Month: May 2024

Enlarge (credit: Getty Images)

Translating human-readable domain names into numerical IP addresses has long been fraught with gaping security risks. After all, lookups are rarely end-to-end encrypted. The servers providing domain name lookups provide translations for virtually any IP address—even when they’re known to be malicious. And many end-user devices can easily be configured to stop using authorized lookup servers and instead use malicious ones.

Microsoft on Friday provided a peek at a comprehensive framework that aims to sort out the Domain Name System (DNS) mess so that it’s better locked down inside Windows networks. It’s called ZTDNS (zero trust DNS). Its two main features are (1) encrypted and cryptographically authenticated connections between end-user clients and DNS servers and (2) the ability for administrators to tightly restrict the domains these servers will resolve.

Clearing the minefield

One of the reasons DNS has been such a security minefield is that these two features can be mutually exclusive. Adding cryptographic authentication and encryption to DNS often obscures the visibility admins need to prevent user devices from connecting to malicious domains or detect anomalous behavior inside a network. As a result, DNS traffic is either sent in clear text or it's encrypted in a way that allows admins to decrypt it in transit through what is essentially an adversary-in-the-middle attack.

Enlarge (credit: Getty Images)

Translating human-readable domain names into numerical IP addresses has long been fraught with gaping security risks. After all, lookups are rarely end-to-end encrypted. The servers providing domain name lookups provide translations for virtually any IP address—even when they’re known to be malicious. And many end-user devices can easily be configured to stop using authorized lookup servers and instead use malicious ones.

Microsoft on Friday provided a peek at a comprehensive framework that aims to sort out the Domain Name System (DNS) mess so that it’s better locked down inside Windows networks. It’s called ZTDNS (zero trust DNS). Its two main features are (1) encrypted and cryptographically authenticated connections between end-user clients and DNS servers and (2) the ability for administrators to tightly restrict the domains these servers will resolve.

Clearing the minefield

One of the reasons DNS has been such a security minefield is that these two features can be mutually exclusive. Adding cryptographic authentication and encryption to DNS often obscures the visibility admins need to prevent user devices from connecting to malicious domains or detect anomalous behavior inside a network. As a result, DNS traffic is either sent in clear text or it's encrypted in a way that allows admins to decrypt it in transit through what is essentially an adversary-in-the-middle attack.

Enlarge / Kenneth Dintzer, litigator for the US Department of Justice, exits federal court in Washington, DC, on September 20, 2023, during the antitrust trial to determine if Alphabet Inc.'s Google maintains a monopoly in the online search business. (credit: Bloomberg / Contributor | Bloomberg)

Near the end of the second day of closing arguments in the Google monopoly trial, US district judge Amit Mehta weighed whether sanctions were warranted over what the US Department of Justice described as Google's "routine, regular, and normal destruction" of evidence.

Google was accused of enacting a policy instructing employees to turn chat history off by default when discussing sensitive topics, including Google's revenue-sharing and mobile application distribution agreements. These agreements, the DOJ and state attorneys general argued, work to maintain Google's monopoly over search.

According to the DOJ, Google destroyed potentially hundreds of thousands of chat sessions not just during their investigation but also during litigation. Google only stopped the practice after the DOJ discovered the policy. DOJ's attorney Kenneth Dintzer told Mehta Friday that the DOJ believed the court should "conclude that communicating with history off shows anti-competitive intent to hide information because they knew they were violating antitrust law."

Enlarge / This gear is from the upcoming "Polar Patriots" Premium Warbond in Helldivers 2. It's an upcoming change the developer and publisher likely wish was getting more attention of late. (credit: Sony Interactive Entertainment)

There's a lot of stories about the modern PC gaming industry balled up inside one recent "update" to Helldivers 2.

Sony Interactive Entertainment announced Thursday night that current players of the runaway hit co-op shooter will have to connect their Steam accounts to a PlayStation Network (PSN) account starting on May 30, with a hard deadline of June 4. New players will be required to connect the two starting Monday, May 6.

Officially, this is happening because of the "safety and security provided on PlayStation and PlayStation Studios games." Account linking allows Sony to ban abusive players, and also gives banned players the right to appeal. Sony writes that it would have done this at launch, but "Due to technical issues … we allowed the linking requirements for Steam accounts to a PlayStation Network account to be temporarily optional. That grace period will now expire."

