Weekend Reads 120420

CrowdSec is an open source security engine that analyzes visitor behavior and provides an adapted response to all kinds of attacks. It parses logs from any source and applies heuristic scenarios to identify aggressive behavior and protect against most attack classes.

The “network perimeter” is an increasingly meaningless term; the perimeter is everywhere and the network is constantly interacting with employees, workloads and even the networks of both suppliers and customers. Integration enables success, but it also means that prevention of information security compromise events.

As cryptographic analysis and related technologies advance, the signing algorithms at the heart of DNSSEC have to keep up. Moritz Müller and colleagues take a look at barriers on the road to more secure algorithms and discuss ways to make the journey faster.

When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers.

Open source repositories form the backbone of modern software development — nearly every software project includes at least one component — but security experts increasingly worry that attackers are focused on infecting systems by inserting malicious code into popular repositories.

In previous ransomware scenarios, an organization just had to decide whether to pay a ransom to get the key to unencrypt the data. But now it must consider making what is essentially a “forever promise” with a criminal organization. The threat actors are demanding payment in exchange for alleged proof that they deleted the data. In practice, they are saying “trust us” to delete data that they previously threatened to publish. It’s not a great situation to find yourself in.

Textbooks tell us that cache requests result in one of two possible outcomes: cache hits and misses. However, when the cache miss latency is higher than the inter-arrival time between requests, it produces a third possibility, delayed hits.

In both the traditional HPC simulation and modeling market and the adjacent AI market including machine learning and data analytics, the GPU has become the compute engine of choice because of the price/performance, memory bandwidth, and varied forms of calculation that it enables.

In August 2019, the Internet Society supported the Mutually Agreed Norms for Routing Security (MANRS) initiative by creating a platform to visualize its members’ routing security data from around the globe. The MANRS Observatory’s interactive dashboard allows networks to check their progress in improving their routing security.

George Gilder and Robert J. Marks discuss blockchain, Bitcoin, quantum and carbon computing, and George Gilder’s new book Gaming AI: Why AI Can’t Think but Can Transform Jobs (which you can get for free here).

Dubbed “SAD DNS attack” (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications.

At the 2020 (ISC)² Security Congress, SCADAfence CEO Elad Ben-Meir took the virtual stage to share details of a targeted industrial ransomware attack against a large European manufacturer earlier this year. His discussion of how the attacker broke in, the collection of forensic evidence, and the incident response process offered valuable lessons to an audience of security practitioners.

Renowned military strategist John Boyd conceived the “OODA loop” to help commanders make clear-headed decisions during the Korean War. We’ll look at how one might apply the OODA loop OODA — that stands for observe, orient, decide, and act — specifically to secure cloud-native deployments and prevent breaches before they occur.

As our recent election security research showed, domain spoofing is a preferred attack vector. According to the Oregon FBI in their Tech Tuesday, “Cyber actors set up spoofed domains with slightly altered characteristics of legitimate domains. A spoofed domain may feature an alternate spelling of a word (‘electon’ instead of ‘election’), or use ‘[.]com’ in place of ‘[.]gov.'”

Despite dedicating the majority of my life to protective intelligence in the private and public sectors, I still find it hard to believe when I see companies that have thousands of employees and dozens of offices and facilities — but a scant few physical security professionals using legacy tools and processes to try to keep the business harm-free. It’s almost an exercise in futility.