On the ‘net: Spectre, Meltdown, and Flexible Scaleout

20 February 2018 | Comments Off on On the ‘net: Spectre, Meltdown, and Flexible Scaleout

The recent Meltdown and Spectre attacks illustrate the problematic nature of modern computing systems. While the earlier Rowhammer attack could read or attack one process running in a virtual environment from another process running on the same processor, the Meltdown and Spectre attacks are of a completely different class, enabling a process to read large…

Giving the Monkey a Smaller Club

30 January 2018 |

Over at the ACM blog, there is a terrific article about software design that has direct application to network design and architecture. The problem is that once you give a monkey a club, he is going to hit you with it if you try to take it away from him. What do monkeys and clubs…

The Overoptimization Meltdown

15 January 2018 |

In simple terms Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month’s worth of payroll. [time-span] There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either…

Meltdown and Spectre (Updated)

4 January 2018 | Comments Off on Meltdown and Spectre (Updated)

Replaced by this page.

Several on KRACK

26 October 2017 | Comments Off on Several on KRACK

Three articles of interest on the new WiFi KRACK— This is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug). When a client connects to the network, the access-point will at some point send a random “key” data to use for encryption. Because this packet may be lost in…

OneLogin and Password Managers

6 June 2017 |

An interesting incident this last week brings password managers back to the front of the pile— OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. —Krebs on…

Reading List: WannaCry and Ransomware

24 May 2017 | Comments Off on Reading List: WannaCry and Ransomware

A good bit has been written about the recent WannaCry outbreak over the last few weeks; rather than stringing the best out through Worth Reading posts, I have collected the three best posts on the topic here. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let…

Notes on the FCC and Privacy in the US

11 April 2017 |

I’ve been reading a lot about the repeal of the rules putting the FCC in charge of privacy for access providers in the US recently—a lot of it rising to the level of hysteria and “the end is near” level. As you have probably been reading these stories, as well, I thought it worthwhile to…

Distributed Denial of Service Open Threat Signaling (DOTS)

3 April 2017 | Comments Off on Distributed Denial of Service Open Threat Signaling (DOTS)

When the inevitable 2AM call happens—”our network is under attack”—what do you do? After running through the OODA loop (1, 2, 3, 4), used communities to distribute the attack as much as possible, mitigated the attack where possible, and now you realist there little you can do locally. What now? You need to wander out…

Don’t Leave Features Lying Around

27 March 2017 | Comments Off on Don’t Leave Features Lying Around

Many years ago, when multicast was still a “thing” everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control planes for interdomain use (between autonomous systems). BGP was modified to support IP multicast, for instance, in order to connect…