[Newsclips] IETF SYN-ACK Newspack 2021-10-11

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

The IETF Has Approved A New Internet Standard. It was Co-Authored by Ladislav Lhotka From CZ.NIC

Ladislav Lhotka, head of CZ.NIC Labs, is one of the authors of the new Internet standard (RFC 9108) released by the IETF in September.

< <https://www.nic.cz/page/4268/the-ietf-has-approved-a-new-internet-standard-it-was-co-authored-by-ladislav-lhotka-from-cznic/> https://www.nic.cz/page/4268/the-ietf-has-approved-a-new-internet-standard-it-was-co-authored-by-ladislav-lhotka-from-cznic/>

 

Who emailed who? Institutional privacy risks in the DNS

During the last several years, there have been many advances made to understand privacy issues in the DNS and attempts to address them by deploying new protocols and tools. ... Finally, the IETF’s DPRIVE working group is currently evaluating standards for recursive-to-authoritative encryption. Such standards will protect eavesdropping on institutions from the WAN, but not from operators of authoritative servers. Even with the privacy of the contents on ‘the wire’, QNAME minimization remains important to counter this threat at authoritative servers.

< <https://blog.apnic.net/2021/10/04/who-emailed-who-institutional-privacy-risks-in-the-dns/> https://blog.apnic.net/2021/10/04/who-emailed-who-institutional-privacy-risks-in-the-dns/>

 

Overcoming the Challenges of IPv4 Exhaustion

... In a sense, IPv4 exhaustion results from the internet being too popular for its own good. When the IETF introduced the standard in 1981, the more than 4 billion addresses it encompassed seemed more than ample. Within a decade, though, it had become apparent that far more would be needed. IPv6, a successor specification introduced in 1998 and ratified as a standard in 2017, can accommodate virtually unlimited IP connectivity.

< <https://www.techzone360.com/topics/techzone/articles/2021/10/04/450185-overcoming-challenges-ipv4-exhaustion.htm> https://www.techzone360.com/topics/techzone/articles/2021/10/04/450185-overcoming-challenges-ipv4-exhaustion.htm>

 

CoAP: A Smart Solution Enabling M2M Applications

... Introduced in 2014, CoAP is a lightweight RESTful protocol designed by CoRE (Constrained Resource Environments) Internet Engineering Task Force (IETF). It is generally used for Machine-to-Machine (M2M) apps such as smart energy and building automation devices.

< <https://www.iotforall.com/coap-a-smart-solution-enabling-m2m-applications> https://www.iotforall.com/coap-a-smart-solution-enabling-m2m-applications>

 

Security Risks Grow With 5G

... 5G user-plane integrity protection has been added for all user data traffic on top of encryption. Still, this may not be sufficient for very diverse deployment scenarios of 5G, such as for some IoT implementations, factories, enterprises, governments, and so on. To address these limitations, and to further enhance flexibility, 5G adopted the Extensible Authentication Protocol (EAP), a standard developed by the Internet Engineering Task Force (IETF) to support various authentication methods. 5G also introduced unified access to 3GPP systems and services via 3GPP radio access technology (RAT) and other RATs (e.g. Wi-Fi).

< <https://semiengineering.com/the-growing-risk-of-5g-security/> https://semiengineering.com/the-growing-risk-of-5g-security/>

 

“6G”に向けて「電波×インターネット」はどう進化すべきか？ 村井純と湧川隆次が書籍『アンワイアード』に込めた思いを語る [How should the "Internet × Radio Waves" evolve toward "6G"? Jun Murai and Ryuji Yukawa talk about their thoughts in the book Unwiard]

... 政策・メディア博士。インターネットのモバイル技術の研究開発や、IETFで通信プロトコルの標準化を手掛ける。また、ソフトバンクの先端技術開発本部を率いて、新規技術検証や新規事業開発を担当。成層圏事業を手掛けるHAPSモバイルの取締役や、自動運転事業のMONET Technologies（トヨタ自動車との合弁会社）の取締役、HAPSアライアンスの理事も兼務。

< <https://news.yahoo.co.jp/articles/280c739f5617fb7705fa91e21a3c2beee50ca0d0> https://news.yahoo.co.jp/articles/280c739f5617fb7705fa91e21a3c2beee50ca0d0>

 

IPv6下一代互联网技术创新与国际标准研讨会关注IETF传输领域 [The IPv6 Next Generation Internet Technology Innovation and International Standards Seminar focuses on the field of IETF transmission]

