[Newsclips] IETF SYN-ACK Newspack 2022-05-02

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

IETF Publishes RFC 9116 for 'security.txt' File

The Internet Engineering Task Force (IETF) has published RFC 9116 for the security.txt file, whose goal is to make it easier for researchers to responsibly disclose the vulnerabilities they find.

< <https://www.securityweek.com/ietf-publishes-rfc-9116-securitytxt-file> https://www.securityweek.com/ietf-publishes-rfc-9116-securitytxt-file>

 

Russia–Ukraine Conflict and Geopolitics of Data Routing

... Who governs the internet? The absence of a central organisation to oversee internet operations does not imply that everyone can have unrestricted access. For example, IP addresses and hostnames are finite and are bound by technical and geographical restrictions. The delegation of hostnames and IP addresses was controlled by the United States (US) until 2009, when the US government gave autonomy to ICANN to operate independently. The US Department of Commerce still played a role in reviewing the operations of ICANN till 2016. Another entity called the Internet Engineering Task Force (IETF) consists of experts that develop and approve protocols needed for Internet functioning and is considered to be free of political interference, unlike ICANN. Nonetheless, ICANN does not have the authority to debar any actor from the Internet.

< <https://www.idsa.in/issuebrief/russia-ukraine-conflict-and-geopolitics-of-data-routing-kpatil-290422> https://www.idsa.in/issuebrief/russia-ukraine-conflict-and-geopolitics-of-data-routing-kpatil-290422>

 

China again signals desire to shape IPv6 standards

China's Central Cyberspace Administration has revealed a plan for further and faster adoption of IPv6 across the nation and outlined plans to drive new developments for the protocol. ... New IP was first floated in 2019, and China chose to advance it through the International Telecommunications Union (ITU) – despite that body having no role in IP development. That job is handled by the IETF and the IEEE (Institute of Electrical and Electronics Engineers).

< <https://www.theregister.com/2022/04/26/china_ipv6_plan/> https://www.theregister.com/2022/04/26/china_ipv6_plan/>

 

IPv6 Enhanced unleashes connectivity potential as SRv6 gains traction

... On the first day of the Congress, Zhenbin Li, Huawei Chief IP Standard Representative and IETF IAB member, delivered a keynote speech titled "APN6 Enables Application and Network Collaboration". He said that the innovation of IPv6 Enhanced technologies oriented towards emerging services such as 5G and cloud is increasingly becoming a consensus in the industry.

< <https://www.developingtelecoms.com/telecom-technology/telecom-cloud-virtualization/13408-ipv6-enhanced-unleashes-connectivity-potential-as-srv6-gains-traction.html> https://www.developingtelecoms.com/telecom-technology/telecom-cloud-virtualization/13408-ipv6-enhanced-unleashes-connectivity-potential-as-srv6-gains-traction.html>

 

A Twenty-First-Century Approach to Advance Canada’s Foreign Policy on Communications and Technology

... The expansion of the internet provides a dramatic example of how government control over international communications has declined. The origin story of the internet is well known. It was developed primarily by American university-based researchers who did not anticipate its use by the private sector or the general public. Its technical architecture and standards were developed by those same engineers and academics. The network’s expansion to other countries was based on informal agreements among system administrators. Governance of the network was loosely based on protocols developed by engineers working in voluntary organizations, most notably the Internet Engineering Task Force (IETF), an unincorporated body.

< <https://www.cigionline.org/articles/a-twenty-first-century-approach-to-advance-canadas-foreign-policy-on-communications-and-technology/> https://www.cigionline.org/articles/a-twenty-first-century-approach-to-advance-canadas-foreign-policy-on-communications-and-technology/>

 

History of Infosec: a primer.

... In terms of Government, commercial and academic organizations, in 2010, the Industrial Control Systems CERT started tracking Industrial Control Systems vulnerabilities. The Internet Engineering Task Force (IETF) released OAuth as an open-standard authorization protocol that describes how unrelated servers and services can safely delegate authenticated access to their assets without actually sharing credentials.

< <https://thecyberwire.com/stories/eaa2f29f364446c19e73644b5343099e/history-of-infosec-a-primer> https://thecyberwire.com/stories/eaa2f29f364446c19e73644b5343099e/history-of-infosec-a-primer>

 

Is Your Station Prepared for the Next Cyberattack?

