[Newsclips] IETF SYN-ACK Newspack 2020-08-31

David Goldstein <david@goldsteinreport.com> Mon, 31 August 2020 05:10 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6854B3A0EC3 for <newsclips@ietfa.amsl.com>; Sun, 30 Aug 2020 22:10:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.627
X-Spam-Level:
X-Spam-Status: No, score=-1.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, LOTS_OF_MONEY=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vKSSDUcvFvhS for <newsclips@ietfa.amsl.com>; Sun, 30 Aug 2020 22:10:43 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 462583A0ED1 for <newsclips@ietf.org>; Sun, 30 Aug 2020 22:10:43 -0700 (PDT)
Received: from DavidDesktop2019 (unknown [101.180.91.88]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id 5C618280E7A for <newsclips@ietf.org>; Mon, 31 Aug 2020 01:10:39 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 101.180.91.88) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 31 Aug 2020 15:10:39 +1000
Organization: Goldstein Report
Message-ID: <000201d67f55$13106e80$39314b80$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01D67FA8.E4BC7E80"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdZ/VQypm9l6tV2KQIief2tjJRL9bg==
Content-Language: en-au
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/GivdZUEn2LSMUQckEo2HDJgpvj8>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-08-31
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 05:10:47 -0000

**********************

IETF IN THE NEWS

**********************

Opinion: The making of an RFC in today’s IETF by Geoff Huston

I’m a co-author (or is that ‘co-editor’ in today’s politically correct environment?) of an Internet Draft that is closing in for publication as a Requests for Comment (RFC).

< <https://www.potaroo.net/ispcol/2020-08/ietfstd.html> https://www.potaroo.net/ispcol/2020-08/ietfstd.html>

< <https://blog.apnic.net/2020/08/25/opinion-the-making-of-an-rfc-in-todays-ietf/> https://blog.apnic.net/2020/08/25/opinion-the-making-of-an-rfc-in-todays-ietf/>

 

Internet standardized for end-users

The Internet Architecture Board (IAB) has published the RFC 8890 standard document entitled “The Internet is for End Users.” ... In the document, IAB argues to the Internet Engineering Task Force (IETF) — which in turn, is responsible for the technical standards — to consider the needs and interests of the internet users in the future.

< <https://techlog360.com/internet-standardized-for-end-users/> https://techlog360.com/internet-standardized-for-end-users/>

 

RFC 8890 on The Internet is for End Users

Abstract: This document explains why the IAB believes that, when there is a conflict between the interests of end users of the Internet and other parties, IETF decisions should favor end users. It also explores how the IETF can more effectively achieve this.

< <https://www.iab.org/2020/08/28/rfc-8890-on-the-internet-is-for-end-users/> https://www.iab.org/2020/08/28/rfc-8890-on-the-internet-is-for-end-users/>

 

Thycotic shifts the language used in products and materials to promote inclusivity

... The IETF published a memo in 2018 acknowledging and outlining the problem and offering specific alternatives to both master/slave and blacklist/whitelist terminology.

< <https://securityboulevard.com/2020/08/thycotic-shifts-the-language-used-in-products-and-materials-to-promote-inclusivity/> https://securityboulevard.com/2020/08/thycotic-shifts-the-language-used-in-products-and-materials-to-promote-inclusivity/>

 

How to prepare your organisation for the quantum computing era [registration]

Within the next few years a quantum computer will crack encryption. This once in a generation event will, in a single moment, render the entire world’s data vulnerable to theft and exploitation. While every cyber security team must deal with everyday threats, quantum computers are the ‘mega-threat’ to which their attention must now turn.

< <https://www.teiss.co.uk/how-to-prepare-your-organisation-for-the-quantum-computing-era/> https://www.teiss.co.uk/how-to-prepare-your-organisation-for-the-quantum-computing-era/>

 

How IT Departments Really View Networked AV: Part II

... The migration of video within the pro AV industry to IP is being promoted by AIMS (The Alliance for IP Media Solutions). They have created a working group whose efforts will be based on evaluating and recommending existing standards and specifications from AES (Audio Engineering Society), AWMA (Advanced Workflow Media Association), VSF, SMPTE, IEEE, and IETF (Internet Engineering Task Force). This is a mix of standards that have traditionally come from both the broadcast and IT industries.

