Weekend Reads 051919
Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad. —Another week, another devastating, industry-shaking, cybersecurity threat. This week’s is particularly haunting, though — the resurrected corpse of the Spectre and Meltdown vulnerabilities, aptly known as ZombieLoad.
Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have “Rogue In-Flight Data Load.” —Peter Bright
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. —Swati Khandelwal
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. —Mohit Kumar
Intel’s struggles to get its 10 nanometer processors out the door has forced the company to do some serious soul-searching. And while the brain trust there has not given up on Moore’s Law, Intel is not going to rely on it in quite the same way as it has in the past. —Michael Feldman
The argument I often hear against open testing standards is because network component engineers can see the test and create a solution based on the known criteria. This, to use a grade school analogy, seems like cheating since the test questions are known in advance, making it possible for a network operator to engineer their products to pass the test. —Timothy Winters
We’ve been working on a new technology at the Internet Engineering Task Force (IETF) to help Internet of Things (IoT) manufacturers and users protect themselves and others from vulnerabilities.
The basis of our work is: no matter how hard we try, IoT devices (or Things) will always have some vulnerability, which the network can provide a layer of protection against. —Eliot LEar
Data has long been lauded as a competitive moat for companies, and that narrative’s been further hyped with the recent wave of AI startups. Network effects have been similarly promoted as a defensible force in building software businesses. So of course, we constantly hear about the combination of the two: “data network effects” (heck, we’ve talked about them at length ourselves). —Martin Casado and Peter Lauten
I recently saw a presentation that showed how food safety is starting to rely on good rural broadband. I’ve already witnessed many other ways that farmers use broadband like precision farming, herd monitoring, and drone surveillance, but food safety was a new concept for me. —Doug Dawson
The American Registry for Internet Numbers, Ltd. (ARIN) has won a legal case against an elaborate multi-year scheme to defraud the Internet community of approximately 735,000 IPv4 addresses, the organization has revealed. While the specifics of the findings are not released, John Curran, ARIN President and CEO said the fraud was detected as a result of an internal due diligence process. —CircleID
The Maginot Line was a World War II-era series of fortifications, intended to protect France from a potential attack from the East. The Line included concrete bunkers with mounted artillery guns, tunnels, railroad connections for supplies and to garrison French troops. However, despite its strength and elaborate design, the Maginot Line proved completely ineffective when German forces instead invaded Belgium to circumvent it. —Shahee Mirza
Many industries operate on the principle of “just-in-time inventory”. Car manufacturers receive the parts needed for the day’s production in some cases only during the previous day. Data centers distribute (load balance) network traffic among a pool of servers, and do not add new servers until all exceed a capacity threshold. This just-in-time approach minimizes unused resources and eliminates idle capital. —Jonathan Homa