Cybersecurity, unlike other projects around the station, is never finished. It requires ongoing diligence to be ready for threats that are constantly changing. ... Regardless of the type, they share common characteristics and capabilities as defined by the Internet Engineering Task Force (IETF) Request for Comments (RFC)’s. IETF RFC 1122 provides the details of those capabilities.

< <https://www.radioworld.com/tech-and-gear/radio-it-management/is-your-station-prepared-for-the-next-cyberattack> https://www.radioworld.com/tech-and-gear/radio-it-management/is-your-station-prepared-for-the-next-cyberattack>

 

OCC’s Hsu: Interoperable Stablecoins Key to Success of Crypto Economy

... That included government agencies like DARPA, which built the earliest version of the internet; organizations like the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF); academia; and business interests.

< <https://www.pymnts.com/cryptocurrency/2022/occ-hsu-interoperable-stablecoins-key-success-crypto-economy/> https://www.pymnts.com/cryptocurrency/2022/occ-hsu-interoperable-stablecoins-key-success-crypto-economy/>

 

Stablecoins need 'shared standards' amid lack of interoperability, OCC chief says

... "To ensure that stablecoins are open and inclusive, I believe a standard setting initiative similar to that undertaken by IETF [Internet Engineering Task Force] and W3C [World Wide Web Consortium] needs to be established, with representatives not just from crypto/Web3 firms, but also including academics and government," Hsu said Wednesday.

< <https://seekingalpha.com/news/3827766-stablecoins-need-shared-standards-amid-lack-of-interoperability-occ-chief-says> https://seekingalpha.com/news/3827766-stablecoins-need-shared-standards-amid-lack-of-interoperability-occ-chief-says>

 

us: Acting Comptroller Issues Statement on Standards for Stablecoins

Acting Comptroller of the Currency Michael J. Hsu issued the following statement after his appearance today at the Artificial Intelligence and the Economy: Charting a Path for Responsible and Inclusive AI symposium hosted by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), FinRegLab, and the Stanford Institute for Human-Centered Artificial Intelligence. Well-designed standards can promote inclusive and responsible innovation. Take the internet, for instance. The technical foundations of the internet provide for an open, royalty-free network – something we take for granted today. Those foundations did not emerge on their own. They were developed by standard setting bodies like IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium), which had representatives with differing perspectives, a shared public interest ethos, and a strong leader committed to the vision of an open and inclusive internet.

< <https://www2.occ.gov/news-issuances/news-releases/2022/nr-occ-2022-43.html> https://www2.occ.gov/news-issuances/news-releases/2022/nr-occ-2022-43.html>

< <https://mondovisione.com/media-and-resources/news/us-acting-comptroller-of-the-currency-issues-statement-on-standards-for-stableco/> https://mondovisione.com/media-and-resources/news/us-acting-comptroller-of-the-currency-issues-statement-on-standards-for-stableco/>

 

Acting OCC Chief Calls for Formation of Stablecoin Regulation Standards

... Michael stated that technologies such as AI and stablecoins enable transactions in blockchain-based systems and that a standard-setting initiative similar to that undertaken by IETF and W3C must be established.

< <https://www.fxempire.com/news/article/acting-occ-chief-calls-for-formation-of-stablecoin-regulation-standards-982139> https://www.fxempire.com/news/article/acting-occ-chief-calls-for-formation-of-stablecoin-regulation-standards-982139>

 

IETF publiceert na jarenlang proces RFC 9116 voor "security.txt" bestand [IETF publishes RFC 9116 for "security.txt" file after years of process]

De Internet Engineering Task Force (IETF) heeft na een proces van vijf jaar een RFC (Request for Comments) gepubliceerd voor "security.txt", een bestand waarmee organisaties en websites hun beleid voor het omgaan met beveiligingslekken kunnen vermelden. Door de publicatie van RFC 9116 is security.txt nu een specificatie geworden, maar geen internetstandaard.

< <https://www.security.nl/posting/751808/> https://www.security.nl/posting/751808/>

 

Security.txt per segnalare le vulnerabilità dei siti Web [Security.txt to report website vulnerabilities]

La prima draft dello standard security.txt venne realizzata nel corso del 2017, sono stati quindi necessari circa 5 anni prima della pubblicazione del RFC 9116 con cui il file è diventato ufficialmente un documento, o per meglio dire un formato, accettato dall'IETF (Internet Engineering Task Force) per la disclosure delle vulnerabilità di sicurezza.

