[Newsclips] IETF SYN-ACK Newspack 2023-03-20

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

JPRS supports IETF 116 in Yokohama, Japan

JPRS is sponsoring IETF 116 to be held in Yokohama, Japan from 25(Sat.) to 31(Fri.) March 2023.

< <https://jprs.co.jp/en/topics/2023/230315.html> https://jprs.co.jp/en/topics/2023/230315.html>

 

National Quantum Strategy (accessible webpage) 

... There are a number of early quantum standardisation activities taking place globally with significant focus on quantum safe cryptography and QKD, with UK leadership in these areas. Standards development organisations with activity on quantum technology include: ISO; IEC; ITU; IETF; the ETSI; and the IEEE.

< <https://www.gov.uk/government/publications/national-quantum-strategy/national-quantum-strategy-accessible-webpage> https://www.gov.uk/government/publications/national-quantum-strategy/national-quantum-strategy-accessible-webpage>

 

Nokia, Singtel trial 5G IP transport end-to-end network slicing

... To deliver end-to-end slicing, Singtel, Nokia and their network partners worked together to map the slice service attributes across 3GPP and IETF specifications. 3GPP specifies the network slicing functionalities in the 5G radio and core while IETF specifies the IP transport equivalent. With this novel implementation, the network is able to implement end-to-end slice performance and service differentiation.

< <https://www.vanillaplus.com/2023/03/13/77598-nokia-singtel-trial-5g-ip-transport-end-to-end-network-slicing/> https://www.vanillaplus.com/2023/03/13/77598-nokia-singtel-trial-5g-ip-transport-end-to-end-network-slicing/>

 

What Is CIDR? Subnets and CIDR Explained

... What’s the purpose of CIDR? In 1993, CIDR was released as a solution to the looming scarcity of IPv4 addresses. By allotting to networks more precise and nuanced CIDR blocks that consume fewer resources, CIDR has been able to extend the lifespan of this precious resource. It replaced the now obsolete classful network system based on classes A, B, and C as summarized in IETF’s rfc943:

< <https://www.enterprisenetworkingplanet.com/standards-protocols/cidr/> https://www.enterprisenetworkingplanet.com/standards-protocols/cidr/>

 

5th Generation Mobile Network Infrastructure: Promises and Pitfalls

... Conclusion: The ongoing deployment of 5G brings with it myriad promising opportunities and vulnerabilities ripe for exploitation by malicious actors. These vulnerabilities highlight the ongoing need for the United States Government (USG) to work with the private-sector entities that operate on the front lines of 5G research, development, and implementation. Furthermore, the USG needs to support the efforts of global standards-setting bodies like the 3rd Generation Partnership Project, IETF, and the International Telecommunication Union to responsibly develop the technical standards and security controls governing the advancement of mobile network infrastructure and associated technologies.

< <https://www.hstoday.us/subject-matter-areas/cybersecurity/5th-generation-mobile-network-infrastructure-promises-and-pitfalls/> https://www.hstoday.us/subject-matter-areas/cybersecurity/5th-generation-mobile-network-infrastructure-promises-and-pitfalls/>

 

KNX IoT: Part 2 – the advantages of Thread

In the second of this series of articles on KNX IoT, Bruno Johnson explains how KNX and the wireless Thread protocol bring benefits to commercial building automation. ... Thread has been designed with security from the ground-up, and mandates established IETF security standards. The use of established IETF security standards future proofs Thread against forthcoming cybersecurity standards.

< <https://www.knxtoday.com/2023/03/46100/knx-iot-part-2-the-advantages-of-thread.html> https://www.knxtoday.com/2023/03/46100/knx-iot-part-2-the-advantages-of-thread.html>

 

Huawei proposes certainty in industry development to jointly stride to 5.5G era

... 1.Clear roadmaps for industry standardization: 5.5G standardization has kicked off, with its technical specifications to be defined in 3GPP Releases 18, 19, and 20. 3GPP Release 18 will be frozen in H1 of 2024. F5.5G has progressed from proposals to specification design. Last September, ETSI released its F5G Advanced White Paper, and it has been leading the formulation of F5.5G's first release, Release 3, which will be frozen in H1 of 2024. IETF and the IEEE have begun working on the first phase of Net5.5G standardization mainly in Segment Routing over IPv6 (SRv6), Wi-Fi 7, 800GE, and other subjects, with an aim to release the standard in 2024.

< <https://www.jamaicaobserver.com/latest-news/huawei-proposes-certainty-in-industry-development-to-jointly-stride-to-5-5g-era/> https://www.jamaicaobserver.com/latest-news/huawei-proposes-certainty-in-industry-development-to-jointly-stride-to-5-5g-era/>

 

DigiCert marks strong growth rate in 2022 and builds momentum for digital trust vision

... DigiCert also continued its leadership in industry standards, including: ... Web, document and electronic signature trust: DigiCert is advocating for stronger standards in European electronic Identification, Authentication and Trust Services (eIDAS) for web and electronic signature trust. The company co-authored RFC 9336, the IETF standard that defines a general-purpose extended key usage for electronic signature and document signing trust. Trust foundations: DigiCert is chairing many of the CA/B Forum working groups and the PKI groups at the IETF and the American National Standards Institute (ANSI) X9. DigiCert is also working with the National Institute of Standards and Technology (NIST) and industry participants in post-quantum cryptography transition and worked with X9 on their Quantum Risk Study Group report.

