[Newsclips] IETF SYN-ACK Newspack 2022-04-04

[David Goldstein <david@goldsteinreport.com>]

The IETF SYN-ACK Newspack collects IETF-related items from a variety of news outlets and other online publications. They do not represent the views of the IETF and are not checked for factual accuracy.

 

**********************

IETF IN THE NEWS

**********************

Does email verification hurt privacy? One of The Post’s experts believes the technology he used to verify emails purportedly from Hunter Biden laptop is a threat to privacy

The kind of forensic examination that security experts conducted on data purportedly from the laptop computer of Hunter Biden, at The Washington Post’s request, can help establish the authenticity of emails. But it also creates privacy risks that could be prevented, said Matt Green, one of the experts. ... Google said making such changes have to be done in an industry-wide way. “We’re working with standards bodies, like IETF, and other email providers to enhance these standards. These changes cannot be performed unilaterally and require an industry shift to ensure that the security of email is not compromised,” said Google spokesperson Kaylin Trychon, referring to the Internet Engineering Task Force, an organization that helps set tech standards.

< <https://www.washingtonpost.com/technology/2022/03/30/laptop-cryptographic-markers-email/> https://www.washingtonpost.com/technology/2022/03/30/laptop-cryptographic-markers-email/>

< <https://www.msn.com/en-us/news/technology/does-email-verification-hurt-privacy/ar-AAVFHGm> https://www.msn.com/en-us/news/technology/does-email-verification-hurt-privacy/ar-AAVFHGm>

 

DNS topics at IETF 113

The IETF met in a hybrid format in March 2022. Here are my impressions from the DNS-related Working Group sessions during the week.

< <https://www.potaroo.net/ispcol/2022-03/ietf113-dns.html> https://www.potaroo.net/ispcol/2022-03/ietf113-dns.html>

< <https://blog.apnic.net/2022/03/28/dns-topics-at-ietf-113/> https://blog.apnic.net/2022/03/28/dns-topics-at-ietf-113/>

 

The fragility of transient identifiers

During IETF 113, my eye was drawn to a review draft exploring a problem space in the the Internet Research Task Force (IRTF): The ‘Unfortunate History of Transient Numeric Identifiers’ (draft-irtf-pearg-numeric-ids-history). The IRTF tends to have a long-term outlook exploring the edge cases of the Internet that led to work inside the IETF. It has working groups for different areas of research, and this draft is a product of the Privacy Enhancements and Assessments Research Group (PEARG).

< <https://blog.apnic.net/2022/04/01/fragility-of-transient-identifiers/> https://blog.apnic.net/2022/04/01/fragility-of-transient-identifiers/>

 

Do You Know OSI?

... Research has demonstrated that the current method of detecting congestion isn’t working well for TCP. It’s true that it detects congestion and retransmits lost segments. But, it also adds significant delay to delivery of the segments. Additionally, its adjustment to congestion is slow. Often dozens or hundreds of packets are dropped, when only one would signal the congested situation. As a result, major players on the IT side have introduced technologies to try to avoid TCP’s problems. A few, including TCP BBR, Google’s QUIC and the active queue management techniques proposed within the IETF.

< <https://www.avnetwork.com/features/do-you-know-osi> https://www.avnetwork.com/features/do-you-know-osi>

 

What is SSL? How SSL certificates enable encrypted communication

... When the next version of the protocol was released in 1999, it was standardized by the Internet Engineering Task Force (IETF) and given a new name: Transport Layer Security, or TLS. As the TLS specification notes, "the differences this protocol and SSL 3.0 are not dramatic." Thus, it's not really a matter of TLS vs. SSL; rather, the two form a continuously updated series of protocols, and are often lumped together as SSL/TLS.

