[Newsclips] IETF SYN-ACK Newspack 2020-11-16

David Goldstein <david@goldsteinreport.com> Mon, 16 November 2020 09:57 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7502F3A167B for <newsclips@ietfa.amsl.com>; Mon, 16 Nov 2020 01:57:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3joaRqDgajO for <newsclips@ietfa.amsl.com>; Mon, 16 Nov 2020 01:57:22 -0800 (PST)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14A493A16CE for <newsclips@ietf.org>; Mon, 16 Nov 2020 01:57:21 -0800 (PST)
Received: from DavidDesktop2019 (unknown [144.136.33.114]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id C713E28087A for <newsclips@ietf.org>; Mon, 16 Nov 2020 04:57:16 -0500 (EST)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 144.136.33.114) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 16 Nov 2020 20:57:13 +1100
Organization: Goldstein Report
Message-ID: <005d01d6bbfe$df14fbf0$9d3ef3d0$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_005E_01D6BC5B.1287E4F0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Ada7/s16AqWG/055SwegcU8mNQwxAg==
Content-Language: en-au
X-PPP-Message-ID: <20201116095719.137003.31622@karkinos.atomiclayer.com>
X-PPP-Vhost: goldsteinreport.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/BgCuSVqKvnr-kK8guxmGjZJwex4>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-11-16
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2020 09:57:28 -0000

The IETF SYNACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Virtual IETF 108 Meeting: Report written by Matthias M. Hudobnik

Very much looking forward to participating in #IETF109 as an @ICANNAtLarge member to strengthen the relations. Below a brief report in the #EURALO #newsletter about my #IETF108 participation

< <https://twitter.com/mhudobnik/status/1326181419945783296/photo/1> https://twitter.com/mhudobnik/status/1326181419945783296/photo/1>

 

My first ever IETF: Experience of IETF-108

Dreams come true indeed if the intent is pure. I remember vividly being at the APNIC conference around this time last year. At APNIC, there is a tradition to celebrate the birthday of all fellows falling in the month of the event. When asked about my birthday wish during the celebration I said that I wish to attend IETF as a fellow. A year later, I attended IETF 108 with sponsorship. IETF 108 was the first IETF I attended actively in spite of being involved with the IETF community directly and indirectly for the last four years.

< <https://amalgation.wordpress.com/2020/09/22/my-first-ever-ietf-experience-of-ietf-108/> https://amalgation.wordpress.com/2020/09/22/my-first-ever-ietf-experience-of-ietf-108/>

 

IAB Report to the Community for IETF 109

This is the IAB report for the period between IETF 108 and IETF 109. This report presents a summary of activities.

< <https://www.iab.org/2020/11/13/iab-report-to-the-community-for-ietf-109/> https://www.iab.org/2020/11/13/iab-report-to-the-community-for-ietf-109/>

 

Call for nominations: IETF appointment to the ISOC Board of Trustees

The Internet Society (ISOC) provides organizational and financial support for the IETF. As part of the arrangements between ISOC and the IETF, the IETF is called upon to name 4 Trustees to its Board (BoT), with staggered 3-year terms.

< <https://www.iab.org/2020/11/10/call-for-nominations-ietf-appointment-to-the-isoc-board-of-trustees-7/> https://www.iab.org/2020/11/10/call-for-nominations-ietf-appointment-to-the-isoc-board-of-trustees-7/>

 

Googlebot Begins Crawling With HTTP/2 Protocol

Google updated their Googlebot Developers Support Page to reflect that Google is now able to try downloading pages via the latest HTTP/2 protocol. This is effective November 2020. The Googlebot developer page was updated November 12, 2020 to reflect this change. ... According to an official IETF FAQ page on Github: “HTTP/1.x has a problem called “head-of-line blocking,” where effectively only one request can be outstanding on a connection at a time.

