[Newsclips] IETF SYN-ACK Newspack 2020-09-

[David Goldstein <david@goldsteinreport.com>]

Hi IETF-ers,

 

A few of you have given feedback on this news service and it’s really valuable. So please keep the feedback coming. In the first instance please send it to Greg Wood and if you wish, cc me in.

 

For now though, happy reading!

David

 

**********************

IETF IN THE NEWS

**********************

NCSC Launches New Vulnerability Reporting Toolkit

The UK’s National Cyber Security Centre (NCSC) has released a new Vulnerability Reporting Toolkit, designed to help organizations manage vulnerability disclosure in a streamlined, process-driven manner. ... It was built according to the three best practices of vulnerability disclosure: good communication, a clear policy and ease-of-use. On the latter, the NCSC advocated the proposed IETF standard security.txt, also supported by the US Department of Homeland Security and NZ CERT, as an easy way for individuals to find all the information they need.

< <https://www.infosecurity-magazine.com/news/ncsc-launches-new-vulnerability/> https://www.infosecurity-magazine.com/news/ncsc-launches-new-vulnerability/>

 

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

Data privacy and security experts tell us that applying the "need to know” principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider — or to other parties — to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS. ... More recent measurements reported at an IETF meeting in April 2020 via the RIPE Atlas platform show that 47% of probes were utilizing qname-minimizing resolvers. As of August 2020, the fraction had increased to 55%, according to latest statistics in the same data collection hosted by NLnet Labs.

< <http://www.circleid.com/posts/20200916-maximizing-qname-minimization-new-chapter-dns-protocol-evolution/> http://www.circleid.com/posts/20200916-maximizing-qname-minimization-new-chapter-dns-protocol-evolution/>

 

Low Latency HLS Spec Nears Finalization

The need for a consistent low latency approach to HTTP-based segment or chunk "streaming" delivery has been discussed for more than a decade. As far back as 2011, with the ratification of Dynamic Adaptive Streaming via HTTP (DASH for short) by the Motion Picture Experts Group, a number of red flags went up warning of a potential "painting ourselves into a delayed delivery corner" with the 6- to 30-second delays that HTTP-based delivery entailed. These warnings were raised in Streaming Media magazine, on online forums, at Streaming Media shows, and at other industry events. ... Pantos has had an IETF specification on HLS in draft form for well over a decade. The first HLS spec, dated May 1, 2009, was authored by Pantos and has ever since affectionately been called "the Pantos spec" as shorthand for HLS recommendations and best practices on how to deliver HLS streams to Apple, Android, and other over-the-top or set-top box devices.

< <https://www.streamingmedia.com/Articles/ReadArticle.aspx?ArticleID=142921> https://www.streamingmedia.com/Articles/ReadArticle.aspx?ArticleID=142921>

 

Help, het internet breekt in tweeën [Help, the Internet breaks in two]

Join the Clean Network. Het blauwe logo met de cursieve letters lijkt zo weggelopen uit een tandpastareclame. Een fris en schoon internet, zonder invloed van de Chinese Communistische Partij, is de belofte van een zuiveringscampagne die Mike Pompeo, de Amerikaanse minister van Buitenlandse Zaken, vorige maand introduceerde. ... New IP is een onderzoeksvoorstel dat Huawei, China Mobile en China Unicom in september 2019 indienden bij de ITU. Daar maken overheden de dienst uit. Maar Europese landen vinden dat de Internet Engineering Taskforce (IETF), een openbare en onafhankelijke gemeenschap van bedrijven en onderzoekers, over New IP moeten beslissen.

< <https://www.nrc.nl/nieuws/2020/09/15/help-het-internet-breekt-in-tweeen-a4012056> https://www.nrc.nl/nieuws/2020/09/15/help-het-internet-breekt-in-tweeen-a4012056>

 

Qué es la ‘netiqueta’ y cómo usarla cuando se navega por la red [What is 'netiquette' and how to use it when surfing the net]

Desde la infancia, las personas aprenden a comportarse en sociedad y convivir con respeto. De igual modo, las interacciones en internet requieren de unas normas que garanticen una buena sintonía entre sus más de 4.500 millones de usuarios. ... La otra gran contribución a la netiqueta fue la del Grupo de Trabajo de Ingeniería de Internet (IETF), que en 1995, escribió un tratado sobre las comunicaciones web. El IETF es una institución sin ánimo de lucro cuyo objetivo es estandarizar los protocolos de la red. En este caso, su documento se enfoca en herramientas concretas.

