[Newsclips] IETF SYN-ACK Newspack 2020-07-27

[David Goldstein <david@goldsteinreport.com>]

**********************

IETF IN THE NEWS

**********************

Improving subtitling in live IP-production

... RFC 8795: For the second part of the solution, mapping Timed Text directly into RTP, a solution is available too. Earlier this year the IETF ratified RFC 8759 "RTP Payload for Timed Text Markup Language (TTML)".

<https://tech.ebu.ch/news/2020/07/open-source-projects-bring-subtitling-to-live-ip-production>

 

What is semantic interoperability in IoT and why is it important?

... At Ericsson, we believe strongly in interoperability as a key enabler for unlocking the real value of IoT. In 2016, we hosted the IETF IAB workshop on Semantic Interoperability for IoT. The following year, we organized the first Internet Research Task Force (IRTF) Thing-to-Thing Research Group (T2TRG) Workshop on IoT Semantic/Hypermedia Interoperability (WISHI). The work has continued in the WISHI activity of the T2TRG. As a highlight, there have been several interoperability topics, such as LwM2M, IPSO, CoRAL, Web of Things (WoT) and One Data Model (OneDM), covered during the IETF hackathons that have followed.

<https://www.ericsson.com/en/blog/2020/7/semantic-interoperability-in-iot>

 

Defining CRLs: What Is a Certificate Revocation List?

... But it’s more than that. The more technical answer from the Internet Engineering Task Force’s (IETF) RFC 5280 describes a CRL as a time-stamped and signed data structure that a certificate authority (CA) or CRL issuer periodically issues to communicate the revocation status of affected digital certificates. Depending on the provider, certificate revocation lists are offered hourly, daily, or weekly.

<https://securityboulevard.com/2020/07/crl-explained-what-is-a-certificate-revocation-list/>

 

united-domains engagiert sich in Internet-Gremien [united-domains is involved in Internet bodies]

united-domains ist seit vielen Jahren ein engagiertes Mitglied der Internet-Community und gestaltete über viele Gremien die Entwicklung des Internets mit: Im Steering Committee des eco Verbands für Names & Numbers, im technischen Beirat der deutschen Vergabestelle DENIC, im Registrar Beirat der europäischen Vergabestelle EURid, in der IETF und der ICANN.

<https://blog.united-domains.de/2020/07/united-domains-engagiert-sich-in-internet-gremien/>

 

Android 11 facilitará o login em Wi-Fi público [Android 11 will make it easier to sign in to public Wi-Fi]

... O Google anunciou que o Android 11 irá adotar um sistema padronizado para logins em redes Wi-Fis abertas. Na prática, a novidade irá simplificar o acesso às redes públicas, utilizando um método proposto pelo comitê de engenharia da internet (IETF, na sigla em inglês) compatível também com o iOS, Windows, macOS e outros sistemas.

<https://canaltech.com.br/android/android-11-facilitara-o-login-em-wi-fi-publico-168469/>

 

Harald A. Summa, elegido presidente del consejo asesor de la Internet Society [Harald A. Summa, elected chairman of the Advisory Board of the Internet Society]

... A través de una comunidad de miembros en todo el mundo, la Internet Society colabora con una amplia variedad de grupos de interés para promover las tecnologías que contribuyen a hacer un Internet más seguro y aboga por políticas que faciliten el acceso universal a la red. Además, la Internet Society es también la sede de organización del IETF.

<https://www.rrhhpress.com/gente/49970-harald-a-summa-elegido-presidente-del-consejo-asesor-de-la-internet-society>

 

BIMI up Scotty

... Lige nu er BIMI ikke en standard. Rygtet vil vide at der er så betragtelig meget kontrovers om denne foreslåede standard at IETF har valgt IKKE at lægge den ind i deres IETF standards track eller aktiviteter - så derfor er den lige nu “kun” en industri-sammenslutning.

<https://www.version2.dk/blog/bimi-up-scotty-1091014>

 

Держава vs інтернет: хто і як має підтримувати доступ до мережі [State vs Internet: Who and how to maintain network access]

Інтернет надає людям і бізнесу можливість перебувати на зв’язку під час карантину, а отже допомагає запобігти цілковитому краху світової економіки. Водночас інженерні некомерційні організації, які забезпечують стабільне функціонування глобальної мережі інтернет, знову піддаються нападкам. Про ситуацію навколо доступу до інтернету Mind пропонує дізнатись із матеріалу Фаді Шехаде (Fadi Chehade) для ресурсу Project Syndicate. ... Інженери, які започаткували інтернет, створили також і некомерційні організації, як-от інтернет-корпорацію з присвоєння імен та номерів (ICANN) та Інженерну робочу групу інтернету (IETF), на які покладено відповідальність за збереження унікальних ідентифікаторів й підтримання властивого інтернету первозданного духу відкритості.

