Weekend Reads 031723


Fujitsu’s Arm-based A64FX processor may have driven the most powerful supercomputer in the world, but it looks like its successor will be a more general-purpose chip that will focus on energy efficiency.


Hi everyone! In this article we’re going to take a look at the different rendering pattern options available nowadays for web applications.


Spurred by unprecedented unit pricing, the IPv4 market in North America experienced its second-best year ever in market history.


Getting a new technology out to consumers will usually require good people and boat loads of resources – including money. Generally, lots of money.


The Global Domain Report 2023 shows the domain industry is absorbing the shock waves, proving that the market is resilient and domains are solid assets for digitalization.


A proposed rule change at the Federal Communications Commission (FCC) would expand the definition of a data breach for communications carriers. If approved by the agency, the rule would cover any incident that affects the confidentiality of customer information, even if no harm to customers results.


Threat actors with a connection to the Chinese government are infecting a widely used security appliance from SonicWall with malware that remains active even after the device receives firmware updates, researchers said.


Akamai has just mitigated a distributed denial of service (DDoS) attack of epic proportions. While it was short-lived, it was very intense, and it most likely could have easily taken the target server offline.


While compatible with RDP connection and local desktop logins, they offer no protection to remote command line access tools like PsExec, Remote PowerShell and their likes.


Is the current arrangement of keys on the keyboard the most efficient and intuitive solution? Open source aims to address this question with a circular one-handed keyboard.


Software-defined WAN offers a lot of potential benefits including price, efficiency, and performance, but it’s not right for all sites.


But given the expansive capabilities of today’s technology, combined with how integrated it is in every aspect of our lives, there’s a danger of either purposefully or inadvertently collecting unnecessary and private data.


You may be wondering what folks mean when they talk about a [BGP Free Core], and also you may ask yourself why would I decide to retrofit this in our network.


To that end, three vendors have announced new capabilities in the high-speed networking game. So, let’s run them down.


Privacy experts can now rely on a new standard, the ISO/IEC 27559:2022 privacy-enhancing data deidentification framework, in an area that has been the subject of much discussion and development.

Weekend Reads 031123


Featuring 18 different participating member companies, the Ethernet Alliance interoperability demo in booth #5417 spans diverse Ethernet technologies ranging from 10 Gigabit Ethernet (GbE) to 800GbE


Every few months, an important ceremony takes place. It’s not splashed all over the news, and it’s not attended by global dignitaries. It goes unnoticed by many, but its effects are felt across the globe. This ceremony helps make the internet more secure for billions of people.


Major cloud platforms, such as Google Cloud Platform (GCP), fail to adequately log the event data that could facilitate the detection of compromises and the forensic analysis during post-compromise response, according to an analysis.


Software dependencies, or a piece of software that an application requires to function, are notoriously difficult to manage and constitute a major software supply chain risk. If you’re not aware of what’s in your software supply chain, an upstream vulnerability in one of your dependencies can be fatal.


As a primary working interface, the browser plays a significant role in today’s corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices.


For years, the domain registrar and Web hosting company GoDaddy has experienced a cyber barrage of extraordinary scale, it has confirmed — affecting both the company and its many individual and enterprise clients.


The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date.


The Cyble analysis identified 10 indicators of compromise (IoCs) for this threat—six malware hashes and four URLs.


As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal.


For decades, scholars and litigators have been talking about imposing legal liability on the makers of insecure software. But the objections of manufacturers were too strong, concerns about impeding innovation were too great, and the conceptual difficulties of the issue were just too complex.


So, who will the winners and losers in this new world be? According to Entner, “it’s not set in stone yet.” He noted the result partially depends on whether DOCSIS 4.0 is able to deliver better reliability than DOCSIS 3.1.


A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022.

Controversial Reads 030423


Privacy campaigners say such systems could be used as tools of oppression. In Moscow, Vyborov and countless others now face that oppression on a daily basis.


