[Newsclips] IETF SYN-ACK Newspack 2021-05-03

David Goldstein <david@goldsteinreport.com> Mon, 03 May 2021 05:06 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54EA03A20B2 for <newsclips@ietfa.amsl.com>; Sun, 2 May 2021 22:06:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.627
X-Spam-Level:
X-Spam-Status: No, score=-1.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmciXJ8d5a2e for <newsclips@ietfa.amsl.com>; Sun, 2 May 2021 22:06:05 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B48B3A20B0 for <newsclips@ietf.org>; Sun, 2 May 2021 22:06:04 -0700 (PDT)
Received: from DavidDesktop2019 (unknown [144.136.11.113]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id 9E6A8280B66 for <newsclips@ietf.org>; Mon, 3 May 2021 01:05:57 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 144.136.11.113) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: "David Goldstein" <david@goldsteinreport.com>
To: <newsclips@ietf.org>
Date: Mon, 3 May 2021 15:05:53 +1000
Organization: Goldstein Report
Message-ID: <006601d73fda$0202fe50$0608faf0$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0067_01D7402D.D3B21B90"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adc/2foIWmJZSVjpRBuM2EOBXlmeqw==
Content-Language: en-au
X-PPP-Message-ID: <20210503050602.1018055.59541@karkinos.atomiclayer.com>
X-PPP-Vhost: goldsteinreport.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/sU1VIh9dAbICgJhZAs4bBTAvwmQ>
Subject: [Newsclips] IETF SYN-ACK Newspack 2021-05-03
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2021 05:06:13 -0000

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Representation Not Sufficient for Promoting Gender Diversity, Study Says

Representation of women and minorities in groups, which choose organisation’s leaders on its own is not sufficient to support gender diversity unless the organisational culture changes, a recently published study showed. A team of scientists around Nicola Persico at the Northwestern University and Bernhard Ganglmair at the University of Mannheim and the Leibniz Centre for European Economic Research (ZEW) analysed the Internet Engineering Task Force (IETF), an open standards organization, which develops and promotes voluntary Internet standards.

< <https://www.uni-mannheim.de/en/news/studie-repraesentation-allein-ist-nicht-ausreichend-fuer-mehr-geschlechtervielfalt/> https://www.uni-mannheim.de/en/news/studie-repraesentation-allein-ist-nicht-ausreichend-fuer-mehr-geschlechtervielfalt/>

< <https://idw-online.de/de/news767327> https://idw-online.de/de/news767327>

 

Studie: Repräsentation allein ist nicht ausreichend für mehr Geschlechtervielfalt

Die stärkere Repräsentation von Frauen und Minderheiten in Gremien, die das Führungspersonal von Organisationen bestimmen, reicht nicht aus, um zu mehr Geschlechter-Diversität zu kommen, solange zugleich nicht auch ein kultureller Wandel stattfindet. Das ist das Ergebnis einer jüngst publizierten Studie. Ein Team von Wissenschaftlern um die Ökonomen Nicola Persico von der Northwestern University und Bernhard Ganglmair von der Universität Mannheim und dem Leibniz-Zentrum für Europäische Wirtschaftsforschung (ZEW) hat dazu die Internet Engineering Task Force (IETF) untersucht, eine Organisation, die sich mit der technischen Weiterentwicklung und freiwilligen Standards des Internets befasst.

< <https://idw-online.de/de/news767326> https://idw-online.de/de/news767326>

 

University of Mannheim: Study: Representation alone is not enough for more gender diversity

The stronger representation of women and minorities in committees that determine the management staff of organizations is not enough to achieve more gender diversity, as long as a cultural change does not take place at the same time. That is the result of a recently published study. A team of scientists led by economists Nicola Persico from Northwestern University and Bernhard Ganglmair from the University of Mannheim and the Leibniz Center for European Economic Research (ZEW) examined the Internet Engineering Task Force (IETF), an organization that works with the technical development and voluntary standards of the Internet.

< <https://indiaeducationdiary.in/university-of-mannheim-study-representation-alone-is-not-enough-for-more-gender-diversity/> https://indiaeducationdiary.in/university-of-mannheim-study-representation-alone-is-not-enough-for-more-gender-diversity/>

 

New IETF standard expands LoRaWAN use cases [registration]

The Internet Engineering Task Force (IETF) announced the release of RFC 9011, a new standard specifying the use of internet protocols over LoRaWAN.