< <https://itwire.com/guest-articles/company-news/digicert-marks-strong-growth-rate-in-2022-and-builds-momentum-for-digital-trust-vision.html> https://itwire.com/guest-articles/company-news/digicert-marks-strong-growth-rate-in-2022-and-builds-momentum-for-digital-trust-vision.html>

 

Entrust Software Security Architect Recognized as an Excellence Award Finalist by Microsoft

... Entrust provides a variety of cryptographic mechanisms to support a range of Post Quantum Cryptography migration strategies because we recognize different environments may require different approaches for a successful migration. With strong support from Entrust’s Research and Development team, Mike is pushing for the development of multiple forms of Post Quantum and traditional hybrid techniques to enhance security and migration flexibility. In partnership with leaders in the IETF and academic crypto communities, he has worked to integrate PQC into IETF Internet Protocols with a specific focus on X.509 PKI infrastructure.

< <https://www.entrust.com/blog/2023/03/entrust-software-security-architect-recognized-as-an-excellence-award-finalist-by-microsoft/> https://www.entrust.com/blog/2023/03/entrust-software-security-architect-recognized-as-an-excellence-award-finalist-by-microsoft/>

 

Zielie Deep Dive Series: Quality of Service

... DSCP values have no inherent meaning, however common practice dictates that higher priority traffic is assigned higher values. IETF RFC 2597, Assured Forwarding (AF), is a common DSCP traffic marking scheme, used primarily for routing.

< <https://www.avnetwork.com/news/zielie-deep-dive-series-quality-of-service> https://www.avnetwork.com/news/zielie-deep-dive-series-quality-of-service>

 

Level Up Your Web3 Defence

... Web3 must also be secure, transparent, and reliable. The IETF and W3C have created standards to make the Web safer to use and maintain.

< <https://cryptomode.com/level-up-your-web3-defence/> https://cryptomode.com/level-up-your-web3-defence/>

 

Treffen der IETF im Juli in San Francisco [IETF Meeting in San Francisco in July]

Das 117. Treffen der IETF startet am 22. Juli 2023 als Präsenzveranstaltung unter dem Titel »IETF 117 San Francisco« in Francisco (USA). Eine Onlineteilnahme ist selbstverständlich möglich.

< <https://domain-recht.de/domain-events/sonstige-events/ietf-treffen-der-internet-engineering-task-force-im-juli-in-san-francisco-68827.html> https://domain-recht.de/domain-events/sonstige-events/ietf-treffen-der-internet-engineering-task-force-im-juli-in-san-francisco-68827.html>

 

Missing Link: Auch Internetprotokolle haben ihren Lifecycle [Missing Link: Internet protocols also have their lifecycle]

Die EU-Kommission präsentierte 2022 eine neue Strategie zu den Desideraten europäischer Standardisierungspolitik und im Bundesinnenministerium wird darüber nachgedacht, wie man mehr deutsche Firmen in Standardisierungsorganisationen "tragen" könnte. Dabei gibt es in der in einer Woche in Yokohama tagenden IETF, einen Bereich, in dem deutsche Forscher fast schon dominieren.

< <https://www.heise.de/hintergrund/Missing-Link-IETF-Standards-ueber-die-Zukunft-von-einem-Zoo-an-Protokollen-7549017.html> https://www.heise.de/hintergrund/Missing-Link-IETF-Standards-ueber-die-Zukunft-von-einem-Zoo-an-Protokollen-7549017.html>

 

Kurz erklärt: REST-APIs mit CoAP für das IoT [Briefly explained: REST APIs with CoAP for the IoT]

Geräte im IoT haben oft nur geringe Kapazitäten für den Datenaustausch. Mit CoAP hat die IETF ein Netzwerkprotokoll für die speziellen Anforderungen entwickelt. 

< <https://www.heise.de/hintergrund/Kurz-erklaert-REST-APIs-mit-CoAP-fuer-das-IoT-7543373.html> https://www.heise.de/hintergrund/Kurz-erklaert-REST-APIs-mit-CoAP-fuer-das-IoT-7543373.html>

 

Huawei: Smartphones, Tablets & Autos aus China [PORTRÄT] [Huawei: Smartphones, Tablets & Cars from China [PORTRAIT]]

... Der Streit stellt im Rückblick die Auftaktepisode dar zu einer ganzen Reihe an Auseinandersetzungen mit den USA, doch dazu später ausführlich. 2007 zog Huawei erst einmal den Zorn der Europäer auf sich. Huawei hatte die Mitarbeit bei der IETF dazu genutzt, um auf ein dort gemeinsam mit anderen Unternehmen entwickeltes Verfahren Patentschutz beim Europäischen Patentamt anzumelden.

< <https://www.trend.at/leaders/huawei> https://www.trend.at/leaders/huawei>

 

Autenticazione a due fattori: perché è necessaria e come usarla [Two-factor authentication: why it is needed and how to use it]

... Questo processo è stato standardizzato dalla RFC-6238 “TOTP: Time-Based One-Time Password Algorithm”pubblicata nel 2011 da IETF.

< <https://www.cybersecurity360.it/soluzioni-aziendali/autenticazione-a-due-fattori-perche-e-necessaria-e-come-usarla/> https://www.cybersecurity360.it/soluzioni-aziendali/autenticazione-a-due-fattori-perche-e-necessaria-e-come-usarla/>

 

HTTP/3 y QUIC: Conoce todo sobre este protocolo para navegar rápido [HTTP/3 and QUIC: Know everything about this protocol to navigate fast]

Hay muchos protocolos necesarios para poder navegar por Internet y tener conexión de red en nuestros dispositivos. Estos mismos protocolos con el paso del tiempo pueden ser distintos, más actuales y con mejoras.