< <https://www.csoonline.com/article/3246212/what-is-ssl-how-ssl-certificates-enable-encrypted-communication.html> https://www.csoonline.com/article/3246212/what-is-ssl-how-ssl-certificates-enable-encrypted-communication.html>

 

IIESoc and INTC to organize the Connections 2022 - a post-IETF Forum online [news release]

India Internet Engineering Society (IIESoc) & Industry Network Technology Council (INTC) will be organizing the 5th iteration of Connections as a joint India-US fully online event on April 2-8, 2022. ... Connections is an annual event to get protocol developers, enterprises, academicians, and network operators together on the same platform to discuss the latest problems facing the internet and the solutions relevant to them. The event includes discussions on network deployments, operations, and the design of networks and protocols. The aim is also to educate and prepare new members for Internet Engineering Task Force (IETF) involvement from underserved geographies and constituencies. This aligns well with the IIESoc's mission which is focused on bridging the gap between India and the internet standards whereas the INTC's mission is focused on the impact of internet standards and technologies in the traditional "Brick-n-Mortar" Enterprise networks.

< <https://www.business-standard.com/content/press-releases-ani/iiesoc-and-intc-to-organize-the-connections-2022-a-post-ietf-forum-online-122032901561_1.html> https://www.business-standard.com/content/press-releases-ani/iiesoc-and-intc-to-organize-the-connections-2022-a-post-ietf-forum-online-122032901561_1.html>

< <https://www.aninews.in/news/business/business/iiesoc-and-intc-to-organize-the-connections-2022-a-post-ietf-forum-online20220329203305/> https://www.aninews.in/news/business/business/iiesoc-and-intc-to-organize-the-connections-2022-a-post-ietf-forum-online20220329203305/>

 

Authorities And Corporate IT Must Wise Up To Imminency Of IP Issues

... Fortunately, the tech community has long been wise to the limitations of IPv4 and as far back as 1998, the Internet Engineering Task Force (IETF) created IPv6. By switching to a 128-bit addressing system, the new technology is capable of supporting 340 undecillion (or 340 trillion trillion trillion) IP addresses, which should satisfy global demand for the foreseeable future. As well as its increased capacity, IPv6 also carries impressive performance, efficiency and security benefits in comparison to its predecessor.

< <https://techround.co.uk/business/authorities-corporate-imminency-ip-issues/> https://techround.co.uk/business/authorities-corporate-imminency-ip-issues/>

 

Entrust helps enterprises prepare now for post Quantum Security journey with new PQ testing and development solutions [news release]

Entrust, a leading provider of trusted identities, payments, and data protection solutions, has announced four new solutions aimed at helping organisations prepare for the security challenges and opportunities presented by quantum computers. ... “Entrust is at the forefront of post quantum cryptography. We are participating members of the Internet Engineering Task Force (IETF), and we are also participants in the NIST PQ competition. Through growth initiatives and investment in solutions like those announced today, we are helping our customers today to prepare for tomorrow.”

< <https://itwire.com/guest-articles/company-news/entrust-helps-enterprises-prepare-now-for-post-quantum-security-journey-with-new-pq-testing-and-development-solutions.html> https://itwire.com/guest-articles/company-news/entrust-helps-enterprises-prepare-now-for-post-quantum-security-journey-with-new-pq-testing-and-development-solutions.html>

 

Entrust secures against quantum threats with latest offerings

... "Entrust is at the forefront of post quantum cryptography. We are participating members of the Internet Engineering Task Force (IETF), and we are also participants in the NIST PQ competition. Through growth initiatives and investment in solutions like those announced today, we are helping our customers today to prepare for tomorrow.”

< <https://itbrief.com.au/story/entrust-secures-against-quantum-threats-with-latest-offerings> https://itbrief.com.au/story/entrust-secures-against-quantum-threats-with-latest-offerings>

 

Why post-quantum cryptography is a key security differentiator

Post-quantum (PQ) cryptography is the development of new cryptographic approaches that can be implemented using today’s computers but will be impervious to attacks from tomorrow’s quantum ones. ... “Entrust is at the forefront of post-quantum cryptography. We are participating members of the Internet Engineering Task Force (IETF), and we are also participants in the NIST PQ competition,” commented Parhar. “Through growth initiatives and investment in solutions like those announced today, we are helping our customers today to prepare for tomorrow.”

< <https://techhq.com/2022/03/why-post-quantum-cryptography-is-a-key-security-differentiator/> https://techhq.com/2022/03/why-post-quantum-cryptography-is-a-key-security-differentiator/>

 

Entrust on the future of a post-quantum security landscape

Quantum computing is expected to disrupt encryption based cryptographic defense by 2030, according to IT security specialists Entrust. ... Entrust are at the forefront of post-quantum cryptography as participating members of the IETF, and participants in the NIST PQ Competition. They have only draft for dual mode that’s being looked at.