The general problem statement for technological standards is how to avoid the power imbalance of a single source for essential goods and services; in other words, standards are a line of defense against concentration risk. Interoperability is the goal, and multiple suppliers is the proof.


In this episode, they focus particularly on how social media has become a place where predators will search and highlight children’s vulnerabilities — which so many young people share online.


Tech policy, however, has its own set of “culture war issues” including net neutrality and encryption that largely serve as a distraction from the real issues at stake. Victims of child porn are now caught in the fray.


A major escalation in official online censorship regimes is progressing rapidly in Brazil, with implications for everyone in the democratic world. Under Brazil’s new government headed by President Lula da Silva, the country is poised to become the first in the democratic world to implement a law censoring and banning “fake news and disinformation” online, and then punishing those deemed guilty of authoring and spreading it.


In addition to federal agencies, could the major accounting firms provide algorithmic audits as they do in auditing financial statements of publicly listed companies?


The click-based economy has made the world more efficient in some ways, but it turned this miraculous global information databank into a frenzied real estate auction with every website scrabbling to climb to the top of the search results, collect the most clicks, and retain the most eyeballs.


A former ASML worker accused of stealing trade secrets for advanced chip-making equipment from his employer is now suspected of spying for the Chinese government.


China’s attempts to influence technical standards groups have mostly been uncoordinated, unsophisticated and unsuccessful – but the US needs to keep watch on Beijing’s activities, especially at the International Telecommunications Union.

Weekend Reads 030323

https://cacm.acm.org/magazines/2023/3/270206-a-turning-point-for-cyber-insurance/fulltext
Insuring against the consequences of cybersecurity seems too good to be true given the underlying problem has perplexed researchers and practitioners for going on 50 years.

https://cacm.acm.org/magazines/2023/3/270207-mapping-the-privacy-landscape-for-central-bank-digital-currencies/fulltext
Payment records paint a detailed picture of an individual’s behavior. They reveal wealth, health, and interests, but individuals do not want the burden of deciding which are sensitive or private.

https://cacm.acm.org/magazines/2023/3/270211-the-ai-tech-stack-model/fulltext
Presently, enterprises have implemented advanced artificial intelligence (AI) technologies to support business process automation (BPA), provide valuable data insights, and facilitate employee and customer engagement.

https://www.theregister.com/2023/02/22/google_milestone_quantum/
Google is claiming a new milestone on the road to fault-tolerant quantum computers with a demonstration that a key error correction method that groups multiple qubits into logical qubits can deliver lower error rates, paving the way for quantum systems that can scale reliably.

https://telecoms.com/520115/mwc-2023-whats-the-point-of-5g/
Four years into the 5G era, the technology is still struggling to find an identity. 3G was about the introduction of mobile data, which matured in the form of 4G, but what is 5G all about?

https://www.theregister.com/2023/02/24/europe_gigabit_transformation_consultation/
The European Union yesterday decided it’s time to start “laying the ground for the transformation of the connectivity sector” in the region with three initiatives – one of which codifies the idea that Big Tech should pay for the networks that carry its traffic.

https://circleid.com/posts/20230222-brand-impersonation-online-is-a-multidimensional-cybersecurity-threat
Brand impersonation happens much more often than people realize. In CSC’s latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves.

https://circleid.com/posts/20230221-european-union-wants-to-fix-the-gdpr
In light of this, the European Commission is proposing a new law before the summer to improve how EU countries’ privacy regulators enforce the GDPR.

https://www.bloomberg.com/news/articles/2023-03-01/chatgpt-and-ai-are-all-companies-want-to-talk-about-in-earnings-calls
A lot of the companies tossing around the phrase AI are just taking advantage of the hype. Some are speaking aspirationally about how they see AI transforming their businesses — one day, some day.

https://www.theregister.com/2023/03/03/online_privacy_tracking/
But according to a trio of privacy researchers, opting out doesn’t always work – visitor data still gets collected.