< <https://www.telecompaper.com/news/new-ietf-standard-expands-lorawan-use-cases--1380798> https://www.telecompaper.com/news/new-ietf-standard-expands-lorawan-use-cases--1380798>

 

What it Takes to Get a Green Checkmark Displayed With Your Call: Understanding Termination

... Rebekah Johnson: This raises interesting concerns. If it's outside of the communication network, then is it outside of the Standard? Anis Jaffer: That's a tricky question to answer. It's outside the Attest or STIR/SHAKEN Standard, but they are part of an IETF STIR Standard called STIR Out-of-Band. So it’s not something that's completely out of standard specification. In fact, even in the case of STIR/SHAKEN, there are networks that are not fully SIP enabled and this method can be used to pass data. Surprisingly, there are a lot of networks that are still TDM-based, and since they cannot handle SIP headers, one proposal that has been presented is to send this STIR/SHAKEN information using the data network, or basically, an out-of-band solution.

< <http://www.insidearm.com/news/00047276-what-it-takes-get-green-checkmark-display/> http://www.insidearm.com/news/00047276-what-it-takes-get-green-checkmark-display/>

 

OAuth: Your Guide to Industry Authorization and Authentication

... OAuth is about enabling secure cross-platform access for users and organizations. OAuth 2.0 grants access to your API and shares the extent of user data for other systems; OpenID Connect ensures the login of users and initial access across accounts. Together, these two innovations are not only what we wanted ten years ago but what we needed for an age of extended connectivity and reliance on applications. IETF is currently in the draft phase for OAuth 2.1 standards.

< <https://www.esecurityplanet.com/mobile/oauth/> https://www.esecurityplanet.com/mobile/oauth/>

 

What is SIP?

... SIP or Session Initiation Protocol is a standard used in real-time communication sessions with video, voice, and even messaging component. Approved by the IETF (Internet Engineering Task Force) in 1996, and standardised by 1999, SIP promised to address the evolving expectations of IP communication.

< <https://www.uctoday.com/unified-communications/what-is-sip/> https://www.uctoday.com/unified-communications/what-is-sip/>

 

The Best Authenticator Apps

... The codes are generated by doing some math on a long code transmitted by that QR scan and the current time, using a standard HMAC-Based One-Time Password (HOTP) algorithm, sanctioned by the Internet Engineering Task Force (IETF). These apps don’t have any access to your accounts, and after the initial code transfer, they don’t communicate with the site; they simply and dumbly generate the codes. You don’t even need phone service for them to work.

< <https://au.pcmag.com/security/86845/the-best-authenticator-apps> https://au.pcmag.com/security/86845/the-best-authenticator-apps>

 

ETSI Announces Interoperability Event for Future Railway Comms Solution

... Using over-the-top (OTT) tests via virtual private network (VPN) connections from the vendor labs, the tests will be based on 3GPP, ETSI and Internet Engineering Task Force (IETF) standards. The tests were designed for MCX application servers including mission-critical push to talk (MCPTT), MCData and mission-critical video (MCVideo); MCX clients; user equipment (UE) and cab radios; evolved multimedia broadcast/multicast service (eMBMS) components; IP multimedia subsystem (IMS)/session initiation protocol (SIP) cores; consoles and control rooms; and railways test equipment.

< <https://www.rrmediagroup.com/News/NewsDetails/NewsID/20643> https://www.rrmediagroup.com/News/NewsDetails/NewsID/20643>

 

Das 111. Treffen der Internetingenieure findet im Juli 2021 online statt [The 111th meeting of Internet engineers will take place online in July 2021]

Die Internet Engineering Task Force (IETF) findet zu ihrem 111. Treffen im Juli 2021 wieder nur online zusammen. Seit ihrem 108. Treffen im Juli 2020, das in Madrid hätte stattfinden sollen, waren alle Treffen online. Für November 2021 hingegen ist wieder ein Vorort-Treffen, dann erneut in Madrid, angesetzt.

< <https://domain-recht.de/domain-events/sonstige-events/ietf-das-111-treffen-der-internetingenieure-findet-im-juli-2021-online-statt-67880.html> https://domain-recht.de/domain-events/sonstige-events/ietf-das-111-treffen-der-internetingenieure-findet-im-juli-2021-online-statt-67880.html>

 

Pour la 6G, Huawei veut repenser le Web... Pour appliquer plus facilement la censure ? [For 6G, Huawei wants to rethink the Web... To make censorship easier?]

