Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. —Mohit Kumar

The WireGuard virtual private networking (VPN) protocol is coming to the Linux kernel, much to the delight of Linux creator Linus Torvalds. —Jack Wallen

Monoliths are the future because the problem people are trying to solve with microservices doesn’t really line up with reality. Just to be honest – and I’ve done this before, gone from microservices to monoliths and back again. Both directions. —Kelsey Hightower

The cellular carriers are in full 5G marketing mode. If you believe the TV commercials, you’d now think that the country is blanketed by 5G, as each cellular carrier claims a bigger coverage area than their competitors. However, almost all of their claims are marketing hype. What’s the reality of 5G coverage in 2020? —Doug Dawson

Given the level of public interest in Ethos’ acquisition of Public Interest Registry (“PIR”) from the Internet Society, it is no surprise that this agreement continues to attract press attention. Ethos welcomes open discussion on this important investment, and we are of course following the media coverage closely. Unfortunately, it is not always possible to respond point-by-point to every article, so I would like to take this opportunity to address several mischaracterizations of the deal recently reported by Wired, Deutsche Welle, and others. —Nora Abusitta-Ouri

Most of us, when we go to a website and see the little lock at the top of the browser, don’t think twice and trust that we are communicating with the right company or organization. However, this is no longer the case because of a rather radical development that has largely occurred without notice or intervention by almost everyone. The web now has its own rapidly spreading version of CallerID spoofing that is about to get worse. —Anthony Rutkowski

A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to disk. We have also changed the target .NET Framework version from 2.0 to 4.7.2, so that you can run RawCap on a modern Windows OS without having to install a legacy .NET Framework. —Erik Hjelmvik

The server processor market has gotten a lot more crowded in the past several years, which is great for customers and which has made it both better and tougher for those that are trying to compete with industry juggernaut Intel. And it looks like it is going to be getting a little more crowded with several startups joining the potential feeding frenzy on Intel’s Xeon profits. —Timothy Prickett Morgan

What is your information security program defending? This is a deceivingly difficult question for most. When I ask this at typical organizations, the answer is often disheartening. The standard response is “everything.” The word everything causes my skepticism radar to start chirping like a Chernobyl Geiger counter. —Kevin Kurzawa

In the last decade, we’ve witnessed the global expansion of AI, largely in an algorithm — Deep Learning — coupled with Big Data. Deep Learning and Big Data excel at tasks like visual object recognition. Once difficult AI problems like recognizing faces in photos became easier so companies like Google and Facebook began offering AI-powered photo recognition services. Suddenly “the machine” could spot pictures of your friends and you and suggest new groups, new tags, or — hey! — a new conversation.

If you follow security on the Internet, you may have seen articles warning you to “beware of public Wi-Fi networks” in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. —Jacob Hoffman-Andrews

You’ve probably heard that public Wi-Fi is dangerous. Advice about avoiding it is almost as widespread as public Wi-Fi itself. Some of this advice is outdated, and public Wi-Fi is safer than it used to be. But there are still risks. —Chris Hoffman

The specifications for DoT (RFC 7858) and DoH (RFC 8484) note the possibility that traffic analysis techniques may be exploited to undermine the privacy provided by these protocols. While such techniques have been successfully demonstrated in multiple scenarios, it is not clear that these classic approaches will work in attacks against encrypted DNS. —Rebekah Houser

Internet pioneer Paul Vixie has a red flag warning for CISOs: a movement toward baking in more privacy for Internet users soon could begin to burn some enterprise security efforts. —Kelly Jackson Higgins

So, you own or are thinking of buying a Ring camera. This post outlines a list of privacy and civil liberties concerns we have with Amazon’s Ring system so that you can be a more informed consumer, or—if you already own a Ring camera—be a more considerate neighbor. —Matthew Guargiglia

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. —Krebs on Security

At the USENIX Enigma security conference in San Francisco this week, developers, security researchers, and privacy advocates presented differing views of how browsers should protect their users against data abuses. —Lily Hay Newman

A recent NPR program on the selling of nonprofit .org domain, coming off the heels of MLK Day, underscores the importance of embracing civil discourse and platforms of communication. —Julianne Malveaux

A motley group of powerful companies have their knives out for Section 230, which shields platforms from lawsuits over content posted by users. —David McCabe

Last week in Los Angeles, the team got together once again to continue our Phase 2 work creating policy that will (among other issues) govern the disclosure of non-public registration data to third parties. —Matt Serlin

Hardware refresh is the process of replacing older, less efficient servers with newer, more efficient ones with more compute capacity. However, there is a complication to the refresh cycle that is relatively recent: the slowing down of Moore’s law. —Rabih Bashroush