https://telecoms.com/520384/mwc-2023-recap-whats-the-point-of-telecoms/
When we asked the operator figure what the point of telecoms is they said it’s “very uncertain”. The danger of becoming a ‘dumb-pipe’ utility seems greater than ever.

https://circleid.com/posts/20230227-domains-under-the-most-abused-tlds-same-old-dns-abuse-trends
While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus’s 10 most-abused TLDs for spamming.

https://www.freecodecamp.org/news/oss-security-best-practices/
Typosquatting, also known as URL hijacking, is a form of cyber attack where an attacker registers a domain name that is similar to a well-known website, but with a slight typo.

https://www.theregister.com/2023/02/28/mit_researchers_interference_busting_radios/
Radio interference can be a pain to deal with, regardless of whether it’s a rogue baby monitor interrupting your Wi-Fi or a stadium full of smartphone signals drowning each other out.

https://circleid.com/posts/20230228-internet-shutdowns-on-the-rise-worldwide-says-report
From the Middle East to South Asia to Africa, shutdowns are becoming a norm of authoritarianism—an accepted means of silencing criticism, stifling dissent, and controlling the population.

Weekend Reads 022423


A decade ago, waferscale architectures were dismissed as impractical. Five years ago, they were touted as a fringe possibility for AI/ML. But the next decade might demonstrate waferscale as one of only a few bridges across the post-Moore’s Law divide, at least for some applications.


This is not a ‘silver bullet’, however. In comparison to the sophisticated deception available in traditional IT security, deception in ICS still faces some challenges.


As a numbers guy, I’m always intrigued by the Ookla Speedtest Global Index since it provides an interesting look at broadband speeds in the U.S. and around the world.


Two new separate sets of research released this month underscore real, hidden dangers to physical operations in today’s OT networks from wireless devices, cloud-based applications, and nested networks of programmable logic controllers (PLCs) — effectively further dispelling conventional wisdom about the security of network segmentation as well as third-party connections to the network.


As organizations strengthen their defenses and take a more proactive approach to protection, attackers are adapting their techniques and increasing the sophistication of their operations.


As the security of the Android Platform has been steadily improved, some security researchers have shifted their focus towards other parts of the software stack, including firmware.


Some of Europe’s biggest telcos have outlined their goals for the progression of Open RAN technology this year and beyond, including a suggestion of commercial launches in the near future.


Networks connected to the Internet rely on other networks – a.k.a, Autonomous Systems, or ASes – to transmit data. Consequently, the connectivity of a network depends on the connectivity of other networks. AS Hegemony is a metric to evaluate these interdependencies based on BGP data collected from public large-scale measurement platforms (RIPE RIS and Route Views).


Most recently, one tinkerer named Peter Fairlie took to YouTube armed with a Flipper Zero to answer a repeatedly asked question: can the device change a traffic light from red to green? As it turns out, the answer is “yes,” but not in the way you might think.


Roughly 109,000 technology industry employees from 392 companies have been laid off since the start of the year, according to the industry employment tracking website Layoffs.Fyi.


The next time you buy a flashy new outfit after browsing Instagram, or tap the heart button on a particularly compelling TikTok video, you might discover that the person who posted it isn’t real—and you might not care at all.


Privacy regulations around the world frequently include requirements for websites and apps to obtain informed consent from users prior to collecting, processing, or sharing their personal information, or to provide easy opportunities for users to opt-out of certain uses of their data.

Weekend Reads 021723


In Emoi Services LLC v. Owners Insurance Company, the Ohio Supreme Court recently found software is an intangible item that cannot experience direct physical loss or damage and, therefore, the plaintiff’s inability to access or use its software during a ransomware attack was outside the scope of its “businessowners” policy.


Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.


Here’s a provocative question: Is it possible, given the vast array of security threats today, to have too many security tools?