... Montgomery estime que si Huawei a choisi de travailler jusqu'ici seulement avec l'Union internationale des télécommunications (UIT), qui dépend des Nations Unies, c'est parce que la Chine y exerce une très forte influence. Selon lui, l'UIT ne devrait pas avoir son mot à dire sur cette question. L'Internet Engineering Task Force (IETF) serait notamment l'endroit idoine pour juger en bonne et due forme les forces et faiblesses du projet New IP.

< <https://www.clubic.com/pro/entreprises/huawei/actualite-368931-pour-la-6g-huawei-veut-repenser-le-web-pour-appliquer-plus-facilement-la-censure.html> https://www.clubic.com/pro/entreprises/huawei/actualite-368931-pour-la-6g-huawei-veut-repenser-le-web-pour-appliquer-plus-facilement-la-censure.html>

 

Het spanningsveld der standaarden [The tension of standards]

... De vraag die zich allereerst aandient, is of die verschuiving een vloek of een zegen is. Instanties als de Internet Engineering Task Force (IETF) houden zich al decennia bezig met het bedenken, evalueren en invoeren van standaarden. Deze onafhankelijke instanties hebben belangrijke, wereldwijd geaccepteerde normen op hun palmares via een bottom-up-benadering waarbij concurrentie samenwerkt om tot een standaard te komen. Het request for comments-proces (afgekort tot rfc) om tot nieuwe normen te komen via zo’n industry body is lang - en vaak pijnlijk - omdat:

< <https://www.computable.be/artikel/blogs/cloud-computing/7165158/5669141/het-spanningsveld-der-standaarden.html> https://www.computable.be/artikel/blogs/cloud-computing/7165158/5669141/het-spanningsveld-der-standaarden.html>

< <https://www.channelweb.nl/artikel/blogs/cloud-computing/7165158/5746293/het-spanningsveld-der-standaarden.html> https://www.channelweb.nl/artikel/blogs/cloud-computing/7165158/5746293/het-spanningsveld-der-standaarden.html>

 

Enisa adviseert nauwkeurige standaardisatie voor 5G [registration]

... Afgezien van 3GPP zijn er nog andere organisaties die een deel van de ontwikkeling bijdragen. Het European Telecommunications Standards Institute (ETSI) heeft meerdere afdelingen, zoals die voor Netwerk-functie en virtualisatie (NFV) en aftappen (lawful intercept). Ook organisaties als de ITU-T, de IETF en de IEEE hebben een rol. Andere belangrijke groepen komen uit de mobiele telecom, zoals de GSMA en het 5G PPP van de Europese Commissie.

< <https://www.telecompaper.com/achtergrond/enisa-adviseert-nauwkeurige-standaardisatie-voor-5g--1380361> https://www.telecompaper.com/achtergrond/enisa-adviseert-nauwkeurige-standaardisatie-voor-5g--1380361>

 

O que é Cardano (ADA) e como funciona essa criptomoeda [What is Cardano (ADA) and how this cryptocurrency works]

... Adotar um processo orientado por padrões inspirado pela Força-Tarefa de Engenharia da Internet (IETF) usando uma base dedicada para bloquear o projeto final do protocolo;

< <https://portaldobitcoin.uol.com.br/o-que-e-cardano-ada-e-como-funciona-essa-criptomoeda/> https://portaldobitcoin.uol.com.br/o-que-e-cardano-ada-e-como-funciona-essa-criptomoeda/>

 

云安全日报210420:Ubuntu配套服务位置协议发现执行任意代码漏洞,需要尽快升级 [Cloud Security Daily 210420: The Ubuntu supporting service location protocol found a loophole in the execution of arbitrary code and needs to be upgraded as soon as possible]

OpenSLP(ServiceLocationProtocol,服务位置协议)是OpenSLP项目开发的一个IETF标准协议,用于在互联网内动态的服务发现。该协议支持通过服务的类型、属性在网络中查寻服务。4月19日,Ubuntu发布了安全更新,修复了配套OpenSLP服务配置协议中发现的执行任意代码漏洞。以下是漏洞详情:

