Hard to believe we are past Halloween, and almost into the new year.
Some of the folk wisdom going around in software engineering, often cluessly repeated for decades, is just wrong. It can be particularly damaging when it affects key aspects of software development and is contradicted by solid scientific evidence. —Bertrand Meyer
SPAM (or more specifically phishing) email has become one of the most popular and effective weapons used by cyber attackers. As such, it can be a useful artefact for security enthusiasts to analyze. —Imtiaz Rahman
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN’s post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. —Frederick Felman
As I’ve written previously, this Third Amendment is necessary because of the First Amendment to the .com Registry Agreement which extends the current agreement’s term, including the wholesale registration price cap, until 2024 — a circumstance made inconvenient late last year when the National Telecommunications and Information Administration (NTIA) amended its Cooperative Agreement with VeriSign to remove the 2012 price restriction and granting pre-approval, beginning in 2020, for increases that don’t exceed 7% annually in four out of every six years of a .com Registry Agreement term. —Greg Thomas
Over the last few years, everyone’s been talking about Dark Mode. It’s said to boost productivity and focus while reducing eye strain. It’s also supposed to be better for your battery life. —Suzanne Scacca
One of the greatest misconceptions about online safety is that home networks are somehow private. Unfortunately, this hasn’t been true since around the turn of the century when we started filling our home networks with Internet-connected boxes serving local web pages. —Craig Young
One of the biggest security challenges with IoT is the substantial increase in the security attack surface — as IoT devices often have different operating systems and connect to networks (wireless, mobile and wired) with a variety of protocols, making them susceptible to a range of security vulnerabilities. —Vijay Varadharajan
Google recently released a paper showing that its quantum processor, called Sycamore, solved a computing problem in 200 seconds that would have taken the world’s best supercomputer 10,000 years to solve. And Google says this is just the beginning of what quantum computers will be able to do. —Beau Carnes
An absurd thing is happening in the halls of Congress. Major ISPs such as Comcast, AT&T, and Verizon are banging on the doors of legislators to stop the deployment of DNS over HTTPS (DoH), a technology that will give users one of the biggest upgrades to their Internet privacy and security since the proliferation of HTTPS. —Ernesto Falcon
We hear it all the time from security marketers and evangelists alike. “Information technology and operational technology are converging!” It’s a simplistic way of characterizing what is a highly complex web of digital transformations affecting a broad range of industries, from manufacturing to energy to real estate. —Dave Weinstein
SPAM (or more specifically phishing) email has become one of the most popular and effective weapons used by cyber attackers. As such, it can be a useful artefact for security enthusiasts to analyze. —Imtiaz Rahman
Related
In all articles that I’ve read about DoH, it seems the focus is always on “encryption versus non-encryption”. That’s not the issue. Encryption is always nice. But that’s not (all) that Chrome and Firefox are doing here.
The real issue is this. When doing DNS, there is always another party that you communicate with, that is going to give you the answer to your query. That party is usually a resolver, which forwards the query and answer. That party will see your request. You can encrypt all DNS-traffic, but the resolver will know what you queried. Nothing will change that. (Unless everyone runs their own full resolver, no caching-servers, which will scale really really poorly). So the real issue is: “who runs the caching-server I send my DNS-queries too”.
That’s the real issue. That the default resolver is changed. Without most people realizing/agreeing/understanding what is happening when they click “upgrade my browser”.
And always it is mentioned how the poor people in Venezuala can’t trust their government. And how Comcast sucks. Guess what. I don’t live in Venuzuela. And Comcast isn’t my ISP. In fact, I trust my own ISP a whole lot more than that I trust Google or Comcast. I am a paying customer of my own ISP, while I am just cattle to Google and Comcast. I can sue my own ISP in my own country, while Google and Comcast are foreign companies in a foreign country, with different laws.
So if Firefox and Chrome really want DoH to be a success, they need to explicitly let their users chose who their resolver is. After upgrading your browser, you should get a page that asks: “who do you want to see your web-queries ? Google, Cloudflare, your ISP, or someone else ?”. Only then this issue is a technology issue. Right now, changing the default resolver, without asking, is a scam.
Yes — agreed… the Hedge we recorded with Geoff Huston is pretty much where I am on DoH. Thanks for stopping by and commenting! 🙂