Weekend Reads 040822

These guidelines are not about finding a perfectly secure solution but about practical, immediate possible actions with respect to email, instant messaging, voice and video chats, and other important security measures to consider.

The governance of an IXP can deeply affect its development. The difficulty of stating a clear management policy for IXP is the main challenge that limits the growth, sustainability and success of IXPs. In the past years, there have not been enough initiatives that support creating such policies for IXP management.

European telecommunication service providers are being pushed to pick up the pace regarding 5G adoption. However, the next-gen technology requires immense data capacity and transmission speeds, thus setting up the new infrastructure is no easy task for telcos.

With businesses around the globe—especially in the United States, Canada, and Western Europe—bracing for potential cyber-attacks orchestrated by Russia or its hackers, a leading cyber security firm is warning most software upgrades are not adequately addressing the most vulnerable component of the “modern cyber-attack surface.”

Now, a new lawsuit is giving consumers an unprecedented peek into this opaque world, and illuminating just how easily a data broker can lose control of the user information it collects.

Sure, a standard membrane keyboard will get the job done, but the long-lasting keys and trademark tactile responsiveness of mechanical keyboards offer a premium experience that many people swear by. If you’ve ever remarked with dismay about a keyboard’s “mushiness,” a mechanical keyboard might be just the thing you need.

But none of these digital payment options are really like cash. Unlike paper money, they require both an internet connection and a bank account to use. Above all, they lack what has long made cash the preferred medium of civil libertarians, dissidents, and criminals alike: privacy. The only kind of money that leaves no paper trail is paper.

Verizon and AT&T’s recent 5G rollout could put them in a better position to compete with T-Mobile, which has had similar tech rolled out for years, according to data from Opensignal.

One tool in particular is the NIST Cybersecurity Framework, which is a free resource developed and provided by the U.S. government. Let’s dive in.

Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate data. One of these uses files written to disk and multiple DNS queries to send large chunks of data.

In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.

Data exfiltration is a technique used by malicious actors to carry out an unauthorized data transfer from a computer resource. Data exfiltration can be done remotely or locally and can be difficult to detect from normal network traffic.

Remember when only a couple of variations of processors were available for servers in any given generation of server CPUs? There might have been dozens of vendors, but they didn’t give a lot of choice, Today, we have a handful of server CPU designers and only a few foundries to do the etching, but the variety of compute engines is staggering.

While the global economy faced the challenges caused by the pandemic and society embraced new trends, the domain industry continued to expand thanks to the ongoing push toward digitalization.

The connected, embedded sensors and devices that make up the Internet of Things (IoT) contain software that provides these systems with their “intelligence.” All software contains millions of lines of code, and these inevitably contain some mistakes.

But in certain circumstances — such as a case involving imminent harm or death — an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents.

DNS over QUIC (DoQ) is currently being standardized within the DNS PRIVate Exchange IETF working group. The design goal is to provide DNS privacy with minimum latency, for which DoQ uses QUIC as the underlying transport protocol.

An independent security researcher has shared what’s a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022.

Vodafone is among the private sector’s latest victims to the damaging reputational impact of cybercrime — and it won’t be the last.

Whether it’s PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.

So the shortage isn’t just affecting the availability of current gadgets. The lack of chips is already fueling changes in the design of future products, delaying the next generations of devices, and forcing engineers to come up with all manner of Plan Bs, according to a new survey from Avnet.