< <https://finance.sina.com.cn/tech/2021-04-20/doc-ikmxzfmk7903768.shtml> https://finance.sina.com.cn/tech/2021-04-20/doc-ikmxzfmk7903768.shtml>

 

王光全:推进基于ACTN扩展架构,打造面向云时代的全光底座 [Wang Guangquan: Promote ACTN-based extended architecture to create an all-optical base for the cloud era ]

... 会上,王光全提出了基于IETF ACTN标准北向接口的新一代云网智联的网络总体架构和通过接口拓展实现网络智能运维的全新理念,其目的是积极推动基础光传送网络朝着开放解耦、AI智能、灵活自主可控的新型网络演进方向发展。

< <https://finance.sina.com.cn/tech/2021-04-20/doc-ikmyaawc0780530.shtml> https://finance.sina.com.cn/tech/2021-04-20/doc-ikmyaawc0780530.shtml>

 

中国IPv6地址数超美国 未来一人一IP监控更容易? [China has more IPv6 addresses than the United States. Is it easier to monitor one person, one IP in the future? ]

... 每个接入互联网的设备,都需要一个IP地址,之前是使用IPv4,但因其IP资源不足,限制互联网的应用和发展,于是互联网工程任务组(IETF)设计出了IPv6,以作取代。所谓IPv6,就是指互联网协议第六版(Internet Protocol version 6),IP数量比IPv4多得多,IPv4可供给全球最多40几亿个IP,IPv6的IP数量则增加了2的96次方倍,号称可以给地球上的每粒沙子分配一个IP地址。

< <https://www.soundofhope.org/post/498092> https://www.soundofhope.org/post/498092>

< <https://tw.appledaily.com/international/20210421/I23BQ355KNETNGHJTOZDTMTVYU/> https://tw.appledaily.com/international/20210421/I23BQ355KNETNGHJTOZDTMTVYU/>

 

面向云网融合的5G承载网络技术发展趋势探讨 [Discussion on the development trend of 5G bearer network technology for cloud-network convergence ]

... 由于5G+垂直行业存在多种应用场景,且通常是eMBB、uRLLC和mMTC的融合应用,同时对SLA的需求也存在较大差异,因此提供性能有界保障的确定性网络成为关键使能技术。就目前现状来看,3GPP R17和R18标准将重点增强支撑uRLLC、网络切片的RAN和SA的定制化服务能力;ITU-T、IEEE802.1和IETF等多个国际标准化组织正分别开展L1-L3的确定性承载技术标准研究和定制;我国CCSA、5G推进组下属5G承载工作组、未来网络等多个产业联盟也都在积极开展相关技术标准和产业应用研究,如5GDNA已发布了5G确定性网络在电力行业的需求、技术和实践等系列白皮书。

< <https://finance.sina.com.cn/tech/2021-04-28/doc-ikmxzfmk9487165.shtml> https://finance.sina.com.cn/tech/2021-04-28/doc-ikmxzfmk9487165.shtml>

 

全自动智能工厂急需增强「主动」互联能力 [Fully automated smart factories urgently need to enhance "active" connectivity]

... 设备连接的标准化难题:有了数字化模块和开放的接口,数字化设备之间的互联互通还需要标准化的数据格式和设备协议。在数据层标准,有用于制造领域的WirelessHART数据链路协议。在网络层,IETF正在开发一套将IPv6数据包封装在不同的数据链路层帧中的标准,用于IIoT应用程序(例如6LoWPAN)。工业互联网还具有许多标准化的会话层协议,例如消息队列遥测传输(MQTT),应用约束协议(CoAP)和数据分发服务(DDS)等。在众多协议的基础上,不同厂商的设备也会基于各种自身考量做出不同的修改,导致现场总线和协议千差万别

< <https://www.36kr.com/p/1199782197971203> https://www.36kr.com/p/1199782197971203>

 

**********************

SECURITY & PRIVACY

**********************

us: Stakeholders: The “Be-All and End-All” of NIST’s Cybersecurity and Privacy Work

When it comes down to it, NIST’s cybersecurity and privacy work is all about its stakeholders. Our researchers and other staff can do the most extraordinary work to advance the state of the art or solve problems in these areas – but our success truly should only be measured by the difference we make in providing the best possible and most useful tools and information.