Enlarge / Cisco Systems headquarters in San Jose, California. (credit: Getty)

A Florida resident was sentenced to 78 months for running a counterfeit scam that generated $100 million in revenue from fake networking gear and put the US military's security at risk, the US Department of Justice (DOJ) announced Thursday.

Onur Aksoy, aka Ron Aksoy and Dave Durden, pleaded guilty on June 5, 2023, to two counts of an indictment charging him with conspiring with others to traffic in counterfeit goods, to commit mail fraud, and to commit wire fraud. His sentence, handed down on May 1, also includes an order to pay $100 million in restitution to Cisco, a $40,000 fine, and three years of supervised release. Aksoy will also have to pay his victims a sum that a court will determine at an unspecified future date, the DOJ said.

According to the indictment [PDF], Aksoy began plotting the scam around August 2013, and the operation ran until at least April 2022. Aksoy used at least 19 companies and about 15 Amazon storefronts, 10 eBay ones, and direct sales—known collectively as Pro Network Entities—to sell tens of thousands of computer networking devices. He imported the products from China and Hong Kong and used fake Cisco packaging, labels, and documents to sell them as new and real. Legitimate versions of the products would've sold for over $1 billion, per the indictment.

Enlarge / Holstein dairy cows in a freestall barn. (credit: Getty | )

The US Department of Agriculture this week posted an unpublished version of its genetic analysis into the spillover and spread of bird flu into US dairy cattle, offering the most complete look yet at the data state and federal investigators have amassed in the unexpected and worrisome outbreak—and what it might mean.

The preprint analysis provides several significant insights into the outbreak—from when it may have actually started, just how much transmission we're missing, stunning unknowns about the only human infection linked to the outbreak, and how much the virus continues to evolve in cows. The information is critical as flu experts fear the outbreak is heightening the ever-present risk that this wily flu virus will evolve to spread among humans and spark a pandemic.

But, the information hasn't been easy to come by. Since March 25—when the USDA confirmed for the first time that a herd of US dairy cows had contracted the highly pathogenic avian influenza H5N1 virus—the agency has garnered international criticism for not sharing data quickly or completely. On April 21, the agency dumped over 200 genetic sequences into public databases amid pressure from outside experts. However, many of those sequences lack descriptive metadata, which normally contains basic and key bits of information, like when and where the viral sample was taken. Outside experts don't have that crucial information, making independent analyses frustratingly limited. Thus, the new USDA analysis—which presumably includes that data—offers the best yet glimpse of the complete information on the outbreak.

Enlarge / The promotional image for Apple's May 7 event. (credit: Apple)

On May 7, Apple will host a product announcement event at 9 am ET. Labeled "Let loose," we expect it will focus on new iPads and iPad accessories.

We won't be liveblogging the stream, but you can expect some news coverage as it happens. Below, we'll go over our educated guesses about why Apple might be doing this.

Why hold an event now?

It's unusual for Apple to host an event shortly before WWDC. New products debut at that event all the time, so if it's just a faster chip and a nicer screen for the iPad Pro and iPad Air, why not wait until June?

Enlarge / The promotional image for Apple's May 7 event. (credit: Apple)

On May 7, Apple will host a product announcement event at 9 am ET. Labeled "Let loose," we expect it will focus on new iPads and iPad accessories.

We won't be liveblogging the stream, but you can expect some news coverage as it happens. Below, we'll go over our educated guesses about why Apple might be doing this.

Why hold an event now?

It's unusual for Apple to host an event shortly before WWDC. New products debut at that event all the time, so if it's just a faster chip and a nicer screen for the iPad Pro and iPad Air, why not wait until June?

Enlarge / A PC running Windows 11. (credit: Microsoft)

It's been a bad couple of years for Microsoft's security and privacy efforts. Misconfigured endpoints, rogue security certificates, and weak passwords have all caused or risked the exposure of sensitive data, and Microsoft has been criticized by security researchers, US lawmakers, and regulatory agencies for how it has responded to and disclosed these threats.

The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft's Azure service and collected data for over a month in mid-2023 before being discovered and driven out. After months of ambiguity, Microsoft disclosed that a series of security failures gave Storm-0558 access to an engineer's account, which allowed Storm-0558 to collect data from 25 of Microsoft's Azure customers, including US federal agencies.

In January, Microsoft disclosed that it had been breached again, this time by Russian state-sponsored hacking group Midnight Blizzard. The group was able "to compromise a legacy non-production test tenant account" to gain access to Microsoft's systems for "as long as two months."