< <http://blog.orange.es/red/netiqueta-como-usarla/> http://blog.orange.es/red/netiqueta-como-usarla/>

 

在IETF，如何推进自己的想法？ [At IETF, how do you advance your ideas?]

针对人们在参与互联网标准制定中存在的一些问题和误区，日前，IETF的资深研究人员Nick发了一份邮件。

< <http://www.edu.cn/xxh/zt/tj/202009/t20200917_2013205.shtml> http://www.edu.cn/xxh/zt/tj/202009/t20200917_2013205.shtml>

 

腾讯5G专家斯蒂芬·温格：基于光场的全息显示将是显示技术的未来 [Tencent 5G expert Stephen Wenger: Lightfield-based holograms will be the future of display technology.]

... 关于云的标准,包括通过IETF制定的TCP/IP、HTTP 等标准。这些经典的标准使互联网成为可能;W3C则创建了内容表现和语言等。在传输方面,有MPEG标准,如DASH;以及各种工业论坛,如DVB、DASH-IF 等,可将内容传输至大众消费者。

< <https://tech.sina.com.cn/roll/2020-09-15/doc-iivhuipp4414546.shtml> https://tech.sina.com.cn/roll/2020-09-15/doc-iivhuipp4414546.shtml>

 

**********************

INTERNET OF THINGS

**********************

Make IoT Devices Certifiably Safe—and Secure

After unboxing a new gadget, few people stop to consider how things could go horribly wrong when it’s plugged into the wall: A shorted wire could, for example, quickly produce a fire. We trust that our machines will not fail so catastrophically—a trust developed through more than a century of certification processes.

< <https://spectrum.ieee.org/computing/networks/make-iot-devices-certifiably-safeand-secure> https://spectrum.ieee.org/computing/networks/make-iot-devices-certifiably-safeand-secure>

 

Are your devices spying on you? Australia’s very small step to make the Internet of Things safer

>From internet-connected televisions, toys, fridges, ovens, security cameras, door locks, fitness trackers and lights, the so-called “Internet of Things” (IoT) promises to revolutionise our homes.

< <https://theconversation.com/are-your-devices-spying-on-you-australias-very-small-step-to-make-the-internet-of-things-safer-145554> https://theconversation.com/are-your-devices-spying-on-you-australias-very-small-step-to-make-the-internet-of-things-safer-145554>

< <https://newsroom.unsw.edu.au/news/business-law/are-your-devices-spying-you-australias-very-small-step-make-internet-things-safer> https://newsroom.unsw.edu.au/news/business-law/are-your-devices-spying-you-australias-very-small-step-make-internet-things-safer>

 

Coffee machines, cuddly toys and cars: The Internet of Things devices that could put you at risk from hackers

Connected teddy bears, connected coffee machines and connected cars are just some of the unusual Internet of Things (IoT) devices being insecurely connected to corporate networks that could leave whole organisations open to cyberattacks.

< <https://www.zdnet.com/article/coffee-machines-cuddly-toys-and-cars-the-internet-of-things-devices-which-could-put-you-at-risk-from-hackers/> https://www.zdnet.com/article/coffee-machines-cuddly-toys-and-cars-the-internet-of-things-devices-which-could-put-you-at-risk-from-hackers/>

 

Bluetooth Spoofing Bug Affects Billions of IoT Devices

The ‘BLESA’ flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.

< <https://threatpost.com/bluetooth-spoofing-bug-iot-devices/159291/> https://threatpost.com/bluetooth-spoofing-bug-iot-devices/159291/>

 

**********************

NEW TRANSPORT TECHNOLOGIES

**********************

China's industrial internet enters fast lane, official says

China is embracing new growth momentum in the industrial internet, as the country strives to gain a beachhead in the next generation of industrial development globally, the top industry regulator, government officials and experts said on Sunday.

< <http://global.chinadaily.com.cn/a/202009/21/WS5f67e7a6a31024ad0ba7aa47.html> http://global.chinadaily.com.cn/a/202009/21/WS5f67e7a6a31024ad0ba7aa47.html>

 

**********************

SECURITY & PRIVACY

**********************

DDoS Attacks Rose 151% in First Half of 2020

DDoS attacks grew in number, volume, and intensity in the first half of 2020 compared to the first half of 2019, and both very large and very small DDoS attacks showed increased sophistication and intensity in 2020, according to new data from Neustar.