< <https://www.avnetwork.com/features/how-it-departments-really-view-networked-av-part-ii> https://www.avnetwork.com/features/how-it-departments-really-view-networked-av-part-ii>

 

Internet für End-Nutzer standardisiert [Internet standardised for end users]

Die technische Spezifikation von Internet-Protokollen hat direkte Auswirkungen auf Nutzer. Mit einem neuen Standard soll die IETF das stärker berücksichtigen.

< <https://www.golem.de/news/rfc-standard-internet-fuer-end-nutzer-standardisiert-2008-150551.html> https://www.golem.de/news/rfc-standard-internet-fuer-end-nutzer-standardisiert-2008-150551.html>

 

TENDENCIAS | Normas de etiqueta para mejores videollamadas [TENDENCIES | Etiquette rules for best video calls]

... Así, en 1995, a través de un documento titulado “RFC 1855: directrices de la netiqueta”, y que fue publicado por el Grupo de Trabajo de Ingeniería de Internet (IETF), se establecieron las primeras recomendaciones al respecto. Desde entonces, el tiempo ha pasado y las tecnologías de comunicación han evolucionado.

< <https://elcomercio.pe/tecnologia/actualidad/tendencias-videoconferencias-zoom-teams-meet-normas-de-etiqueta-para-mejores-videollamadas-noticia/> https://elcomercio.pe/tecnologia/actualidad/tendencias-videoconferencias-zoom-teams-meet-normas-de-etiqueta-para-mejores-videollamadas-noticia/>

 

Microsoft bereitet Windows Server LTSC vor [Microsoft Prepares Windows Server LTSC]

... MsQuic – eine Open-Source-Implementierung des IETF-QUIC-Transportprotokolls ermöglicht sowohl HTTP/3-Webverarbeitung als auch SMB-Dateiübertragungen.

< <https://www.zdnet.de/88382351/microsoft-bereitet-windows-server-ltsc-vor/> https://www.zdnet.de/88382351/microsoft-bereitet-windows-server-ltsc-vor/>

 

Was ist IPv6, und warum sind wir noch nicht so weit? [What is IPv6, and why aren't we ready yet?]

... Glücklicherweise hat die Internet Engineering Task Force (IETF) dies bereits vor 20 Jahren erkannt. Im Jahr 1998 schuf sie IPv6, das stattdessen 128-Bit-Adressen verwendet, um etwa 340 Billionen Billionen (oder 2 hoch 128, wenn Sie so wollen) Geräte zu unterstützen. Anstelle der IPv4-Adressierungsmethode mit vier Sätzen von ein- bis dreistelligen Zahlen verwendet IPv6 acht Gruppen von vier hexadezimalen Ziffern, die durch Doppelpunkte getrennt sind.

< <https://computerwelt.at/knowhow/was-ist-ipv6-und-warum-sind-wir-noch-nicht-so-weit/> https://computerwelt.at/knowhow/was-ist-ipv6-und-warum-sind-wir-noch-nicht-so-weit/>

 

IPv4 e IPv6: saiba o que muda [IPv4 and IPv6: Learn what changes]

... Criado pela IETF (acrônimo de Internet Engineering Task Force ou Força-Tarefa de Engenharia da Internet) em setembro de 1981, o IPv4 tem uma capacidade de conectar, ao mesmo tempo, aproximadamente 4,29 bilhões de dispositivos diretamente à internet.

< <https://tecnoblog.net/361956/ipv4-e-ipv6-saiba-o-que-muda/> https://tecnoblog.net/361956/ipv4-e-ipv6-saiba-o-que-muda/>

 

金融庁の氷見野長官、ビットコイン発明者の「夢」への再考を促す [Financial Services Agency chief Himino urges Bitcoin inventor's "dream" to be re-thought out]

... ビットコインに代表される分散型のシステムでは、分散型に合ったガバナンスが必要だと金融庁は考えている。規制機関によるトップダウンアプローチは有効ではなく、関係者全員が顔を合わせて話し合う「マルチステークホルダー」のアプローチが求められる。この考え方は、インターネット技術を推進する団体IETF(Internet Engineering Task Force)の技術ガバナンスなどを参考にしている。 

< <https://internet.watch.impress.co.jp/docs/event/1273663.html> https://internet.watch.impress.co.jp/docs/event/1273663.html>

 

中国首个下一代互联网创新园开园 致力于IPv6研发创新 [China's first next-generation Internet Innovation Park is dedicated to IPv6 research and development innovation.]

