Security Scene: May 2022 Edition
By Adair Thaxton - Internet2 Cyberinfrastructure Security Engineer
Security Scene is a monthly roundup of cybersecurity news highlights compiled by Internet2 Cyberinfrastructure Security Engineer Adair Thaxton. Adair connects recent headlines to security best practices, within the lens of the research and education community and our broader digital society. Plus, she’s got jokes!
Happy May! The students are gone now for most of you, which is always bittersweet. Traffic is lighter and it’s easier to make a dinner reservation, but the kids certainly know how to keep things interesting. Thankfully, they’ll be back before we know it.
The MANRS organization has started to send out monthly Conformance Reports with readiness scores and routing incidents for participating networks. MANRS participants, have you read your report? If not, you can log into the Observatory and check the Details tab for incidents. (Not a MANRS participant yet but want to learn more? Email firstname.lastname@example.org.) Each incident includes a link to Georgia Tech’s Global Routing Intelligence Platform for more complete information. If any incidents were noted, they request that you send them some feedback about whether the incident occurred and if the associated data is correct.
NetDevOps and DevSecOps, we love you (most of the time). Have your devs tried Kubernetes Goat? It’s a vulnerable-on-purpose Kubernetes cluster on Katacoda that allows you to exploit common vulnerabilities and learn to defend against them. You can also check out common misconfigurations and assure yourself that you haven’t committed any of them. A new report out today shows that nearly 84% of the hosts scanned by Shadowserver had some form of access from the internet. It sounds like many of us could use the security checkup on those boxes!
A quick note about … QUIC! How much do you know about the protocol underlying HTTP/3? @xargsnotbombs has made an Illustrated QUIC Connection explainer, which shows information about every step of the connection process. I really appreciate that it goes in-depth about how the keys are calculated, as well as showing annotated packets. The author also has breakdowns for TLS1.3, TLS1.2, and X25519.
Finally, another entry in my ongoing subcategory of “things that may interest only me.” A handful of you knows that I have an interest in “smart farming” stories – odd, considering I dislike dirt, bugs, and sunlight, but it’s a pretty interesting field! A story in Nature Machine Intelligence (login required, here’s the summary) warns many of the technologies that have been in use for years are vulnerable to cyberattacks. Of course, everything is vulnerable to cyber attackers these days, but it has a particular resonance following recent reports about wheat supplies.