[Newsclips] IETF SYN-ACK Newspack 2021-09-27

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Email And The Evolution Of Technology Standards

With cyberattacks being a daily occurrence now, one can easily forget that the security of certain internet technology standards has improved significantly over the last decades. Take, for example, the hypertext transfer protocol (HTTP), the standard of how websites are loaded since the late 1990s. The protocol itself has been continuously improved upon by the Internet Engineering Taskforce (IETF) from HTTP/1 to HTTP/2 and up to the recently emerging HTTP/3. As an added layer of security, HTTPS (the S is for "secure") has emerged in the last five years and has been adopted as the standard.

< <https://www.forbes.com/sites/forbestechcouncil/2021/09/24/email-and-theevolution-oftechnologystandards/> https://www.forbes.com/sites/forbestechcouncil/2021/09/24/email-and-theevolution-oftechnologystandards/>

 

Strengthening the Internet with Enhanced IP Capabilities

... The IETF requires that protocol innovation is deployed across the whole Internet on a global scale. However, this requirement is so high that it may restrain some scenario-based innovation that enhances partial capabilities.

< <https://www.huawei.com/us/technology-insights/publications/huawei-tech/92/internet-ip-capabilities-cloud-ai> https://www.huawei.com/us/technology-insights/publications/huawei-tech/92/internet-ip-capabilities-cloud-ai>

 

Does Your Organization Have a Security.txt File?

... Although security.txt is not yet an official Internet standard as approved by the IETF, its basic principles have so far been adopted by at least eight percent of the Fortune 100 companies. According to a review of the domain names for the latest Fortune 100 firms via gotsecuritytxt.com, those include Alphabet, Amazon, Facebook, HCA Healthcare, Kroger, Procter & Gamble, USAA and Walmart.

< <https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/> https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/>

 

World Standards Day 2021: Here’s all you need to know about this day

... The day honours the efforts of the thousands of experts who develop voluntary standards within standards development organizations such as the American Society of Mechanical Engineers (ASME), International Electrotechnical Commission (IEC), International Ethics Standards Board for Accountants (IESBA), International Organization for Standardization (ISO), International Telecommunication Union (ITU), Institute of Electrical and Electronics Engineers (IEEE) and IETF.

< <https://www.indiatoday.in/information/story/world-standards-day-2021-all-you-need-to-know-about-this-day-1855201-2021-09-21> https://www.indiatoday.in/information/story/world-standards-day-2021-all-you-need-to-know-about-this-day-1855201-2021-09-21>

 

**********************

SECURITY & PRIVACY

**********************

Phishing and malware actors abuse Google Forms for credentials, data exfiltration

Earlier this year as we researched malware use of Transport Layer Security-based communications to conceal command and control traffic and downloads, we found a disproportionate amount of traffic going to Google cloud services. Among the destinations we found in telemetry were a host of Google Forms pages.

< <https://news.sophos.com/en-us/2021/09/23/phishing-and-malware-actors-abuse-google-forms-for-credentials-data-exfiltration/> https://news.sophos.com/en-us/2021/09/23/phishing-and-malware-actors-abuse-google-forms-for-credentials-data-exfiltration/>

 

au: ASPI’s decades: Cyberattacks, deep fakes and the quantum revolution

The cyberworld is a place of falsehood and fights, but also of ideas and identity and extraordinary masses of information. ASPI’s International Cyber Policy Centre was created to grapple with the strategic challenges of a new realm.

< <https://www.aspistrategist.org.au/aspis-decades-cyberattacks-deep-fakes-and-the-quantum-revolution/> https://www.aspistrategist.org.au/aspis-decades-cyberattacks-deep-fakes-and-the-quantum-revolution/>

 

ISD 2021 – Security for an Increasingly Networked World

Two parallel thematic tracks full of presentations, discussions and networking on the topic of cyber security: From 16 to 17 September 2021, over 150 security experts and more than 60 speakers met at the second digital ISD in the event tool talque.

< <https://international.eco.de/news/isd-2021-security-for-an-increasingly-networked-world/> https://international.eco.de/news/isd-2021-security-for-an-increasingly-networked-world/>

 

White House Cybersecurity Summit: A Missed Opportunity

Last month's summit with the president was missing something crucial: representation from those who deal with critical infrastructure.

