Welcome to the first edition! This AM edition feels like one of those “loot box” deliveries that has a bit of something for everyone.

Better macOS Multitasking

Rectangle is a freemium macOS app that levels up Mac application window management. Sure, Apple provides some features for this, but if you prefer your window positions just so and really don’t want to take the time to redo the position each time you login, then this application may be right for you. It was first covered in tom’s guide back in February of 2022 but I saw it in a more recent update that notes it supports the 14” MacBook Pro’s “notch”.

When I installed it, it was clever enough to know I was already using Moom for window management and let me know that could cause some issues (in a very non-skeezy way).

The free version is very well-made and has tons of options. I may spring for the paid version ($10.00) to be able to do more with presets and other advanced features.

[Political] Email Bias Filtering

There’s an interesting arXiv preprint titled: “A Peek into the Political Biases in Email Spam Filtering Algorithms During US Election 2020” . In it, the authors focused on the spam filtering operations of Gmail, Outlook, and Yahoo (in other news, folks still use Yahoo mail?), and subscribed to a large number of left and right Presidential, Senate, and House candidates (in the U.S.) using several email accounts on those services.

Their study period was July 1, 2020 to November 30, 2020, and they had four questions they wanted to answer:

1. Do spam filters of email services exhibit aggregate political biases? How do these biases compare across email services?

2. Do spam filters treat similar emails from senders with different political affiliations in the same way?

3. Do the interactions of the users with their email accounts, such as reading emails, impact the political biases of spam filters?

4. Do spam filters exhibit different political biases for recipients belonging to different demographic?

The details of their data collection setup are interesting on their own. There’s tons of detailed statistics in the paper on all aspects of the experiment and the answers to those four questions in the summary section may cause you to re-think some of your own biases.

SPOILER ALERT!

An Axios article summarizing the paper leads with a pretty bold headline: “Gmail filters more likely to weed out GOP emails”.

Internet Network Management Challenges

Geoff Huston monthly column is up, and he covers some presentations from AUSNOG 2021. Since Geoff is already summarizing the presentations, I’ll refrain from a tome-level section and just pull out some key posits/observations.

On the topic of network management automation:

“As was pointed out in a related forum a couple of years ago; how is it that we are working on automation systems that are capable enough can support driverless cars, yet the seemingly simple objective of network automation is still elusive?”

On DDOS detection and mitigation:

When devices are both unmanaged and unable to defend themselves, and in some cases are so poorly engineered that they are wide open to hostile exploitation, then the outlook is pretty grim. If we are relying on networks to detect and prevent such attacks, then it looks to me like a sad case of misplaced hope.

On internet speed and quality:

“In addition to the factors of latency, jitter, and loss, location of the measurement endpoints for a speed test has an impact on the result. On the client side, it's the termination of the access service or a host connected inside the client network which may possibly have a Wi-Fi access link. On the server side it's a case of how deep inside the ISP network and how much contention there is between the service elements at the time of the test. Is this a test on an otherwise idle access service? What’s the variation between this idle measurement and one where the service is loaded with other traffic? There is the consideration of retransmits, and the measurement of delivered capacity compared to delivered throughput.

The presentation exposed for me just how much we don't know about these kinds of systems we use trillions of times each and every day!”

Readers should also read the section on “Why should ISPs care about DNS Privacy?” a couple times as it shows how thorny of a topic encrypted DNS really is.

I also learned about FastNetMon — a very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support — from Geoff’s article.

Dodgy 🇷🇺 Certs

Roen Rouwhorst does a detailed breakdown on Russia’s new, Kremlin run TLS certificate authority.

Here’s his setup for the post:

After Russia’s invasion of Ukraine, several countries and blocs have imposed sweeping sanctions on Russian companies, banks, and individuals. Anticipating these sanctions, we have seen the Russian government taking steps to reduce their dependence on foreign internet infrastructure.

In early March, the Russian Ministry of Digital Development started recommending users to install a browser that supports the “Russian certificate” if they want to ensure access to all websites and online services. In particular, they mentioned Yandex.Browser and Atom as browsers that already support this certificate.

This special certificate is the root certificate of Russia’s new national certificate authority. They created this certificate authority to support Russian organizations that had their certificates revoked or not renewed due to the sanctions. In the past weeks, well-known public certificate authorities like DigiCert and Sectigo have fully stopped the issuance of certificates with DNS names for Russian top-level domains and certificates for Russian organizations.

In this post, I will discuss why the Russian government created a national certificate authority and why it is asking users to install specific browsers. I will also explain how one of these browsers, Yandex Browser, has implemented support for this certificate authority.

It was a great read.

Random Links

Maps!

If you know me you also know I’m a sucker for all things geo. This weekend I learned about CShapes, a project which maps the borders and capitals of independent states and dependent territories from 1886 to 2019. In other news: borders are more fluid than you may have expected.

CShapes also has an R package.

Cyber

Many cyber folks flip out when they see QR codes (google the reaction to the drone QR code display at this year’s SXSW). Researchers at DePaul University did a “field study” of phishing with malicious QR codes to help folks make data-based decisions instead of overreacting.

TIL about pcapML project, which is:

“a system for improving the reproducability of traffic analysis tasks. pcapML leverages the pcapng file format to encode metadata directly into raw traffic captures, removing any ambiguity about which packets belong to any given traffic flow, application, attack, etc., while still being compatiable with popular tools such as tshark and tcpdump.

For dataset curators, pcapML provides an easy way to encode metadata into raw traffic captures, ensuring the dataset is used in a consistent manner. On the analysis side, pcapML provides a standard dataset format for users to work with across different datasets.”

It seems quite useful.

Moar Cyber

David J Bianco has a solid post on when and how you should use hashes as part of your detections and defense.

FIN

That’s it for the inaugural issue. If you do interact in the comments, the only rule is to be kind to everyone (but feel free to let me know how useful — or not — these posts are in as direct a way as you like :-)