< <https://www.redeszone.net/tutoriales/internet/que-es-http-3-quic/> https://www.redeszone.net/tutoriales/internet/que-es-http-3-quic/>

 

El nacimiento de Internet: De IPv4 a IPv6 [The birth of the Internet: >From IPv4 to IPv6]

... A medida que el número de dispositivos conectados a Internet continuó creciendo, el agotamiento de direcciones IPv4 se convirtió en un problema inminente. Para abordar esta situación, la IETF comenzó a trabajar en un nuevo protocolo de Internet a mediados de la década de 1990, dando lugar al desarrollo de IPv6.

< <https://alcazardesanjuan.com/el-nacimiento-de-internet-de-ipv4-a-ipv6/> https://alcazardesanjuan.com/el-nacimiento-de-internet-de-ipv4-a-ipv6/>

 

Serviciul german de securitate informatică BSI avertizează asupra unei vulnerabilități în VMware ESXi [German it security service BSI warns of vulnerability in VMware ESXi]

... Potrivit portalului de securitate IT Hackernews, compania franceză OVHcloud a confirmat ca punct de intrare implementarea open source a IETF Service Location Protocol (OpenSLP).

< <https://www.clubitc.ro/2023/03/16/serviciul-german-de-securitate-informatica-bsi-avertizeaza-asupra-unei-vulnerabilitati-in-vmware-esxi/> https://www.clubitc.ro/2023/03/16/serviciul-german-de-securitate-informatica-bsi-avertizeaza-asupra-unei-vulnerabilitati-in-vmware-esxi/>

 

Tyrimas: 41 proc. moterų pavardžių feisbuke – „šveplos“, 93 proc. „.lt“ domenų – taip pat „švepli“ [Survey: 41 per cent of women's surnames on Facebook – "šveplos", 93 per cent of ".lt" domains – as well as "švepli"]

... „Toks didelis šveplavimas domenų varduose sietinas su susiformavusiu įpročiu švepluoti, kai dar nebuvo galimybės .lt domeno varduose naudoti savitųjų lietuvių kalbos raidžių. Galimybė įkurti domenų vardus su diakritiniais nacionalinių kalbų ženklais atsirado interneto standartus kuriančiai IETF organizacijai patvirtinus IDN (angl. Internationalized Domain Name) techninių dokumentų rinkinį, skirtą savitosioms nacionalinėms raidėms koduoti ir atvaizduoti. Nors 2004 metais įdiegėme IDN, kol nebuvo techninių galimybių naudoti savitąsias lietuviškas raides, žmonės įprato švepluoti ir šio įpročio neatsisakė iki šiol.

< <https://www.delfi.lt/login/technologijos/naujienos/tyrimas-41-proc-moteru-pavardziu-feisbuke-sveplos-93-proc-lt-domenu-taip-pat-svepli.d?id=92780391> https://www.delfi.lt/login/technologijos/naujienos/tyrimas-41-proc-moteru-pavardziu-feisbuke-sveplos-93-proc-lt-domenu-taip-pat-svepli.d?id=92780391>

 

**********************

SECURITY & PRIVACY

**********************

DNSAI Newsletter March 2023

With ICANN 76 in Cancun drawing near, it seemed a good time to provide an update on the activities of the DNS Abuse Institute. Below we’ve got news on our measurement project DNSAI Compass™, NetBeacon™, and some recent work on bulk domain registrations.

< <https://dnsabuseinstitute.org/dnsai-newsletter-march-23/> https://dnsabuseinstitute.org/dnsai-newsletter-march-23/>

 

European Parliament agrees cybersecurity requirements for EU bodies

The European Parliament’s Industry committee voted Thursday (9 March) in favour of MEP Henna Virkkunen’s draft report proposing introducing common cybersecurity standards across EU institutions, paving the way for starting trilogue negotiations.

< <https://www.euractiv.com/section/cybersecurity/news/european-parliament-agrees-cybersecurity-requirements-for-eu-bodies/> https://www.euractiv.com/section/cybersecurity/news/european-parliament-agrees-cybersecurity-requirements-for-eu-bodies/>

 

eu: Unveiling the Telecom Cybersecurity Challenges

The European Union Agency for Cybersecurity (ENISA) publishes one report on eSIMs and a second one on fog and edge computing in 5G. Both reports intend to provide insights on the challenges of these technologies.

< <https://www.enisa.europa.eu/news/unveiling-the-telecom-cybersecurity-challenges-of-esims-of-fog-and-edge-computing-in-5g> https://www.enisa.europa.eu/news/unveiling-the-telecom-cybersecurity-challenges-of-esims-of-fog-and-edge-computing-in-5g>

 

Scroll through EU Cybersecurity Certification

The new mini-site launched by the European Union Agency for Cybersecurity (ENISA) serves the objective to promote and disseminate information related to EU cybersecurity certification.

< <https://www.enisa.europa.eu/news/scroll-through-eu-cybersecurity-certification> https://www.enisa.europa.eu/news/scroll-through-eu-cybersecurity-certification>

 

Good Cybersecurity Governance in the European Union – Best Practices Based on NIS2 and the Cyber Resilience Act

The governance of cyberspace is a challenging task that requires close coordination between governments, private companies and critical infrastructure providers, as well as civil society and international standard-setting bodies to establish new rules, guidelines or regulations. In many ways, the European Union is at the forefront of cyberspace regulation, making it a perfect case study for evaluating different governance models for cybersecurity regulation.