... IETF的传输领域关心的主题包括在互联网上传输数据需要的一系列技术和协议。该工作组的主要参与玩家包括Google，Facebook等互联网应用开发商，以及爱立信，华为等设备商。该领域的前任主席已经升任IETF 主席以及IETF IAB主席。可见该工作组的重要地位。

< <https://www.edu.cn/xxh/focus/xs_hui_yi/202110/t20211007_2161753.shtml> https://www.edu.cn/xxh/focus/xs_hui_yi/202110/t20211007_2161753.shtml>

 

W3C／HTML5からWHATWG／Living Standardへ、Web発展史をひもとく [From W3C/HTML5 to WHATWG/Living Standard, we will draw on the history of web development]

... HTMLは1989年にティム・バーナーズ・リー氏が発明して以降、仕様策定の場をIETFやW3Cといった標準化団体に移しました。これまでバージョン番号を重ね、現在の最新仕様であるWHATWGのHTML Living Standardではバージョン番号が無くなりました。HTML Living Standardという名前の通り、仕様は都度アップデート、公開されていくことになります。

< <https://xtech.nikkei.com/atcl/nxt/column/18/01786/092100006/> https://xtech.nikkei.com/atcl/nxt/column/18/01786/092100006/>

 

打造下一代域名系统 给虚拟世界一个更安全的“导航” [Build the next generation of domain name systems to give the virtual world a safer "navigation"]

... 令人欣慰的是，在网络根基治理领域，中国力量正变得不可或缺。ZDNS牵头起草了多项IP根相关IETF国际标准；运行全球互联网域名根（镜像）服务器，构建了亚洲最大的新顶级域名服务平台；积极开展根治理研究，参与起草了多份互联网名称与数字地址分配机构（ICANN）根服务器治理报告，规范了根服务器的命名、根服务器运行机构的行为等。

< <http://finance.people.com.cn/n1/2021/1011/c1004-32249138.html> http://finance.people.com.cn/n1/2021/1011/c1004-32249138.html>

< <http://www.chinanews.com/sh/2021/10-11/9583183.shtml> http://www.chinanews.com/sh/2021/10-11/9583183.shtml>

< <http://finance.people.com.cn/BIG5/n1/2021/1011/c1004-32249138.html> http://finance.people.com.cn/BIG5/n1/2021/1011/c1004-32249138.html>

 

Павел Дуров. Спаситель интернета, или лицемерный бизнесмен? [Pavel Durov. The savior of the Internet, or a hypocritical businessman?]

... Нынешний интернет по своей сути является огромной распределённой сетью, где каждый может читать и распространять любую информацию, просто соблюдая набор протоколов, описаный в открытых стандартах RFC и IETF, и IEEE

< <https://dtf.ru/life/887367-pavel-durov-spasitel-interneta-ili-licemernyy-biznesmen> https://dtf.ru/life/887367-pavel-durov-spasitel-interneta-ili-licemernyy-biznesmen>

 

**********************

SECURITY & PRIVACY

**********************

MANRS Steering Committee: Call for Nominations

The MANRS community is looking for volunteers to serve on its new Steering Committee and is accepting nominations in anticipation of a November election.

< <https://www.internetsociety.org/blog/2021/10/manrs-steering-committee-call-for-nominations/> https://www.internetsociety.org/blog/2021/10/manrs-steering-committee-call-for-nominations/>

 

ch: The electricity industry: the need for action on cybersecurity

The ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ report by the Swiss Federal Office of Energy concludes that the electricity industry needs to take action on cybersecurity.

< <https://securityblog.switch.ch/2021/10/04/the-electricity-industry-the-need-for-action-on-cybersecurity/> https://securityblog.switch.ch/2021/10/04/the-electricity-industry-the-need-for-action-on-cybersecurity/>

 

DNS Abuse: eco Presents Protection Strategies at it-sa

Requests to the DNS – for example, calling up a website in the browser – are still frequently unencrypted. This poses security risks. In Man-in-the-Middle (MITM) attacks, for example, the attacker “listens in” on the user’s DNS requests and redirects them unnoticed to another destination, such as a fake banking website. Encrypting DNS requests is currently the only viable way to combat such attacks. Using the Hyper Text Transfer Protocol Secure (HTTPS), data can be transferred securely on the Internet between the client (web browser) and server.