< <https://technologymagazine.com/cloud-and-cybersecurity/Entrust-on-the-future-of-a-post-quantum-security-landscape> https://technologymagazine.com/cloud-and-cybersecurity/Entrust-on-the-future-of-a-post-quantum-security-landscape>

 

Internet-Sicherheit: Anschubhilfe für DNSSEC [Internet Security: DNSSEC Start-up Aid]

Auf dem 113. Treffen der Internet Engineering Task Force (IETF) in Wien landete auf dem Tisch der Arbeitsgruppe "DNS Operations" ein Vorschlag, der der Sicherheitstechnik DNSSEC zu mehr Verbreitung verhelfen soll.

< <https://www.heise.de/news/Internet-Sicherheit-Anschubhilfe-fuer-DNSSEC-6654069.html> https://www.heise.de/news/Internet-Sicherheit-Anschubhilfe-fuer-DNSSEC-6654069.html>

 

Wie Captchas ins Internet kamen [How captchas got on the Internet]

... Um im Internet Webseiten zu finden, braucht es im Hintergrund Adressbücher. Sie übersetzen die Domainnamen in Zahlencodes. Ein Teil dieser Adressbücher ist in privater Hand, etwa jener von Google. Um sich unabhängier zu machen und die europäischen Datenschutzstandards zu garantieren, möchte die EU ein eigenes Adressbuch-System namens "DNS4EU" aufbauen. 80 Millionen sollen in die Ausschreibung fließen. Bei der dieswöchigen 113. Konferenz der Internet Engineering Taskforce IETF - einer geschichtsträchtigen Organisation, die über die Standards im Internet wacht, hat Mariann Unterluggauer nachgefragt, wie sinnvoll dieses Vorhaben ist.

< <https://oe1.orf.at/programm/20220325/672596/Wie-Captchas-ins-Internet-kamen> https://oe1.orf.at/programm/20220325/672596/Wie-Captchas-ins-Internet-kamen>

 

Come i certificati SSL e TLS consentono la comunicazione crittografata [How SSL and TLS certificates enable encrypted communication]

... Quando la versione successiva del protocollo è stata rilasciata nel 1999, è stata standardizzata dall’Internet Engineering Task Force (IETF) e gli è stato assegnato un nuovo nome: Transport Layer Security o TLS. Come osserva la specifica TLS, “le differenze tra questo protocollo e SSL 3.0 non sono molto significative”. Pertanto, non è davvero una questione di TLS e SSL; piuttosto, i due formano una serie di protocolli continuamente aggiornati e sono spesso raggruppati insieme come SSL/TLS.

< <https://www.cwi.it/internet-e-business/come-certificati-ssl-e-tls-consentono-la-comunicazione-crittografata-145173> https://www.cwi.it/internet-e-business/come-certificati-ssl-e-tls-consentono-la-comunicazione-crittografata-145173>

 

Il protocollo IPv6 per accelerare la trasformazione digitale: come recuperare il gap [IPv6 to accelerate digital transformation: how to catch up]

... . Si è discusso di come l’utilizzo dell’IPv6 possa garantire la possibilità per nuovi investitori di entrare sul mercato dei servizi delle comunicazioni grazie all’enorme disponibilità di indirizzi IPv6, al contrario degli IPv4 da tempo esauriti e disponibili sul mercato secondario con un costo elevato (50$ per ciascun indirizzo) o di come l’utilizzo di altri protocolli IETF per indirizzare modelli di business avanzati, quali l’SRv6, porterebbero benefici a settori quali quello finanziario, manifatturiero, sanitario e della pubblica amministrazione.