< <https://www.searchenginejournal.com/googlebot-can-crawl-with-http-2/387440/> https://www.searchenginejournal.com/googlebot-can-crawl-with-http-2/387440/>

 

Redundant, Secure, and Open Short Domains: A Vision for Multi-Provider Apex Domain Aliases to Enable DNS Diversity

... A solution is on the way! An upcoming IETF proposed standard authored by people from Akamai and Google, known as service binding, provides an open solution that solves this problem and others such as open access to protocol configuration data (e.g., HTTP/3 support available) and keying material for encrypting TLS Server Name Indication.

< <https://securityboulevard.com/2020/11/redundant-secure-and-open-short-domains-a-vision-for-multi-provider-apex-domain-aliases-to-enable-dns-diversity/> https://securityboulevard.com/2020/11/redundant-secure-and-open-short-domains-a-vision-for-multi-provider-apex-domain-aliases-to-enable-dns-diversity/>

 

Plagued with uncertainties and ambiguities of the development in the public adaptation of IPv6, IPv4 becomes a commodity that gives rise to leasing IPv4

... The evolution of the internet posed an unprecedented threat that led to the rapid exhaustion of IPv4. This threat of rapid exhaustion gave birth to the IETF, which was tasked to tackle the matter at hand. The IETF later debuted with a redesigned Internet Protocol or, commercially known as IPv6.

< <https://telecoms.com/intelligence/plagued-with-uncertainties-and-ambiguities-of-the-development-in-the-public-adaptation-of-ipv6-ipv4-becomes-a-commodity-that-gives-rise-to-leasing-ipv4/> https://telecoms.com/intelligence/plagued-with-uncertainties-and-ambiguities-of-the-development-in-the-public-adaptation-of-ipv6-ipv4-becomes-a-commodity-that-gives-rise-to-leasing-ipv4/>

 

Acklio, DLMS UA to connect smart electric meters to LoRaWAN

... The new DLMS over LPWAN profile leverages SCHC, the new IETF standard for IP communications over Low-Power Wide-Area Networks. It allows seamless transmission of DLMS messages over an LPWAN link. This means that utilities keep the original DLMS application environment, both in the smart electricity meter and in the head end system.

< <https://www.smart-energy.com/industry-sectors/iot/acklio-and-dlms-user-association-to-connect-smart-electric-meters-to-lorawan/> https://www.smart-energy.com/industry-sectors/iot/acklio-and-dlms-user-association-to-connect-smart-electric-meters-to-lorawan/>

 

New Internet Protocol: Redesigning the Internet with Chinese Characteristics?

The radical idea of a New Internet Protocol (IP), replacing the prevalent TCP/IP (Transmission Control Protocol and Internet Protocol), was put forward together by Huawei, the Chinese Ministry of Industry and Information Technology, and the state-owned telecom service providers China Mobile and China Unicom to the Telecommunication Standardization Advisory Group (TSAG) of the International Telecommunication Union (Telecommunication Standardization Sector [ITU-T]) in September 2019. ... The very idea of a New IP has faced sharp criticism especially from the IETF, the premier Internet standards organisation which remains an open international community of network designers, operators, vendors, and researchers who make voluntary contribution to the development of technical standards for the Internet. It has been termed “harmful”, “threatening”, and against the ethos of the Internet, questioning the very need of a New IP and the unstated ..

< <http://www.indiandefencereview.com/spotlights/new-internet-protocol-redesigning-the-internet-with-chinese-characteristics/> http://www.indiandefencereview.com/spotlights/new-internet-protocol-redesigning-the-internet-with-chinese-characteristics/>

 

New Tool Detects Unsafe Security Practices in Android Apps

Computer scientists at Columbia Engineering have shown for the first time that it is possible to analyze how thousands of Android apps use cryptography without needing to have the apps’ actual codes. The team’s new tool, CRYLOGGER, can tell when an Android app uses cryptography incorrectly—it detects the so-called “cryptographic misuses” in Android apps. When given a list of rules that should be followed for secure cryptography—guidelines developed by expert cryptographers and organizations such as NIST and IETF that define security standards to protect sensitive data—CRYLOGGER detects violations of these rules.