< <https://www.html.it/magazine/security-txt-per-segnalare-le-vulnerabilita-dei-siti-web/> https://www.html.it/magazine/security-txt-per-segnalare-le-vulnerabilita-dei-siti-web/>

 

Was ist SSL/TLS? [Was ist SSL/TLS?]

... SSL "vs." TLS: Als 1999 die nächste Version des SSL-Protokolls veröffentlicht wurde, wurde es von der Internet Engineering Task Force (IETF) standardisiert und erhielt einen neuen Namen: Transport Layer Security (TLS). In der offiziellen TLS-Spezifikation heißt es: "Die Unterschiede zwischen diesem Protokoll und SSL 3.0 sind nicht dramatisch". SSL und TLS stehen sich also nicht konträr gegenüber - vielmehr bilden beide gemeinsam eine ständig aktualisierte Reihe von Protokollen, die auch oft unter dem Begriff "SSL/TLS" zusammengefasst wird.

< <https://www.computerwoche.de/a/was-ist-ssl-tls,3553233> https://www.computerwoche.de/a/was-ist-ssl-tls,3553233>

 

EU chce za stovky milionů postavit vlastní DNS. Nabídku na DNS4EU poslali i Češi [The EU wants to build its own DNS for hundreds of millions. The Czechs also sent an offer to DNS4EU]

... Díky tomu, že působíme po celé Evropě, máme širokou představu o tom, jak různé kouty Evropy pracují. Jsme také v řadě oborových sdružení a pracovních skupin týkající se DNS překladu, bezpečnosti na úrovni DNS a tak dále (Encrypted DNS Initiative, GSMA Network Groups, OARC, DNS-related Working Groups at IETF, RIPE's DNS Working Group).

< <https://www.lupa.cz/clanky/eu-chce-za-stovky-milionu-postavit-vlastni-dns-nabidku-na-dns4eu-poslali-i-cesi/> https://www.lupa.cz/clanky/eu-chce-za-stovky-milionu-postavit-vlastni-dns-nabidku-na-dns4eu-poslali-i-cesi/>

 

Çin, IPv6 standartlarını şekillendirmek için yenilenen arzunun sinyalini veriyor • The Register [China signals renewed desire to shape IPv6 standards • The Register]

... Yeni fikri mülkiyet ilk olarak 2019’da piyasaya çıktı ve Çin bunu Uluslararası Telekomünikasyon Birliği (ITU) aracılığıyla zorlamayı seçti – bu organın fikri mülkiyet gelişiminde hiçbir rolü olmamasına rağmen. Bu görev, İnternet Mühendisliği Görev Gücü (IETF) ve IEEE (Elektrik ve Elektronik Mühendisleri Enstitüsü) tarafından gerçekleştirilir.

< <https://zamanbelcika.be/teknoloji/cin-ipv6-standartlarini-sekillendirmek-icin-yenilenen-arzunun-sinyalini-veriyor-the-register/41034/> https://zamanbelcika.be/teknoloji/cin-ipv6-standartlarini-sekillendirmek-icin-yenilenen-arzunun-sinyalini-veriyor-the-register/41034/>

 

ไฟล์ security.txt เข้าเป็นมาตรฐาน RFC9116 ระบุกระบวนการแจ้งช่องโหว่ [The security.txt file conforms to the RFC9116 standard, identifies the vulnerability reporting process.]

IETF ผ่านมาตรฐาน RFC9116 กำหนดฟอร์แมตของการแจ้งช่องโหว่ซอฟต์แวร์ หรือไฟล์ security.txt ไว้เป็นระบบเดียวกันเพื่อให้ง่ายต่อนักวิจัยในการติดต่อ

< <https://www.blognone.com/node/128245> https://www.blognone.com/node/128245>

 

NATOが量子時代用のセキュアなVPNの確立を目指す切実な理由 [Why NATO is keen to establish a secure VPN for the quantum age]

NATO's Cyber Security Centre（NCSC）は、Post-Quantumが設計・構築したVPNによるセキュアな通信フローのテストに成功した。 Post-QuantumのVPNを作成したのは、ポスト量子のハイブリッドVPN用IETF（Internet Engineering Task Force）標準を記述した執筆者だ。この標準は、VPNを量子による攻撃に耐えられるようにする可能性があるといわれている。

< <https://techtarget.itmedia.co.jp/tt/news/2204/28/news02.html> https://techtarget.itmedia.co.jp/tt/news/2204/28/news02.html>

 

dnsmasqが抱える脆弱性「DNSpooq」がもたらすセキュリティリスクとは？ [What are the security risks posed by dnsmasq's vulnerability "DNSpooq"?]