< <https://www.agendadigitale.eu/infrastrutture/il-protocollo-ipv6-per-accelerare-la-trasformazione-digitale-come-recuperare-il-gap/> https://www.agendadigitale.eu/infrastrutture/il-protocollo-ipv6-per-accelerare-la-trasformazione-digitale-come-recuperare-il-gap/>

 

Doğrulama teknolojisi, onu kullananlar arasında bile tartışmalı [Verification technology is controversial even among those who use it]

... “Bu standartları iyileştirmek için IETF ve diğer e-posta sağlayıcıları gibi standardizasyon kuruluşlarıyla birlikte çalışıyoruz. Google sözcüsü Kaylin Trychon, teknik standartların belirlenmesine yardımcı olan bir kuruluş olan İnternet Mühendisliği Görev Gücü’ne atıfta bulunarak, bu değişiklikler tek taraflı olarak yapılamaz ve e-posta güvenliğinin tehlikeye atılmamasını sağlamak için bir endüstri değişikliği gerektirecektir” dedi.

< <https://zamanbelcika.be/teknoloji/dogrulama-teknolojisi-onu-kullananlar-arasinda-bile-tartismali/23380/> https://zamanbelcika.be/teknoloji/dogrulama-teknolojisi-onu-kullananlar-arasinda-bile-tartismali/23380/>

 

[April Fools] IETF ออกเอกสาร RFC9225 เตือนโปรแกรมเมอร์อย่าสร้างบั๊ก [[April Fools] IETF releases RFC9225 document warning programmers not to create bugs]

IETF ออกเอกสาร RFC9225 เตือนถึงอันตรายของบั๊กในซอฟต์แวร์และเรียกร้องให้โปรแกรมเมอร์อย่าสร้างบั๊ก พร้อมกับอธิบายถึงเหตุการณ์ที่บั๊กในซอฟต์แวร์สร้างความเสียหายได้เป็นวงกว้างหลายครั้ง เช่น จรวด ARIANE ยิงไม่สำเร็จเพราะบั๊กแปลงตัวเลขทศนิยมเป็นเลขจำนวนเต็ม หรือระบบเตือนขีปนาวุธของรัสเซียเคยจรวจจับเมฆแล้วคิดว่าเป็นขีปนาวุธ

< <https://www.blognone.com/node/127893> https://www.blognone.com/node/127893>

 

ഐപിവി 6: ഇന്റര്‍നെറ്റ്‌ മേല്‍വിലാസങ്ങളില്‍ മുന്‍പേ പറന്ന്‌ ഇന്ത്യ [IPV 6: India flies ahead of internet addresses]

< <https://www.mangalam.com/news/detail/555201-opinion.html> https://www.mangalam.com/news/detail/555201-opinion.html>

 

李星：IPv6单栈互联网交换中心的思考 [Li Xing: Reflections on the IPv6 Single-Stack Internet Exchange]

从历史上看，早期互联网其实没有交换中心，因为只有一个骨干网，即美国国家科学基金网（NSFNET）。然而，自1995年起，随着互联网逐渐走向商业化，世界上出现了多个主干网。开始时，各主干网之间虽有某种形式的互联，但往往没有形成最佳路径。为了加速流量交换，逐渐衍生出了互联网交换中心。 ... 作为这方面标准的无状态IPv4/IPv6翻译过渡技术（IVI）是由清华大学首先提出，并成为了IETF标准（如下图）。

< <https://www.edu.cn/xxh/zhuan_jia_zhuan_lan/lx/202204/t20220402_2218623.shtml> https://www.edu.cn/xxh/zhuan_jia_zhuan_lan/lx/202204/t20220402_2218623.shtml>

 

ソフトバンクのBeyond 5Gを見据えた新たなネットワーク「SRv6 MUP」は何がすごいのか？　担当者に聞いた [What's amazing about SoftBank's new SRv6 MUP network with an eye on Beam 5G?　I asked the person in charge.]

... また、「IETF」（The Internet Engineering Task Force、インターネットの標準化団体）や「3GPP」（Third Generation Partnership Project、携帯ネットワークの標準化プロジェクト）といった国際機関の標準化へ取り組んでいる。

< <https://k-tai.watch.impress.co.jp/docs/news/1399956.html> https://k-tai.watch.impress.co.jp/docs/news/1399956.html>

 

**********************

SECURITY & PRIVACY

**********************

DNS Tunneling and DNS Spoofing: How Federal Agencies Can Mount a Defense

The Office of Management and Budget’s final guidance on agencies’ shift to zero-trust architectures for cybersecurity, released in January, contained a few notable updates from the draft guidance issued in 2021.

