Worth Reading: SHA-1 is a shambles

28 January 2020

SHA-1 is deprecated but still used in DNSSEC, and this collision attack means that some attacks against DNSSEC are now merely logistically challenging rather than being cryptographically infeasible. —Tony Finch

Worth Reading: Gominer mutates and spreads

28 January 2020

Juniper Threat Labs discovered a family of Monero Miners that spreads through cloud storage providers such as OneDrive, Google Drive and Dropbox. It also has the ability to mutate or change itself to try to avoid detection. —Paul Kimayong

Worth Reading: Scoring ISPs on Privacy and Security

27 January 2020

In April 2019 the Internet Society’s Online Trust Alliance (OTA) released its 10th Annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites on the Internet from retailers to governments. —Kenneth Olmstead

Worth Reading: Carving up the 5G RAN

27 January 2020

The decisions made by carriers, and their suppliers, on cloud RAN architectures will have big implications on the connection bandwidths needed in the 5G RAN and the systems required. —Simon Stanley

Worth Reading: Ako ransomware

23 January 2020

Security researchers observed that Ako ransomware is using malicious spam attachments to go after organizations’ networks. —David Bisson

Worth Reading: SIM swapping attacks

23 January 2020

By getting a mobile phone carrier to transfer a user’s phone number to a fraudster’s SIM card, the bad guys can access a variety of riches linked to a victim’s mobile phone. —Terry Sweeney

Worth Reading: Cache is King

23 January 2020

The gap between the performance of processors, broadly defined, and the performance of DRAM main memory, also broadly defined, has been an issue for at least three decades when the gap really started to open up. —Timothy Prickett Morgan

Worth Reading: The narrowness of browsers

22 January 2020

Back in 2017, the World Wide Web Consortium (W3C) approved the most controversial standard in its long history: Encrypted Media Extensions, or EME, which enabled Netflix and other big media companies to use DRM despite changes to browsers extensions that eliminated the kinds of deep hooks that DRM requires. —Cory Doctorow

Worth Reading: BGP Churn in 2019 (part 2)

21 January 2020

If the update rate of BGP is growing faster than we can deploy processing capability to match, then the routing system will lose data, and at that point, the routing system will head into turgid instability. —Geoff Huston

Worth Reading: 5G security

21 January 2020

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. —Bruce Schneier