オープンソースのDNSサーバーとして広く知られているdnsmasq。しかし、その脆弱性「DNSpooq」の発覚により、改めてDNSサーバーのセキュリティリスクが認識されるようになった。この記事では、DNSの仕組みをはじめ、DNSに関連するセキュリティインシデントを紹介した上で、DNSサーバーを保護する設定・管理の方法について解説していく。

< <https://eset-info.canon-its.jp/malware_info/special/detail/220428.html> https://eset-info.canon-its.jp/malware_info/special/detail/220428.html>

 

中国移动研究院李晗荣获“全国五一劳动奖章” [Li Han of China Mobile Research Institute won the "National May Day Labor Medal"]

... 作为中国移动研究院传输技术团队带头人，李晗充分践行着勤奋敬业、追求卓越的移动人精神，以背水一战的心态全力以赴每一次技术攻关，以不眠不休的拼劲儿力争完成每一项科研成果，在PTN、SPN、OTN、GPON和时间同步等高速光网络领域攻坚克难，提出并引领多项重大技术机制及发展，支撑中国移动完成4G、5G承载等一系列技术决策；多次受邀在国际国内重要会议做大会报告，深度参与ITU-T、IETF、CCSA等国际国内标准化组织工作，成为多项ITU和IETF标准的编辑人，在国内外刊物上发表学术论文100余篇，授权专利100多项，主导制定ITU和IETF国际标准10多项。

< <https://finance.sina.com.cn/tech/2022-04-28/doc-imcwipii7016949.shtml> https://finance.sina.com.cn/tech/2022-04-28/doc-imcwipii7016949.shtml>

 

中国联通唐雄燕：“1+3+X”驱动网络智能化变革，2025年实现L4级自智网络 [Tang Xiongyan of China Unicom: "1+3+X" drives the intelligent transformation of the network, and realizes the L4-level self-intelligent network in 2025]

... 要实现智能光网络的交换就必然要引入网络的控制协议，IETF将MPLS扩展和更新为GMPLS，以适应智能光网络进行动态控制和信令传送；智能光网络的架构则是由ITU在2001年正式完成标准化，发布ASON（G.8080）；另外一个标准组织OIF重点定义了UNI、NNI等接口标准。

< <https://finance.sina.com.cn/tech/2022-04-26/doc-imcwiwst4167031.shtml> https://finance.sina.com.cn/tech/2022-04-26/doc-imcwiwst4167031.shtml>

 

什么是自智网络？ [ What is an Ad Hoc Network?]

... “意图”这个概念，在2015年由IETF（互联网工程任务组）在SDN 控制器的背景下首次引入。

< <https://www.eet-china.com/mp/a128016.html> https://www.eet-china.com/mp/a128016.html>

 

盘后机会挖掘汇总：券商股砸盘！纺织服装板块上演跌停潮 免税概念却逆市大涨！[After-hours opportunity mining summary: brokerage stocks smashed! The textile and garment sector staged a stop tide, the concept of tax exemption but against the market rose sharply!]

... IPv6是英文“Internet ProtocolVersion 6”(互联网协议第6版)的缩写，是互联网工程任务组(IETF)设计的用于替代IPv4的下一代IP协议，其地址数量号称可以为全世界的每一粒沙子编上一个地址。较于IPV4，IPV6具有更大的地址空间、用更小的路由表、具有更高的安全性和更好的头部格式，并且其增加了增强的组播支持以及对流的控制，使得网络上的多媒体应用有了长足发展的机会，为服务质量控制提供了良好的网络平台。除此之外，IPv6加入了对自动配置的支持。这是对DHCP协议的改进和扩展，使得网络的管理更加方便和快捷。

< <http://sc.stock.cnfol.com/gushizhibo/20220426/29588064.shtml> http://sc.stock.cnfol.com/gushizhibo/20220426/29588064.shtml>