Sundar Pichai, CEO of Google and parent company Alphabet, generated a lot of buzz recently with an op-ed he wrote for the The Financial Times calling for greater regulation of artificial intelligence (AI) technologies, adding a high-profile voice into a debate that has been simmering as innovation around AI, machine learning and deep learning have advanced rapidly. —Jeffrey Burt

Is Slack good for actually getting your work done? That’s debatable. But the popular messaging platform — which now boasts more than 12 million daily active users — is definitely a promising medium for employers, regulatory agencies, the government, and even hackers seeking a trove of data about a company and its workers. Even your c —Rebecca Heilweil

What if Google is just taking credit for clicks on ads just because people would have been searching for that stuff anyway? I’ve been thinking about it all day: what if Google ads actually aren’t that effective and the only reason they make so much is billions of people use Google? —Dieter Bohn

Vanessa Bain was less than a year into her gig as an Instacart shopper when the company announced it would no longer allow tipping on its app. Instacart instead began imposing a 10 percent “service fee” that replaced the previous default tip of 10 percent. —Lia Russell

Wouldn’t it be awesome to have a NIDS like Snort, Suricata or Zeek inspect HTTP requests leaving your network inside TLS encrypted HTTPS traffic? Yeah, we think so too! We have therefore created this guide on how to configure Security Onion to sniff decrypted TLS traffic with help of PolarProxy. —Erik Hjelmvik

Head to the local bookstore, pick up some books on management practices and it shouldn’t take long to find thought leaders espousing how “altruism” is the panacea for so many ills in the business world. —Yegor Bugayenko

This is one way in which animals have a leg up on us poor banished children of Eve. The concerns of the animal kingdom are restricted to eating, avoiding being eating, and passing on their genes to the next generation. Every human, however, has unique skills and challenges, making our lived stories ones worth telling. —Anders Koskinen

The exponential growth of both Ethernet speeds and the number of CPU cores calls for a new processing model for high-speed networking. —Tom Barbette

Attacks targeting caches are nothing new. However, it wasn’t until 2017 that web cache attacks saw a significant surge in popularity, with novel exploits regularly making the headlines. —Kaan Onarlioglu

There is a lot of public sentiment against placing small cell sites on residential streets. There is a particular fear of broadcasting higher millimeter wave frequencies near to homes since these frequencies have never been in widespread use before. —Doug Dawson

The day I subscribed to The CW Watch — the new streaming service from The CW — I had to confront the fact that I subscribe to 11 different streaming services. —Veronica Walsingham

U.S. insurers are ramping up cyber-insurance rates by as much as 25% and trying to curb exposure to vulnerable customers after a surge of costly claims, industry sources said. —Suzanne Barlyn

Fair queueing is a technique that is part of the FQ-CoDel algorithm, which the bufferbloat project developed. Even with fair queuing, however, you still need an algorithm to manage the length of the queue, which modern Active Queue Management algorithms such as codel, fq_codel, fq_pie and sch_cake provide. —Adam McFillin

A good copyright policy would be one that encouraged diverse forms of expression from diverse creators who were fairly compensated for their role in a profitable industry. —Cory Doctorow

The field programmable gate array has always been a different sort of animal in the semiconductor market.—Timothy Prickett Morgan

When you power on your computer, there’s a lot more going on than you might think. One of the most important elements involved is the embedded controller (EC). This is what is responsible for providing abstractions for the battery, charging system, keyboard, touchpad, suspend/resume, and thermal control, among others. These controllers are typically proprietary and usually run proprietary firmware. —Don Watkins

If tech stocks are going to maintain their record highs, then earnings reports and 2020 forecasts that begin to pour in this week need to show a rebound on the way. If they don’t, it is time to assume that the Cloud Boom has petered out. —Therese Poletti

Finance is changing rapidly through mergers and acquisitions, but not rapidly enough. There will be tremendous pressure for traditional payment processors to get with the times and adopt blockchain, or else they will be left behind by lower-cost competitors. —Beth Kindig

In April 2019,, which helps users find lost or misplaced items, suddenly found itself competing with Apple Inc, after years of enjoying a mutually beneficial relationship with the iPhone maker. —Nandita Bose

There was a man I saw last week in the Salvador Dali museum, a middle aged tourist in a Nike t-shirt, who acted as if he was doing a scavenger hunt speed-run of the absurd artistic labyrinth designed by the famed artist. His phone camera permanently on, he rushed from framed painting to hand-carved sculpture to meticulously-made mechanical inventions, tapping away at the button to capture the blurry images of ornate creations. —Ben Domenech

All of this fiber activity is going to mean a shortfall of industry resources of all kinds. I’ve already witnessed construction delays in projects this year due to resource shortages and I fear delays will increase in 2020 and beyond. —Doug Dawson