< <https://techpolicy.press/good-cybersecurity-governance-in-the-european-union-best-practices-based-on-nis2-and-the-cyber-resilience-act/> https://techpolicy.press/good-cybersecurity-governance-in-the-european-union-best-practices-based-on-nis2-and-the-cyber-resilience-act/>

 

us: We want YOU to Help Defend the Nation from Cyberattacks

Our nation is facing unprecedented risks from cyber threats. In parallel, many organizations and individuals are experiencing uncertain times. While uncertainty can be a major cause of stress, it can also provide opportunity for those who know where to look. That’s where we at the Cybersecurity and Infrastructure Security Agency (CISA) come in. CISA is the nation’s cyber defense agency. You may never have considered public service but take it from us: there is no better place to learn new skills, make a difference, and be part of a great team.

< <https://www.cisa.gov/news-events/news/we-want-you-help-defend-nation-cyberattacks> https://www.cisa.gov/news-events/news/we-want-you-help-defend-nation-cyberattacks>

 

us: How the Foundational Assessment Makes Starting or Improving a Cybersecurity Program Easier

As cybersecurity maturity becomes a larger goal for the U.S. State, Local, Tribal, and Territorial (SLTT) landscape, many are using assessment solutions to identify which cybersecurity activities they should start with at a high level. Many have turned to the Nationwide Cybersecurity Review (NCSR). It's a no-cost, annual, and anonymous self-assessment that helps SLTT government organizations like you measure capabilities and assess gaps in your cybersecurity program.

< <https://www.cisecurity.org/insights/blog/how-the-foundational-assessment-makes-starting-or-improving-a-cybersecurity-program-easier> https://www.cisecurity.org/insights/blog/how-the-foundational-assessment-makes-starting-or-improving-a-cybersecurity-program-easier>

 

us: CISA and Women in CyberSecurity Strengthen Partnership to Bridge Gender Gap in Cyber and Tech

Today, in recognition of International Women’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) is pleased to announce the signing of a Memorandum of Understanding (MOU) with Women in CyberSecurity (WiCyS) in order to work even closer together to bridge the gender gap in cybersecurity.

< <https://www.cisa.gov/news-events/news/cisa-and-women-cybersecurity-strengthen-partnership-bridge-gender-gap-cyber-and-tech> https://www.cisa.gov/news-events/news/cisa-and-women-cybersecurity-strengthen-partnership-bridge-gender-gap-cyber-and-tech>

 

International Women’s Day: The power of diversity to build stronger cybersecurity teams

Women’s History Month is a special time for me as I reflect on all the great innovations women have made over the years. Women have driven technology forward throughout history. Notable women in cybersecurity like cryptologists Agnes Meyer Driscoll and Genevieve Grotjan Feinstein worked behind the scenes of wartime intelligence and were just two of the 10,000 women who paved the way for trailblazers in cybersecurity.

< <https://www.microsoft.com/en-us/security/blog/2023/03/08/international-womens-day-the-power-of-diversity-to-build-stronger-cybersecurity-teams/> https://www.microsoft.com/en-us/security/blog/2023/03/08/international-womens-day-the-power-of-diversity-to-build-stronger-cybersecurity-teams/>

 

us: Where the New National Cybersecurity Strategy Differs From Past Practice

Although the strategy builds on cybersecurity efforts from the previous three administrations, it departs from past perspectives and practices and, if fully implemented, has the potential to change the U.S. cybersecurity posture significantly for the better.

< <https://www.lawfareblog.com/where-new-national-cybersecurity-strategy-differs-past-practice> https://www.lawfareblog.com/where-new-national-cybersecurity-strategy-differs-past-practice>

 

us: CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks

SUMMARY: The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organization's cyber posture.

< <https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a> https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a>

 

The digital front line: Why digital resilience must be an integral part of European security: The Ukraine war is the first hybrid war, blurring the lines between physical and non-physical threats. 

What role will digital technology play in this striking paradigm shift? And how vital is it for our societies to be digitally resilient? The concept of digital resilience emerged during the Covid 19 pandemic. It mainly referred to the ability of organisations and businesses to stay afloat and surf the wave of disruptions caused by the strict governmental measures applied at the time.

< <https://www.euractiv.com/section/digital/opinion/the-digital-front-line-why-digital-resilience-must-be-an-integral-part-of-european-security/> https://www.euractiv.com/section/digital/opinion/the-digital-front-line-why-digital-resilience-must-be-an-integral-part-of-european-security/>

 

Malware Landscape 2023: A Study of the Scope and Distribution of Malware

Interisle reviewed over 7 million reports of distinct malware events from January 2022 to December 2022 collected by the Cybercrime Information Center, examining malware that attacks both IoT and user-attended devices ("endpoints"). This year Interisle also studied reports of malicious traffic sources: malware that is used to scan web sites for exploitable vulnerabilities, to inject malicious content into web forms, or to conduct denial of service attacks.

< <https://www.interisle.net/MalwareLandscape2023.html> https://www.interisle.net/MalwareLandscape2023.html>

 

Interisle's Andy Malis Awarded 7th Patent

Andy Malis was granted US Patent 11,582,148 on February 14, 2023, MPLS Extension Headers for In-Network Services. This patent describes methods and devices (e.g., routers) that add in-network services to a multiprotocol label switching (MPLS) network. This can include an MPLS network router receiving and modifying a packet by adding one or more MPLS extension headers, adding one or more extension header(s), and adding an indication within an MPLS label stack that one or more MPLS extension headers have been added to the packet.