< <http://sc.stock.cnfol.com/gushizhibo/20220426/29587033.shtml> http://sc.stock.cnfol.com/gushizhibo/20220426/29587033.shtml>

 

你知道tcp和udp的区别是什么吗 快来了解一下吧 [Do you know what the difference between tcp and udp is To take a look]

... TCP协议全称是传输控制协议是一种面向连接的、可靠的、基于字节流的传输层通信协议，由 IETF 的RFC 793定义。TCP 是面向连接的、可靠的流协议。流就是指不间断的数据结构，你可以把它想象成排水管中的水流。

< <http://zixun.shbear.com/zixun/2022/0429/28131.html> http://zixun.shbear.com/zixun/2022/0429/28131.html>

 

Китай ускоряет внедрение IPv6 на фоне стремительного прогресса 5G-сетей и облаков, но не оставляет надежды распространить по миру свои собственные стандарты связи [China accelerates IPv6 adoption amid rapid progress in 5G networks and clouds, but leaves no hope of spreading its own communication standards around the world]

... В этих условиях распространение IPv6 имеет критически важное значение. Новый план китайских властей предусматривает «активное участие нации» в формировании не только местных, но и международных стандартов для интернета будущего. В Китае намерены продвигать новый стандарт New IP вместо привычного стека TCP/IP. Huawei предложила его Международному союзу электросвязи (ITU), хотя разработкой соответствующих стандартов занимаются преимущественно IETF и IEEE.

< <https://servernews.ru/1064720> https://servernews.ru/1064720>

 

Санкции в отношении интернет-инфраструктуры в контексте украинского кризиса: как реагируют стейкхолдеры? [Sanctions against Internet infrastructure in the context of the Ukrainian crisis: how do stakeholders react?]

... 7 марта в IETF2 появился интернет-драфт (особый тип рабочих документов), где авторы рассуждают о технических способах отключения Интернета на разных уровнях — от физической инфраструктуры до уровня маршрутизации интернет-трафика и потоков информации. В частности, в документе отмечается:

< <https://russiancouncil.ru/analytics-and-comments/analytics/sanktsii-v-otnoshenii-internet-infrastruktury-v-kontekste-ukrainskogo-krizisa-kak-reagiruyut-steykkh/> https://russiancouncil.ru/analytics-and-comments/analytics/sanktsii-v-otnoshenii-internet-infrastruktury-v-kontekste-ukrainskogo-krizisa-kak-reagiruyut-steykkh/>

 

**********************

SECURITY & PRIVACY

**********************

Cybersecurity as Illuminator for the Future of Computing Research

Today, forces as disparate as the ever-increasing centrality of computing to modern society, the intellectual and technical maturing of the discipline itself, changing expectations about the impact of research results, and evolving conceptions of effective researcher career paths drive us to reflect on how the field and profession of computing research should grow and change in response.

< <https://cacm.acm.org/magazines/2022/5/260350-cybersecurity-as-illuminator-for-the-future-of-computing-research/fulltext> https://cacm.acm.org/magazines/2022/5/260350-cybersecurity-as-illuminator-for-the-future-of-computing-research/fulltext>

 

CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021

Log4Shell, despite being disclosed only at the end of the year, topped 2021's list of most-exploited vulnerabilities, according to the Cybersecurity and Infrastructure Agency (CISA). The agency compiled the findings along with the cybersecurity agencies of Australia, Canada, New Zealand, and the United Kingdom. 

< <https://www.darkreading.com/vulnerabilities-threats/cisa-log4shell-most-exploited-vulnerability-2021> https://www.darkreading.com/vulnerabilities-threats/cisa-log4shell-most-exploited-vulnerability-2021>

 

CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Cybersecurity Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory today on the common vulnerabilities and exposures (CVEs) frequently exploited by malicious cyber actors, including the 15 most commonly exploited of 2021.