< <https://www.nist.gov/blogs/cybersecurity-insights/stakeholders-be-all-and-end-all-nists-cybersecurity-and-privacy-work> https://www.nist.gov/blogs/cybersecurity-insights/stakeholders-be-all-and-end-all-nists-cybersecurity-and-privacy-work>

 

Feedback Requested: Chartering the MANRS Community

While MANRS has gone from strength to strength since its beginning in 2014, gaining attention, interest, and credibility from network operators worldwide, for the initiative to be sustainable and impactful in the long run there should be a stronger sense of ownership by the community.

< <https://www.internetsociety.org/blog/2021/04/feedback-requested-chartering-the-manrs-community/> https://www.internetsociety.org/blog/2021/04/feedback-requested-chartering-the-manrs-community/>

 

Two DNS Dudes with a ‘tude Dissect the NAME:WRECK Vulnerability in Episode One of New Streaming Series

Last week Forescout Research Labs and JSOF Research disclosed NAME:WRECK, a set of DNS vulnerabilities that have the potential to cause either Denial of Service (DoS) or allow Remote Code Execution (RCE) for tens of millions of Internet-connected devices.

< <https://www.farsightsecurity.com/blog/txt-record/NAMEWRECK-20210420/> https://www.farsightsecurity.com/blog/txt-record/NAMEWRECK-20210420/>

 

Skidmap and malicious DNS data mining

As the foundation and core protocol of the Internet, the DNS protocol carries data that, to a certain extent, reflects a good deal of user behaviour, so security analysis of DNS queries can uncover malicious activities.

< <https://blog.apnic.net/2021/04/19/skidmap-and-malicious-dns-data-mining/> https://blog.apnic.net/2021/04/19/skidmap-and-malicious-dns-data-mining/>

 

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

Threat actors have sharply ramped up use of the Transport Layer Security (TLS) cryptographic protocol to hide malware communications -- creating new challenges for enterprise security teams in the process.

< <https://www.darkreading.com/vulnerabilities---threats/nearly-half-of-all-malware-is-concealed-in-tls-encrypted-communications-/d/d-id/1340792> https://www.darkreading.com/vulnerabilities---threats/nearly-half-of-all-malware-is-concealed-in-tls-encrypted-communications-/d/d-id/1340792>

 

TLS-Encrypted Malware Volumes Double in Just Months

The volume of malware hidden in encrypted traffic has doubled over the past few months as threat actors look to circumvent security tools, according to Sophos.

< <https://www.infosecurity-magazine.com/news/tlsencrypted-malware-volumes/> https://www.infosecurity-magazine.com/news/tlsencrypted-malware-volumes/>

 

Use of TLS to protect malware communications has doubled, says Sophos

A common cryptographic protocol used to protect the majority of website communications and some virtual private networks is also increasingly being used by threat actors to protect their attacks, according to a new report.

< <https://www.itworldcanada.com/article/use-of-tls-to-protect-malware-communications-has-doubled-says-sophos/446361> https://www.itworldcanada.com/article/use-of-tls-to-protect-malware-communications-has-doubled-says-sophos/446361>

 

Malware operators leverage TLS in 46% of detected communications

Researchers have found that as Transport Layer Security (TLS) has grown to account for some 98% of all web page visits, use of TLS among malware operators increased from 23% of all malware detected in 2020 to nearly 46% today.

< <https://www.scmagazine.com/home/security-news/malware/malware-operators-leverage-tls-in-46-of-detected-communications/> https://www.scmagazine.com/home/security-news/malware/malware-operators-leverage-tls-in-46-of-detected-communications/>

 

Malware and ransomware gangs have found this new way to cover their tracks

Theres's been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports. 

< <https://www.zdnet.com/article/malware-and-ransomware-gangs-have-found-this-new-way-to-cover-their-tracks/> https://www.zdnet.com/article/malware-and-ransomware-gangs-have-found-this-new-way-to-cover-their-tracks/>

 

Nearly half of malware now use TLS to conceal communications

As more of the Internet uses Transport Layer Security, analysis of detection telemetry shows the volume of TLS encrypted communications by malware has doubled in a year.

< <https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/> https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/>

 

Sophos Unveils XGS Series Firewall Appliances with Industry-Best Transport Layer Security (TLS) Inspection [news release]

Sophos ... unveiled new XGS Series firewall appliances with unrivaled performance and advanced protection against cyberattacks. The new appliances feature industry-best Transport Layer Security (TLS) inspection, including native support for TLS 1.3, that is up to five times faster than other models available on the market today.