< <https://fedtechmagazine.com/article/2022/03/dns-tunneling-and-dns-spoofing-how-federal-agencies-can-mount-defense-perfcon> https://fedtechmagazine.com/article/2022/03/dns-tunneling-and-dns-spoofing-how-federal-agencies-can-mount-defense-perfcon>

 

White House starts the clock on zero trust adoption

The White House has released the federal zero trust architecture strategy, a government-wide plan for all agencies to better manage cyber risks and improve protections while meeting specific security goals and standards by the end of fiscal year 2024.

< <https://fcw.com/security/2022/01/white-house-starts-clock-zero-trust-adoption/361192/> https://fcw.com/security/2022/01/white-house-starts-clock-zero-trust-adoption/361192/>

 

Microsoft says we have one chance to plug the security holes of the metaverse

Tech giant Microsoft has called on the stakeholders in the metaverse industry to work together to ensure that this new upcoming technology does not fall prey to well-known issues that plague the internet. Last year, when Facebook announced its intent to switch to building the metaverse, many flagged the issues the social media platform had not resolved and were concerned that they would be carried into the metaverse.

< <https://interestingengineering.com/microsoft-says-we-have-one-chance-to-plug-the-security-holes-of-the-metaverse> https://interestingengineering.com/microsoft-says-we-have-one-chance-to-plug-the-security-holes-of-the-metaverse>

 

The metaverse is coming. Here are the cornerstones for securing it.

Some new experiences using headsets and mixed reality will be in your face – quite literally – but other implications will be harder to spot. As with all new categories, we’ll see intended and unintended innovations and experiences, and the security stakes will be higher than we imagine at first.

< <https://blogs.microsoft.com/blog/2022/03/28/the-metaverse-is-coming-here-are-the-cornerstones-for-securing-it/> https://blogs.microsoft.com/blog/2022/03/28/the-metaverse-is-coming-here-are-the-cornerstones-for-securing-it/>

 

CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices

Threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices, typically via default username and password combinations, the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) warned this week in a joint alert.

< <https://www.darkreading.com/vulnerabilities-threats/cisa-doe-warn-of-attacks-on-uninterruptible-power-supply-ups-devices> https://www.darkreading.com/vulnerabilities-threats/cisa-doe-warn-of-attacks-on-uninterruptible-power-supply-ups-devices>

 

CISA, FBI and DOE Publish Advisory With Historical Cyber Activity Used by Indicted Russian State-Sponsored Actors

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) published a joint Cybersecurity Advisory today with information on multiple intrusion campaigns targeting U.S. and international energy sector organizations conducted by indicted Russian state-sponsored cyber actors from 2011 to 2018. In conjunction with the U.S. Department of Justice unsealed indictments today, this advisory provides the technical details of a global energy sector intrusion campaign using Havex malware, and the compromise of a Middle East-based energy sector organization using TRITON malware.

< <https://www.cisa.gov/news/2022/03/24/cisa-fbi-and-doe-publish-advisory-historical-cyber-activity-used-indicted-russian> https://www.cisa.gov/news/2022/03/24/cisa-fbi-and-doe-publish-advisory-historical-cyber-activity-used-indicted-russian>

 

How to: Detect and prevent common data exfiltration attacks

Data exfiltration is a technique used by malicious actors to carry out an unauthorized data transfer from a computer resource. Data exfiltration can be done remotely or locally and can be difficult to detect from normal network traffic.

< <https://blog.apnic.net/2022/03/31/how-to-detect-and-prevent-common-data-exfiltration-attacks/> https://blog.apnic.net/2022/03/31/how-to-detect-and-prevent-common-data-exfiltration-attacks/>

 

**********************

INTERNET OF THINGS

**********************

IoT comes of age | Podcast

McKinsey research shows that adoption of IoT technologies has increased exponentially the past five years—but successful implementation still eludes some. Here’s how to get it right.

< <https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/iot-comes-of-age> https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/iot-comes-of-age>

 

Interview: Laying the foundation to accelerate the enterprise IoT journey

Wienke Giezeman is building and serving an IoT ecosystem by offering open-source tools and a “workbench” on which to build solutions.

