Dear Readers,
The big security news of recent weeks is the SolarWinds hack that led to the creation of a major spying vulnerability for thousands of customer networks, including some internal to the US government. Ironically, the software product was supposed to provide security protections. It is easy to think this must be "yet another zero day vulnerability", but it was the result of a very sophisticated set of intrusions into the processes of releasing software products. The perpetrators showed patience, careful deliberation, and precise selection of high value targets. Above all, the malware seems to have worked flawlessly for many months. I found the exploit to be fascinating, and I've included summaries and links to the information uncovered in ongoing analyses.
We have all gone Zoom. Even the least technological of my friends and family know how to join an online videoconference. There has been a great increase in bandwidth demand, and there is a cacophony of calls for "more fiber". More communication means more energy is needed for handling all that network traffic, and at the same time, a more savvy public wants to have "security with that." The encryption also uses more energy, perhaps more than the network routing. Will this be the straw that drives our planet over the hot climate precipice?
From what I can tell about conference planning, we are in for several more months of virtual tech conferences, so get a big screen (more energy!) and a comfortable chair and look forward to the IEEE Security and Privacy flagship conferences from the comfort of your home as we head into the season.
There comes a warning like a spy
An encrypted packet, say.
A stealing that is not a stealth
And Emails are away-
(Apologies to the great Emily Dickenson),