< <https://www.interisle.net/> https://www.interisle.net/>

 

Emotet, QSnatch Malware Dominate Malicious DNS Traffic

The Internet's DNS has become a superhighway of sorts for threat actors, with one in six organizations experiencing malicious network traffic in the form of either malware such as Emotet, phishing attacks, or command-and-control (C2) activity in an given quarter, researchers have found.

< <https://www.darkreading.com/threat-intelligence/dns-autobahn-malicious-network-traffic> https://www.darkreading.com/threat-intelligence/dns-autobahn-malicious-network-traffic>

 

Cloudflare Democratizes Post-Quantum Cryptography By Delivering It For Free, By Default [news release]

Cloudflare, Inc. ... provide post-quantum cryptography for free by default to all customers to help secure their websites, APIs, cloud tools and remote employees against future threats. Now, all Cloudflare customers will be able to seamlessly migrate to the next era of cybersecurity standards–instantly and for free.

< <https://www.cloudflare.com/en-au/press-releases/2023/cloudflare-democratizes-post-quantum-cryptography-by-delivering-it-for-free/> https://www.cloudflare.com/en-au/press-releases/2023/cloudflare-democratizes-post-quantum-cryptography-by-delivering-it-for-free/>

 

5G, security risks, and a way forward

5G, the fifth-generation standard for broadband cellular networks, will soon appear on our phones if it hasn’t already. Its potential is stunning, faster speed and shorter latency — the gap between data receipt and transfer — which will make it possible to extend the Internet of Things (IoT) to, for instance, self-driving cars whose devices need to communicate commands in fractions of seconds. If smartphones changed our personal lives in ways we could not predict, 5G could change our societies and shape our future beyond our imaginations.

< <https://thehill.com/opinion/technology/3895399-5g-security-risks-and-a-way-forward/> https://thehill.com/opinion/technology/3895399-5g-security-risks-and-a-way-forward/>

 

The Danger of Content Blocking Measures by DNS Recursive Resolvers

DNS recursive resolvers play a crucial role in the functioning of the internet by translating domain names into IP addresses. However, they should not act as gatekeepers for content, which can be subjective and varies from jurisdiction to jurisdiction. Users of Quad9 opt-in to our service and want the cyber protection that we enable for them.

< <https://www.quad9.net/news/blog/dangers-of-content-blocking-2023> https://www.quad9.net/news/blog/dangers-of-content-blocking-2023>

 

Attack Superhighway: A Deep Dive on Malicious DNS Traffic

Executive summary: Akamai has conducted an investigation of malicious command and control (C2) traffic to gain insight on prevalent threats in corporate and home networks.

< <https://www.akamai.com/blog/security/a-deep-dive-on-malicious-dns-traffic> https://www.akamai.com/blog/security/a-deep-dive-on-malicious-dns-traffic>

 

DDoS Attacks in 2022: Targeting Everything Online, All at Once

The year 2022 was marked by significant changes in many areas of cybersecurity. Amid the turmoil, there was a noticeable shift in distributed denial-of-service (DDoS) attacks targeting and adversarial behavior. Perhaps the most significant lesson learned from last year is that DDoS attackers are targeting everything online, sometimes all at once.

< <https://www.akamai.com/blog/security/ddos-attacks-in-2022-targeting-everything-online> https://www.akamai.com/blog/security/ddos-attacks-in-2022-targeting-everything-online>

 

DNSSEC: The case for and against

In this episode of PING, APNIC’s Chief Scientist Geoff Huston discusses DNSSEC and presents a case ‘for’ and ‘against’ deployment, in the context of complexity, fragility, and impact on the Domain Name System (DNS) process at large.

< <https://blog.apnic.net/2023/03/16/podcast-dnssec-the-case-for-and-against/> https://blog.apnic.net/2023/03/16/podcast-dnssec-the-case-for-and-against/>

 

MANRS Compliance Increasing, More Work Needed in India

Worldwide collaboration and shared accountability have been critical in enabling the Internet’s development, and more recently its security.

< <https://www.manrs.org/2023/03/manrs-compliance-increasing-more-work-needed-in-india/> https://www.manrs.org/2023/03/manrs-compliance-increasing-more-work-needed-in-india/>

 

dnsmasq: Schwachstelle ermöglicht nicht spezifizierten Angriff [dnsmasq: Vulnerability allows unspecified attack]

Wie das BSI aktuell meldet, ist für dnsmasq eine Schwachstelle festgestellt worden. Eine Beschreibung der Sicherheitslücke sowie eine Liste der betroffenen Betriebssysteme und Produkte lesen Sie hier.

< <https://www.news.de/technik/856800312/dnsmasq-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-schwachstelle-ermoeglicht-nicht-spezifizierten-angriff/1/> https://www.news.de/technik/856800312/dnsmasq-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-schwachstelle-ermoeglicht-nicht-spezifizierten-angriff/1/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

DVB updates Multicast ABR specification and guidelines

... The two new optional transport protocols, which join the existing mandatory FLUTE and ROUTE protocols, are MSYNC and NORM. Both protocols are already used in commercial deployments of MABR and are described in technical specifications published by IETF.

< <https://www.broadbandtvnews.com/2023/03/16/dvb-updates-multicast-abr-specification-and-guidelines/> https://www.broadbandtvnews.com/2023/03/16/dvb-updates-multicast-abr-specification-and-guidelines/>

 

Should We Be Worried About Bitcoin Ossification?