< <https://www.darkreading.com/vulnerabilities-threats/white-house-cybersecurity-summit-a-missed-opportunity> https://www.darkreading.com/vulnerabilities-threats/white-house-cybersecurity-summit-a-missed-opportunity>

 

**********************

INTERNET OF THINGS

**********************

Interview with Martin Kumstel: Making Mobility More Sustainable and Customer-Friendly

When the Internet and mobility grow together, new synergies and business concepts emerge. In the Mobility Competence Group (CG) in the eco Association, industry experts will shed light on opportunities and challenges in the future, says the new CG Head, Martin Kumstel from Uber, in an interview.

< <https://international.eco.de/news/interview-with-martin-kumstel-making-mobility-more-sustainable-and-customer-friendly/> https://international.eco.de/news/interview-with-martin-kumstel-making-mobility-more-sustainable-and-customer-friendly/>

 

Greening the Internet of Things

The demand for connected devices keeps growing – Fraunhofer project has shown how all of these sensor systems can become extremely energy efficient or even completely autonomous

< <https://www.chemeurope.com/en/news/1172866/greening-the-internet-of-things.html> https://www.chemeurope.com/en/news/1172866/greening-the-internet-of-things.html>

 

Why Internet of Things Adoption in Agriculture Has Taken Off During the Pandemic

Internet of ThingsNew research by Inmarsat, a world leader in global mobile satellite communications, reveals a rapid increase in the maturity level of the industrial Internet of Things (IoT) across the agricultural sector since the start of the COVID-19 pandemic. Respondents to a recent survey, including crop producers and service providers, say that COVID-19 has demonstrated the importance of IoT to their businesses, with many accelerating IoT deployments in response to the pandemic.

< <https://www.inmarsat.com/en/news/latest-news/enterprise/2021/industry-accelerating-iot-adoption-in-response-to-covid.html> https://www.inmarsat.com/en/news/latest-news/enterprise/2021/industry-accelerating-iot-adoption-in-response-to-covid.html>

 

eco Association Wants to Shape Smart Mobility Ecosystems

Internet-based mobility ecosystems will significantly reduce the burden on city centres in the next five years. On average, the Smart City segment “Mobility, Transport & Logistics” is growing 19.6 per cent per year, according to the study “The Smart City Market in Germany, 2021-2026” by eco and Arthur D. Little.

< <https://international.eco.de/presse/eco-association-wants-to-shape-smart-mobility-ecosystems/> https://international.eco.de/presse/eco-association-wants-to-shape-smart-mobility-ecosystems/>

 

100M IoT Devices Exposed By Zero-Day Bug

A flaw in a widely used internet-of-things (IoT) infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks.

< <https://threatpost.com/100m-iot-devices-zero-day-bug/174963/> https://threatpost.com/100m-iot-devices-zero-day-bug/174963/>

 

Upcoming special issues of the ITU Journal look towards 6G

The ITU Journal is inviting contributions to three upcoming special issues on innovation towards 6G in vehicular networks, autonomous network management and control, and future services from Augmented and Virtual Reality to holographic telepresence.

< <https://www.itu.int/en/myitu/News/2021/09/23/16/26/Upcoming-special-issues-of-the-ITU-Journal-look-towards-6G> https://www.itu.int/en/myitu/News/2021/09/23/16/26/Upcoming-special-issues-of-the-ITU-Journal-look-towards-6G>

 

Predictions for the future of IoT sensor technology

IoT has been evolving rapidly over the years, as more and more sectors find innovation gaps that can be plugged by the technology, and it’s showing no signs of slowing down. From here, it’s been estimated that the IoT sensor market will reach a value totalling $34.4 billion by 2024. Additionally, sensors have been getting smaller and more portable, allowing for more detailed datasets to be used.

