This week on Cyber Frontiers Christian and Jim dive into recapping some of the best content from RSA 2019! We pack in a lot of content this show — ranging from a deep-dive into the most pervasive attack techniques in cybersecurity today to a comprehensive review on the state of quantum computing. Whether you are a math nerd, physicist, computer guy, or generalist — there is something for everyone in the quantum content we cover. We bring you what the modern frontier looks like on the sunset side of RSA 2019, which had over 42,000 in attendance this year spanning the entire enterprise industry. It’s a show you won’t want to miss! We’ll wrap up some other content next time given how much we pack in this episode, so stay tuned.
Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future! Christian Johnson will bring fresh and relevant topics to the show based on the current work he does.
Support the Average Guy: https://www.patreon.com/theaverageguy
You can contact us via email at firstname.lastname@example.org
Full show notes and video at http://theAverageGuy.tv/cf054
Podcast, Cyber Frontiers, DNS, Domain Name Systems, CDN, Hacker, Attack, TLS, HTTPS, RSA, DELL
The Five Most Dangerous New Attack Techniques and How to Counter Them
- Domain Name System Mischief: Credential compromise, gain customer access to DNS records to redirect to evilness, register bogus certificates as illusion.
- Defenses: 2FA, DNSSEC, revoke bad certs.
- Domain Fronting: Hide badness in known trusted CDN services.
- Compromised system, makes request to known trusted website on CDN provider shared by attacker.
- TLS packet has bad data — inner HTTP 1.1 Host Header asks for something other than the trusted site (attacker’s CDN).
- Net defenders can’t see (encrypted)
- Attacker’s CDN simply forwards the request to the attacker’s original origin server.
- Command and control, data exfiltration, looks trustworthy from everything else inspected.
- Consider Enterprise TLS inspection, beacon discovery (Real Intelligence Threat Analytics RITA)
- Targeted, Individualized attacks:
- Weak access controls. Weak recovery mechanisms.
- Personal information publicly available. Phishing, application verification/login.
- Review and manage cloud settings, information you store (e.g. myactivity.google.com)
- DNS: Recursive Name Servers, MITM
- If there’s malware or other problems on the system, you’ll always see the malware based on where the DNS is negotiating in the middle
- Also egress where outgoing connections aren’t using DNS.
- DNS over HTTPS bad for network security monitoring / management.
- Who to trust in DNS….
- Last Year: CPU flaws! You know these from our show on meltre and spectre.
- We now have several variations of spectre continuing to sprawl.
- But there’s other chips!
- BMC, IPMI, DRACs, etc::Remove the management utilities!
On Quantum Computing
Radia Perlman, Charlie Kaufman — Dell EMC
Christian’s aside: One of the best conference venue presentations of 2019 if not in recent memory. Bravo to the presenters, there was something here for everyone and lots of valuable knowledge to dispel common quantum myths!
Thematic takeaways discussed on the show, as presented and excerpted from Radia and Charlie’s presentation:
- Need to replace current public key algorithms at least 10 years or so before a quantum computer may exist
- (Sufficiently large quantum computers) may never exist, but to be safe, we have to assume they might.
- A quantum computer is NOT A simple extension of Moore’s Law
- Quantum computers are not always faster than classical computers
- They are not non-deterministic Turing machines!
- Can’t observe qubits without changing their value. Can’t copy them either!
- Quantum Computers are inherently slow and energy intensive
- Computation consumes energy which heats the qubits
- Fast computation heats them faster than we can cool matter at 10 milli-Kelvins
- To a first approximation, with current known technology, quantum computers will be a million times slower and a trillion times less energy efficient than classical computers
- Predictions for when a quantum computer capable of breaking 2048- bit RSA range from “never” to 2030 – with energy requirement= a nuclear power plant). Of course there might be unforeseen breakthroughs
Contact Christian: email@example.com
Contact the show at firstname.lastname@example.org