< <https://www.engineering.columbia.edu/press-releases/carloni-tool-detects-unsafe-apps> https://www.engineering.columbia.edu/press-releases/carloni-tool-detects-unsafe-apps>

< <https://sciencecodex.com/new-tool-detects-unsafe-security-practices-android-apps-660633> https://sciencecodex.com/new-tool-detects-unsafe-security-practices-android-apps-660633>

 

Internet mit nationalen Grenzen [Internet with national borders]

... Daniel Karrenberg, Chefwissenschaftler des RIPE NCC antwortete: "Ob sich das RIPE NCC an einem Pilotprojekt beteiligt, müssen die RIPE-Mitglieder entscheiden." Nicht glücklich sei man aber damit, dass SCION seine eigene Standardisierungsorganisation in Form einer Stiftung aufmachen will, kritisierte Karrenbergs Kollege Marco Hogewoning. Man habe sowohl in Richtung IETF als auch in Richtung International Telecommunication Union (ITU) die Fühler ausgestreckt, berichteten die SCION-Entwickler. Lieber wolle man das neue Internet aber doch in eigener Hand behalten.

< <https://www.heise.de/news/Internet-mit-nationalen-Grenzen-4946883.html> https://www.heise.de/news/Internet-mit-nationalen-Grenzen-4946883.html>

 

Crylogger: la herramienta que detecta el uso incorrectos de criptografía [Crylogger: the tool that detects incorrect use of cryptography]

... Cuando se le proporciona una lista de reglas que se deben seguir para la criptografía segura (pautas desarrolladas por criptógrafos expertos y organizaciones como NIST e IETF que definen estándares de seguridad para proteger datos confidenciales), Crylogger detecta violaciones de estas reglas.

< <https://aplicacionesandroid.es/crylogger-la-herramienta-para-saber-cuando-se-utiliza-la-criptografia-de-forma-incorrecta/> https://aplicacionesandroid.es/crylogger-la-herramienta-para-saber-cuando-se-utiliza-la-criptografia-de-forma-incorrecta/>

 

El mundo sin internet [The world without the internet]

... En la actualidad sería muy difícil que se caiga el Internet, pues los Backbone tienen alta redundancia, es decir, hay diferentes rutas de conexión entre diferentes Backbone para evitar problemas de conectividad. También sabemos que hay muchas organizaciones de respaldo: Comisión Global de Gobernanza de Internet; Organización Internacional de Normalización; Internet Architecture Board (IAB); Corporación de Internet para la Asignación de Nombres y Números (ICANN por sus siglas en inglés); Grupo de Trabajo de Ingeniería de Internet (IETF por sus siglas en inglés); Internet Research Task Force (IRTF; Grupos de operadores de redes de Internet (NOG); Internet Society(ISOC); Registros regionales de Internet (RIR por sus siglas en inglés); World Wide Web Consortium (W3C por sus siglas en inglés. Pero a pesar de ello deberíamos imaginar que todo puede suceder…

< <https://www.elsalvador.com/opinion/editoriales/internet/774775/2020/> https://www.elsalvador.com/opinion/editoriales/internet/774775/2020/>

 

¿Es segura tu app de Android? Esta herramienta te lo dice [Is your Android app secure? This tool tells you]

... Lo hace a partir de una lista desarrollada por criptógrafos expertos y organizaciones como el Instituto Nacional de Estándares y Tecnología de Estados Unidos (NIST) y la Internet Engineering Task Force (IETF), que definen estándares de seguridad para proteger datos confidenciales.

< <https://es.finance.yahoo.com/noticias/segura-tu-app-android-herramienta-183736893.html> https://es.finance.yahoo.com/noticias/segura-tu-app-android-herramienta-183736893.html>

 

Acklio déploie sa technologie standardisée dans les compteurs électriques intelligents [Acklio deploys its standardized technology in smart electricity meters]

... Avec Acklio, bienvenue dans le monde caché d’internet ! La start-up rennaise, fondée en 2016 par deux chercheurs de l’IMT Atlantique, Alexander Pelov et Laurent Toutain, travaille sur les technologies de l’Internet des objets. Après des années de recherche, elle invente une technologie qui permet de compresser les protocoles internet en les fragmentant, pour transporter des données sur les réseaux contraints de l’IoT (Internet des objets) comme Sigfox, LoRaWAN… Baptisée SCHC (prononcer "chic"), cette technologie a officiellement été reconnue en avril 2020 comme un standard par l’IETF (Internet Engineering Task Force, organisme international de standardisation des protocoles Internet). "SCHC est désormais un standard ouvert, qui va devenir la technologie utilisée mondialement par tous les objets connectés", explique Marianne Laurent, directrice marketing et communication d’Acklio.