< <https://www.sophos.com/en-us/press-office/press-releases/2021/04/sophos-unveils-xgs-series-firewall-appliances.aspx> https://www.sophos.com/en-us/press-office/press-releases/2021/04/sophos-unveils-xgs-series-firewall-appliances.aspx>

 

Security Researcher Dan Kaminsky Passes Away

The cybersecurity world woke up Saturday to news of the sudden passing of Dan Kaminsky (@dakami), a celebrated hacker who is widely credited with pioneering research work on DNS security. Kaminsky was 42.

< <https://www.securityweek.com/security-researcher-dan-kaminsky-passes-away> https://www.securityweek.com/security-researcher-dan-kaminsky-passes-away>

 

The cybersecurity researcher Dan Kaminsky has died

The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death are not known, but it does not matter. Dan has left us an immense emptiness, the silence after his death is deafening.

< <https://securityaffairs.co/wordpress/117185/breaking-news/dan-kaminsky-has-died.html> https://securityaffairs.co/wordpress/117185/breaking-news/dan-kaminsky-has-died.html>

 

Computer security world in mourning over death of Dan Kaminsky, aged 42

Celebrated information security researcher Dan Kaminsky, known not just for his technical ability but also for his compassion and support for those in his industry, has died. He was 42.

< <https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/> https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/>

 

**********************

INTERNET OF THINGS

**********************

GCHQ chief warns of tech 'moment of reckoning'

The West is faced with a "moment of reckoning" when it comes to technology and security, the head of intelligence agency GCHQ has told the BBC. Jeremy Fleming said there was a risk that key technologies on which we rely will no longer be shaped by the West. "We have to keep evolving our approach if we're going to keep up," he said of the growing challenge from China. So-called smart cities, which will collect large amounts of data, are just one example, he added.

< <https://www.bbc.com/news/technology-56851558> https://www.bbc.com/news/technology-56851558>

 

The EU Regulation of the Data-Driven Economy by Bjorn Lundqvist [Faculty of Law, Stockholm University Research Paper]

Abstract: Powerful platforms that ‘hoard’ data in ecosystems, prevents the possibility to access or port data, or restrict interoperability may risk violating competition law. However, the general doctrine for triggering the refusal to supply abuse under Article 102 TFEU sets high thresholds. Moreover, competition law cannot be the basis for a general rights scheme, which is very well needed in the upcoming Internet of Things paradigm. Indeed, competition law does not suffice to overcome the anticompetitive effects of access to data is limited.

< <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3830058> https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3830058>

 

Smart Cities: A Survey on New Developments, Trends, and Opportunities by Seyed Mahdi Bohloul [Journal of Industrial Integration and Management]

Abstract: The continued growth of the population in urban areas has called for smarter cities for the 21st century. While great progress has been made in the last two decades in this regard, remained challenges faced by city planners have forced them to pursue an alternative version of smart cities. Recent advancements in several technological areas like 5G communications, blockchain, and virtual/augmented reality have facilitated this process. This paper aims at providing a review of the definitions and components of current smart cities. It also discusses new developments, recent trends, and business opportunities.

< <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3819692> https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3819692>

 

How the Internet of Things is Shifting the Digital Age

The Internet of Things (IoT) is driving significant and impactful change in the digital age across verticals markets. While IoT devices can be found throughout our homes—to listen to music, turn on lights or even cook a meal— the number of IoT devices that are being deployed across industrial environments is also growing simultaneously. IoT has become seemingly essential to create efficiencies and improve lives globally, and with this comes the need for organizations to pivot and adapt to technological advances to stay relevant, competitive, and effective.

< <https://www.rtinsights.com/how-the-internet-of-things-is-shifting-the-digital-age/> https://www.rtinsights.com/how-the-internet-of-things-is-shifting-the-digital-age/>

 

The Internet of Things Is Finally Mainstream

You can tell something's become a mainstream topic when a lot of people complain about it or express their fears regarding it. One need only conduct a quick Google search for the terms "vaccine," "5G" or "Game of Thrones' final episode" for proof of that. The more people become aware of a topic, the more they find reasons to be angry about it—even if, in the case of vaccines and 5G, their ire is irrational and based on fearmongering rather than on any inherent problems with the actual innovations. (When it comes to the Game of Thrones finale, you can decide for yourself.)