< <https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/laying-the-foundation-to-accelerate-the-enterprise-iot-journey> https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/laying-the-foundation-to-accelerate-the-enterprise-iot-journey>

 

A manufacturer’s guide to scaling Industrial IoT

By integrating the business, the organization, and technology, manufacturing leaders can position their organizations to reap the full benefits of Industrial IoT.

< <https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/a-manufacturers-guide-to-generating-value-at-scale-with-industrial-iot> https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/a-manufacturers-guide-to-generating-value-at-scale-with-industrial-iot>

 

IoT value set to accelerate through 2030: Where and how to capture it | Report

New research shows that the Internet of Things offers significant economic value potential, particularly in standardized production settings, but companies must achieve scale to capture it.

< <https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/iot-value-set-to-accelerate-through-2030-where-and-how-to-capture-it> https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/iot-value-set-to-accelerate-through-2030-where-and-how-to-capture-it>

 

Building the Future of Smart Home Security: Engineers must invent new technology to enhance security products’ abilities: sponsored by SimpliSafe

It’s nearly impossible to find a household today that doesn’t have at least one connected smart home device installed. >From video doorbells to robot vacuums, automated lighting, and voice assistants, smart home technology has invaded consumers’ homes and shows no sign of disappearing anytime soon.

< <https://spectrum.ieee.org/smart-home-security> https://spectrum.ieee.org/smart-home-security>

 

European cities leverage data for safer and smarter roads

As cities bounce back from COVID-19 and traffic returns, transport leaders are looking to incorporate new tools to improve the safety and efficiency of services. In the UK, Transport for London (TfL) has teamed up with Mercedes-Benz AG to develop a road safety dashboard that has the potential to identify higher risk locations before accidents happen.

< <https://www.itu.int/hub/2022/03/road-safety-data-europe-cities-today/> https://www.itu.int/hub/2022/03/road-safety-data-europe-cities-today/>

 

au: Regulating to Protect Security & Privacy in the Internet of Things (IoT): Draft Report

Abstract: This is a draft report from the ACCAN funded-project, “Regulating to Protect Security & Privacy in the Internet of Things (IoT)”. This report is intended for the purpose of consultation. The report analyses legal issues relating to data security, consumer protection and privacy of consumer IoT devices for the home. It incorporates 25 recommendations for law reform in Australia.

< <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4052068> https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4052068>

 

**********************

NEW TRANSPORT PROTOCOLS

**********************

A first look at DNS over QUIC

DNS over QUIC (DoQ) is currently being standardized within the DNS PRIVate Exchange IETF working group. The design goal is to provide DNS privacy with minimum latency, for which DoQ uses QUIC as the underlying transport protocol.

< <https://blog.apnic.net/2022/03/29/a-first-look-at-dns-over-quic/> https://blog.apnic.net/2022/03/29/a-first-look-at-dns-over-quic/>

 

Q6 TCP/IPの後継技術は？ [Q6 What is the successor technology for TCP/IP?]

アプリケーションの高度化やデータ通信量の増加に対応するため、TCP/IPの後継となる技術の検討も始まっている。その代表格が「QUIC▼」というプロトコルだ。TCPに取って代わる可能性があるとして注目されている。QUICは、米グーグルが自社のWebサービスで大量のアクセスを高速に処理するために開発した独自プロトコルをベースにしている。同社はこのプロトコルを2015年にIETF▼へ提出。その後、TLS▼の機能を取り込み、HTTP以外にも使えるようにするなどの変更を加えて標準化へと至った（図6-1）。 

< <https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/031400131/031400006/> https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/031400131/031400006/>

 

《全球DDoS攻击现状与趋势分析报告》2022年发布 [The Global DDoS Attack Status and Trend Analysis Report will be released in 2022]

... 《报告》认为，近三年来，针对关键基础设施领域的DDoS攻击多伴有政治色彩，攻击的组织化、规模化趋势愈发明显，攻击规模及频率呈快速增长的态势；常态化的T级攻击、扫段攻击、针对DNS权威服务器的攻击直接危及网络基础设施安全；随着IPv6网络规模化部署，IPv6攻击威胁不容小觑；为提升攻击成功率，DDoS攻击复杂度持续攀升，出现扫段叠加脉冲的新型攻击手法；针对APP、API的攻击增多，加密CC常态化，低频CC和高频CC混用；随着QUIC协议标准化，假冒QUIC的T级攻击异常活跃。

< <https://tech.huanqiu.com/article/47QnUnyoxce> https://tech.huanqiu.com/article/47QnUnyoxce>

 

**********************

OTHERWISE NOTEWORTHY

**********************

UK spy boss warns China hopes Russia will help it take over tech standards

The director of UK intelligence agency Government Communications Headquarters (GCHQ), Sir Jeremy Fleming, has warned that China is trying to introduce "undemocratic values as the default for vast swathes of future tech and the standards that govern it."

