Weekend Reads 05042018: It’s time to opt in to security

Start with your business goals and decide which metrics are required to accurately measure the state of these goals. For example, say an ISP wishes to ensure that their subscribers get the best performance possible during peak usage time — this can be monitored by measuring the oversubscription ratio and uplink utilization of the terminating device. The required metrics to do this are the number of connected sessions, ifHCInOctets, ifHCOutOctets, ifHCSpeed of the uplink from the terminating device. —Tim Raphael @APNIC

What is the best threat management system for a business network? It’s a difficult question to answer because threat management isn’t about finding a single solution to every problem; it’s about layering multiple solutions in a way that offers the best protection against a variety of threats. —Diana Shtil @Dark Reading

Tomorrow, the House Judiciary Committee will host what’s likely to be a wide-ranging discussion of how social media companies moderate content, in its hearing on Filtering Practices of Social Media Platforms. While the hearing is sure to include some spectacle and grandstanding, make no mistake: This is a deeply serious issue that deserves thoughtful consideration by policymakers, companies, and users alike. Here are a few key themes we hope members of the committee will consider… —Emma LLanso @CDT

Combine exploits of two of the Internet’s foundation protocols with a human behavior “vulnerability” and you get an attack that can be quite successful: That’s what happened on Amazon’s domain name service on April 24, and the result is a $150,000 lesson in stacked vulnerabilities. —Curtis Franklin Jr. @Dark Reading

In a way, cybersecurity has become a victim of SSH’s success. Because SSH comes pre-installed, most organizations have no group or individual responsible for monitoring SSH activities. In fact, most businesses make the leap that SSH equals encryption and encryption equals security. And who doesn’t want more encryption and security? The premise that encryption alone negates the need for vigilance and oversight of SSH use is dangerously flawed. —Thomas MacIsaac @Data Center Journal

The demand for compute is so strong among the hyperscalers and cloud builders that nothing seems to be slowing down Intel’s datacenter business. Not delays in processor rollouts due to the difficulties in ramping 14 nanometer and 10 nanometer processes as the pace of Moore’s Law increases in transistor density and the lowering of the cost of chips slows. —Timothy Prickett Morgan @The Next Platform

Evidence of the demise of the U.S. retail industry is clear in almost every household. It exists in every neighborhood, even in the White House, and it was clear again Thursday. —Thomas H. Kee Jr. @MarketWatch

Despite the largest scandal in data collection history, there are no signs of consumers taking majors steps to further protect their privacy. Facebook hasn’t tried to conceal its relief. What’s next? A far-reaching effort from the EU to contain the use of data. Its most likely effect will be to reinforce the position of the tech giant… —Frederic Filloux @Monday Note

On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it. —Krebs on Security

Another BGP hijacking event is in the news today. This time, the event is affecting the Ethereum cryptocurrency. (Read more about it here, or here.) Users were faced with an insecure SSL certificate. Clicking through that, like so many users do without reading, they were redirected to a server in Russia, which proceeded to empty the user’s wallet. —Megan Kruse and Aftab Siddiqui @The Internet Society