< <https://www.cisa.gov/news/2022/04/27/cisa-fbi-nsa-and-international-partners-warn-organizations-top-routinely-exploited> https://www.cisa.gov/news/2022/04/27/cisa-fbi-nsa-and-international-partners-warn-organizations-top-routinely-exploited>

< <https://www.cyber.gc.ca/en/news/joint-cybersecurity-advisory-2021-top-routinely-exploited-vulnerabilities> https://www.cyber.gc.ca/en/news/joint-cybersecurity-advisory-2021-top-routinely-exploited-vulnerabilities> [Canadian news release]

< <https://www.ncsc.govt.nz/newsroom/joint-cyber-security-advisory-top-15-routinely-exploited/> https://www.ncsc.govt.nz/newsroom/joint-cyber-security-advisory-top-15-routinely-exploited/> [New Zealand news release]

< <https://www.ncsc.gov.uk/news/ncsc-and-allies-publish-advisory-on-the-most-commonly-exploited-vulnerabilities-in-2021> https://www.ncsc.gov.uk/news/ncsc-and-allies-publish-advisory-on-the-most-commonly-exploited-vulnerabilities-in-2021> [UK news release]

< <https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-top-routinely-exploited-vulnerabilities> https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-top-routinely-exploited-vulnerabilities> [Australian news release]

 

Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded

A DDoS-over-HTTPS attack targeting an unnamed crypto launchpad company clocked in at a whopping 15.3 million requests-per-second (rps) earlier this month — turning heads at Cloudflare. It lasted just 15 seconds, but the HTTPS DDoS attack was the largest of its kind the company has ever observed, two analysts from Cloudflare explained in a new blog post. Cloudflare's researchers noted that HTTPS DDoS attacks require the use of a transport layer security (TLS) encrypted connection, which isn't cheap. That suggests a well-funded operation.

< <https://www.darkreading.com/attacks-breaches/cloudflare-flags-largest-https-ddos-attack-it-s-ever-recorded> https://www.darkreading.com/attacks-breaches/cloudflare-flags-largest-https-ddos-attack-it-s-ever-recorded>

 

Cloudflare blocks 15M rps HTTPS DDoS attack

Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record.

< <https://blog.cloudflare.com/15m-rps-ddos-attack/> https://blog.cloudflare.com/15m-rps-ddos-attack/>

 

How effective is HTTPS/TLS usage in the consumer IoT ecosystem?

Insecure Internet of Things (IoT) devices are regularly exploited to cause a great deal of harm, for example, distributed denial-of-service attacks and privacy invasion of users. A key way to improve the security and privacy of IoT devices is to protect their network communication, which may contain sensitive user data, or expose the inner workings of a device.

< <https://blog.apnic.net/2022/04/27/how-effective-is-https-tls-usage-in-the-consumer-iot-ecosystem/> https://blog.apnic.net/2022/04/27/how-effective-is-https-tls-usage-in-the-consumer-iot-ecosystem/>

 

Tracing the DDoS attack ecosystem from the Internet core

DDoS attacks pose a major and omnipresent threat to the stability of the Internet. On average, about one-third of the active /24 networks on the Internet receive some form of DDoS attack every two years.

< <https://blog.apnic.net/2022/04/28/tracing-the-ddos-attack-ecosystem-from-the-internet-core/> https://blog.apnic.net/2022/04/28/tracing-the-ddos-attack-ecosystem-from-the-internet-core/>

 

Shedding light on power plant control networks

Like all critical infrastructure sectors, the energy sector has become reliant on automation techniques to monitor and control its networks. However, not much is publicly known about these techniques or the networks that tend to use proprietary protocols and operate in closed settings.

< <https://blog.apnic.net/2022/04/29/shedding-light-on-power-plant-control-networks/> https://blog.apnic.net/2022/04/29/shedding-light-on-power-plant-control-networks/>

 

us: NIST Official: Revised Cybersecurity Supply-Chain Guidance Imminent

The software Industry wants agencies to show their ‘use’ of the NIST Cybersecurity Framework, which it says should be mapped to the revised supply chain guidance.

< <https://www.nextgov.com/cybersecurity/2022/04/nist-official-revised-cybersecurity-supply-chain-guidance-imminent/366202/> https://www.nextgov.com/cybersecurity/2022/04/nist-official-revised-cybersecurity-supply-chain-guidance-imminent/366202/>

 

**********************

INTERNET OF THINGS

**********************

us: The Application of Cybersecurity for IoT Capabilities to Real-World Scenarios

NIST has a history of collaboration between its programs, which helps maximize project impacts and practicality to industry. One great example is between NIST’s National Cybersecurity Center of Excellence (NCCoE) and the Cybersecurity for the Internet of Things (IoT) Program. Recent project reports from the NCCoE include mappings of relevant IoT device cybersecurity capabilities and nontechnical supporting capabilities; these three mappings align NIST’s IoT cybersecurity guidance with real-world implementation approaches:

< <https://www.nist.gov/blogs/cybersecurity-insights/application-cybersecurity-iot-capabilities-real-world-scenarios> https://www.nist.gov/blogs/cybersecurity-insights/application-cybersecurity-iot-capabilities-real-world-scenarios>

 

Cities urged to help shape the metaverse

For some, the metaverse is the future of the internet, retail, media and everything in between. For others, it’s distracting hype beset with risks. Whatever its eventual form turns out to be, the likelihood is that the metaverse is coming.

