Weekend Reads 121418

Australia’s House of Representatives has finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. —Swati Khandelwal @thehackernews.com

Equifax could have prevented a breach of its systems and the resulting leak of sensitive information on nearly 148 million people by focusing more heavily on security, creating a clear hierarchy of responsibilities, and reducing complexity in its infrastructure, a congressional committee concluded in a report released on Dec. 10. —Robert Lemos @darkreading.com

Small and home office routers are becoming major targets for criminals seeking to steal banking and other online account credentials belonging to Internet users. The latest indication of the trend is “Novidade,” a dangerous new exploit kit that multiple attack groups appear to be using to target routers belonging to millions of users in Brazil and, to a lesser extent, other parts of the world. —Jai Vijayan @darkreading.com

Internet Exchange Points (IXPs) originally aimed to keep local traffic local and reduce dependence on third parties. However, ever-increasing traffic volumes create pressure for more dense and diverse peering, which challenges the traditional IXP model. —asileios Giotsas @apnic.net

A common hacking/pen-testing technique is to drop a box physically on the local network. On this blog, there are articles going back 10 years discussing this. In the old days, this was done with $200 “netbook” (cheap notebook computers). These days, it can be done with $50 “Raspberry Pi” computers, or even $25 consumer devices reflashed with Linux. @erratasec.com

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late. @krebsonsecurity.com

Many articles have been published comparing the performance of video codecs. The reader of these articles might often be confused by their seemingly contradicting conclusions. One article might claim that codec A is 15% better than codec B, while the next one might assert that codec B is 10% better than codec A. @Netflix

After decades of the unrivalled dominance of JPEG, recent years have witnessed the appearance of new formats — WebP and HEIC — that challenge this position. They have only partial, but significant, support by major players among web browsers and mobile operating systems. Another new image format — AVIF — is expected to enter the scene in 2019 with promise of sweeping through the whole web. —Antón Garcia @freecodecamp.org

There are two kinds of people in this world: those who have been affected by Business Email Compromise (BEC) scams and those who don’t know they have been hit with BEC. It’s happening all the time, in your company, right now. People are getting emails that look official, from a realistic company email address, requesting some form of action; the trouble is, they are not real and they can lead to loss of data, loss of money, or both. —Ben Munroe @cisco.com