< <https://international.eco.de/presse/dns-abuse-eco-presents-protection-strategies-at-it-sa/> https://international.eco.de/presse/dns-abuse-eco-presents-protection-strategies-at-it-sa/>

 

nl: Growth of DANE security for mail slows down

Over the last three years, the use of DANE for mail has taken off. The main driver has been the addition of support for the security protocol to the leading mail server software packages.

< <https://www.sidn.nl/en/news-and-blogs/growth-of-dane-security-for-mail-slows-down> https://www.sidn.nl/en/news-and-blogs/growth-of-dane-security-for-mail-slows-down>

 

Microsoft: Russia behind 58% of detected state-backed hacks

Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.

< <https://apnews.com/article/technology-business-china-europe-united-states-e13548edf082992a735a0af1da39b6c8> https://apnews.com/article/technology-business-china-europe-united-states-e13548edf082992a735a0af1da39b6c8>

 

Microsoft: 58% of Nation-State Cyberattacks Come From Russia

Russia is the source of the lion's share of nation-state cyberattacks Microsoft has observed in the past year (58%), followed by North Korea (23%), Iran (11%), China (8%), and South Korea, Vietnam, and Turkey all with less than 1% representation, a new pool of data reveals.

< <https://www.darkreading.com/threat-intelligence/microsoft-58-of-nation-state-cyberattacks-come-from-russia> https://www.darkreading.com/threat-intelligence/microsoft-58-of-nation-state-cyberattacks-come-from-russia>

 

Russian cyberattacks pose greater risk to governments and other insights from our annual report

During the past year, 58% of all cyberattacks observed by Microsoft from nation-states have come from Russia. And attacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year. Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security or defense. The top three countries targeted by Russian nation-state actors were the United States, Ukraine and the UK.

< <https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/> https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/>

 

European Parliament calls for increased EU cybersecurity capacity

In a resolution on the state of the EU cyber defence capabilities, the European Parliament called on the European Commission and EU member states to increase spending and staff dedicated to cyber defence.

< <https://www.euractiv.com/section/cybersecurity/news/european-parliament-calls-for-increased-eu-cybersecurity-capacity/> https://www.euractiv.com/section/cybersecurity/news/european-parliament-calls-for-increased-eu-cybersecurity-capacity/>

 

**********************

INTERNET OF THINGS

**********************

FCC Asks for Public Comment on Spectrum for Internet of Things

The Federal Communications Commission is seeking public comment on spectrum allocation for the Internet of Things, or devices that are connected to the internet.

< <https://broadbandbreakfast.com/2021/10/fcc-asks-for-public-comment-on-spectrum-for-internet-of-things/> https://broadbandbreakfast.com/2021/10/fcc-asks-for-public-comment-on-spectrum-for-internet-of-things/>

 

Spectrum Requirements for the Internet of Things Notice of Inquiry

Description: The Commission seeks comment on issues related to spectrum for the Internet of Things, as directed by Congress in the William M. Thornberry National Defense Authorization Act for Fiscal Year 2021

< <https://www.fcc.gov/document/spectrum-requirements-internet-things-notice-inquiry> https://www.fcc.gov/document/spectrum-requirements-internet-things-notice-inquiry>

 

The Security Challenge Of Protecting Smart Cities

As we continue to move forward in the Industry 4.0 era of greater connectivity between the physical and digital, the promise and development of smart cities become a more likely vision. While the term may have differing definitions, the term “smart city” usually connotes creating a public/private infrastructure to orchestrate the integration of transportation, energy, water resources, waste collections, smart-building technologies, and security technologies and services in a central location.

< <https://www.forbes.com/sites/chuckbrooks/2021/10/10/the-security-challenge-of-protecting-smart-cities/> https://www.forbes.com/sites/chuckbrooks/2021/10/10/the-security-challenge-of-protecting-smart-cities/>

 

AI key to make future roads safer

​Countries and investors need to step up the development and use of artificial intelligence (AI) to keep future roads safe for everyone, say the United Nations partners leading a new AI for Road Safety initiative.

< <https://www.itu.int/en/mediacentre/Pages/PR-2021-10-07-AI-Road-for-Safety.aspx> https://www.itu.int/en/mediacentre/Pages/PR-2021-10-07-AI-Road-for-Safety.aspx>

 

The Rise of Smart Electric Vehicles and the Digital Internet of Mobility

We stand at the inflection point of a secular shift and exponential rise of connected, electric and autonomous mobility technology. A new “Internet of Mobility” (IoM) business model has emerged in the 21st Century which is highly embedded in a distributed cloud-based architecture linked to the Intelligent Connected Vehicle (ICV). The IoM model accelerates tech commercialization by leveraging the huge addressable market size of the mobile internet. A software-defined, networked, and cloud-enabled ICV architecture will capture these growth opportunities.