< <https://www.information-age.com/predictions-for-future-of-iot-sensor-technology-123496769/> https://www.information-age.com/predictions-for-future-of-iot-sensor-technology-123496769/>

 

How IoT device shadows affect cybersecurity

Internet of things (IoT) networks has become a standard part of many organizations’ operations. As these networks grow in size and complexity, managing them becomes increasingly challenging, leading businesses to rely on third-party management solutions. Amazon Web Services (AWS) is one of the most popular thanks to features like device shadows.

< <https://www.securityinfowatch.com/cybersecurity/article/21239604/how-iot-device-shadows-affect-cybersecurity> https://www.securityinfowatch.com/cybersecurity/article/21239604/how-iot-device-shadows-affect-cybersecurity>

 

Upcoming special issues of the ITU Journal look towards 6G

The ITU Journal is inviting contributions to three upcoming special issues on innovation towards 6G in vehicular networks, autonomous network management and control, and future services from Augmented and Virtual Reality to holographic telepresence.

< <https://www.itu.int/en/myitu/News/2021/09/23/16/26/Upcoming-special-issues-of-the-ITU-Journal-look-towards-6G> https://www.itu.int/en/myitu/News/2021/09/23/16/26/Upcoming-special-issues-of-the-ITU-Journal-look-towards-6G>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

ETSI launches first specification for the 5th Generation Fixed Network, F5G technology landscape

ETSI's 5th Generation Fixed Network group (F5G ISG) has just released its first specification, ETSI GS F5G 003, entitled F5G Technology Landscape. In this specification, the ISG studies the technical requirements, existing standards and gaps for 10 different new use cases, for home, enterprises or industrial needs.

< <https://www.etsi.org/newsroom/press-releases/1974-2021-09-etsi-launches-first-specification-for-the-5th-generation-fixed-network-f5g-technology-landscape> https://www.etsi.org/newsroom/press-releases/1974-2021-09-etsi-launches-first-specification-for-the-5th-generation-fixed-network-f5g-technology-landscape>

 

Microsoft Highlights Windows Server 2022 Integration with Azure Services in Summit Talk

Microsoft had a lot to say about Windows Server 2022 in its 1.5-hour Windows Server Summit online event, held on Sept. 16. ... Windows Server 2022 Datacenter Azure edition features include: ... SMB over QUIC, described as a secure "alternative to the TCP network transport" providing VPN support for telecommuters and mobile users.

< <https://redmondmag.com/articles/2021/09/23/microsoft-windows-server-2022-highlights.aspx> https://redmondmag.com/articles/2021/09/23/microsoft-windows-server-2022-highlights.aspx>

 

Microsoft、.NET 6におけるHTTP/3のプレビューサポートについて紹介 [Microsoft、. Introducing HTTP/3 preview support in NET 6]

... .NET 6では、HTTP/3のベースレイヤであるQUICの実装にMSQuicライブラリを使用し、同ライブラリはWindows版.NET 6に含まれており、Linux版.NET 6には個別のパッケージとして提供される。また、.NET 6では.NET QUIC APIの公開を行わず、.NET 7での公開を目指している。

< <https://codezine.jp/article/detail/14917> https://codezine.jp/article/detail/14917>

 

«ВКонтакте» начала работать вдвое быстрее, благодаря новому сетевому протоколу ["VKontakte" began to work twice as fast, thanks to the new network protocol]

Как отмечает пресс-служба, «ВКонтакте» одной из первых в мире внедрила технологию передачи данных на базе нового интернет-протокола QUIC и в 2 раза ускорила доставку контента в веб-версии и мобильных приложениях по сравнению с протоколом старого поколения TCP.

< <https://www.ixbt.com/news/2021/09/20/vkontakte-nachala-rabotat-vdvoe-bystree-blagodarja-novomu-setevomu-protokolu.html> https://www.ixbt.com/news/2021/09/20/vkontakte-nachala-rabotat-vdvoe-bystree-blagodarja-novomu-setevomu-protokolu.html>

 

Apple will disable insecure TLS in future iOS, macOS releases

... The IETF approved TLS 1.3, the next major version of the TLS protocol, in March 2018, after four years of discussions and 28 protocol drafts.

