Weekend Reads 042718: Mostly Security and Privacy

The Internet Corporation for Assigned Names and Numbers (ICANN) launched the Uniform Rapid Suspension System (URS) (2013) in anticipation of the marketing of new gTLDs that became available from November 2013. It is one of four new rights protection mechanisms (RPMs) designed to combat cybersquatting. —Gerald M. Levine @CircleID

Digital attackers are targeting organizations in the energy sector like never before. For example, just a few weeks ago, the FBI and Department of Homeland Security issued a joint report describing a massive Russian hacking campaign to infiltrate America’s critical infrastructure. In a first, the US government publicly blamed Russia’s government for attacks on energy infrastructure. —Ray Lepina @tripwire

About a decade ago, Kaminsky proved that vulnerabilities of the DNS can be exploited. If the DNS is corrupt (for instance by ‘cache poisoning’), the end user can be directed to a malicious website. This can be risky when sensitive (personal) information is exchanged, or a financial transaction is done. Mail security is also tied to (the security of) the DNS. A network attacker can spoof the DNS records of a mail server, to redirect mail connections to a malicious server. —Rene Bakker @APNIC

When we must depend on a system, not only should we want it to resist attacks but we should have reason to believe that it will resist attacks. So security is a blend of two ingredients: mechanism and assurance. In developing a secure system, it is tempting to focus first on mechanism—the familiar “build then test” paradigm from software development. —Fred B. Schneider @CACM

In the 1970s, when Microsoft and Apple were founded, programming was an art only a limited group of dedicated enthusiasts actually knew how to perform properly. CPUs were rather slow, personal computers had a very limited amount of memory, and monitors were lo-res. To create something decent, a programmer had to fight against actual hardware limitations. —Yegor Bugayenko @CACM

An increasing number of home devices, from thermostats to light bulbs to garage door openers, are now Internet-connected. This “Internet of Things” (IoT) promises reduced energy consumption, more effective health management, and living spaces that react adaptively to users’ lifestyles. Unfortunately, recent IoT device hacks and personal data breaches have made security and privacy a focal point for IoT consumers, developers, and regulators. @Freedom to Tinker

“Into the Web of Profit,” among the first studies to explore the intricacies of revenue and profit in the world of cybercrime, was conducted by Dr. Michael McGuire, senior lecturer in Criminology at England’s University of Surrey. Over nine months of study, he learned how the “economy” of cybercrime sustains itself and overlaps with the legitimate economy. —Kelly Sheridan @ Dark Reading

Facebook has built some of the most advanced algorithms for tracking users, but when it comes to acting on user abuse reports about Facebook groups and content that clearly violate the company’s “community standards,” the social media giant’s technology appears to be woefully inadequate. @Krebs on Security