< <https://www.linkedin.com/pulse/rise-smart-electric-vehicles-digital-internet-mobility-bill-russo/> https://www.linkedin.com/pulse/rise-smart-electric-vehicles-digital-internet-mobility-bill-russo/>

 

Building A Secured Internet Of Things

The emerging Internet of Things (IoT) presents tremendous opportunities for innovative companies to deliver products and services to make industry more efficient, transportation safer and the everyday lives of people more convenient and fulfilling.

< <https://semiengineering.com/building-a-secured-internet-of-things/> https://semiengineering.com/building-a-secured-internet-of-things/>

 

Internet of medical things: Disrupting and democratising healthcare sector

Internet of Things integrated with medical devices and equipment(s) is termed as Internet of Medical Things (IoMT). The Healthcare industry, which has been constantly ensuring to provide care for all has started to leverage the benefits of innovative technologies to enhance the quality and timeliness of care provided across geographies.

< <https://www.dqindia.com/internet-of-medical-things-disrupting-and-democratising-healthcare-sector/> https://www.dqindia.com/internet-of-medical-things-disrupting-and-democratising-healthcare-sector/>

 

Internet of Things (IoT) Security Trends to Be Aware Of

The Internet of Things (IoT) offers even more security threats as work from home has heightened security challenges. IoT may exacerbate these problems.

< <https://techbullion.com/internet-of-things-iot-security-trends-to-be-aware-of/> https://techbullion.com/internet-of-things-iot-security-trends-to-be-aware-of/>

 

New programme will provide a unique Internet of Things sensor data experience to primary and secondary pupils

There was a time when learning the 'three R's' – referring, of course, to the competencies of reading, writing and arithmetic – were seen the sole focus of a child's education. While literacy and numeracy still form a core part of the curriculum, modern educationalists and academics are taking a more rounded approach to learning.

< <https://www.scotsman.com/education/new-programme-will-provide-a-unique-internet-of-things-sensor-data-experience-to-primary-and-secondary-pupils-3412504> https://www.scotsman.com/education/new-programme-will-provide-a-unique-internet-of-things-sensor-data-experience-to-primary-and-secondary-pupils-3412504>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Avoid Dangers of Wildcard TLS Certificates, the ALPACA Technique

NSA released the Cybersecurity Information Sheet, “Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique” today, warning network administrators about the risks of using poorly scoped wildcard Transport Layer Security (TLS) certificates. NSA recommends several actions web administrators should take to keep their servers secure. This guidance also outlines the risks of falling victim to a web application exploitation method called Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA), which malicious cyber actors can use to access sensitive information.

< <https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2804293/avoid-dangers-of-wildcard-tls-certificates-the-alpaca-technique/> https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2804293/avoid-dangers-of-wildcard-tls-certificates-the-alpaca-technique/>

 

In-Person, Remote, and Hybrid! Oh My! Securing Your New Reality With TIC 3.0

It’s been over a year and a half since much of the Federal Government workforce headed to work from home due to the COVID-19 pandemic. As work around the world continues to shift between in-person, full-time remote, and hybrid, network defenders remain focused on maintaining a strong security posture to protect critical assets and data.

< <https://www.cisa.gov/blog/2021/10/07/person-remote-and-hybrid-oh-my-securing-your-new-reality-tic-30> https://www.cisa.gov/blog/2021/10/07/person-remote-and-hybrid-oh-my-securing-your-new-reality-tic-30>

 

Avoid Dangers of Wildcard TLS Certificates, the ALPACA Technique

NSA released the Cybersecurity Information Sheet, “Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique” today, warning network administrators about the risks of using poorly scoped wildcard Transport Layer Security (TLS) certificates. NSA recommends several actions web administrators should take to keep their servers secure. This guidance also outlines the risks of falling victim to a web application exploitation method called Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA), which malicious cyber actors can use to access sensitive information.

< <https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2804293/avoid-dangers-of-wildcard-tls-certificates-the-alpaca-technique/> https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2804293/avoid-dangers-of-wildcard-tls-certificates-the-alpaca-technique/>

 

Google Chrome for Android gets RSS feed tracking feature – Tablets and Phones – News

... Incidentally, Google has done the same with its own QUIC protocol, also called HTTP/3, which simply transmits tcp packets as binary data via udp authentication and external sources. They are all also referred to as TCP/2. Since then, Google has focused more on authorization.