< <https://www.itu.int/hub/2022/04/metaverse-opportunities-cities-today/> https://www.itu.int/hub/2022/04/metaverse-opportunities-cities-today/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

China again signals desire to shape IPv6 standards

China's Central Cyberspace Administration has revealed a plan for further and faster adoption of IPv6 across the nation and outlined plans to drive new developments for the protocol. ... Those aims are broadly consistent with China's plan to create a "New IP" that does everything internet protocol can already do but adds security and management features that Chinese carriers and Huawei suggest are worthy of inclusion in internetworking standards. New IP was first floated in 2019, and China chose to advance it through the ITU – despite that body having no role in IP development. That job is handled by the IETF and the IEEE (Institute of Electrical and Electronics Engineers).

< <https://www.theregister.com/2022/04/26/china_ipv6_plan/> https://www.theregister.com/2022/04/26/china_ipv6_plan/>

 

Netzwerkwächter Little Snitch kommt besser mit Apples Private Relay zurecht [Network Guard Little Snitch copes better with Apple's Private Relay]

... Weitere Fixes und Verbesserungen betreffen das zunehmend häufig verwendete QUIC-Protokoll zur schnelleren Übertragung von Websites. Hier sollen durch Anpassungen an den jüngsten IETF-Standard seltener Alerts auftreten und diese anstatt lediglich der IP-Adresse auch den Hostnamen des Zielservers anzeigen. Der Netzwerkmonitor arbeitet performanter und beim Abonnieren von Regelgruppen unterstützt Little Snitch mehr Formate von Blocklisten. Weiterhin läuft jetzt ein automatisches Backup der Regeln und Konfigurationen – es bleiben dadurch mindestens acht Sicherungen erhalten, die man leicht zurückspielen kann.

< <https://www.heise.de/news/Netzwerkwaechter-Little-Snitch-kommt-besser-mit-Apples-Private-Relay-zurecht-7065651.html> https://www.heise.de/news/Netzwerkwaechter-Little-Snitch-kommt-besser-mit-Apples-Private-Relay-zurecht-7065651.html>

 

**********************

OTHERWISE NOTEWORTHY

**********************

The Go Programming Language and Environment

Go is a programming language created at Google in late 2007 and released as open source in November 2009. Since then, it has operated as a public project, with contributions from thousands of individuals and dozens of companies.

< <https://cacm.acm.org/magazines/2022/5/260357-the-go-programming-language-and-environment/fulltext> https://cacm.acm.org/magazines/2022/5/260357-the-go-programming-language-and-environment/fulltext>

 

May 13 Deadline to Nominate People for 2022 Jonathan B. Postel Service Award

Do you know someone who has made outstanding contributions in service to the Internet community? Someone who has made the Internet better in some way who deserves more recognition? Maybe someone who has helped extend Internet access to a large region? Or wrote widely-used programs that make the Internet more secure? Or served in some capacity behind the scenes in Internet services?

< <https://circleid.com/posts/20220429-may-13-deadline-to-nominate-people-for-2022-jonathan-b-postel-service-award> https://circleid.com/posts/20220429-may-13-deadline-to-nominate-people-for-2022-jonathan-b-postel-service-award>

 

Testing, awareness key to realizing IPv6 single-stack at NTT DOCOMO

Last month, Japan’s largest mobile phone operator, NTT DOCOMO, began rolling out its IPv6 single-stack support, allowing the telco to expand its network faster and at a lower cost.

< <https://blog.apnic.net/2022/04/25/testing-awareness-key-to-realizing-ipv6-single-stack-at-ntt-docomo/> https://blog.apnic.net/2022/04/25/testing-awareness-key-to-realizing-ipv6-single-stack-at-ntt-docomo/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home