< <https://www.bleepingcomputer.com/news/apple/apple-will-disable-insecure-tls-in-future-ios-macos-releases/> https://www.bleepingcomputer.com/news/apple/apple-will-disable-insecure-tls-in-future-ios-macos-releases/>

 

Apple deprecates TLS 1.0 and 1.1 with iOS 15, macOS 12, more

... As noted by Apple today, the IETF deprecated TLS 1.0 and 1.1 as of March 25, 2021. The IETF approved the next iteration of TLS, version 1.3, in 2018.

< <https://appleinsider.com/articles/21/09/22/apple-deprecates-tls-10-and-11-with-ios-15-macos-12-more> https://appleinsider.com/articles/21/09/22/apple-deprecates-tls-10-and-11-with-ios-15-macos-12-more>

 

Apple Deprecates Outdated TLS Protocols in iOS, macOS

... Back in 2018, major browser vendors, Apple included, announced plans to deprecate support for both TLS 1.0 and 1.1. The IETF deprecated them as of March 25, 2021, and Apple is getting ready to fully remove support for these legacy encryption protocols from its products.

< <https://www.securityweek.com/apple-deprecates-outdated-tls-protocols-ios-macos> https://www.securityweek.com/apple-deprecates-outdated-tls-protocols-ios-macos>

 

Apple Announced that TLS 1.0 and 1.1 Has Been Deprecated in iOS 15, iPadOS 15, macOS 12, and More

... Yesterday, Apple announced that the IETF deprecated TLS 1.0 and 1.1 as of March 25, 2021. The IETF approved TLS, version 1.3, in March 2018. It took four years of discussions and 28 protocol drafts for the IETF to approve the new version.

< <https://heimdalsecurity.com/blog/apple-announced-that-tls-1-0-and-1-1-has-been-deprecated-in-ios-15-ipados-15-macos-12-and-more/> https://heimdalsecurity.com/blog/apple-announced-that-tls-1-0-and-1-1-has-been-deprecated-in-ios-15-ipados-15-macos-12-and-more/>

 

Apple Pulls TLS 1.0, 1.1 Support from Future Products

... Of course, not all of the companies had similar plans to implement a successor protocol. Launched in August 2018 by the IETF, TLS 1.3 was accepted by Microsoft for its Edge browser in addition to TLS 1.2. So do Google Chrome and Mozilla Firefox. Apple, on the other hand, already had a security feature called App Transport Security (ATS) for networking since 2016.

< <https://www.toolbox.com/it-security/network-security/news/apple-end-tls-support-from-future-products/> https://www.toolbox.com/it-security/network-security/news/apple-end-tls-support-from-future-products/>

 

iOS 15 und macOS 12: Alte TLS-Versionen haben ausgedient [iOS 15 and macOS 12: Old TLS versions have become obsolete]

... Apple folgt damit der Internet Engineering Taskforce (IETF), die die Urväter des Verschlüsselungsprotokolls zur sicheren Datenübertragung im März für veraltet erklärt hatte. TLS 1.0 und 1.1 gelten seit Jahren als unsicher, moderne kryptografischen Algorithmen werden nicht unterstützt.

< <https://www.heise.de/news/iOS-15-und-macOS-12-Alte-TLS-Versionen-haben-ausgedient-6199902.html> https://www.heise.de/news/iOS-15-und-macOS-12-Alte-TLS-Versionen-haben-ausgedient-6199902.html>

 

Transport-Layer-Security – der Mindeststandard TLS 1.2 sollte höchste Priorität haben [Transport layer security – the minimum standard TLS 1.2 should have the highest priority]

... So hat 2018 die IETF TLS 1.3 herausgebracht. Die Version erhöhte wiederum Sicherheit und Performance, indem die TLS-Handshakes schneller wurden. Darüber hinaus wurden veraltete Chiffriersuiten wie die des RSA-Schlüsselaustauschalgorithmus, der RC4-Stream-Chiffre oder der CBC-Modus-Chiffre entfernt. Dadurch erleichtert sich auch der Konfigurationsprozess.