... IPv6是英文“Internet Protocol Version 6”(互联网协议第6版)的缩写,是国际互联网技术和标准组织IETF推出的用于替代IPv4的下一代互联网协议标准。

< <http://www.bj.chinanews.com/news/2020/0829/78723.html> http://www.bj.chinanews.com/news/2020/0829/78723.html>

 

全球根域名管理机构主席澄清关于根服务器若干传言 [The President of the Global Root Domain Name Management Agency clarified a number of rumours about the root server.]

... 1983年,IETF的RFC 882和RFC 883两个文档对互联网域名系统DNS进行了描述与定义。1984-1985年,早期根域名系统于美国建成,该系统由四台服务器组成,它们分别使用四个独立的IP地址。此后,随着互联网的发展,根服务器的数量经历了多次增加。1987年,新增三台服务器,1991年新增一台,1993年又增加一台,1998年再增四台。至此,根服务器系统增加至13台,并各自拥有1个IP地址。

< <https://www.edu.cn/xxh/yc/202008/t20200826_1919614.shtml> https://www.edu.cn/xxh/yc/202008/t20200826_1919614.shtml>

 

丁健:新基建和数字化转型 都必须先面对标准化的问题 [Ding Jian: New infrastructure and digital transformation must first face the problem of standardisation.]

... 丁健谈到,互联网在出现之前用了十几年的时间做标准、讨论标准,他在1992年、1993年加入IETF,讨论整个互联网的标准,所以知道每一个标准形成的过程。今天数字传递很容易的背后,都是因为当年有一群人写了一个标准,才能互联网可以进行中文传输。

< <https://finance.sina.com.cn/hy/hyjz/2020-08-29/doc-iivhuipp1380783.shtml> https://finance.sina.com.cn/hy/hyjz/2020-08-29/doc-iivhuipp1380783.shtml>

< <https://news.sina.com.tw/article/20200829/36187238.html> https://news.sina.com.tw/article/20200829/36187238.html>

 

“IPv6+”构建全场景的智能联接 支撑数字化未来 ["IPv6 Plus" builds intelligent connections across the scene to support the digital future.]

... “IPv6+的使命包括三个方面:基于IP可达性的高效跨域联接与业务部署;基于IPv6扩展头等机制支持更多种类的封装,满足新业务的需求;基于IPv6实现IP网络与应用的融合,提升网络价值。”来自IETF互联网架构委员会(IAB)的成员李振斌表示,“令人欣喜的是,近年来IPv6+创新和标准化稳步有序展开,取得了长足的进步,特别是SRv6的所有基础特性的草案都已经被IETF工作组接纳,SRH的RFC也已经正式发布,同时SRv6实现了规模化部署,满足5G和云时代新需求。”

< <http://finance.eastmoney.com/a/202008291613245857.html> http://finance.eastmoney.com/a/202008291613245857.html>

 

丁健:未来智能产业生态的三个核心要素 [Ding Jian: Three core elements of the future intelligent industry ecology.]

... 我觉得我们要真正的去说,通过产业政策法规、通过基础设施、通过各种各样的配套激励政策,这些大家都知道。但我觉得我们没有做,我们不要总是去鼓励我们的企业竞争、竞争、竞争。市场化重要,但是在竞争的同时,在模块化和标准化时代,你一定要合作、一定要联盟。我们当年在1995年回来之前,从1988年开始参与到IETF美国互联网的标准,标准里有一句非常著名的口号叫大概的共识就行了,谁把软件写出来,我们大家就用它的标准了,你把它贡献出来就好了。于是,互联网上全部都是用开源软件起来的。所以如何推动?如何鼓励创新?先行先试。另外非常重要的,在一个合作的时代、开源的时代,法制、知识产权的保护、契约精神,这就是我们企业要做的。