< <https://www.lejournaldesentreprises.com/ille-et-vilaine/article/acklio-deploie-sa-technologie-standardisee-dans-les-compteurs-electriques-intelligents-642025> https://www.lejournaldesentreprises.com/ille-et-vilaine/article/acklio-deploie-sa-technologie-standardisee-dans-les-compteurs-electriques-intelligents-642025>

 

La lettre d’information XMPP d’octobre 2020 [The October 2020 XMPP newsletter]

... L’Internet Engineering Task Force (IETF) a déployé à l’essai une instance de service XMPP pour sa propre expérience opérationnelle, avec inscriptions locales, accès par des comptes invités et un client Web.

< <https://linuxfr.org/news/la-lettre-d-information-xmpp-d-octobre-2020> https://linuxfr.org/news/la-lettre-d-information-xmpp-d-octobre-2020>

 

Googlebot commence l’exploration avec le protocole HTTP / 2 [Googlebot begins exploration with HTTP / 2 protocol]

... Selon une page FAQ officielle de l’IETF sur Github:

< <https://news.chastin.com/googlebot-commence-lexploration-avec-le-protocole-http-2/> https://news.chastin.com/googlebot-commence-lexploration-avec-le-protocole-http-2/>

 

Jaki wpływ na bezpieczeństwo ma rosnąca popularność protokołu IPv6 [How the growing popularity of IPv6 affects security]

... Brak potrzeby translacji adresów wzmacnia bezpieczeństwo zmniejszając poziom anonimowości wynikający z modyfikacji adresów źródłowych w nagłówkach pakietów. Natywne protokoły routowania end-to-end ułatwiają analizę śledczą i mogą ułatwić kontrolę autentyczności połączeń, można przeczytać w dokumentach publikowanych przez organizację IETF (RFC 4864).

< <https://www.computerworld.pl/news/Jaki-wplyw-na-bezpieczenstwo-ma-rosnaca-popularnosc-protokolu-IPv6,423836.html> https://www.computerworld.pl/news/Jaki-wplyw-na-bezpieczenstwo-ma-rosnaca-popularnosc-protokolu-IPv6,423836.html>

 

Kinh nghiệm quốc tế về xây dựng tiêu chuẩn Thành phố thông minh [International experience in Smart City standards development]

... - Nhóm đặc nhiệm kỹ thuật Internet (IETF): xây dựng các về Internet đặc biệt tiêu chuẩn về IP có trên mạng cá nhân không dây công suất thấp (6LoWPAN) là tiêu chuẩn ở  lớp truyền thông trong TPTM;

< <http://vietq.vn/kinh-nghiem-quoc-te-ve-xay-dung-tieu-chuan-thanh-pho-thong-minh-d180664.html> http://vietq.vn/kinh-nghiem-quoc-te-ve-xay-dung-tieu-chuan-thanh-pho-thong-minh-d180664.html>

 

ETRI, 데이터 전송 용량 40Gbps급 네트워킹 기술 개발 [ETRI develops 40Gbps networking technology with data transfer capacity]

... 연구진은 인터넷국제표준화단체(IETF)에서 국제표준화가 진행 중인 뎃넷(DetNet)을 기반으로 이 기술을 개발했다. 

