In this blog, the first of a new series on uCPE, I take a look at why communications services providers and enterprises should invest in uCPE-based services and the business opportunities these are already bringing to the early adopters. —Simon Stanley
Shadowserver provides free daily live feeds of information about systems that are either infected with bot malware or are in danger of being infected to more than 4,600 ISPs and to 107 national computer emergency response teams (CERTs) in 136 countries. In addition, it has aided the FBI and other nations’ federal law enforcement officials in “sinkholing” domain names used to control the operations of far-flung malware empires. —Krebs on Security
The Transportation Security Administration announced Friday that due to the coronavirus outbreak, it’s waiving the familiar 3.4-ounce limit for liquids and gels—for hand sanitizer only.* You may now bring a bottle of Purell as large as 12 ounces onto the plane to assist in your constant sanitizing of yourself, your family, your seat, your bag of peanuts, and everything else. All other liquids and gels, however, are still restricted to 3.4 ounces. —Dan Kois
The most important finding is that the average data consumed by households grow by 27% from 2018 to 2019 – in the fourth quarter of 2019 the average US home used 344 gigabytes of data, up from 275 gigabytes a year earlier. —Doug Dawson
This post starts by discussing the Internet connection from the AWS VPC Control Plane operation perspective. The public AWS documentation only describes the basic components, such as an Internet Gateway (IGW) and a subnet specific Implicit Routers. —Toni Pasanen
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. —Krebs on Security
Distributed denial-of-service (DDoS) attacks remain a popular attack vector but have undergone changes as cybercriminals shift their strategies. Today’s attackers are turning to mobile and Internet of Things (IoT) technologies to diversify and strengthen their DDoS campaigns, research shows. —Kelly Sheridan
Following our initial blog on the subject of Internet sites and domains seeking to profit from the ongoing COVID-19 health crisis, we dug deeper into the topic. Appdetex looked at keywords within domain names, website content, social media handles and marketplace listings that would likely be related to the coronavirus outbreak.
It’s easy to think of urban cable systems as up-to-date and high tech and ready and able to deliver fast broadband speeds. While this is true in some cities and in some neighborhoods, the dirty secret of the cable industry is that their networks are not all up to snuff. Everybody is aware of the aging problems that have plagued the telephone copper network – but it’s rare to hear somebody talking about the aging of the cable company copper networks. —Doug Dawson
This last might be a little controversial, but the point is the way you handle data has real-world consequences. We often want to “sanitize” the work we do by disconnecting it from the consequences, but you cannot.
Note: Henk has pointed out that since the original article was posted, Neil Ferguson has “clarified” the comments discussed in the article below. Rather than taking the link down, however, I’ve included this note here—because the original point was not whether he anyone was right or wrong, only that caution is in order when dealing with these things. This article also points out a few of the issues in dealing with data of this kind—again, the point is to remember we should have some humility when we are doing things that impact real lives.
British scientist Neil Ferguson ignited the world’s drastic response to the novel Wuhan coronavirus when he published the bombshell report predicting 2.2 million Americans and more than half a million Brits would be killed. After both the U.S. and U.K. governments effectively shut down their citizens and economies, Ferguson is walking back his doomsday scenarios. —Madeline Osburn
I taught a four hour webinar yesterday, so I’m running a bit behind this week. 🙂
Recently, there were news articles about a large software provider who experienced a global outage due to an expired digital certificate — and this is not the first time this kind of issue has hit the news. Digital certificate outages, when an organization forgets to replace an expiring certificate for a business-critical domain name, continues to cause business disruption and security risks. —Ken Linscott
This past week I had two items pop up on my alerts. The first was about Facebook suing domain registrar Namecheap for allowing domains that impersonate the social media company and can be used for scams. The second was a plea by the Electronic Frontier Foundation to join in its crusade to stop the sale of the .ORG domain. It took me a moment to realize these are linked. —David McConnell
It’s become commonplace to find free USB charging stations in many public areas, from airports to hospital waiting rooms. While this seems like a thoughtful accommodation, a quick recharge from a USB port in a public setting could actually put your data at risk of being stolen.