< <https://www.darkreading.com/threat-intelligence/ddos-attacks-rose-151--in-first-half-of-2020/d/d-id/1338937> https://www.darkreading.com/threat-intelligence/ddos-attacks-rose-151--in-first-half-of-2020/d/d-id/1338937>

 

DDoS Attacks Increase by 151% in First Half of 2020

Neustar, Inc., a global information services and technology company and leader in identity resolution, today released its latest cyberthreats and trends report which identifies significant shifts in distributed denial-of-service (DDoS) attack patterns in the first half of 2020.

< <https://www.home.neustar/about-us/news-room/press-releases/2020/ddos-attacks-increase-by-151-in-first-half-of-2020> https://www.home.neustar/about-us/news-room/press-releases/2020/ddos-attacks-increase-by-151-in-first-half-of-2020>

 

eu: Privacy and security framework tackles cybersecurity

Cyber-physical systems (CPSs) based on Internet of Things (IoT) and virtualised cloud architectures present new and unexpected risks that can’t be completely solved by current state-of-the-art security solutions. The EU-funded project ANASTACIA introduced a solution providing utmost security and trust.

< <https://ec.europa.eu/digital-single-market/en/news/privacy-and-security-framework-tackles-cybersecurity> https://ec.europa.eu/digital-single-market/en/news/privacy-and-security-framework-tackles-cybersecurity>

 

More Cyberattacks in the First Half of 2020 Than in All of 2019

A study by CrowdStrike of recent threat activity on networks belonging to its customers showed more intrusion attempts in the first six months of this year than in all of 2019.

< <https://www.darkreading.com/attacks-breaches/more-cyberattacks-in-the-first-half-of-2020-than-in-all-of-2019/d/d-id/1338926> https://www.darkreading.com/attacks-breaches/more-cyberattacks-in-the-first-half-of-2020-than-in-all-of-2019/d/d-id/1338926>

 

Report Looks at COVID-19’s Massive Impact on Cybersecurity

Cynet’s report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks.

< <https://threatpost.com/cynet-report-looks-at-covid-19s-massive-impact-on-cybersecurity/159249/> https://threatpost.com/cynet-report-looks-at-covid-19s-massive-impact-on-cybersecurity/159249/>

 

DNS Flag Day 2020: what you need to know

The DNS Flag Day is an initiative of DNS vendors (both open-source and proprietary) and DNS operators.

< <https://blog.apnic.net/2020/09/17/dns-flag-day-2020-what-you-need-to-know/> https://blog.apnic.net/2020/09/17/dns-flag-day-2020-what-you-need-to-know/>

 

CISA to Oversee CVE Numbering Authorities for Industrial Control Systems and Medical Devices

The Common Vulnerabilities and Exposures (CVE®) Program announced today it is granting authority to the Cybersecurity and Infrastructure Security Agency (CISA) for managing the assignment of CVE Identifiers (IDs) for the CVE Program.

< <https://www.cisa.gov/news/2020/09/15/cisa-oversee-cve-numbering-authorities-industrial-control-systems-and-medical> https://www.cisa.gov/news/2020/09/15/cisa-oversee-cve-numbering-authorities-industrial-control-systems-and-medical>

 

Prosecutors open homicide case after cyber-attack on German hospital

German prosecutors have opened a homicide investigation into the case of a patient who died after a hospital in the city of Düsseldorf was unable to admit her because its systems had been knocked out by a cyber-attack.

< <https://uk.reuters.com/article/idUKKBN269283> https://uk.reuters.com/article/idUKKBN269283>

< <https://in.reuters.com/article/idINL8N2GF3HW> https://in.reuters.com/article/idINL8N2GF3HW>

 

Cyber Attack Suspected in German Woman’s Death

The first known death from a cyberattack was reported Thursday after cybercriminals hit a hospital in Düsseldorf, Germany, with so-called ransomware, in which hackers encrypt data and hold it hostage until the victim pays a ransom.

< <https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html> https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html>

 

The TikTok Ban: Security Experts Weigh in on the App’s Risks

With no hard evidence of abuse, are bans warranted? The real security concerns will likely come after the ban goes into effect, researchers said in our exclusive roundtable.

< <https://threatpost.com/tik-tok-ban-security-experts-dangers/159362/> https://threatpost.com/tik-tok-ban-security-experts-dangers/159362/>

 

Iranian Hackers Can Now Beat Encrypted Apps, Researchers Say

Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday.