< <http://www.epnc.co.kr/news/articleView.html?idxno=108187> http://www.epnc.co.kr/news/articleView.html?idxno=108187>

 

ETRI, 세계 최초 40기가급 초저지연 특성 시간확정형 네트워크 검증 [ETRI, the world's first 40 gigabyte ultra-low latency time-determined network verification]

... 인터넷국제표준화단체(IETF)에서 뎃넷에 관한 국제표준화 작업이 진행 중인이다. ETRI는 2022년까지 전송 용량 성능을 100기가급으로 높일 계획이다. 현재 검증에 성공한 40기가는 데이터 전송 용량이 부족해 100기가급부터 본격 상용화가 예상된다. 

< <http://www.thelec.kr/news/articleView.html?idxno=8804> http://www.thelec.kr/news/articleView.html?idxno=8804>

< <https://news.g-enews.com/view.php?ud=2020111009123324671aef83fcde_1&ssk=2017011301560109486_1&md=20201110091449_R> https://news.g-enews.com/view.php?ud=2020111009123324671aef83fcde_1&ssk=2017011301560109486_1&md=20201110091449_R>

< <https://www.etnews.com/20201110000030> https://www.etnews.com/20201110000030>

 

지연시간 일정한 네트워크 실현…5G 융합 ‘청신호’ [Realize a network with constant latency... 5G convergence'green signal']

... 연구진은 인터넷국제표준화단체(IETF)에서 국제표준화가 진행 중인 뎃넷을 기반으로 본 기술을 개발, ‘초저지연’ 및 ‘무손실’ 보장 네트워킹 기술 분야에서 세계 최고 수준의 기술력을 보유하고 있음을 입증했다.

< <http://www.koit.co.kr/news/articleView.html?idxno=80111> http://www.koit.co.kr/news/articleView.html?idxno=80111>

 

2020 ICT 국제표준 마에스트로·국제표준화전문가 합동이슈 발표회 [2020 ICT International Standard Maestro International Standardization Expert Joint Issue Presentation]

... 일례로 IETF(인터넷분야 사실 표준화기구)에서 웹브라우저의 부하문제해결을 위한 HTTP 2.0, 3.0 표준화, TCP 개선의 한계를 극복하기 위한 UDP 기반 전송 프로토콜 표준화 추진 과정에서 구글 등 글로벌 빅테크 기업이 연구개발-구현-서비스 확산병행 추진함으로써 사실표준화의 생태계를 조속히 장악하는 방법 등이다. 

< <http://www.cctvnews.co.kr/news/articleView.html?idxno=213405> http://www.cctvnews.co.kr/news/articleView.html?idxno=213405>

 

모바일에지컴퓨팅, 5G 고도화 첨병으로 급부상 [Mobile edge computing is rapidly emerging as a leading 5G advancement]

... KT는 MEC 핵심 기술인 ‘이기종 네트워크 접속 관리 기술(MAMS)’ 관련 규약이 국제인터넷기술위원회(IETF)에서 표준으로 채택됐다.

< <http://www.koit.co.kr/news/articleView.html?idxno=80089> http://www.koit.co.kr/news/articleView.html?idxno=80089>

 

TTA, ICT 국제표준 마에스트로 합동발표회 개최 [TTA, ICT International Standard Maestro Joint Presentation]

... 이번 주요결과로, 글로벌 빅테크 기업들의 사실표준화주도권을 확보하는 사례가 공개됐다. 일례로 인터넷분야 사실 표준화기구(IETF)에서 웹브라우저의 부하문제해결을 위한 HTTP 2.0, 3.0 표준화, TCP 개선의 한계를 극복하기 위한 UDP 기반 전송 프로토콜 표준화 추진 과정에서 구글 등 글로벌 빅테크 기업이 연구개발-구현-서비스 확산병행 추진함으로써 사실표준화의 생태계를 조속히 장악하는 방법이 소개되었다. 또한 W3C(모바일 웹플랫폼 사실표준화기구)에서 HTML5표준화시 전문가지원, 실시간 표준 구현을 위한 Living Standard 제도 도입 등이 혁신적인 방안으로 소개됐다.  