... A prime example of this is the well-documented ossification of the Transmission Control Protocol (TCP). TCP is one of the primary protocols used to handle traffic on the internet, and almost all web applications are built on top of it. What’s more, many of these services apply additional architecture built on top of TCP. This is why it is so hard to change the protocol without serious risk of “breaking” large swaths of the internet. This has also led to an internet that has a significant number of broken data paths but no easy way to fix them. Solutions to this situation have been proposed, such as QUIC, but the issue is ongoing and needs active management to address.

< <https://www.forbes.com/sites/digital-assets/2023/03/18/should-we-be-worried-about-bitcoin-ossification/> https://www.forbes.com/sites/digital-assets/2023/03/18/should-we-be-worried-about-bitcoin-ossification/>

 

씨디네트웍스, QUIC 및 HTTP/3 통합 플랫폼 발표… 업그레이드된 라이브 스트리밍 지원 [CDNetworks Announces QUIC and HTTP/3 Integration Platform... Upgraded Live Streaming Support]

아시아·태평양 지역 EaaS(edge as a service) 선도 업체 씨디네트웍스가 QUIC 및 HTTP/3 지원을 발표했다. 응답 시간을 줄이고, 접근성을 높여 네트워크 상태가 열악해지기 쉬운 지역에서 수신 거리, 강도를 극대화하는 QUIC (Quick UDP Internet Connection)는 씨디네트웍스의 라이브 스트리밍 기능을 한 차원 더 높일 것으로 기대된다.

< <http://www.policyfund.kr/news/articleView.html?idxno=6506> http://www.policyfund.kr/news/articleView.html?idxno=6506>

 

씨디네트웍스, QUIC 및 HTTP/3 통합 플랫폼 발표 [CDNetworks Announces QUIC and HTTP/3 Integration Platform]

[디지털데일리 이상일기자] 씨디네트웍스가 퀵(QUIC) 및 HTTP/3 지원을 발표했다. 응답 시간을 줄이고, 접근성을 높여 네트워크 상태가 열악해지기 쉬운 지역에서 수신 거리, 강도를 극대화하는 QUIC(Quick UDP Internet Connection)는 씨디네트웍스의 라이브 스트리밍 기능을 한 차원 더 높일 것으로 기대된다.

< <https://www.ddaily.co.kr/m/m_article/?no=259293> https://www.ddaily.co.kr/m/m_article/?no=259293>

 

씨디네트웍스, QUIC·HTTP/3로 라이브 스트리밍 지원 예정 [CDNetworks, QUIC· Live streaming with HTTP/3 will be supported]

씨디네트웍스가 "QUIC(퀵, Quick UDP Internet Connection) 및 HTTP/3 지원을 발표했다"면서 "이에 따라 업그레이드된 라이브 스트리밍 서비스를 지원할 것"이라고 15일 밝혔다.

< <https://news.mt.co.kr/mtview.php?no=2023031515512616320> https://news.mt.co.kr/mtview.php?no=2023031515512616320>

 

シングテルが5Gミリ波で上り速度1.6Gビット／秒を達成、クアルコムやエリクソンと [SingTel achieves an upload speed of 1.6 Gbit/s with 5G millimeter waves, with Qualcomm and Ericsson]

... 移動通信関連の標準化団体3GPP（The 3rd Generation Partnership Project）の5G無線基幹ネットワークに関する標準仕様と、インターネット技術関連の標準化団体IETFのIPトランスポートに関する標準仕様に基づき、様々なネットワークスライスについて、その性能と、ネットワークリソース最適化機能に重点を置いた評価を行った。

< <https://xtech.nikkei.com/atcl/nxt/news/18/14812/> https://xtech.nikkei.com/atcl/nxt/news/18/14812/>

 

อะไรควรเกิดขึ้นบ้าง? เพื่อเตรียมพร้อมเข้าสู่ยุค เทคโนโลยี 5.5G [What should happen? To prepare for the 5.5G technology era]

... โดยเมื่อเดือนกันยายนปีที่ผ่านมา สถาบันมาตรฐานโทรคมนาคมของยุโรป (ETSI) ได้จัดทำสมุดปกขาวแบบละเอียดเกี่ยวกับเทคโนโลยี F5G และยังนำไปสู่การจัดทำเอกสารคู่มือ F5.5G ฉบับแรก ในฉบับ Release 3 เพื่อนำไปใช้จนกว่าจะยกเลิกภายในช่วงครึ่งปีแรกของปี พ.ศ. 2567 ในส่วนขององค์กรวางมาตรฐานอินเทอร์เน็ต (IETF) และสถาบันวิศวกรรมไฟฟ้าและวิศวกรรมอิเล็กทรอนิกส์นานาชาติ (IEEE) ก็ได้เริ่มดำเนินการจัดทำมาตรฐาน Net5.5G เฟสแรกแล้ว โดยมุ่งเน้นในเทคโนโลยี Segment Routing over IPv6 (SRv6), Wi-Fi 7, 800GE และอื่นๆ พร้อมตั้งเป้าจัดทำมาตรฐานดังกล่าวให้แล้วเสร็จภายในปี พ.ศ. 2567

< <https://www.salika.co/2023/03/13/5-5g-technology-huawei-2023/> https://www.salika.co/2023/03/13/5-5g-technology-huawei-2023/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Vale Raimundo Beca — LACNIC co-founder, network community leader

It is with much sadness that APNIC acknowledges the passing of Raimundo Beca.