< <https://netzpalaver.de/2021/09/23/transport-layer-security-der-mindeststandard-tls-1-2-sollte-hoechste-prioritaet-haben/> https://netzpalaver.de/2021/09/23/transport-layer-security-der-mindeststandard-tls-1-2-sollte-hoechste-prioritaet-haben/>

 

Azure Stack HCI im Vergleich zum Windows Server 2022 [Azure Stack HCI vs. Windows Server 2022]

... Dazu kommt, dass die Azure Edition von Windows Server 2022 auch SMB über „QUIC“ beherrscht. Da die Daten über QUIC mit einem IETF-standardisierten Protokoll verschickt werden, bieten sich viele Vorteile. So ist die Übertragung schneller und kann mit TLS 1.3 verschlüsselt werden. Dazu kommen weitere Vorteile der Azure Edition in Bezug auf Netzwerkkonnektivität und Storage Spaces Direct.

< <https://www.datacenter-insider.de/azure-stack-hci-im-vergleich-zum-windows-server-2022-a-1056646/> https://www.datacenter-insider.de/azure-stack-hci-im-vergleich-zum-windows-server-2022-a-1056646/>

 

Apple ha deprecato TLS 1.0 e 1.1 da iOS 15 [Apple deprecated TLS 1.0 and 1.1 from iOS 15]

... Come notato oggi da Apple, l’IETF ha deprecato TLS 1.0 e 1.1 a partire dal 25 marzo 2021. L’IETF ha approvato la prossima iterazione di TLS, versione 1.3, nel 2018.

< <https://www.iphoneitalia.com/773385/apple-deprecato-tls-ios-15> https://www.iphoneitalia.com/773385/apple-deprecato-tls-ios-15>

 

Apple verwijdert TLS 1.0 en 1.1 in toekomstige iOS- en macOS-versies [Apple removes TLS 1.0 and 1.1 in future iOS and macOS versions]

... Daarnaast voldoen de protocollen niet meer aan de PCI DSS-richtlijn voor betaalkaarttransacties op internet. Alle grote browserontwikkelaars hebben de ondersteuning van TLS 1.0 en 1.1 vanwege veiligheidsredenen stopgezet. In maart van dit jaar werden TLS 1.0 en 1.1 officieel door de IETF afgeschreven.

< <https://www.security.nl/posting/721898/Apple+verwijdert+TLS+1_0+en+1_1+in+toekomstige+iOS-+en+macOS-versies> https://www.security.nl/posting/721898/Apple+verwijdert+TLS+1_0+en+1_1+in+toekomstige+iOS-+en+macOS-versies>

 

Apple rend obsolète les protocoles TLS 1.0 et 1.1 avec iOS 15 [Apple deprecates TLS 1.0 and 1.1 protocols with iOS 15]

... Comme Apple l’a noté aujourd’hui, l’IETF a déconseillé TLS 1.0 et 1.1 depuis le 25 mars 2021. L’IETF a approuvé la prochaine itération de TLS, la version 1.3, en 2018.

< <https://www.iphonote.com/actu/286179/apple-rend-obsolete-les-protocoles-tls-1-0-et-1-1-avec-ios-15> https://www.iphonote.com/actu/286179/apple-rend-obsolete-les-protocoles-tls-1-0-et-1-1-avec-ios-15>

 

Apple, iOS ve macOS'ta TLS'nin eski sürümleri için desteği sonlandıracak [Apple to end support for older versions of TLS on iOS and macOS]

... TLS'nin "istemci-sunucu" modeline göre internet üzerinden bilgi alışverişi yaparken kullanıcıları casusluktan ve gizlice dinlemeden koruyor. Protokolün 1.0 ve halefi 1.1 sürümleri neredeyse 20 yıldır kullanılmakta. Ancak zaman değişiyor ve bu nedenle Mart 2018'de İnternet Mühendisliği Görev Gücü (IETF), dört yıllık tartışma ve protokolün yeni sürümü için yayınlanan 28 taslaktan sonra TLS 1.3'ü onayladı.