< <https://finance.sina.com.cn/hy/hyjz/2020-08-30/doc-iivhuipp1506510.shtml> https://finance.sina.com.cn/hy/hyjz/2020-08-30/doc-iivhuipp1506510.shtml>

 

**********************

INTERNET OF THINGS

**********************

ca: Privacy guidance for manufacturers of Internet of Things devices

As a manufacturer of Internet of Things (IoT) devices, you are responsible for the personal information under your control and have obligations under Canadian privacy legislation to implement effective privacy protection.

< <https://www.priv.gc.ca/en/privacy-topics/technology/gd_iot_man/> https://www.priv.gc.ca/en/privacy-topics/technology/gd_iot_man/>

 

PODCAST: Air Canada Cargo Talks ULDs and Internet of Things

On this episode of the Connected Aircraft Podcast, we feature a presentation given by Tomal Sohorab, Manager of Cargo solutions, Air Canada Cargo during the first installment of the Global Connected Aircraft Cabin Chats web series that occurred in June.

< <https://www.aviationtoday.com/2020/08/30/podcast-air-canada-cargo-talks-ulds-internet-things/> https://www.aviationtoday.com/2020/08/30/podcast-air-canada-cargo-talks-ulds-internet-things/>

 

TOMRA Recycling publishes new Ebook unveiling the potential of connected machines

Connected machines and cloud-based data storage is transforming how businesses collect, access and analyze data. The recycling industry is at the advent of discovering the power of data reported by connected optical sorting equipment. This capability is ushering in a new era of data-driven process optimization suggests the new eBook, “Digitalization – Connect to Enhance Productivity in the Recycling Industry,” from the global leader in sensor-based sorting, TOMRA Sorting Recycling.

< <https://waste-management-world.com/a/tomra-recycling-publishes-new-ebook-unveiling-the-potential-of-connected-machines> https://waste-management-world.com/a/tomra-recycling-publishes-new-ebook-unveiling-the-potential-of-connected-machines>

 

Internet of Things adoption in India still at niche stage: Deloitte report

< <https://economictimes.indiatimes.com/tech/ites/internet-of-things-adoption-in-india-still-at-niche-stage-deloitte-report/articleshow/77833140.cms> https://economictimes.indiatimes.com/tech/ites/internet-of-things-adoption-in-india-still-at-niche-stage-deloitte-report/articleshow/77833140.cms>

 

**********************

SECURITY & PRIVACY

**********************

Google’s new web standard could disable your ad-blocker

A new web specification tabled by Google could have serious ramifications for the privacy of internet users and the transparency of the web, a researcher has warned.

< <https://www.techradar.com/au/news/googles-new-web-standard-could-disable-your-ad-blocker> https://www.techradar.com/au/news/googles-new-web-standard-could-disable-your-ad-blocker>

 

Hacking Cyber Space

Today satellites provide basic communications—from personal phone calls to televised events. So it's not too surprising that hackers are turning their attention toward this "Final Frontier." Talks and events at Black Hat USA 2020 and DEF CON 28 held earlier this month highlight the urgent need to secure basic satellite systems. ... To achieve that privacy goal, Pavur and a team of fellow academics announced a new tool that encrypts communications signals by default. QPEP stands for QUIC (a protocol) Performance Enhancing Proxies (PEPs). It is a UDP-based alternative to what's used today.

< <https://www.forbes.com/sites/robertvamosi/2020/08/27/hacking-cyber-space/> https://www.forbes.com/sites/robertvamosi/2020/08/27/hacking-cyber-space/>

 

15 Stealthy Cyberthreats You Need To Watch Out For

Consumers and businesses alike are becoming increasingly concerned with cybersecurity. From hacking to phishing to data breaches, major cyberthreats get plenty of attention, allowing people to become more informed on these issues. However, some lesser-known methods of cyberattack continue to fly under the radar.