When I walked out the door on my last day as Google’s Head of International Relations, I couldn’t help but think of my first day at the company. I had exchanged a wood-paneled office, a suit and tie, and the job of wrestling California’s bureaucracy as Governor Schwarzenegger’s deputy chief of staff for a laptop, jeans, and a promise that I’d be making the world better and more equal, under the simple but powerful guidance “Don’t be evil.” —Ross LaJeunesse

Poorly secured mail servers can be a malicious actor’s best friend — they can enable social engineering, phishing, fraud, and the spread of malware, not to mention that mail servers allowing open relay create the perfect conditions for the spoofing of sender addresses and the sending of spam. —Adli Wahid

Organizations’ pursuit of increased workplace collaboration has led managers to transform traditional office spaces into ‘open’, transparency-enhancing architectures with fewer walls, doors and other spatial boundaries, yet there is scant direct empirical research on how human interaction patterns change as a result of these architectural changes. —Ethan S. Bernstein and Stephen Turban

TCP congestion control algorithms have continued to evolve for more than 30 years. Much of their success is rooted in the fact that they are loss-based, whereby they use packet loss as the congestion signal. For example, Linux’s default TCP algorithm, Cubic, reduces its congestion window by 30% when encountering packet loss. —Yi Cao

Many of those who work in the corporate world are constantly peppered with questions about their “career progression.” The Internet is saturated with articles providing tips and tricks on how to develop a never-fail game plan for professional development. —Casey Chalk

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. —Krebs on Security

The bad news is that the ecosystem of the underlying ad tech industry has not changed and still does not respect user privacy. A new report, called Out of Control: How Consumers Are Exploited by the Online Advertising Industry, published today by the Norwegian Consumer Council (NCC), looks at the hidden side of the data economy and its findings are alarming. —Christoph Schmon

Workers who did not show potential employers their pay history had double-digit jumps in their wages and were able to bargain better wages than workers who revealed their past pay, according to a study circulated Monday by the National Bureau of Economic Research. —Andrew Keshner

I probably won’t be posting much after this edition of the weekend reads until after the turn of the new year. I have a few projects I need to go “heads down” on in order to be set for the beginning of next year, and it’s time to spend time with family and friends. I’ve “supersized” this list of stuff worth reading so you won’t get too bored over the break, however.

This was an entertaining and interesting live stream, full of really good questions and answers.

On December 18, 2019, the Packet Pushers hosted a livestream gathering on YouTube where the Packet Pushers and special guests answered audience questions.

Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. —Kieren McCarthy

The trade war between China and the US has centered largely on escalating tariffs. But in many rural communities, the focus has shifted to the security of networks for which Chinese giants Huawei and ZTE have long provided equipment. As the 5G future approaches, the US is pushing small carriers to rip out and replace whatever parts of their infrastructure come from China, no matter the cost. —Lily Hay Newman

“RISC” was an important architecture from the 1980s when CPUs had fewer than 100,000 transistors. By simplifying the instruction set, they free up transistors for more registers and better pipelining. It meant executing more instructions, but more than making up for this by executing them faster. —Robert Graham

Chances are, you’re reading this in Google’s Chrome browser. As of October 2019, Chrome owned 67% of the market, and there are several good reasons. Chrome is fast, it has tons of extensions, and it runs on every platform. —Mark Coppock

AT&T doesn’t want its home Internet speeds to be measured by the Federal Communications Commission anymore, and it already convinced the FCC to exclude its worst speed-test results from an annual government report. —Jon Brodkin

The question of just how fast your home internet service is seems pretty straightforward. Unfortunately, how the broadband industry gets at the answer is messy and complicated, and over the last few weeks, that’s caused controversy. —Marguerite Reardon

Data privacy hardliners are pretty jazzed about the California Consumer Protection Act (CCPA), which is slated to take effect on the first of the next year. While many outside of the Golden State may not have heard of this bold foray into computing regulation, activists hope that it will soon effectively control how much of the country is allowed to process data. —Andrea O’Sullivan

CES last January marked the first time the Consumer Tech Association recognized cybersecurity and personal privacy as a product category, highlighting antivirus and smart home security systems at the annual trade show. —Alfred Ng

Security professionals recommend against clicking links in emails like this. Instead, go to your bank account’s website directly and sign in. Similarly, if someone claiming to be from your bank calls you on the phone, it’s a good idea to hang up and call your bank’s customer service number directly to see if the call is legitimate. —Chris Hoffman

ICANN is reviewing the pending sale of the .org domain manager from a nonprofit to a private equity firm and says it could try to block the transfer. The .org domain is managed by the Public Internet Registry (PIR), which is a subsidiary of the Internet Society, a nonprofit. The Internet Society is trying to sell PIR to private equity firm Ethos Capital. —Jon Brodkin