< <https://www.rfidjournal.com/the-internet-of-things-is-finally-mainstream> https://www.rfidjournal.com/the-internet-of-things-is-finally-mainstream>

 

Smart cities to fuel growth of Asia-Pacific IoT market

Smart cities spending is expected to propel growth of Asia-Pacific’s Internet of Things (IoT) market to reach nearly $437bn in revenue by 2026, new analysis finds.

< <https://www.smartcitiesworld.net/news/news/smart-cities-to-fuel-growth-of-asia-pacific-iot-market-6336> https://www.smartcitiesworld.net/news/news/smart-cities-to-fuel-growth-of-asia-pacific-iot-market-6336>

 

FIDO Announces New Security Standard for IoT Devices

A new security standard for Internet of Things (IoT) devices has been developed by the FIDO Alliance. The open industry association said the move will help address the security, cost and complexity challenges involved in deploying IoT devices at scale, thereby unlocking the potential of IoT technology for industrial use.

< <https://www.infosecurity-magazine.com/news/fido-security-standard-iot/> https://www.infosecurity-magazine.com/news/fido-security-standard-iot/>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

Firefox 88 Released With FTP Support Disabled, Support For JavaScript In PDFs

Firefox 88.0 is out today as the latest version of Mozilla's web browser. In addition to beginning the QUIC and HTTP/3 roll-out, Firefox 88 has a number of other improvements in tow.

< <https://www.phoronix.com/scan.php?page=news_item&px=Firefox-88-Released> https://www.phoronix.com/scan.php?page=news_item&px=Firefox-88-Released>

 

Telecom the Top DDoS Target of Q1, Cloudflare Reports

... Finally, QUIC is a relatively new protocol that employs encryption by default. According to Cloudflare, attackers were able to mimic version negotiation packets by spoofing the IP address in order to overwhelm the client.

< <https://www.sdxcentral.com/articles/news/telecom-the-top-ddos-target-of-q1-cloudflare-reports/2021/04/> https://www.sdxcentral.com/articles/news/telecom-the-top-ddos-target-of-q1-cloudflare-reports/2021/04/>

 

Telecoms industry facing increased DDoS attacks, report warns

... Another trend Cloudflare continues to see in 2021 is “the continued use of the new QUIC protocol for attacks,” Cloudflare CTO John Graham-Cumming told The Daily Swig.

< <https://portswigger.net/daily-swig/telecoms-industry-facing-increased-ddos-attacks-report-warns> https://portswigger.net/daily-swig/telecoms-industry-facing-increased-ddos-attacks-report-warns>

 

Mozilla Firefox 88: Browser unterstützt erstmals QUIC und HTTP/3 [Mozilla Firefox 88: Browser supports QUIC and HTTP/3 for the first time]

Mit dem zeitnah erwarteten Firefox 88 unterstützt der freie Browser von Mozilla erstmals das experimentelle Netzwerkprotokoll QUIC auf Basis von UDP und die dritte Version des Hypertext-Übertragungsprotokolls HTTP/3. Bis spätestens Ende Mai soll der Rollout abgeschlossen und die Funktionen für alle Nutzer freigeschaltet sein.

< <https://www.computerbase.de/2021-04/mozilla-firefox-88-browser-unterstuetzt-erstmals-quic-und-http-3/> https://www.computerbase.de/2021-04/mozilla-firefox-88-browser-unterstuetzt-erstmals-quic-und-http-3/>

 

Firefox 89 Beta lançado com mudanças na interface do usuário [Firefox 89 Beta released with UI changes]

... O Firefox 88.0 foi lançado como a versão mais recente do navegador Mozilla. Além de iniciar a implementação do QUIC e HTTP/3, o Firefox 88 tem uma série de outras melhorias a reboque. ... O Firefox 88.0 foi lançado como a versão mais recente do navegador Mozilla. Além de iniciar a implementação do QUIC e HTTP/3, o Firefox 88 tem uma série de outras melhorias a reboque.

< <https://sempreupdate.com.br/firefox-89-beta-lancado-com-mudancas-na-interface-do-usuario/> https://sempreupdate.com.br/firefox-89-beta-lancado-com-mudancas-na-interface-do-usuario/>

 

Firefox: il nuovo supporto HTTPS/3 [Firefox: the new HTTPS/3 support]

La nuova versione di Firefox, la numero 88, prevedrà l’introduzione del supporto per HTTPS/3 e QUIC.