< <https://www.forbes.com/sites/forbestechcouncil/2020/08/25/15-stealthy-cyberthreats-you-need-to-watch-out-for/> https://www.forbes.com/sites/forbestechcouncil/2020/08/25/15-stealthy-cyberthreats-you-need-to-watch-out-for/>

 

CISA Warns of Vulnerabilities in Popular Domain Name System Software 

The Cybersecurity and Infrastructure Security Agency highlighted software vulnerabilities in the Berkeley Internet Name Domain and urged administrators to patch the widely used open source system.

< <https://www.nextgov.com/cybersecurity/2020/08/cisa-warns-vulnerabilities-popular-domain-name-system-software/167935/> https://www.nextgov.com/cybersecurity/2020/08/cisa-warns-vulnerabilities-popular-domain-name-system-software/167935/>

 

CISA Releases 5G Strategy for Secure and Resilient Critical Infrastructure

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its strategy to ensure the security and resilience of fifth generation (5G) technology in our nation.

< <https://www.cisa.gov/news/2020/08/24/cisa-releases-5g-strategy-secure-and-resilient-critical-infrastructure> https://www.cisa.gov/news/2020/08/24/cisa-releases-5g-strategy-secure-and-resilient-critical-infrastructure>

 

Call for Participation – ICANN 69 DNSSEC and Security Workshop, October 2020

If you are interested in presenting at the ICANN 69 DNSSEC and Security Workshop during the week of 17-22 October 2020, please send a brief (1-2 sentence) description of your proposed presentation to dnssec-hamburg@isoc.org by 27 August 2020. We are open to a wide range of topics related to DNS, DNSSEC, DANE, routing security, and more. There are some ideas in the Call for Participation below, but other ideas are definitely welcome, too!

< <http://www.circleid.com/posts/20200825-call-for-participation-icann-69-dnssec-and-security-workshop/> http://www.circleid.com/posts/20200825-call-for-participation-icann-69-dnssec-and-security-workshop/>

 

Cybersecurity Community Concerned About Misinformation

Cybersecurity professionals want stricter measures to tackle the rising amount of online misinformation and fake domains, according to new research by the Neustar International Security Council (NISC).

< <https://www.infosecurity-magazine.com/news/us-concerned-about-misinformation/> https://www.infosecurity-magazine.com/news/us-concerned-about-misinformation/>

 

Fears around bot traffic and bot-powered DDoS attacks persist

Thanks to the proliferation of the Internet of Things, the ability for bots to cause havoc at a global level has increased significantly. IoT devices are susceptible to becoming part of a malicious botnet, and it’s possible for hackers to weaponise IoT devices to launch powerful DDoS attacks. As more devices are connected to the Internet, these types of attack pose an increased risk to not only the defences of an enterprise but also to a whole nation.

< <https://www.information-age.com/bott-traffic-ddod-123479379/> https://www.information-age.com/bott-traffic-ddod-123479379/>

 

APWG Q2 Report: Cybercrime Gangs Attempting and Achieving Heists of Ever Greater Scale

The APWG’s new Phishing Activity Trends Report for Q2 2020 details how companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing. The organizations perfecting these criminal enterprises now include a sophisticated Russian cyber-gang, in addition to the West African scammers who have traditionally perpetrated BEC attacks.

< <https://finance.yahoo.com/news/apwg-q2-report-cybercrime-gangs-183400785.html> https://finance.yahoo.com/news/apwg-q2-report-cybercrime-gangs-183400785.html>

 

APWG Phishing Activity Trends Reports ... Summary – 2nd Quarter 2020

The average wire transfer loss from Business Email Compromise (BEC) attacks is increasing: The average wire transfer attempt in the second quarter of 2020 was $80,183, up notably from $54,000 in the first quarter. A Russian BEC operation has been targeting companies for an average of $1.27 million.

< <https://apwg.org/trendsreports/> https://apwg.org/trendsreports/

 

The State of Routing Security at DNS Registries

The DNS is an important component of the Internet, but it was not designed with security in mind. In the last 20 years or so, much attention has been directed at improving its inherently insecure aspects.

