Weekend Reads 012723

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition.

Going into 2023, phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method.

This follow-up post describes what techniques exist to enumerate subdomains in a DNSSEC-enabled zone and what countermeasures exist to prevent it. DNSSEC itself is not explained further, however, some relevant record types are briefly described.

In 1987 economics Nobel Laureate Robert Solow said that the computer age was everywhere—except in productivity data. A similar thing could be said about AI today: It dominates tech news but does not seem to have boosted productivity a whit.

Names such as Novelli, orangecake, Pirat-Networks, SubComandanteVPN, and zirochka are unlikely to mean anything to a vast majority of enterprise security teams.

Decision-makers might wonder — is investing time and resources in Resource Public Key Infrastructure (RPKI) worth it? What is the effectiveness of RPKI Route Origin Validation (ROV)? In the last year, a number of interesting reports were published.

In pursuit of ever-higher compute density, chipmakers are juicing their chips with more and more power, and according to the Uptime Institute, this could spell trouble for many legacy datacenters ill equipped to handle new, higher wattage systems.

Today Kaspersky researchers reported on a new domain name system (DNS) changer functionality used in the infamous Roaming Mantis campaign.

Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy “no other chat service” can offer.

Blockchain domain names, domains that are stored on blockchain or cryptocurrency exchanges, are part of a growing, unregulated, and decentralized internet.

I know there is instant hope among students that this software can churn out the dreaded school essay – but that doesn’t look likely.

In this post, you will learn about the single most important and useful tool in Computer Networks – Wireshark.

Amid volatile times and gloomy predictions for 2023, low-code/no-code (LCNC) adoption continues to grow rapidly.

There is a ton of data captured, but the main takeaway seems to be around the additional cybersecurity threats presented by the boom in IoT products – with households filling up with connected gizmos, it would appear hackers are being provided with extra vectors of attack to try and scam people or steal data.

But want to know what long-term problem is keeping the smart members of the network leadership of enterprises up at night? It’s an empty chair. Their chair, at the table that makes the plans that set network requirements and directions today and for years to come.