<https://mind.ua/publications/20213421-derzhava-vs-internet-hto-i-yak-mae-pidtrimuvati-dostup-do-merezhi>

 

**********************

INTERNET OF THINGS

**********************

On the Internet of Medical Things by Vinton G. Cerf

In my last column (June 2020), I wrote about my experience with COVID-19 and the challenges involved with getting medical attention. The problem is still with us, even with the improved availability of personal protection equipment and masks. The experience of calling for a doctor's appointment and being told I could not come into the doctor's office was unsettling to say the least.

<https://cacm.acm.org/magazines/2020/8/246354-on-the-internet-of-medical-things/fulltext>

 

**********************

SECURITY & PRIVACY

**********************

DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records

More than 4.7 million sources in five countries — the US, China, South Korea, Russia, and India — were used to level DDoS attacks against victims in the second quarter of 2020, with the portmap protocol most frequently used as an amplification vector to create massive data floods, security and services firm A10 Networks says in its threat report for the second quarter.

<https://www.darkreading.com/threat-intelligence/ddos-botnets-are-entrenched-in-asia-and-amplification-attacks-set-records/d/d-id/1338415>

 

New I&J Outcomes: Addressing Technical Abuse at the DNS-level

The Internet & Jurisdiction Policy Network Domains & Jurisdiction Program Contact Group has prepared three resources to equip DNS Operators and technical abuse notifiers with the tools they need to address technical abuse at the DNS-level.

<https://www.internetjurisdiction.net/news/new-i-j-outcomes-addressing-technical-abuse-at-the-dns-level>

 

The Twitter Hack Shows a Major Cybersecurity Vulnerability: Employees

On Wednesday, Twitter fell victim to hackers who used a “coordinated social engineering attack” to compromise some of Twitter’s highest-profile accounts—including those belonging to Barack Obama, Elon Musk, Bill Gates, and Kanye West—to launch a crypto scam targeting those users’ followers. The scammers ended up with multiple accounts and more than $120,000 in untraceable Bitcoin payments—an amount that pales in comparison to the damage to Twitter’s brand.

<https://slate.com/technology/2020/07/twitter-hack-human-weakness.html>

 

A (Fairly) Non-Technical Guide to Routing Security Basics

On the MANRS website, we write about routing security. We dig into the details of technical problems, research the origins of route leaks and hijacks, analyze trends and statistics related to networks around the globe via the MANRS Observatory, and generally get pretty nerdy about how to improve the routing system that underpins the Internet. Last week, we took a step back and published a series of posts regarding Routing Security Basics.

<https://www.internetsociety.org/blog/2020/07/a-fairly-non-technical-guide-to-routing-security-basics/>

 

U.S. hatches plan to build a quantum Internet that might be unhackable

U.S. officials and scientists unveiled a plan Thursday to pursue what they called one of the most important technological frontiers of the 21st century: building a quantum Internet.

<https://www.washingtonpost.com/technology/2020/07/23/us-plan-quantum-internet/>

 

In Push for Better Cybersecurity, U.S. Energy Department Outlines a National Quantum Internet [subscription]

A group led by the U.S. Department of Energy and the University of Chicago plans to develop a nationwide quantum internet that could be functional in about a decade and with the potential to securely transmit sensitive information related to national security and financial services. ... The project will be funded by a portion of the $1.275 billion budget allocated as part of President Trump’s National Quantum Initiative, an effort to accelerate research and development in quantum information science, an area of study that includes quantum-based communication and quantum computing.

<https://www.wsj.com/articles/in-push-for-better-cybersecurity-u-s-energy-department-outlines-a-national-quantum-internet-11595527706>

 

Cybersecurity: Commission report details policies and skills needed for a more secure digital society

The Joint Research Centre (JRC), the Commission's science and knowledge hub, has issued a report on ‘Cybersecurity - our Digital anchor. A European perspective'. It looks at the growth of cybersecurity over the last 40 years and identifies where the EU could improve in this field, for the benefit of businesses and citizens.

<https://ec.europa.eu/digital-single-market/en/news/cybersecurity-commission-report-details-policies-and-skills-needed-more-secure-digital-society>

 

1st ENISA Advisory Group Meeting: Members to Strengthen Agency’s Work Towards a Cyber Secure Europe

Today, the 23-strong expert group is kicking off its first meeting. The Advisory Group will assist the Agency in drawing up its work programme, achieving its strategic objectives and communicating with key stakeholders.