< <https://www.theregister.com/2022/03/31/gchq_sir_jeremy_fleming_speech/> https://www.theregister.com/2022/03/31/gchq_sir_jeremy_fleming_speech/>

 

Turing Award Won by Programmer Who Paved Way for Supercomputers

In the late 1970s, as a young researcher at Argonne National Laboratory outside Chicago, Jack Dongarra helped write computer code called Linpack.

< <https://www.nytimes.com/2022/03/30/technology/turing-award-jack-dongarra.html> https://www.nytimes.com/2022/03/30/technology/turing-award-jack-dongarra.html>

 

W3C CEO letter for Web 33rd anniversary

Quote from Tim Berners-Lee: the Web is humanity connected by technology The web turned 33 last week. In March 1989, while at CERN, our Director Sir Tim Berners-Lee wrote “Information Management: A Proposal”. Tim’s memo, which outlined the World Wide Web, was about to revolutionize communication around the globe for generations and decades to come.

< <https://www.w3.org/blog/news/archives/9472> https://www.w3.org/blog/news/archives/9472>

 

Some Twitter traffic briefly funneled through Russian ISP, thanks to BGP mishap

Some Internet traffic in and out of Twitter on Monday was briefly funneled through Russia after a major ISP in that country misconfigured the Internet's routing table, network monitoring services said.

< <https://arstechnica.com/information-technology/2022/03/absence-of-malice-russian-isps-hijacking-of-twitter-ips-appears-to-be-a-goof/> https://arstechnica.com/information-technology/2022/03/absence-of-malice-russian-isps-hijacking-of-twitter-ips-appears-to-be-a-goof/>

 

Closing Off the Internet Won’t Silence Governments, But It Will Silence Everyone Else by Ted Hardie, Chair, Internet Society Board of Trustees

It is somewhat unusual to begin one of our meetings with an opening statement by the chair, rather than the usual welcome. These are, however, not usual times, and I believe I would be remiss if I did not address the current situation directly, as it has direct impacts on the Internet, our colleagues, and our way forward.

< <https://www.internetsociety.org/blog/2022/03/closing-off-the-internet-wont-silence-governments-but-it-will-silence-everyone-else/> https://www.internetsociety.org/blog/2022/03/closing-off-the-internet-wont-silence-governments-but-it-will-silence-everyone-else/>

 

Russia Inches Toward Its Splinternet Dream

Russian Twitter users noticed something strange when they tried to access the service on March 4: They couldn’t. For the previous six days, anyone trying to access Twitter from within Russia saw their internet speed slow to a crawl, no matter how fast their connection. Then came the blackout.

< <https://www.wired.co.uk/article/russia-splinternet-censorship> https://www.wired.co.uk/article/russia-splinternet-censorship>

 

Can your research make the metaverse a reality? Submit a paper to Kaleidoscope

The concept of extended reality has captured imaginations worldwide. It has inspired blockbuster films envisioning a metaverse of enthralling virtual worlds.

< <https://www.itu.int/hub/2022/03/itu-kaleidoscope-metaverse-research/> https://www.itu.int/hub/2022/03/itu-kaleidoscope-metaverse-research/>

 

Learn Who Will Receive a “Technology Oscar” From IEEE: At the pre-event, award recipients will talk about their innovations

After two years of holding the IEEE Vision, Innovation, and Challenges Summit virtually, this year’s event is scheduled to be in person. The annual VIC summit, to be held on 6 May at the Marriott Marquis San Diego Marina, brings together technology innovators, visionaries, and disruptors to share insights on emerging technologies and discuss their potential impacts on humanity.

< <https://spectrum.ieee.org/2022-ieee-vic-summit> https://spectrum.ieee.org/2022-ieee-vic-summit>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home