After suffering numerous delays and setbacks in its 10nm chip design, Intel finally launched its Ice Lake processors in late 2019. On the desktop side of things, though, 10nm still feels distant. —Chuong Nguyen
People are growing increasingly alarmed by recent examples of bad actors abusing proxy services offered by registrars. While proxy services are designed to protect the privacy of legitimate domain name users — they do the opposite when abused by cybercriminals. —Russell Pangborn
Last year, some security researchers were discussing a doomsday scenario, that without investing in quantum encryption, there would soon be no way to feel secure over the Internet. (I would add, that a feeling of security over the Internet is misleading at best.) Allow me to break down some of these security peculiarities, which could be worrisome. —Igor Bielopolskyi
It has been a long time since plain vanilla programmable logic circuits known as field programmable gate arrays have been available in a raw form. For many years, Xilinx, Altera, and others making what we call FPGAs have been adding hard-coded circuits for certain functions that might otherwise be synthesized from gates, and perhaps more than any other discrete device sold today, what we call an FPGA is a true system on chip, with all kinds of compute, memory, and interconnect resources all expressed in the transistors of the device. —Timothy Prickett Morgan
How did GDPR affect the internet economy? News reports, opinion pieces, and ‘white papers’ point towards costly investments for business, as well as unanticipated consequences. Yet, neither systematic data collection, nor analysis of a census of experiences, informs the headlines. —Ran Zhuo, Bradley Huffaker, KC Claffy, Shane Greenstein
One of the hottest topics in the news related to coronavirus is working from home. Companies of all sizes are telling employees to work from home as a way to help curb the spread of the virus. Companies without work-at-home policies are scrambling to define how to make this work to minimize disruption to their business. —Doug Dawson
Tech investment firm Sequoia Capital told top Silicon Valley executives Thursday that the coronavirus could create opportunities for companies capable of weathering a potential economic downturn. —Chris White
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. —Mohit Kumar
In the last few weeks we witnessed a number of extremely interesting reflections on how the future of technology, the internet and marketplaces could play out, in a turbulent, hyperconnected and transformed society. —Simone Cicero
Kea is an open-source DHCP server developed by the authors of ISC DHCP (DHCPd) and the Internet Systems Consortium (ISC). It includes DHCPv4 and DHCPv6 servers; a dynamic DNS daemon; a REST API interface; MySQL, PostgreSQL and Cassandra databases; RADIUS and NETCONF interfaces; and related utilities. —Tomek Mrugalski
There’s a growing sense that the major tech platforms aren’t up to the task of governing their users — something the companies themselves will occasionally admit. And while governments deliberate on new data privacy laws, most of the action is coming from government investigations and lawsuits. —Russell Brandom
US jobs in tech, arguably the dominant industry of our time, are increasingly concentrating in a handful of already prominent tech cities, according to the Brookings Institution’s new analysis of census data. This means that tech companies are sourcing employment from a more stratified portion of the country while vast swaths of America are missing out on the economic growth tied to the industry. — Rani Molla
The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals. —Krebs on Security
With SMB over QUIC – I don’t have a clever marketing name for this yet 🙂 – QUIC becomes the transport, optionally replacing TCP/IP and RDMA, as well as a tunnel securing all SMB payloads with encryption, even if SMB encryption is not enabled, all while multiplexing over port 443 to an enlightened share. —Ned Pyle
Leading Chinese technology companies have sold equipment to state governments in the U.S. that can be used by Beijing to obtain sensitive information, according to a security analysis made public Monday. —Bill Gertz
Ever since Google demonstrated the power of Deep Learning AI — first by recognizing images of cats and then, through its subsidiary DeepMind, conquering the classic game of Go—it’s been on a tear. Over the last near-decade, venture capitalists and entrepreneurs have stumbled over one another in a race to squeeze dollars out of Machine Learning’s magic hammer. —Brendan Dixon
“I have never seen anything like this,” Coates says. “This is horrendous, what’s going on with supply chains to the factories in China. The worst I’ve ever seen — and we’re only seeing the beginning.” —Will Nicol
Note-taking apps have become a welcome replacement for post-it notes. People frequently use them for quick to-do and grocery shopping lists, but they’re also often used to store more private information.
In 1996, when Congress passed the Communications Decency Act, few would have been able to predict the scale to which websites and social media platforms would grow and the importance they would soon have in our daily lives, even extending into the discourse of our politics. —Alison Kutler
GHG announced this week that it has begun construction of an intelligent satellite production and testing facility that will include modular satellite manufacturing, satellite testing, satellite R&D, and cloud computing centers. —Larry Press
Thanks to an increase in cybercrime and massive data breaches, experts are now working to build un-hackable quantum networks, which are capable of securely receiving, sending, storing, and processing bits of quantum information that are carried on single photons of light. —Kimberley Mok
Connectivity has gone through a fundamental shift as more workloads and services have moved to the Cloud. Traditional enterprise Wide Area Networks (WAN) have been fixed in nature, without the ability to dynamically scale to meet modern customer demands. —Jared Ross
The discussion about the future of the .ORG domain registry has been partly rooted in stewardship. Who will guide the Public Interest Registry (PIR) so it continues to serve the .ORG community? For those of us at Ethos Capital, the company acquiring PIR, this has been a central focus. —Nora Abusitta-Ouri
Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals. This is why the global spear phishing protection software market is estimated to reach $1.8 billion by 2025.