< <https://blog.apnic.net/2023/03/15/vale-raimundo-beca-lacnic-co-founder-network-community-leader/> https://blog.apnic.net/2023/03/15/vale-raimundo-beca-lacnic-co-founder-network-community-leader/>

 

A conversation with ITU Secretary-General Doreen Bogdan-Martin

Doreen Bogdan-Martin took office as ITU Secretary-General on 1 January 2023. Her historic election by ITU Member States made her the first woman to head the 157-year-old organization. With over three decades of experience leading global telecommunications policy, Ms. Bogdan-Martin explains how ITU is working to achieve gender equality, meaningful connectivity, and sustainable digital transformation for the benefit of all.

< <https://www.itu.int/hub/2023/03/a-conversation-with-itu-secretary-general-doreen-bogdan-martin/> https://www.itu.int/hub/2023/03/a-conversation-with-itu-secretary-general-doreen-bogdan-martin/>

 

WSIS Forum 2023: Crowdsourcing insights on sustainable digital transformation

The world’s largest multi-stakeholder platform on sustainable digital development aims to rally governments, companies, United Nations agencies and other partners behind a push to harness emerging technologies for the good of all.

< <https://www.itu.int/hub/2023/03/wsis-forum-2023-crowdsourcing-insights-on-sustainable-digital-transformation/> https://www.itu.int/hub/2023/03/wsis-forum-2023-crowdsourcing-insights-on-sustainable-digital-transformation/>

 

Why is the European Commission So Determined to Ruin the Open Internet?

During the annual World Mobile Congress in Barcelona, Thierry Breton, the European Commissioner for Internal Market, proclaimed: “The networks of today are simply not up to date with the massive transformation taking place.” This is a loaded statement with not much substance attached to it; it is designed to attract attention.

< <https://techpolicy.press/why-is-the-european-commission-so-determined-to-ruin-the-open-internet/> https://techpolicy.press/why-is-the-european-commission-so-determined-to-ruin-the-open-internet/>

 

How Time Zones Are Coordinated by Kim Davies

Around this time of year, many places in the Northern Hemisphere "spring forward" into daylight saving time, moving their clocks ahead one hour to realize sunnier skies in their evening times. On different days throughout the Southern Hemisphere, many similarly wind back their clocks to brace for the winter months ahead. While this annual ritual is standard for many, some locations this year won't adopt daylight saving time as they previously did, and other places will do it differently than before.

< <https://www.icann.org/en/blogs/details/how-time-zones-are-coordinated-13-03-2023-en> https://www.icann.org/en/blogs/details/how-time-zones-are-coordinated-13-03-2023-en>

 

IANA Naming Function Review Bylaws Changes

ICANN opened a new Public Comment proceeding. ICANN seeks input on the proposed changes to the ICANN Bylaws that define IANA Naming Function Reviews. The first IANA Naming Function Review (IFR) Team recommended a Bylaws update to remove a duplication. There are also additional changes recommended that address composition issues faced by the RySG and ccNSO and clarifications to remove questions for the consideration of future IFR Final Reports.

< <https://www.icann.org/en/announcements/details/iana-naming-function-review-bylaws-changes-09-03-2023-en> https://www.icann.org/en/announcements/details/iana-naming-function-review-bylaws-changes-09-03-2023-en>

 

GSMA Ministerial Programme 2023: Leadership for future connectivity

Every year, MWC Barcelona features an exclusive event-within-an-event called the Ministerial Programme, which brings together ministries, regulatory bodies and the mobile sector to discuss the policies, challenges and emerging technologies shaping the digital economy and society. This year, in its 17th edition, the programme welcomed 196 delegations representing 151 countries and 45 intergovernmental organisations — the highest number of delegations ever and a testament to this forum’s ongoing value to decision-makers across the digital ecosystem.

< <https://www.gsma.com/publicpolicy/gsma-ministerial-programme-2023-leadership-for-future-connectivity> https://www.gsma.com/publicpolicy/gsma-ministerial-programme-2023-leadership-for-future-connectivity>

 

Latest 5G standards allow operators’ converged networks to thrive (Reader Forum)

The convergence of wireless and wireline networks will provide a consistent 5G experience no matter how consumers are connected, delivering on the technology’s many promises – from better and differentiated Quality of Experience (QoE) to advances in the IoT and AI fields.

< <https://www.rcrwireless.com/20230309/uncategorized/latest-5g-standards-allow-operators-converged-networks-to-thrive-reader-forum> https://www.rcrwireless.com/20230309/uncategorized/latest-5g-standards-allow-operators-converged-networks-to-thrive-reader-forum>

 

NTIA seeks feedback on future airwaves for innovative technologies

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) on Wednesday began seeking comment on identifying airwaves for more intensive use and innovative new uses by both the private sector and federal agencies.

< <https://www.ntia.gov/press-release/2023/ntia-seeks-feedback-future-airwaves-innovative-technologies> https://www.ntia.gov/press-release/2023/ntia-seeks-feedback-future-airwaves-innovative-technologies>

 

us: In Senate Testimony, CDT CEO Alexandra Givens Calls For Cross-Society Effort in Addressing Risks of AI

Today, Center for Democracy & Technology (CDT) President and CEO Alexandra Givens testified before the U.S. Senate Committee on Homeland Security and Government Affairs in a hearing entitled “Artificial Intelligence: Risks and Opportunities.”