< <https://www.donanimhaber.com/apple-ios-ve-macos-ta-tls-nin-eski-surumlerini-sonlandiriyor--139377> https://www.donanimhaber.com/apple-ios-ve-macos-ta-tls-nin-eski-surumlerini-sonlandiriyor--139377>

 

iOS 15 y MacOS 12: las versiones anteriores de DLS celebraron su día [iOS 15 and MacOS 12: Previous versions of DLS celebrated their day]

... Apple sigue al Grupo de Trabajo de Ingeniería de Internet (IETF), que anunció en marzo que era el precursor del protocolo de cifrado para la transferencia segura de datos. TLS 1.0 y 1.1 se han considerado inseguros durante muchos años; No se admiten los métodos criptográficos modernos.

< <https://www.sabotagemagazine.com.mx/ios-15-y-macos-12-las-versiones-anteriores-de-dls-celebraron-su-dia/> https://www.sabotagemagazine.com.mx/ios-15-y-macos-12-las-versiones-anteriores-de-dls-celebraron-su-dia/>

 

Apple ha deprecato TLS 1.0 e 1.1 da iOS 15 [Apple deprecated TLS 1.0 and 1.1 from iOS 15]

... Come notato oggi da Apple, l’IETF ha deprecato TLS 1.0 e 1.1 a partire dal 25 marzo 2021. L’IETF ha approvato la prossima iterazione di TLS, versione 1.3, nel 2018.

< <https://www.iphoneitalia.com/773385/apple-deprecato-tls-ios-15> https://www.iphoneitalia.com/773385/apple-deprecato-tls-ios-15>

 

Apple desativará o TLS inseguro em versões futuras do iOS e macOS [Apple will disable unsafe TLS in future versions of iOS and macOS]

... IETF aprovou o TLS 1.3, a próxima versão principal do protocolo TLS, em março de 2018, após quatro anos de discussões e 28 rascunhos de protocolo.

< <https://www.edivaldobrito.com.br/apple-desativara-o-tls-inseguro-em-versoes-futuras-do-ios-e-macos/> https://www.edivaldobrito.com.br/apple-desativara-o-tls-inseguro-em-versoes-futuras-do-ios-e-macos/>

 

แอปเปิลประกาศ iOS 15, macOS 12 และ OS ใหม่ทุกตัว เลิกใช้ TLS 1.0 และ 1.1 [Apple announces all new iOS 15, macOS 12, and OS Det. TLS 1.0 and 1.1]

... คณะทำงาน IETF ประกาศเลิกใช้ TLS 1.0 และ 1.1 ตั้งแต่เดือนมีนาคม 2021 และมีโปรแกรมหลายตัวที่ประกาศหยุดรองรับแล้ว เช่น Firefox หรือ Edge

< <https://www.blognone.com/node/124910> https://www.blognone.com/node/124910>

 

iOS、macOS將停止支援TLS 1.0/1.1 [iOS, macOS will stop supporting TLS 1.0/1.1]

... TLS（Transport Layer Security）是Web流量安全傳輸協定，TLS 1.0和1.1版分別於1999年及2006年由標準組織IETF制訂。目前網頁應用主流版本是1.2及1.3版。IETF已在今年3月25日宣布棄用TLS 1.0及1.1。

< <https://www.ithome.com.tw/news/146839> https://www.ithome.com.tw/news/146839>

 

Apple отказалась от TLS 1.0 и 1.1 в новых версиях iOS, macOS, watchOS и tvOS [Apple abandoned TLS 1.0 and 1.1 in new versions of iOS, macOS, watchOS and tvOS]

... TLS – криптографический протокол для защищенной передачи данных через интернет. Оригинальная спецификация TLS 1.0 и ее преемник TLS 1.1 использовались более двадцати лет (TLS 1.0 была впервые представлена в 1999 году, а TLS 1.1 – в 2006 году). Инженерный совет интернета (IETF) официально признал их устаревшими в марте нынешнего года. Следующая крупная версия протокола TLS 1.3 была одобрена IETF в марте 2018 года – спустя четыре года обсуждений и 28 черновых проектов.

< <https://www.securitylab.ru/news/524920.php> https://www.securitylab.ru/news/524920.php>

 

**********************

OTHERWISE NOTEWORTHY

**********************

How to Embed Trust Into the Foundations of the Internet

Earlier this year, a digital artist conned unsuspecting NFT collectors to highlight a vulnerability in the way cryptographically secured assets are managed online. The anonymous artist, known by their twitter handle @neitherconfirm, sold a collection of stylized portraits as NFTs, but once sold, immediately changed the image file associated with the token to photos of rugs. And not even originals—just watermarked pictures of ugly carpets.

