Cybersecurity Newsletter, August 24 - 30
Qrator

Welcome to the regular networking and cybersecurity newsletter! This time we are taking a look at the articles and materials published between August 24 and 30, 2020.

2020 Linux Kernel History Report (And Statistics)

"With the 5.8 release tagging on August 2, 20201 , and with the merge window for 5.9 now complete, over a million commits of recorded Linux Kernel history are available to analyze from the last 29 years. This report looks back through the history of the Linux kernel and the impact of some of the best practices and tooling infrastructure that has emerged to enable one of the largest software collaborations known. The 5.8 kernel set several records2, so there are no signs of development slowing down."
 

A brief history of recent advances in IPv6 security, Part I: Addressing

"This is the first post in a series that will try to summarize recent (~10 years) advancements in the area of IPv6 security, not only discussing such advancements but also describing the context in which such work was carried out."
 

TSMC Details 3nm Process Technology: Full Node Scaling for 2H22 Volume Production

"At TSMC’s annual Technology Symposium, the Taiwanese semiconductor manufacturer detailed characteristics of its future 3nm process node as well as laying out a roadmap for 5nm successors in the form of N5P and N4 process nodes."
 

The Anatomy of a Malicious Package (Part 2, with a link to Part 1)

"What does a malicious package actually look like in practice? We'll walk through some hypothetical exercises to see how malware generally works, and what sort of functions we might expect, from relatively simple and temporary, to complex. Additionally, as we are focused primarily on Javascript for this post, we really need to think about two different threat models: what does in-browser malware look like, and how is that going to differ from on-host malware? What are primary attack methods, what could an attacker feasibly accomplish with each level of access, and what has malware historically done in each context? To that end, we will actually split this into a series of articles: in the first (this post), we will begin to examine what "on-host" Javascript malware looks like, followed by a more in-depth look at what we can do to make our malware stealthier and more resistant to removal."
 

Confessions of an ID Theft Kingpin by Brian Krebs in two parts (1 and 2

"At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good."
 

Netflix over IPv6: a longitudinal study

"What some may not know is that Netflix Open Connect infrastructure has been IPv6 capable since 2012. That said, there is little information on how much traffic actually travels over it compared to IPv4, or its quality. So, to measure this, we at the Technical University of Munich, in collaboration with SamKnows, actively measured Netflix content delivery from roughly 100 dual-stack SamKnows probes deployed around the globe between July 2016 and April 2019."
 

Several interesting academic papers this week:

Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories

 

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors

 

The EMV Standard: Break, Fix, Verify

 

Repository of the week - CyberChef

 

Thank you for reading and sharing!

For feedback, please write to us at cybersec@qrator.net.