Weekend Reads 082418

During the 27th Usenix Security Symposium held in Baltimore, MD last week, a group of researchers from China revealed results obtained from a large-scale analysis DNS interceptions. @CircleID

The increasingly distributed nature of computing and the rapid growth in the number of the small connected devices that make up the Internet of Things (IoT) are combining with trends like the rise of silicon-level vulnerabilities highlighted by Spectre, Meltdown, and more recent variants to create an expanding and fluid security landscape that’s difficult for enterprises to navigate. —Jeffrey Burt @The Next Platform

Many online accounts allow you to supplement your password with a second form of identification, which can prevent some prevalent attacks. The second factors you can use to identify yourself include authenticator apps on your phone, which generate codes that change every 30 seconds, and security keys, small pieces of hardware similar in size and shape to USB drives. —Stuart Schechter @Medium

If this is a three-way tension, then it’s clear that we are not equals at the table here. It seems that as users we continually get short-changed when it comes to access to tools and technologies that can allow us to preserve our personal safety and security. —Geoff Huston @Potaroo

Seeing that the Hate Speech Code of Conduct also demonstrates that there is little consensus about what constitutes illegal hate speech across Member States, one can only imagine the lack of consensus on defining speech, such as disinformation, which is not illegal per se. This highlights the importance of targeted and narrow definitions: only demonstrably and verifiably false information, presented as actual reporting with intent to deceive, ought to be captured, and nothing else. —Laura Blanco @CDT

Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. —Swati Khandelwal @The Hacker News

Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. —James Mickens @USENIX

Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix. —Paul Vixie @Dark Reading

I recently enrolled in the Android developer preview programme and got hold of the Android P (9 beta) OTA image for my Nokia 7 Plus phone, and while discovering what’s new, I found a new advanced option under network settings called ‘Private DNS’ that got my attention. —Jan Žorž @Internet Society

DNSSEC adds digital signatures to DNS data. The addition of this digital signature is intended to allow a client of the DNS name resolution service to assure themselves of a number of qualities about the DNS response they have received. —Geoff Huston @APNIC