< <https://www.nytimes.com/2020/09/18/world/middleeast/iran-hacking-encryption.html> https://www.nytimes.com/2020/09/18/world/middleeast/iran-hacking-encryption.html>

 

Unprecedented Levels of Ransom DDoS Extortion Attacks

The FBI has released a flash warning that thousands of organizations around the world, and across multiple industries, have been threatened with DDoS attacks unless they pay a bitcoin ransom. This ransom DDoS, or RDoS, threat was covered by Akamai's Security Intelligence Response Team (SIRT) in a Security Alert released on August 17, 2020.

< <https://blogs.akamai.com/2020/09/unprecedented-levels-of-ransom-ddos-extortion-attacks.html> https://blogs.akamai.com/2020/09/unprecedented-levels-of-ransom-ddos-extortion-attacks.html>

 

Make IoT Devices Certifiably Safe—and Secure

After unboxing a new gadget, few people stop to consider how things could go horribly wrong when it’s plugged into the wall: A shorted wire could, for example, quickly produce a fire. We trust that our machines will not fail so catastrophically—a trust developed through more than a century of certification processes.

< <https://spectrum.ieee.org/computing/networks/make-iot-devices-certifiably-safeand-secure> https://spectrum.ieee.org/computing/networks/make-iot-devices-certifiably-safeand-secure>

 

Critical Infrastructure Encompasses More than It Once Did and Must Be Better Protected

When most people in the cybersecurity world initially think about so-called “critical infrastructure,” what typically comes to mind are the likes of the power grid, other public utilities and dams. This is predictable, in part because two highly publicized power grid cyberattacks in recent years in Ukraine knocked out power for hundreds of thousands of people in the dead of winter. 

< <https://www.rsaconference.com/industry-topics/blog/critical-infrastructure-encompasses-more-than-it-once-did-and-must-be-better-prot> https://www.rsaconference.com/industry-topics/blog/critical-infrastructure-encompasses-more-than-it-once-did-and-must-be-better-prot>

 

**********************

TLS

**********************

Why bigger isn’t always better when it comes to TLS key size

Configuring Transport Layer Security (TLS) can involve some complex choices. This is certainly true when it comes to the size (number of bits) of the encryption keys used in server certificates.

< <https://blog.apnic.net/2020/09/14/why-bigger-isnt-always-better-when-it-comes-to-tls-key-size/> https://blog.apnic.net/2020/09/14/why-bigger-isnt-always-better-when-it-comes-to-tls-key-size/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Voices from the Future - 30 Years of Breakthrough Technologies in Europe

A new booklet has just been published to celebrate the past 30 years of the Future and Emerging Technologies (FET) programme and its future as Pathfinder for Advanced Research in the European Innovation Council (EIC).

< <https://ec.europa.eu/digital-single-market/en/news/voices-future-30-years-breakthrough-technologies-europe> https://ec.europa.eu/digital-single-market/en/news/voices-future-30-years-breakthrough-technologies-europe>

 

What Will the Internet Look Like in 2030? New Grants Program for Researchers Studying the Future of the Internet

>From the environment to the economy, the Internet is reshaping and disrupting several sectors of our society. What might future patterns of disruption look like? How will these changes affect all of us, particularly those on the margins of society? What new solutions can we generate today, to address the challenges of tomorrow?

< <https://www.internetsociety.org/blog/2020/09/what-will-the-internet-look-like-in-2030-new-grants-program-for-researchers-studying-the-future-of-the-internet/> https://www.internetsociety.org/blog/2020/09/what-will-the-internet-look-like-in-2030-new-grants-program-for-researchers-studying-the-future-of-the-internet/>

 

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

Data privacy and security experts tell us that applying the "need to know" principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider -- or to other parties -- to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS.

< <http://www.circleid.com/posts/20200916-maximizing-qname-minimization-new-chapter-dns-protocol-evolution/> http://www.circleid.com/posts/20200916-maximizing-qname-minimization-new-chapter-dns-protocol-evolution/>

 

Net pioneer Vint Cerf warns of digital info dark age

Computer and data scientists globally have worried that all data - this centurys digital history - is at risk of never being recoverable. The vice president and chief internet evangelist at Google gave the example of floppy disks which are no longer readable by current machines.

< <https://economictimes.indiatimes.com/tech/internet/net-pioneer-vint-cerf-warns-of-digital-info-dark-age/articleshow/78152249.cms> https://economictimes.indiatimes.com/tech/internet/net-pioneer-vint-cerf-warns-of-digital-info-dark-age/articleshow/78152249.cms>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home