< <https://singularityhub.com/2021/09/19/how-to-embed-trust-into-the-foundations-of-the-internet/> https://singularityhub.com/2021/09/19/how-to-embed-trust-into-the-foundations-of-the-internet/>

 

Basic routing concepts, part 4: NATs aren’t evil by George Michaelson

Routers are fundamental to how the Internet works. Have you ever wondered how this box in the corner is able to provide Internet to your computer, phone, tablet and smart TV, all running at once inside your house, while you interact with your ISP as one household rather than as a collection of devices?

< <https://blog.apnic.net/2021/09/24/basic-routing-concepts-part-4-nats-arent-evil/> https://blog.apnic.net/2021/09/24/basic-routing-concepts-part-4-nats-arent-evil/>

 

ICANN Launches New IMRS Activity and Incident Report Page

Today, ICANN announced the release of a new ICANN Managed Root Server (IMRS) page. The page offers a collection of public reports on activities and incidents related to the IMRS prepared by ICANN's Security and Network Engineering (SaNE) team.

< <https://www.icann.org/en/announcements/details/icann-launches-new-imrs-activity-and-incident-report-page-23-9-2021-en> https://www.icann.org/en/announcements/details/icann-launches-new-imrs-activity-and-incident-report-page-23-9-2021-en>

 

nl: DNS Resolution Required can help make the internet safer

In this blog post, we introduce the concept of DNS Resolution Required (DRR). This is a new mechanism for edge networks that allows a client to initiate a network connection to a remote endpoint only if it is preceded by a DNS lookup on an authorised DNS resolver. This simple but effective idea can make a valuable contribution to the fight against botnets and other malware that modify DNS settings or perform their own DNS resolution, such as DNSChanger and Feederbot.

< <https://www.sidn.nl/en/news-and-blogs/dns-resolution-required-can-help-make-the-internet-safer> https://www.sidn.nl/en/news-and-blogs/dns-resolution-required-can-help-make-the-internet-safer>

 

Broadband Commission calls for people-centred solutions to achieve universal connectivity

More than a year and a half into the COVID-19 pandemic, amid relentless global demand for broadband services, the ITU/UNESCO Broadband Commission for Sustainable Development has reaffirmed its call for digital cooperation, innovation with information and communication technologies (ICTs), and collaborative approaches to secure universal connectivity and access to digital skills.

< <https://en.unesco.org/news/broadband-commission-calls-people-centred-solutions-achieve-universal-connectivity> https://en.unesco.org/news/broadband-commission-calls-people-centred-solutions-achieve-universal-connectivity>

< <https://www.itu.int/en/mediacentre/Pages/PR-09-2021-Broadband-Commission-universal-connectivity.aspx> https://www.itu.int/en/mediacentre/Pages/PR-09-2021-Broadband-Commission-universal-connectivity.aspx>

 

Bridging the digital divide by 2030

​The International Telecommunication Union (ITU) announced today the launch of the Partner2Connect Digital Coalition to foster meaningful connectivity and digital transformation in the world’s hardest-to-connect countries.

< <https://www.itu.int/en/mediacentre/Pages/PR-09-2021-P2C-Bridging-Digital-Divide.aspx> https://www.itu.int/en/mediacentre/Pages/PR-09-2021-P2C-Bridging-Digital-Divide.aspx>

 

How to Embed Trust Into the Foundations of the Internet

Earlier this year, a digital artist conned unsuspecting NFT collectors to highlight a vulnerability in the way cryptographically secured assets are managed online. The anonymous artist, known by their twitter handle @neitherconfirm, sold a collection of stylized portraits as NFTs, but once sold, immediately changed the image file associated with the token to photos of rugs. And not even originals—just watermarked pictures of ugly carpets.

< <https://singularityhub.com/2021/09/19/how-to-embed-trust-into-the-foundations-of-the-internet/> https://singularityhub.com/2021/09/19/how-to-embed-trust-into-the-foundations-of-the-internet/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home