Previously I discussed how my anxiety, beginning with a worry that I’m not “doing enough,” can fuel my proactive tendencies, leading to higher performance at work. What I hadn’t considered is my team can interpret my personal feeling of not doing enough as an indicator that they are not doing enough. —Sam Knuth
There was a December article in Fast Company that spelled out what I’ve long suspected – that many big companies have lousy customer service on purpose – they want to make it hard for customers to get refunds or to drop service. —Doug Dawson
Cybersecurity professionals, and the employees and consumers they serve, all engage in risky security practices. Data shows password issues continue to plague users of all experience levels, two-factor authentication adoption is lagging, and mobile devices are introducing new challenges. —Kelly Sheridan
For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. —Bruce Schneier
About half predict that humans’ use of technology will weaken democracy between now and 2030 due to the speed and scope of reality distortion, the decline of journalism and the impact of surveillance capitalism.
First, there’s heterogeneous integration at the chip level – the device level. Second, there’s heterogeneous integration at the system level. And third, there’s heterogeneity at the software level. Heterogeneity at all three levels lead to system reconfigurability.
This economic structure tends to limit satellite connectivity to high-margin, low-volume applications – although that is also partly governed by the cost of service providers’ “earth stations” and the need for end-users to have large antennas/dishes. The frequencies used also limit signal reach through walls or roofs, meaning that direct connection to devices isn’t possible without line-of-sight. —Dean Bubley
Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. —Krebs on Security
Now, The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have revealed — in “Vulnerabilities in the Core, a preliminary report and Census II of open-source software” — the most frequently used components and the vulnerabilities they share. —Steven J. Vaughan-Nichols
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. —Ravie Lakshmanan
It’s been fun watching real-world programmers react to a new study that challenges the idea of vast differences in the productivity of computer programmers. The study tries to suggest better ways for managers to assess and improve the performance of their developers. —David Cassel
Before AI — and, by AI, I mean broadly any computer system that implements a decision process — tools sat there until we put them to use. AI tools, on the other hand, are created to do something before we get involved. —Brendan Dixon
Policy doesn’t work that way; it’s specifically focused on use. It focuses on people and what they do. Policy makers can’t create policy around a piece of technology without understanding how it is used—how all of it’s used. —Bruce Schneier
The FreeMesh system promises to bring fully open source mesh networking to the masses. I recently had a chance to test it; it installed quickly, and the performance was great—especially for the price. —Spencer Thomason
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. —Mohit Kumar
Monoliths are the future because the problem people are trying to solve with microservices doesn’t really line up with reality. Just to be honest – and I’ve done this before, gone from microservices to monoliths and back again. Both directions. —Kelsey Hightower
The cellular carriers are in full 5G marketing mode. If you believe the TV commercials, you’d now think that the country is blanketed by 5G, as each cellular carrier claims a bigger coverage area than their competitors. However, almost all of their claims are marketing hype. What’s the reality of 5G coverage in 2020? —Doug Dawson
Given the level of public interest in Ethos’ acquisition of Public Interest Registry (“PIR”) from the Internet Society, it is no surprise that this agreement continues to attract press attention. Ethos welcomes open discussion on this important investment, and we are of course following the media coverage closely. Unfortunately, it is not always possible to respond point-by-point to every article, so I would like to take this opportunity to address several mischaracterizations of the deal recently reported by Wired, Deutsche Welle, and others. —Nora Abusitta-Ouri
Most of us, when we go to a website and see the little lock at the top of the browser, don’t think twice and trust that we are communicating with the right company or organization. However, this is no longer the case because of a rather radical development that has largely occurred without notice or intervention by almost everyone. The web now has its own rapidly spreading version of CallerID spoofing that is about to get worse. —Anthony Rutkowski
A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to disk. We have also changed the target .NET Framework version from 2.0 to 4.7.2, so that you can run RawCap on a modern Windows OS without having to install a legacy .NET Framework. —Erik Hjelmvik
The server processor market has gotten a lot more crowded in the past several years, which is great for customers and which has made it both better and tougher for those that are trying to compete with industry juggernaut Intel. And it looks like it is going to be getting a little more crowded with several startups joining the potential feeding frenzy on Intel’s Xeon profits. —Timothy Prickett Morgan
What is your information security program defending? This is a deceivingly difficult question for most. When I ask this at typical organizations, the answer is often disheartening. The standard response is “everything.” The word everything causes my skepticism radar to start chirping like a Chernobyl Geiger counter. —Kevin Kurzawa
In the last decade, we’ve witnessed the global expansion of AI, largely in an algorithm — Deep Learning — coupled with Big Data. Deep Learning and Big Data excel at tasks like visual object recognition. Once difficult AI problems like recognizing faces in photos became easier so companies like Google and Facebook began offering AI-powered photo recognition services. Suddenly “the machine” could spot pictures of your friends and you and suggest new groups, new tags, or — hey! — a new conversation.