< <https://cdt.org/press/in-senate-testimony-cdt-ceo-alexandra-givens-calls-for-cross-society-effort-in-addressing-risks-of-ai/> https://cdt.org/press/in-senate-testimony-cdt-ceo-alexandra-givens-calls-for-cross-society-effort-in-addressing-risks-of-ai/>

 

Claims That AI Productivity Will Save Us Are Neither New, nor True: Not only does new tech often result in more work for people, but it also introduces additional kinds of work.

As artificial intelligence (AI) captures the public imagination, while also exhibiting missteps and failures, enthusiasts continue to tout future productivity gains as justification for a lenient approach to its governance. For example, Venture fund ARK Invest predicts that “during the next eight years AI software could boost the productivity of the average knowledge worker by nearly 140%, adding approximately $50,000 in value per worker, or $56 trillion globally.” Accenture claims that “AI has the potential to boost labor productivity by up to 40 percent in 2035…enabling people to make more efficient use of their time.” And OpenAI CEO Sam Altman similarly appeals to time savings on menial tasks like email. But what if promises around AI productivity do not necessarily translate into benefits to society?

< <https://www.cigionline.org/articles/claims-that-ai-productivity-will-save-us-are-neither-new-nor-true/> https://www.cigionline.org/articles/claims-that-ai-productivity-will-save-us-are-neither-new-nor-true/>

 

OpenAI Swings the Doors Wide Open on ChatGPT: Cheap pricing has already led to a slew of AI-enabled offerings from Instacart, Shopify, and Snap

On 1 March 2023, OpenAI made an announcement that developers were eagerly anticipating: The company launched the ChatGPT API, giving third-party developers access to the AI model that powers ChatGPT and Microsoft’s Bing Chat.

< <https://spectrum.ieee.org/chatgpt-2659513223> https://spectrum.ieee.org/chatgpt-2659513223>

 

Her future is digital

For years, we’ve argued that technology can be a force for women’s empowerment around the world. But on this International Women’s Day, while we celebrate digital’s transformative power, we also recognize the need to address the barriers that stand in the way. This is why the World Bank is prioritizing three key accelerators for women’s digital inclusion: online safety, inclusive digital public infrastructure, and digital skills.

< <https://blogs.worldbank.org/digital-development/her-future-digital> https://blogs.worldbank.org/digital-development/her-future-digital>

 

Bridging the gender gaps in GovTech

This International Women’s Day, the UN Commission on the Status of Women will spotlight its main objective—which is, Innovation and technological change, and education in the digital age for achieving gender equality and the empowerment of all women and girls. On the occasion, this blog examines gender gaps in GovTech and the opportunities that exist to bridge these gaps in the public sector.

< <https://blogs.worldbank.org/governance/bridging-gender-gaps-govtech> https://blogs.worldbank.org/governance/bridging-gender-gaps-govtech>

 

ICANN Celebrates International Women’s Day with Two Female Leaders at the Helm

ICANN is celebrating an important milestone. For the first time in its 24-year history, the organization has two women at its highest positions.

< <https://www.icann.org/resources/press-material/release-2023-03-08-en> https://www.icann.org/resources/press-material/release-2023-03-08-en>

 

How slimmed-down websites can cut their carbon emissions

"I'm horrified," says Valentina Karellas. "I know grams because I work with them every day and I know how much 10g weighs. And that's just one page." She's just learned that every visit to her website's homepage generates up to 9.89g of carbon emissions. It's nearly 10 times the 1g target recommended by the Eco-Friendly Web Alliance, an organisation that offers accreditation for environmentally friendly websites.

< <https://www.bbc.com/news/business-64623955> https://www.bbc.com/news/business-64623955>

 

The Next Superpower Battlefield Could Be Under the Sea in Africa

Submarine fiber-optic cables traversing oceans and connecting the African continent have fast emerged as a geopolitical hotspot for the West. As of late, U.S. foreign policy has been captivated by strategic maneuvering in response to China’s surveillance balloon and plans to implement a national ban on the world’s most popular app, TikTok, which has ties to Beijing.

< <https://foreignpolicy.com/2023/03/10/africa-china-russia-subsea-cables/> https://foreignpolicy.com/2023/03/10/africa-china-russia-subsea-cables/>

 

Submarine Cable Resiilience

I have on my desk a rather small tube. It's a little under 2cm in diameter, 6 cm long, and looks like it’s made from a dull white polycarbonate material. At the end I can see a copper inner tube, and inside that another polycarbonate layer, and then a smaller steel tube that holds a thin steel thread and some fibre optic cables. There are no layers of steel jacketing, nor any other additional wrapping at all.

< <https://www.potaroo.net/ispcol/2023-03/altcable.html> https://www.potaroo.net/ispcol/2023-03/altcable.html>

 

WSIS Forum 2023: Digital must be leveraged to put sustainable development back on track

Twenty years ago, then-United Nations Secretary-General Kofi Annan told leaders at the first WSIS how digital technologies could “improve the standards of living for millions upon millions of people.”

< <https://www.itu.int/hub/2023/03/wsis-forum-2023-digital-must-be-leveraged-to-put-sustainable-development-back-on-track/> https://www.itu.int/hub/2023/03/wsis-forum-2023-digital-must-be-leveraged-to-put-sustainable-development-back-on-track/>

 

Global digital community examines ethical dimensions of technology development

When the WSIS adopted its Geneva Declaration of Principles back in 2003, it put ethical concerns at the forefront.

< <https://www.itu.int/hub/2023/03/global-digital-community-examines-ethical-dimensions-of-technology-development/> https://www.itu.int/hub/2023/03/global-digital-community-examines-ethical-dimensions-of-technology-development/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home