Weekend Reads 060322

This edition of weekend reads begins with a few straight security stories of interest. I knew key loggers existed in the wild, but the logging of keystrokes before a web form is submitted is apparently a lot more common than I realized—

They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.

Illustrating that security is often a game of “whack-a-mole,” web skimmers are obfuscating their operation—

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts.

Identity is fraught with problems even in the real world; just as people used to carry “letters of introduction” with them when they moved to a new area or started a new job, identity is often a matter of transitive trust. How to replicate transitive trust in the digital world is still a problem, but it’s also the foundation of decentralized systems—

The central thesis of the decentralized future is that I should be able to demonstrate certain aspects of my identity in the digital domain that are manifest in the physical domain – for example, my valid passport, academic record, Social Security details, and financial transactions.

Some thoughts on containers and security—

In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and what organizations can do to secure containerized workloads, going beyond DevOps to achieve DevSecOps.

DNS is often used by attackers in various ways, so it’s always fruitful to watch this space—

Central to many phishing attacks is an associated domain name, used either in the construction of a convincingly deceptive email delivery (“from”) address, for hosting the phishing site, or both.

However, geotargeting (or geoblocking) is increasingly being used by bad actors with their infringing websites.

Lots of stuff going on in the world of hardware and processors—

With the IPU, this offload model has been taken up another notch, with sophisticated networking and computation being put into a server’s network controller that makes it really a system in its own right.

Having created the Arm-based Nitro DPUs to offload compute, network, and storage virtualization and encryption work from its X86 servers, AWS decided back in 2018 to scale it up and create the initial Graviton to test the idea of using Arm servers in production.

Nearly all modern communications depend on optical hardware at some point, and improvements in that technology have the chance to be directly applied to quantum computing hardware.

Turing probably had little influence on computer construction. Even with the British stored program machines, with the exception of the Ace, he contributed little or nothing at all.

If you wanted to make a CPU, and you’re not AMD or Intel, there are two real choices: ARM and RISC-V.

Finally, a few articles on network performance and management—

I’ve written about this before, and the big ISP argument is pure bosh. Broadband costs are not related to the overall volume of broadband being delivered on a network.

When performance is poor, debugging these systems is challenging due to the complex interactions between different subcomponents and the possibility of the problem occurring at various places along the communication path.

Instead, I wanted to show how you can use Wireshark to find which specific packet triggered a Snort rule in seconds from within the Wireshark GUI, giving you all the surrounding context that a PCAP can give you.

And a bit of ‘net history—remember all 100 episodes of the History of Networking are still available, even if I’ve not recorded a new one in a long time—

At the close of the first day of SEE 10, Slobodan Markovic and I had the honour of giving a presentation that served as an introduction to a panel discussion on the Internet in Yugoslavia.