<https://www.enisa.europa.eu/news/enisa-news/1st-enisa-advisory-group-meeting-elected-members-to-strengthen-agency2019s-work-towards-a-cyber-secure-europe>

 

Survey to Explore the Preparedness of EU SMEs for Cybersecurity Challenges

Survey on cybersecurity challenges for SMEs: A review on how businesses in the EU are preparing for and coping with cyber threats.

<https://www.enisa.europa.eu/news/enisa-news/survey-to-explore-the-preparedness-of-eu-smes-for-cybersecurity-challenges>

 

A billion user hours lost in EU telecoms due to security incidents in 2019

The European Union Agency for Cybersecurity publishes the 9th annual report on telecom security incidents.

<https://www.enisa.europa.eu/news/enisa-news/annual-report-on-telecom-security-incidents-in-2019>

 

Seeing Light at the End of the Cybersecurity Tunnel by Leah Hoffmann

ACM athena award recipient Elisa Bertino, a professor at Purdue University and research director of the Cyber Space Security Lab of Purdue's Department of Computer Science, has spent her career trying to ensure the security and integrity of the information that is stored in databases and transmitted over mobile, social, cloud, Internet of Things (IoT), and sensor networks. Here, she talks about how her research interests have evolved and why she's not pessimistic about the future of cybersecurity.

<https://cacm.acm.org/magazines/2020/8/246374-seeing-light-at-the-end-of-the-cybersecurity-tunnel/fulltext>

 

Internet Scan Shows Decline in Insecure Network Services

A comprehensive study of Internet-connected devices conducted over nearly four weeks in late March and early April shows that organizations surprisingly have become better about not exposing the most insecure services to the Internet.

<https://www.darkreading.com/risk/internet-scan-shows-decline-in-insecure-network-services-/d/d-id/1338395>

 

FBI warns of new DDoS attack vectors: CoAP, WS-DD, ARMS, and Jenkins

The Federal Bureau of Investigation sent an alert last week warning about the discovery of new network protocols that have been abused to launch large-scale DDoS attacks.

<https://www.zdnet.com/article/fbi-warns-of-new-ddos-attack-vectors-coap-ws-dd-arms-and-jenkins/>

 

au: Internet service providers urged to deliver 'clean pipes' to customers

An Australian Strategic Policy Institute report says ISPs should share information and automatically blacklist dangerous websites as Australia battles an escalation of cyber attacks.

<https://www.smh.com.au/politics/federal/internet-service-providers-urged-to-deliver-clean-pipes-to-customers-20200722-p55e8v.html>

 

au: Clean pipes: Should ISPs provide a more secure internet?

Introduction: One of the largest online challenges facing Australia is to provide effective cybersecurity to the majority of internet users who don’t have the skills or resources to defend themselves. This paper explores the concept of ‘Clean Pipes’, which is the idea that ISPs could provide security services to their customers to deliver a level of default security.

<https://www.aspi.org.au/report/clean-pipes-should-isps-provide-more-secure-internet>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Interactive: The Top Programming Languages

This app ranks the popularity of dozens of programming languages. You can filter them by excluding sectors that aren’t relevant to you, such as “Web” or “Embedded.”

<https://spectrum.ieee.org/static/interactive-the-top-programming-languages-2020?utm_source=spectrum-hero>

 

There’s a Bigger Threat Than Big Tech. It’s Big China

As lawmakers grill U.S. technology CEOs, they should ask not just about their near-monopoly power today, but also about staving off Chinese dominance tomorrow. ... American tech giants do not exist in a vacuum. Whether Congress acknowledges it or not, American companies are competing with the Chinese state and its state-backed corporate champions. And these Chinese players are competing to control a new global architecture. As we consider the state of American big tech, we should also ask what curtailing it means for the world: Do we want Facebook, Google, Apple, Amazon or do we want Beijing’s?

<https://www.defenseone.com/ideas/2020/07/theres-bigger-threat-big-tech-its-big-china/167187/>

 

au: Carriageworks re-opening set to reveal the internet's dark side

Two months ago Sydney artist Giselle Stanborough wandered through the shutdown performance installation she had been tirelessly researching and assembling for more than a year. It crossed her mind that this might be the last time she would ever see her work live. Cinopticon, the artist's critique of cyber-surveillance and internet narcissism, had been installed days before Carriageworks went into voluntary administration. It had never opened to the public. Photographs taken that day of the giant floor-to-ceiling diagrams and sculptural forms were placed online, the only evidence of its existence and a deeply ironic twist given the subject matter. ... Carriageworks' reopening means Stanborough's show will be physically unveiled for the first time. It invokes philosopher Michel Foucault's theory of the panopticon, in which people under watch are "seen, but he does not see; he is an object of information, never a subject in communication".

<https://www.smh.com.au/culture/art-and-design/carriageworks-opens-to-reveal-the-internet-s-dark-side-20200727-p55frb.html>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home