This debate has proved futile for two reasons. First, the characteristics of any specific application will dictate which venue is more expensive — there is no simple, unequivocal answer. Second — the question implies that a buyer would choose a cloud or on-premises data center primarily because it is cheaper. This is not necessarily the case


The RISC-V architecture looks set to become more prevalent in the high performance computing (HPC) sector, and could even become the dominant architecture, at least according to some technical experts in the field.


Major US carriers are exaggerating the availability of fixed wireless services and leaving under-served communities at risk of missing out on billions in federal funding that would pay for improved services.


But not all small ISPs are expanding, or are only expanding in small increments. Today I want to talk about the reasons I’ve been given by ISPs that have decided to not expand.


It was another bad week for tech professionals amid further bloodletting by an industry feeling the squeeze of inflation and higher interest rates as Microsoft, Zoom and Yahoo all dished out the pink slips.


To measure the impact of sound on office workers, researchers asked 231 of the agency’s employees working in four buildings across the US to wear two devices for three days.


As adults, many people hold onto items with the thought they might need it in the future, or they hope their children will want it one day.


This post is an introduction and comparison of network automation tools Paramiko, Netmiko, NAPALM, Ansible and Nornir.


In our paper, ‘Mind Your MANRS: Measuring the MANRS Routing Ecosystem‘, we at CAIDA (UC San Diego), in collaboration with Georgia Tech, and IIJ Research Lab, provided the first independent look into the MANRS ecosystem by using publicly available data to analyse the routing behaviour of participant networks.

Weekend Reads 021023


Threat actors have been targeting Zoom and its users since the platform’s launch, and it’s easy to see why—the latest stats show it accounts for 3.3 trillion annual meeting minutes worldwide.


To get a sense of how fragile the innovation business is, keep in mind the popular wisdom that teaches us how nine out of ten startups will fail.


Over a 30-month period, cybercriminal gangs and threat groups posted more than 200,000 advertisements seeking workers with skills in software development, maintaining IT infrastructure, and designing fraudulent sites and email campaigns.


On 24-27 April, a 33-year-old international organisation of ICT organisations will convene a meeting at London under ETSI auspices after a four-year hiatus.


As the topic of domain-driven design (DDD) recently came up at my current job, I decided to get more familiar with the topic by reading Eric Evan’s book “Domain-Driven Design: Tackling Complexity in the Heart of Software”. This was a mistake.


Big Tech results reinforced concerns a boom in cloud services is easing, limiting a lucrative source of profit when a slowing economy has hit the companies’ other businesses and prompting a bet on artificial intelligence as the next growth driver.


And all of that is on a computer, on a network, and attached to the Internet. Like everything else, these systems will be hacked through vulnerabilities in those more conventional parts of the system.


The unemployment rate in the technology job market decreased for the second month in a row, dropping to 1.5% in January from 1.8% in December.


Wi-Fi 6 hardware is now common, and there’s a good chance you have both a Wi-Fi 6 network and Wi-Fi 6 compatible devices. But people are already talking about something new: Wi-Fi 6E, which promises to reduce Wi-Fi congestion further.


Anybody who can read a financial report knows they are paying too much for compute, storage, networking, and software at Amazon Web Services


In a letter to the US Environmental Protection Agency (EPA) Monday a small group of Democrats called on the agency to enact policies designed to force US crypto-mining operations to report their annual energy consumption.


The way things sit now, if you were somehow allergic to computers, you’d be hard pressed to really banish them from your life, no matter where you found yourself.


Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on what VMware has deemed “End of General Support (EOGS) and/or significantly out-of-date products” continues.


With reports that more than half of US states have banned or restricted access to TikTok on government devices, many cybersecurity professionals are asking, “How can you take a well-intentioned policy from vision to execution?” The answer is operational governance.


Enterprise spending on cloud infrastructure services slowed in the fourth quarter of 2022, but that didn’t stop the big three platforms from taking two-thirds of the entire market.