< <https://www.internetsociety.org/blog/2020/08/the-state-of-routing-security-at-dns-registries/> https://www.internetsociety.org/blog/2020/08/the-state-of-routing-security-at-dns-registries/>

 

Limiting the power of RPKI authorities

In the beginning, Internet infrastructure was not originally designed with security in mind. Luckily, this mindset has changed over the years, mainly due to the growing number of attacks, and has prompted the design of security measures such as DNSSEC and Resource Public Key Infrastructure (RPKI).

< <https://blog.apnic.net/2020/08/27/limiting-the-power-of-rpki-authorities/> https://blog.apnic.net/2020/08/27/limiting-the-power-of-rpki-authorities/>

 

DNS Security Without Airport Security by Joe Abley, Chief Technology Officer, PIR

It’s a sunny Friday afternoon in Amsterdam. A gentle breeze is rustling the curtains and I can hear children playing at the school round the corner, interrupted by the noise of the occasional defiant scooter. I’m assisting Phil Regnauld, at home in Copenhagen, and Antonio Lobo, who has woken up at 2am to help from his sofa in Colombia. Some of our colleagues from ICANN have joined us from Brisbane and Cotonou. Together we have spent the week teaching a technical workshop on the subject of DNS Security (DNSSEC), coordinated by the Kenya Network Information Centre. The workshop participants are in Nairobi.

< <https://thenew.org/dns-security-without-airport-security/> https://thenew.org/dns-security-without-airport-security/>

 

Security, Intelligence and the Global Health Crisis

The impact of COVID-19 both globally and in Canada has raised important questions about best practices with regard to global and domestic health surveillance, early warning and preparedness. Critical to an understanding of these issues is a clear-sighted appreciation of the interface between health security and national security. As the world embarks on an intense effort to explain the onset of the pandemic and to learn lessons from the global response, it will be vital to develop and sustain a public policy debate about the role of security and intelligence institutions in protecting societies against pandemic outbreaks. This essay series — designed to bridge academic and practitioner knowledge — aims to make a high-impact contribution to that debate.

< <https://www.cigionline.org/security-intelligence-and-global-health-crisis> https://www.cigionline.org/security-intelligence-and-global-health-crisis>

 

RSA Conference Launches 2021 Call for Speakers

So far, 2020 has been a year of many changes, and our announcement that RSA Conference 2021 USA has been moved from February to May resulted in a few ripples. Naturally, our Call for Speakers time frame has also shifted, but we are thrilled to announce that the time has arrived for you to share your ideas for consideration. The RSAC 2021 Call for Speakers launches on August 25 and closes on September 18.

< <https://www.rsaconference.com/industry-topics/blog/rsa-conference-launches-2021-call-for-speakers> https://www.rsaconference.com/industry-topics/blog/rsa-conference-launches-2021-call-for-speakers>

 

CISA, Treasury, FBI and USCYBERCOM Release Cyber Alert on Latest North Korea Bank Robbing Scheme

The Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (USCYBERCOM) are issuing a joint technical alert about an ongoing automated teller machine (ATM) cash-out scheme by North Korean government cyber actors – referred to by the U.S. government as “FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks.”

< <https://www.cisa.gov/news/2020/08/26/cisa-treasury-fbi-and-uscybercom-release-cyber-alert-latest-north-korea-bank> https://www.cisa.gov/news/2020/08/26/cisa-treasury-fbi-and-uscybercom-release-cyber-alert-latest-north-korea-bank>

 

**********************

TLS

**********************

Embedded security: wolfSSL can be abused to impersonate TLS 1.3 servers and manipulate communications

A security flaw in wolfSSL, the popular SSL/TLS library designed for embedded, RTOS, and IoT environments, leaves networks at risk of manipulator-in-the-middle (MitM) attacks. ... According to Doussot, the problem centers on the fact that wolfSSL “does not strictly enforce the TLS 1.3 client state machine”, as set out in the IETF’s summary of the legal state transitions for the TLS 1.3 client handshake.

< <https://portswigger.net/daily-swig/embedded-security-wolfssl-can-be-abused-to-impersonate-tls-1-3-servers-and-manipulate-communications> https://portswigger.net/daily-swig/embedded-security-wolfssl-can-be-abused-to-impersonate-tls-1-3-servers-and-manipulate-communications>

 

Microsoft to remove insecure TLS support on its Linux Software Repository

Microsoft is discontinuing support for the insecure TLS 1.0 and TLS 1.1 protocols on its Linux Software Repository starting with September 24, 2020.