< <https://www.thecherawchronicle.com/google-chrome-for-android-gets-rss-feed-tracking-feature-tablets-and-phones-news/> https://www.thecherawchronicle.com/google-chrome-for-android-gets-rss-feed-tracking-feature-tablets-and-phones-news/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Understanding How Facebook Disappeared from the Internet

“Facebook can't be down, can it?”, we thought, for a second. Today at 1651 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was going on.

< <https://blog.cloudflare.com/october-2021-facebook-outage/> https://blog.cloudflare.com/october-2021-facebook-outage/>

 

Facebook Blames Outage on Faulty Router Configuration

One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records.

< <https://threatpost.com/facebook-blames-outage-on-faulty-router-configuration/175322/> https://threatpost.com/facebook-blames-outage-on-faulty-router-configuration/175322/>

 

More details about the October 4 outage

Now that our platforms are up and running as usual after yesterday’s outage, I thought it would be worth sharing a little more detail on what happened and why — and most importantly, how we’re learning from it.

< <https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/> https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/>

 

Will China’s single stack IPv6 plans give it an unassailable tech lead?

China’s authorities are pushing to speed up nationwide IPv6 rollout and have a single-stack network running by 2023. At the moment, it is the only country advocating for a single-stack IPv6 network. Could this be a much-needed stimulus for other countries to boost their IPv6 efforts?

< <https://www.idgconnect.com/article/3634605/will-china-s-single-stack-ipv6-plans-give-it-an-unassailable-tech-lead.html> https://www.idgconnect.com/article/3634605/will-china-s-single-stack-ipv6-plans-give-it-an-unassailable-tech-lead.html>

 

ETSI releases two Technical Reports to support US NIST standards for post-quantum cryptography

In 2016 the US National Institute of Standards and Technology (NIST) announced their intention to develop new standards for post-quantum cryptography. They subsequently initiated a competition-like standardization process with a call for proposals for quantum-safe digital signatures, public-key encryption schemes, and key encapsulation mechanisms. NIST have stated that they intend to select quantum-safe schemes for standardization at the end of the current, third round of evaluation.

< <https://www.etsi.org/newsroom/news/1981-2021-10-etsi-releases-two-technical-reports-to-support-us-nist-standards-for-post-quantum-cryptography> https://www.etsi.org/newsroom/news/1981-2021-10-etsi-releases-two-technical-reports-to-support-us-nist-standards-for-post-quantum-cryptography>

 

Improving network performance with cost-effective, low-power and sustainable technology for future wireless systems

ETSI, which produces globally applicable standards for ICT, has launched a new Industry Specification Group on Reconfigurable Intelligent Surfaces (ISG RIS). The group has been created to review and establish global standardization for RIS technology.

< <https://www.etsi.org/newsroom/press-releases/1979-etsi-launches-a-new-group-on-reconfigurable-intelligent-surfaces> https://www.etsi.org/newsroom/press-releases/1979-etsi-launches-a-new-group-on-reconfigurable-intelligent-surfaces>

 

Happy IEEE Day! Engineers worldwide celebrate innovation and collaboration “for a better tomorrow”

Happy IEEE Day! IEEE Day celebrates the first time in history when engineers worldwide and IEEE members gathered to share their technical ideas in 1884.

< <https://spectrum.ieee.org/ieee-day> https://spectrum.ieee.org/ieee-day>

 

Making Information Tech Greener Can Help Address the Climate Crisis

In August the U.N. Intergovernmental Panel on Climate Change delivered its starkest warning ever. The IPCC concluded that human influence has unequivocally warmed the planet and changed weather patterns. At the same time, it noted, there is still a window in which humans can alter Earth's climate path. The actions we take to reduce emissions of carbon dioxide and other heat-trapping gases can impact the future climate, the report emphasizes.

< <https://spectrum.ieee.org/making-information-tech-greener> https://spectrum.ieee.org/making-information-tech-greener>

 

A new Internet architecture

SCION — Scalability, Control, and Isolation on Next-Generation Networks — is a secure and reliable inter-domain routing protocol. It empowers Internet Service Providers (ISPs) and other service providers to establish new products and services. SCION can even enable completely new business models.

< <https://blog.apnic.net/2021/10/05/a-new-internet-architecture/> https://blog.apnic.net/2021/10/05/a-new-internet-architecture/>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home