< <http://www.it-b.co.kr/news/articleView.html?idxno=45134> http://www.it-b.co.kr/news/articleView.html?idxno=45134>

 

コロンビア大開発のオープンソースツール、Androidアプリのセキュリティリスクを検出 [Columbia University's open source tool detects security risks for Android apps]

... CRYLOGGERは、セキュリティ標準を定義するNISTやIETFなどによって定められたルールリストを持っており、分析によりこれらに反した設計を検出する。

< <https://www.excite.co.jp/news/article/Techable_141869/> https://www.excite.co.jp/news/article/Techable_141869/>

 

「RFC違反」アドレスのドコモメール、iOS14で送信不可に [DoCoMo mail with "RFC violation" address cannot be sent on iOS14]

... RFCは、インターネットの標準化団体IETF(The Internet Engineering Task Force)が発行している、技術仕様をまとめた文書。2009年ごろまでに作られた日本のキャリアメールのアドレスの一部はRFCに準拠していないと以前から指摘されており、トラブルの元になると批判されていた。

< <https://www.itmedia.co.jp/news/articles/2011/12/news103.html> https://www.itmedia.co.jp/news/articles/2011/12/news103.html>

 

腾讯开源国内首个H.266/VVC视频播放器 [Tencent open sourced the first domestic H.266/VVC video player]

... 此外,作为全球多媒体技术的领先者,腾讯多媒体实验室同时积极参与AOM、AVS、IETF、3GPP、IEEE等国际核心标准组织,腾讯多媒体实验室专家在各标准组织中担任重要职务。继腾讯于2019年十月以董事会成员身份正式加入AOM以来,腾讯多媒体实验室专家积极参与AV2编解码标准的制定。此外实验室还积极参与主导MPEG旗下多媒体系统相关标准制定,以及互联网标准组织IETF旗下多媒体相关标准制定,目前已成功立项两个标准。

< <https://news.tom.com/202011/4892201731.html> https://news.tom.com/202011/4892201731.html>

 

**********************

SECURITY & PRIVACY

**********************

New Features in MANRS Observatory: More Informative, Intuitive, and Easy to Use

In August 2019, the Internet Society supported the Mutually Agreed Norms for Routing Security (MANRS) initiative by creating a platform to visualize its members’ routing security data from around the globe. The MANRS Observatory’s interactive dashboard allows networks to check their progress in improving their routing security.

< <https://www.internetsociety.org/blog/2020/11/new-features-in-manrs-observatory-more-informative-intuitive-and-easy-to-use/> https://www.internetsociety.org/blog/2020/11/new-features-in-manrs-observatory-more-informative-intuitive-and-easy-to-use/>

 

2020 Phishing and Fraud Report

Executive Summary: ... This year’s Phishing and Fraud report examines five years’ worth of phishing incidents from the F5 Security Operations Center (SOC), and deep dives into active and confirmed phishing sites supplied by OpenText’s Webroot® BrightCloud® Intelligence Services, and analyzes dark web market data from Vigilante. Together, these build a complete and consistent picture of the world of phishing.

< <https://www.f5.com/labs/articles/threat-intelligence/2020-phishing-and-fraud-report> https://www.f5.com/labs/articles/threat-intelligence/2020-phishing-and-fraud-report>

 

DNS cache poisoning, the Internet attack from 2008, is back from the dead

In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the DNS that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario.

< <https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/> https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/>

 

DNS cache poisoning poised for a comeback: Sad DNS

Researchers at UC Riverside have discovered a new way to revitalize old Domain Name System servers cache poisoning attacks: Sad DNS. This is nasty, bad security news.

< <https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/> https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/>

 

DNS cache poisoning ready for a comeback

A group led by UC Riverside computer security researchers unveiled discovery of a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks this week at the 2020 ACM SIGSAC Conference on Computer and Communications Security. The attack succeeds by derandomizing the source port and works on all layers of caches in the DNS infrastructure, such as forwarders and resolvers.

< <https://news.ucr.edu/articles/2020/11/11/dns-cache-poisoning-ready-comeback> https://news.ucr.edu/articles/2020/11/11/dns-cache-poisoning-ready-comeback>

 

European Rail: Report unveils challenges and stresses the need for investment in cybersecurity

Today, the European Union Agency for Cybersecurity (ENISA) is releasing its Cybersecurity in Railways report at the joint ENISA and European Union Agency for Railways (ERA) webinar to bring awareness to the most pressing cybersecurity challenges facing Europe’s rail sector.

