Hello and welcome into the last letter on cyber and networking security for the year 2020! We want to wish you a Merry Christmas and a Happy New Year.
Now let's take a look at the articles and papers covering the week of December 14 to 20.
Of course, SolarWinds incident would be the first to mention:
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers by Microsoft.
"Ok, here it is - 5.10 is tagged and pushed out.
I pretty much always wish that the last week was even calmer than it was, and that's true here too. There's a fair amount of fixes in here, including a few last-minute reverts for things that didn't get fixed, but nothing makes me go "we need another week". Things look fairly normal."
"The protocol is currently only a working draft at the Internet Engineering Task Force (IETF), but AdGuard says there is no reason to wait to start experimenting and providing this better and more private version of the DNS protocol to its users."
"An innovative technology, fully homomorphic encryption (FHE), can help you achieve zero trust by unlocking the value of your data on untrusted domains without needing to decrypt it."
"On Monday December 14, 2020, for a duration of 47 minutes, customer-facing Google services that required Google OAuth access were unavailable."
"In 2020, a second Flag Day was adopted where the intent was to modify DNS protocol behaviour to avoid relying on fragmented UDP packets."
"1987's Acorn Archimedes was the first production RISC-based personal computer."
"In a recent study headed by the University of Twente, we proposed a new measurement and inference technique, MAnycast², which relies on an anycast testbed to efficiently detect anycast prefixes.
The idea behind MAnycast² is quite simple: We send ICMP echo-requests with our anycast IP address as a source, from all of the anycast nodes in our testbed. The traffic of the ICMP echo-responses to the anycast IP will be then routed back on a single node, if the target is unicast and on multiple nodes, in case the target is anycast."
"Browser makers Apple, Google, Microsoft, and Mozilla, have banned today a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana)."
Papers of the week:
Repository of the week - 'I Hate C Testing': A minimal testing framework for C.
Once again, thank you for reading our newsletter!
For feedback or any suggestions, please write to us at firstname.lastname@example.org.