26
May
2022
Security Scene: May 2022 Edition
By Adair Thaxton - Internet2 Cyberinfrastructure Security Engineer
Estimated reading time: 3 minutes
Security Scene is a monthly roundup of cybersecurity news highlights compiled by Internet2 Cyberinfrastructure Security Engineer Adair Thaxton. Adair connects recent headlines to security best practices, within the lens of the research and education community and our broader digital society. Plus, she’s got jokes!
Happy May! The students are gone now for most of you, which is always bittersweet. Traffic is lighter and it’s easier to make a dinner reservation, but the kids certainly know how to keep things interesting. Thankfully, they’ll be back before we know it.
The MANRS (opens in a new window) organization has started to send out monthly Conformance Reports (opens in a new window) with readiness scores and routing incidents for participating networks. MANRS participants, have you read your report? If not, you can log into the Observatory (opens in a new window) and check the Details tab for incidents. (Not a MANRS participant yet but want to learn more? Email manrs@internet2.edu.) Each incident includes a link to Georgia Tech’s Global Routing Intelligence Platform (opens in a new window) for more complete information. If any incidents were noted, they request that you send them some feedback about whether the incident occurred and if the associated data is correct.
NetDevOps and DevSecOps, we love you (most of the time). Have your devs tried Kubernetes Goat (opens in a new window)? It’s a vulnerable-on-purpose Kubernetes cluster on Katacoda that allows you to exploit common vulnerabilities and learn to defend against them. You can also check out common misconfigurations and assure yourself that you haven’t committed any of them. A new report out today shows that nearly 84% (opens in a new window) of the hosts scanned by Shadowserver had some form of access from the internet. It sounds like many of us could use the security checkup on those boxes!
A quick note about … QUIC! How much do you know about the protocol underlying HTTP/3? @xargsnotbombs (opens in a new window) has made an Illustrated QUIC Connection (opens in a new window) explainer, which shows information about every step of the connection process. I really appreciate that it goes in-depth about how the keys are calculated, as well as showing annotated packets. The author also has breakdowns for TLS1.3 (opens in a new window), TLS1.2 (opens in a new window), and X25519 (opens in a new window).
Finally, another entry in my ongoing subcategory of “things that may interest only me.” A handful of you knows that I have an interest in “smart farming” stories – odd, considering I dislike dirt, bugs, and sunlight, but it’s a pretty interesting field! A story in Nature Machine Intelligence (opens in a new window) (login required, here’s the summary (opens in a new window)) warns many of the technologies that have been in use for years are vulnerable to cyberattacks. Of course, everything is vulnerable to cyber attackers these days, but it has a particular resonance following recent reports about wheat supplies (opens in a new window).