Weekend Reads 061121

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors.

The Internet Engineering Task Force (IETF) is a collaborative body that has developed internetworking specifications for more than five decades, successfully shaping the global marketplace of digital network equipment and services.

When data moves off a trusted network, it may be a default response to assume malicious intent is involved.

In this article, I want to discuss the importance of a TCB’s size, how you might measure it, and how difficult it can be to reduce its size. Let’s look at those issues in order.

If you work with Internet numbers, you will know that among Resource PKI (RPKI) specialists, this is one of the issues being discussed — how to make a PKI work for Internet number distribution.

It wasn’t the first time cloud services were the focus of a cyberattack, and it certainly won’t be the last. Cloud weaknesses were also critical in a 2019 breach at Capital One.

Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk.

Broadcom Inc., one of the world’s largest chipmakers, gave a bullish forecast for quarterly sales, boosted by demand for chips used in data centers and equipment needed to improve consumer home internet speeds.

But their early work on NVMe, now officially in its 2.0 incarnation with over 130 members, is still expanding—and it’s right on time given the changes in broad world of storage.

“I give up.” Those are the words you’d like any attacker trying to crack into your systems to say. “I never want to go through this again.” Even better.

But we couldn’t help but notice subdomains that might be revealing a lot about a company’s Internet infrastructure and resources — maybe even far too much. We explored a few examples in this post to illustrate why.

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out.

I think that one thing that the DBIR does is it takes the things that are going on in the cybersecurity space, particularly with breaches and incidents, and breaks them down into something that is both interesting to look at from a statistics standpoint but then actionable to various industries or people who are actually doing the work to defend the enterprise.