< <https://sicurezza.net/software/firefox-nuovo-supporto-https-3> https://sicurezza.net/software/firefox-nuovo-supporto-https-3>

 

Firefox Nightly和Beta預設啟用QUIC與HTTP/3 [Firefox Nightly and Beta enable QUIC and HTTP/3 by default]

Mozilla宣布在最新的Firefox Nightly和Beta版本中,開始預設啟用QUIC和HTTP/3支援,並且也預計在Firefox 88穩定版中啟用,因此約在5月底的時候,HTTP/3將在Firefox中全面可用。

< <https://www.ithome.com.tw/news/143927> https://www.ithome.com.tw/news/143927>

 

通信プロトコル「QUIC」&「HTTP/3」をFirefox BetaとFirefox Nightlyでもサポート開始 [Firefox Beta and Firefox Nightly also support quic and HTTP/3 communication protocols]

Firefoxのテスト段階の機能を導入しているバージョン「Firefox Beta」および「Firefox Nightly」において、QUICおよびHTTP/3がサポートされるようになりました。

< <https://gigazine.net/news/20210420-quic-http3-firefox-beta/> https://gigazine.net/news/20210420-quic-http3-firefox-beta/>

 

Mozilla、プレビュー版「Firefox」で「HTTP/3」「QUIC」のサポートを開始 [Mozilla Starts Supporting HTTP/3 and QUIC in Firefox Preview]

Mozillaは4月16日(米国時間)、「HTTP/3」「QUIC」のサポートをプレビュー版「Firefox」で開始したと発表した。「Firefox Nightly」と「Firefox Beta」ではすでにデフォルト有効化されている。安定版になったばかりの「Firefox 88」でも段階的に展開を開始し、5月末までにデフォルトで利用できるようにする考えだ。

< <https://news.yahoo.co.jp/articles/e191de292cb0b5890c6e8dfc812c0de01dc4ee76> https://news.yahoo.co.jp/articles/e191de292cb0b5890c6e8dfc812c0de01dc4ee76>

 

**********************

OTHERWISE NOTEWORTHY

**********************

Minutes before Trump left office, millions of the Pentagon’s dormant IP addresses sprang to life

After decades of not using a huge chunk of the Internet, the Pentagon has given control of millions of computer addresses to a previously unknown company in an effort to identify possible cyber vulnerabilities and threats

< <https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/> https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/>

 

The Mystery of AS8003

On January 20, 2021, a great mystery appeared in the internet’s global routing table. An entity that hadn’t been heard from in over a decade began announcing large swaths of formerly unused IPv4 address space belonging to the U.S. Department of Defense. Registered as GRS-DoD, AS8003 began announcing 11.0.0.0/8 among other large DoD IPv4 ranges.

< <https://www.kentik.com/blog/the-mystery-of-as8003/> https://www.kentik.com/blog/the-mystery-of-as8003/>

 

How might we build a new internet? Industry experts offer their thoughts on what Internet 2.0 might look like.

In this edition of the Controversial Question series, we asked our panel of experts how they might go about building an entire new internet, learning from all the mistakes made in the construction and maintenance of the one we have right now. This is the question we posed:

< <https://itwire.com/networking/how-might-we-build-a-new-internet.html> https://itwire.com/networking/how-might-we-build-a-new-internet.html>

 

China starts large-scale testing of its internet of the future

China launched a large-scale experimental network in Beijing on Tuesday to test the future of internet technology over the next five to 10 years. Headquartered at Tsinghua University, the "future internet technology infrastructure" connects 40 of the country's leading research universities with huge bandwidth and far lower latency than the existing internet, according to state news agency Xinhua.

< <https://www.scmp.com/news/china/science/article/3130338/china-starts-large-scale-testing-its-internet-future> https://www.scmp.com/news/china/science/article/3130338/china-starts-large-scale-testing-its-internet-future>

< <https://www.bangkokpost.com/tech/2103251/china-starts-large-scale-testing-of-its-internet-of-the-future> https://www.bangkokpost.com/tech/2103251/china-starts-large-scale-testing-of-its-internet-of-the-future>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home