Weekend Reads 012221

or perhaps the friday fifteen …

Injection of counterfeit electronics into the market is only a subset of vulnerabilities that exist in the global IC supply chain. Other types of attacks include trojans built into the circuitry, piracy of intellectual property, and reverse engineering.

The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started?

2020 saw governments on three continents take action against the dominance of the biggest tech platforms, with a flurry of pro-competition rules, investigations and lawsuits. As exciting as this is, it’s just the beginning.

The recent bombing in Nashville is a reminder that our telecom infrastructure is always at risk from terrorism or major natural disasters.

As a cybersecurity professional, how numb have you become to vendors who try to scare you with frightening statistics in an effort to sell you a new product?

Defining and measuring programmer productivity is something of a great white whale in the software industry. It’s the basis of enormous investment, the value proposition of numerous startups, and one of the most difficult parts of an engineering manager or CTO’s job description.

On August 10 and 11, 2016, Mansoor received an SMS text messages on his iPhone promising “new secrets” about detainees tortured if he clicked on an included link. Instead of clicking, Mansoor sent the messages to the Canadian Citizen Lab researchers.

This switch to public resolvers is driven by the fact that they offer services beyond just resolving a DNS request, like malware filtering or privacy protections like DNS-over-HTTPS that aren’t offered by ISP resolvers.

But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it.

One of the software success stories of the COVID-19 pandemic era has been videoconferencing service Zoom. Despite already existing in a crowded field of both startups and mature competitors, Zoom became a household name for anyone stuck at home to avoid the coronavirus. But as Zoom boomed, so did Dark Web sales of zero-day vulnerabilities in its software.

The first broad-scale deployment of cryptography in the DNS was not for confidentiality but for data integrity, through the Domain Name System Security Extensions (DNSSEC), introduced in 2005.

We will use the hop count in the IP header of DNS queries as an indication of how many hops are placed between an instance and ASes. Hop count is not equivalent to latency time measurements.

these last three are in the political/policy realm, and hence may be a bit controversial

The internet is in crisis, and you can lead your organization to help solve the problem. You’ll be well compensated, and you’ll enjoy massive public relations benefits. I fear that if you don’t, global governments will force your hand.

But if somebody would have expected that the Covid-19-Desaster is a wake-up call for the world to be more united, work hand in hand, and pool resources reducing risks of a borderless threat, this “somebody” was wrong

In a speech delivered almost exactly one year before the 2020 election, Vice President Mike Pence outlined the stakes of a potential tech cold war between the United States and China.