< <https://www.bleepingcomputer.com/news/security/microsoft-to-remove-insecure-tls-support-on-its-linux-software-repository/> https://www.bleepingcomputer.com/news/security/microsoft-to-remove-insecure-tls-support-on-its-linux-software-repository/>

 

September ushers in halved TLS cert lifespans

>From September 1, X.509 Transport Layer Security (TLS) digital certificates with a validity period of more than 13 months or 398 days will no longer be issued.

< <https://www.itnews.com.au/news/september-ushers-in-halved-tls-cert-lifespans-552619> https://www.itnews.com.au/news/september-ushers-in-halved-tls-cert-lifespans-552619>

 

TLS and VPN Flaws Offer Most Pen Tester Access

Vulnerabilities in transport layer security and exposure to a 10-year-old botnet are the most common findings from penetration testing engagements.

< <https://www.infosecurity-magazine.com/news/tls-vpn-flaws-tester/> https://www.infosecurity-magazine.com/news/tls-vpn-flaws-tester/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

5G Drives the Distributed Edge Featured

After years of anticipation, 2019 saw some of the first rollouts of 5G, with deployments growing significantly this year and continuing to increase in 2021. At the same time, according to the Linux Foundation’s State of the Edge 2020 report, by 2028, edge infrastructure will have a power footprint of 102,000 MW, and over $700 billion in cumulative CAPEX would have been spent within the next decade on edge IT infrastructure and data center facilities.

< <https://www.thefastmode.com/expert-opinion/17835-5g-drives-the-distributed-edge> https://www.thefastmode.com/expert-opinion/17835-5g-drives-the-distributed-edge>

 

Are you ready for 6G revolution?

Amid a 5G rollout that has faced its fair share of challenges, it might seem somewhat premature to start looking ahead at 6G, the next generation of mobile communications. But 6G development is happening now, and it's being pursued in earnest by both industry and academia.

< <https://www.khaleejtimes.com/business-and-technology-review/are-you-ready-for-6g-revolution> https://www.khaleejtimes.com/business-and-technology-review/are-you-ready-for-6g-revolution>

 

State project launched to protect Korea’s 5G network with an extra security system

To complete 5G wireless network proliferating fast in South Korea, state-run Electronics and Telecommunications Research Institute (ETRI) will come up with extra security system. ... The existing 4G network provides internet services through a centralized core network, which means security management is relatively simple, but 5G is vulnerable to elevated security threats partly because of its connection to a huge number of connected devices including the internet of things (IoT), through which adversaries can attack.

< <https://pulsenews.co.kr/view.php?sc=30800019&year=2020&no=853161> https://pulsenews.co.kr/view.php?sc=30800019&year=2020&no=853161>

 

Microsoft releases Windows Server Insider Preview build 20201 with new features

Earlier today, Microsoft released Windows 10 Insider Preview build 20201 to the Dev channel. As usual, that comes alongside a bunch of other releases, such as a new SDK and a new Windows Server build. What's different about today's Windows Server build, however, is that Microsoft actually published a blog post detailing what's new. ... CoreNet: Data Path and Transports: MsQuic – an open source implementation of the IETF QUIC transport protocol powers both HTTP/3 web processing and SMB file transfers.

< <https://www.neowin.net/news/microsoft-releases-windows-server-insider-preview-build-20201-with-new-features> https://www.neowin.net/news/microsoft-releases-windows-server-insider-preview-build-20201-with-new-features>

 

Paul Mockapetris receives Software System Award

The Association for Computing Machinery (ACM) named Paul Mockapetris recipient of the 2019 ACM Software System Award for the development of the DNS. DNS provides the worldwide distributed directory service that’s an essential component of the functionality of the global internet.

< <https://viterbischool.usc.edu/news/2020/08/paul-mockapetris-receives-software-system-award/> https://viterbischool.usc.edu/news/2020/08/paul-mockapetris-receives-software-system-award/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home