In November, President Donald Trump called Ajit Pai, chairman of the Federal Communications Commission, to talk about spectrum. At the time, the FCC was considering a proposal to allow four satellite operators to privately sell a massively valuable swath of public airwaves directly to the U.S. wireless carriers. The carriers said they needed it to “win the race” to deploy 5G mobile networks. —Michael Calbrese and Amir Nasr

Crowdsourcing is fast emerging as a mainstream innovation channel for companies. It seems like the crowd has an answer to all sorts of innovation problems – they can come up with ideas for new toys and generate solutions to pressing scientific challenges. In theory, the crowd holds tremendous potential: A large, diverse group of people, consisting of experts and others from all over the world, should have fresh perspectives to bring about breakthrough insights on a given problem. —Ogux A. Acar

IIJ (AS2497) is a Japanese ISP that also provides CDN services, including live video streaming. Among the live-streaming events hosted at IIJ, by far the biggest is ‘Summer Koshien‘, the National High School Baseball Championship held at Koshien Stadium. The biannual championships started more than 100 years ago, and have become a symbolic amateur sporting event in Japan. —Kenjiro Cho

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors. —Krebs

The conduct that reverse domain name hijacking (RDNH) was crafted to punish is “using the [Uniform Domain Name Dispute Resolution Policy] in bad faith to attempt to deprive a registered domain-name holder of a domain name.” —Gerald M. Levine

In March 2019, in a move described in one news report as a “government-imposed Internet shutdown,” the president of Sri Lanka temporarily blocked Facebook, WhatsApp, Instagram, Viber, and other services. In this case, limited access to a class of applications was inaccurately painted as a full-scale Internet shutdown. Unfortunately, this isn’t unusual. Media coverage and general discussion of Internet disruptions often misclassify what happened. The confusion is likely unintentional. Many journalists, as well as the general public, are not well-versed in the various ways Internet access and access to content can be disrupted. —David Belson

Major European legislation, the General Data Protection Regulation, evoked substantial change in the way we deal with the visibility of domain name registration information, and understandably those that use that data to solve problems are concerned about these changes, and some have even called for a U.S. legislative fix. —Christian Dawson

Just a week after hackers broke into a Ring camera in a child’s bedroom, taunting the child and sparking serious concerns about the company’s security practices, Buzzfeed News is reporting that over 3,600 Ring owners’ email addresses, passwords, camera locations, and camera names were dumped online. This includes cameras recording private spaces inside homes. —Cooper Quintin and Bill Budington

Based on “winner-take-most” network economies, the innovation sector has generated significant technology gains and wealth but has also helped spawn a growing gap between the nation’s dynamic “superstar” metropolitan areas and most everywhere else. Neither market forces nor bottom-up economic development efforts have closed this gap, nor are they likely to. Instead, these deeply seated dynamics appear ready to exacerbate the current divides.

As we’ve discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you’ll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?) —JR Raphael

As the Internet has grown, so too have the abuses that go along with one of the world’s most transformative technologies. For all of the positives the Internet brings, negatives like phishing, malware and child exploitation are a reality online. —Matt Serlin

If you are reading this, you are doing the right type of security digging. You are looking for ways to get started in the security industry. You have a desire to dive deep in the security world. Welcome to the world of chaos, excitement, long hours, uncertain rewards, and overwhelming intensity. The community of professionals who are pushing back against the badness need your help. We need people from all walks of life who love to learn. Today’s security world interconnects with everything and everyone. —Barry Greene

If you’re young or unfamiliar with the history of computing from its earliest days in the 1940s and 1950s, you’ll find it a worthwhile history lesson. This talk also includes the thesis of another talk of his — The Scribe’s Oath — in which he talks about the extreme care that ancient scribes used to put into their work, and how programmers are effectively today’s scribes. —Joey Devilla

Encryption is fundamental to our daily life. Practically everything we do online makes use of encryption is some form. Access to our financial transactions, health records, government services, and exchanged private messages are all protected by strong encryption. —Mohamed EL Bashir

In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and HITRUST certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to distinguish an organization’s security posture from its competition. Absurd? Unrealistic? Actually, it is a very pragmatic understanding of what is coming with the Cybersecurity Maturity Model Certification (CMMC) that the US Department of Defense (DoD) is rolling out just a few short weeks away (January 2020). —Tom Cornelius

As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology that we don’t see, that gives us clean drinking water, removes wastewater, and keeps our homes warm? Industrial Control Systems (ICS) are often considered a part of the Critical National Infrastructure (CNI). CNI is generally classified as assets needed to keep our society and economy running as we expect, our normal. —Zoë Rose