor of Data Center Frontier, who is your guide to the ongoing digital transformation.
The artificial intelligence (AI) ethics field is booming. According to the Council of Europe, there are now more than 300 AI policy initiatives worldwide. Professional societies such as the ACM and the IEEE have drafted frameworks, as have private companies and national governments.
As IT organizations struggle with the security implications of remote working arrangements and the already lackadaisical attitudes about security that permeate across the enterprise user base, now is the time to change how security teams influence their users’ behavior.
CrowdSec is an open source security engine that analyzes visitor behavior and provides an adapted response to all kinds of attacks. It parses logs from any source and applies heuristic scenarios to identify aggressive behavior and protect against most attack classes.
The “network perimeter” is an increasingly meaningless term; the perimeter is everywhere and the network is constantly interacting with employees, workloads and even the networks of both suppliers and customers. Integration enables success, but it also means that prevention of information security compromise events.
As cryptographic analysis and related technologies advance, the signing algorithms at the heart of DNSSEC have to keep up. Moritz Müller and colleagues take a look at barriers on the road to more secure algorithms and discuss ways to make the journey faster.
When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers.
Open source repositories form the backbone of modern software development — nearly every software project includes at least one component — but security experts increasingly worry that attackers are focused on infecting systems by inserting malicious code into popular repositories.
In previous ransomware scenarios, an organization just had to decide whether to pay a ransom to get the key to unencrypt the data. But now it must consider making what is essentially a “forever promise” with a criminal organization. The threat actors are demanding payment in exchange for alleged proof that they deleted the data. In practice, they are saying “trust us” to delete data that they previously threatened to publish. It’s not a great situation to find yourself in.
Textbooks tell us that cache requests result in one of two possible outcomes: cache hits and misses. However, when the cache miss latency is higher than the inter-arrival time between requests, it produces a third possibility, delayed hits.
In both the traditional HPC simulation and modeling market and the adjacent AI market including machine learning and data analytics, the GPU has become the compute engine of choice because of the price/performance, memory bandwidth, and varied forms of calculation that it enables.
In August 2019, the Internet Society supported the Mutually Agreed Norms for Routing Security (MANRS) initiative by creating a platform to visualize its members’ routing security data from around the globe. The MANRS Observatory’s interactive dashboard allows networks to check their progress in improving their routing security.
George Gilder and Robert J. Marks discuss blockchain, Bitcoin, quantum and carbon computing, and George Gilder’s new book Gaming AI: Why AI Can’t Think but Can Transform Jobs (which you can get for free here).
Dubbed “SAD DNS attack” (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications.
At the 2020 (ISC)² Security Congress, SCADAfence CEO Elad Ben-Meir took the virtual stage to share details of a targeted industrial ransomware attack against a large European manufacturer earlier this year. His discussion of how the attacker broke in, the collection of forensic evidence, and the incident response process offered valuable lessons to an audience of security practitioners.
Renowned military strategist John Boyd conceived the “OODA loop” to help commanders make clear-headed decisions during the Korean War. We’ll look at how one might apply the OODA loop OODA — that stands for observe, orient, decide, and act — specifically to secure cloud-native deployments and prevent breaches before they occur.
As our recent election security research showed, domain spoofing is a preferred attack vector. According to the Oregon FBI in their Tech Tuesday, “Cyber actors set up spoofed domains with slightly altered characteristics of legitimate domains. A spoofed domain may feature an alternate spelling of a word (‘electon’ instead of ‘election’), or use ‘[.]com’ in place of ‘[.]gov.'”
Despite dedicating the majority of my life to protective intelligence in the private and public sectors, I still find it hard to believe when I see companies that have thousands of employees and dozens of offices and facilities — but a scant few physical security professionals using legacy tools and processes to try to keep the business harm-free. It’s almost an exercise in futility.