Weekend Reads 040920

This edition of the weekend reads was thoroughly disinfected before being published.

The introduction of artificial intelligence (AI) into products and services across all sectors is creating new capabilities at a scale that software developers could never have dreamed of just a decade ago. —Nir Bar Lev

A growing body of survey data suggests that the move to remote work has caused a growing number of headaches for security teams, especially regarding securing remote systems and maintaining up-to-date software through patching. —Robert Lemos

The Internet’s users rely on domain name registration information for vital purposes, including providing security, problem-solving, and legal and social accountability. The data is so important that users perform more than two billion WHOIS queries every day. ICANN has instituted new data policies over the last two years, and is also directing a migration to a new technical protocol, RDAP, that will replace WHOIS access in the near future. So at this critical juncture, how is it all going? —Greg Aaron

Zoom — one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic — has come in for much criticism due to assorted security and privacy flaws. —Steven Bellovin

Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn’t this odd, given that I’ve been doing security and privacy work for more than 30 years, and “everyone” knows that Zoom is a security disaster? —Steven Bellovin

New research from Citizen Lab show that not only were the critics correct, Zoom’s design shows that they’re completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don’t expect those flaws to be errors I’d find unacceptable in an introductory undergraduate class, but that’s what happened here. —Steven Bellovin

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. —Ravie Lakshmanan

Unfortunately, the hashing functions which are used for hashing passwords aren’t always as secure as generally approved hash functions. For example, the hashing function used for old Windows devices is known as LM Hash, which is so weak that it can be cracked in a few seconds. —Megan Kaczanowski

The Great Infection is unique among recessions in that it is essentially a self-imposed economic downturn, not the result of over-exuberance or excess optimism or greed, but by a spikey ball of fat that is not alive but is more like a self-replicating biological machine that only knows how to do one thing: Copy itself if it reaches the right sticky environment in time before it dries out and falls apart. —Timothy Prickett Morgan

Previously, one of the advantages of APNIC’s whois service over RDAP was that whois is deployed in multiple regions around the globe, while RDAP has, until now, only been served from a data centre in Brisbane, Australia. —Rafael Cintra

In recent years, we are nearing another peak. This article proposes to improve computation performance not only by building better hardware, but by changing how we use existing hardware. More specifically, the focusing on how we use existing processor types. I call this approach Compute Orchestration: automatic optimization of machine code to best use the modern datacenter hardware (again, with special emphasis on different processor types). —Guy Harpak

When you think about the history of Windows, what comes to mind? Iconic logos? Changing Start menus? The introduction of Live Tiles? The history of Microsoft’s flagship operating system (OS) includes all of that and so much more. —Anita George