< <https://www.enisa.europa.eu/news/enisa-news/railway-cybersecurity> https://www.enisa.europa.eu/news/enisa-news/railway-cybersecurity>

 

Information Technology Structure and Leadership for Emergency Response

The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Information Technology Service Unit Leader (ITSL) position and course in 2018 with the purpose of providing information management, cybersecurity, and application management for incident planning and response. In 2019, three regional leaders from the State of North Carolina attended the first ITSL course held in Charlotte, NC. Having deployed to multiple callouts during their tenure on the team, they have seen first-hand the impact of natural and man-made incidents on information systems infrastructure critical for governments and public safety to operate.

< <https://www.cisa.gov/blog/2020/11/09/information-technology-structure-and-leadership-emergency-response> https://www.cisa.gov/blog/2020/11/09/information-technology-structure-and-leadership-emergency-response>

 

Cybersecurity in a Post-COVID-19 World

As we battle our way through the COVID-19 fallout, some have started to think about what the cybersecurity world will be like when we emerge from this current situation. Budgets across an organization are likely to shrink as businesses recover from the COVID-19 fallout. Cybersecurity will not be immune to this. As a result, CISOs will need to adjust and be prepared to ‘do more with less’. This poses different challenges to CISOs.

< <https://www.rsaconference.com/industry-topics/blog/cybersecurity-in-a-post-covid-19-world> https://www.rsaconference.com/industry-topics/blog/cybersecurity-in-a-post-covid-19-world>

 

Ransomware Group Turns to Facebook Ads

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

< <https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/> https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/>

 

What You Need to Know About Ransomware

Ransomware is a type of malicious software, or malware, that blocks access to a system, device, or file until a ransom is paid. It is an illegal, moneymaking scheme that can be installed through deceptive links in an email message, instant message, or website.

< <https://www.cisecurity.org/newsletter/what-you-need-to-know-about-ransomware/> https://www.cisecurity.org/newsletter/what-you-need-to-know-about-ransomware/>

 

Chrome entfernt Server Push für HTTP-Verbindungen [Chrome Removes Server Push for HTTP Connections]

Die Server-Push-Technik von HTTP/2 und HTTP/3 ist lange als Vorteil gepriesen worden, genutzt wird das aber kaum. Nun steht das Ende bevor.

< <https://www.golem.de/news/quic-chrome-entfernt-server-push-fuer-http-verbindungen-2011-152064.html> https://www.golem.de/news/quic-chrome-entfernt-server-push-fuer-http-verbindungen-2011-152064.html>

 

**********************

INTERNET OF THINGS

**********************

How IoT insecurity impacts global organizations

As the Internet of Things becomes more and more part of our lives, the security of these devices is imperative, especially because attackers have wasted no time and are continuously targeting them.

< <https://www.helpnetsecurity.com/2020/11/13/iot-insecurity/> https://www.helpnetsecurity.com/2020/11/13/iot-insecurity/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

G20: Call to action on international standards

Organizers of the Riyadh International Standards Summit held on 4 November 2020 issued a call to action for the recognition, support and adoption of international standards. This is the first ever summit on standardization held within G20-related activities.

< <https://news.itu.int/g20-call-to-action-on-international-standards/> https://news.itu.int/g20-call-to-action-on-international-standards/>

 

AI and Governance Frameworks

Artificial intelligence (AI) is a general-purpose technology. Many people have relied on historical analogies to explain what that means; for example, they might compare AI to electricity. And whether or not it’s the next electricity — in fact, some suggest it’s more akin to something like a natural disaster, an earthquake or a fire, which can’t be controlled — others think that the ability to turning AI on or off is important for governance going forward.

< <https://www.cigionline.org/multimedia/ai-and-governance-frameworks> https://www.cigionline.org/multimedia/ai-and-governance-frameworks>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home