On-Prem

Networks

Ukraine invasion: We should consider internet sanctions, says ICANN ex-CEO

Keep Russia's citizens online but block its military networks, say


The former head of ICANN, two EU parliamentarians, and a handful of technical, security, and legal experts on Thursday plan to publish an open letter to the internet governance community arguing that the time has come to develop a targeted internet sanctions system.

The letter [PDF], provided in draft form to The Register, follows a request by Ukrainian government officials for all Russian web domains, revoking HTTPS certificates, and other technical interventions.

Ukraine's request for these online sanctions was rejected by internet administrative bodies ICANN and RIPE (Regional Internet Registry for Europe, the Middle East and parts of Central Asia) on the basis that the punishment was too broad and would have too many undesirable consequences.

But the letter's signatories – Bart Groothuis, member of EU parliament, Netherlands; Bill Woodcock, executive director of Packet Clearing House; Ihab Osman, non-executive director of ICANN, Felix Reda, former member of EU parliament, Germany; Mike Roberts, founding president and former CEO of ICANN; Jeff Moss, president of DEF CON; Niels ten Oever, post-doc researcher at the University of Amsterdam; Runa Sandvik, security researcher; and Kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation – argue something ought to be done.

The signatories contend the internet governance community has reached a level of maturity that brings with it the responsibility to consider how to respond to humanitarian crises. The letter, they say, represents the beginning of a global internet governance conversation about the appropriate scope and feasibility of internet sanctions.

"We believe that, although the specific sanctions suggested by the Ukrainian Ministry of Digital Transformation are overbroad and would harm civilians, there are well-established mechanisms by which existing forms of internet abuse, such as spam, malware, phishing, and cyber-attacks are controlled, and that these mature mechanisms can easily be extended to communicate specific IP addresses and domain names of sanctioned entities," the letter says.

"In the case of the Russian attack on Ukraine, the Russian military, their propaganda organs, and any dual-use facilities should be in-scope, while the civilian population should be out-of-scope. Sanctions should meet tests of proportionality, efficacy, implementability and reversibility, and non-overreach."

The group proposes the establishment of a multi-stakeholder mechanism similar to NSP-SEC or Outages, which, following deliberation and consensus, would publish sanctioned IP addresses and domain names in public feeds. Entities subscribing to those feeds could then choose to observe the sanctions, thereby limiting access to the identified resources.

"We call upon our colleagues to participate in a multi-stakeholder deliberation using the mechanism outlined above, and decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future," the letter concludes. ®

Send us news
102 Comments

India slightly softens infosec incident reporting and data retention rules

But also makes it plain that offshore entities must comply

India has slightly softened its controversial new reporting requirements for information security incidents and made it plain they apply to multinational companies.

The rules were announced with little advance warning in late April and quickly attracted criticism from industry on grounds including the requirement to report 22 different types of incident within six hours, a requirement to register personal details of individual VPN users, and retention of many log files for 180 days.

India’s government yesterday responded by publishing an FAQ [PDF] about the new rules.

Continue reading

Lenovo halves its ThinkPad workstation range

Two becomes one as ThinkPad P16 stands alone and HX replaces mobile Xeon

Lenovo has halved its range of portable workstations.

The Chinese PC giant this week announced the ThinkPad P16. The loved-by-some ThinkPad P15 and P17 are to be retired, The Register has confirmed.

The P16 machine runs Intel 12th Gen HX CPUs, but only up to the i7 models – so maxes out at 14 cores and 4.8GHz clock speed. The laptop is certified to run Red Hat Enterprise Linux, and can ship with that, Ubuntu, and Windows 11 or 10. The latter is pre-installed as a downgrade right under Windows 11.

Continue reading

US won’t prosecute ‘good faith’ security researchers under CFAA

Well, that clears things up? Maybe not.

The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

Continue reading

Intel plans immersion lab to chill its power-hungry chips

AI chips are sucking down 600W+ and the solution could be to drown them.

Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

Continue reading

US recovers a record $15m from the 3ve ad-fraud crew

Swiss banks cough up around half of the proceeds of crime

The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

"This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

Continue reading

Lawmakers launch bill to break up tech giants' ad dominance

Running ad auctions while also buying and selling ads may be outlawed for large firms

A bipartisan group of US lawmakers has proposed legislation that would likely force Alphabet's Google, Meta's Facebook, and Amazon to divest portions of their ad businesses.

The bill, called the Competition and Transparency in Digital Advertising Act (CTDA), was introduced on Thursday by Senator Mike Lee (R-UT), with the participation of Senators Amy Klobuchar (D-MN), Ted Cruz (R-TX), and Richard Blumenthal (D-CT).

The bill would prevent large ad companies from participating on different sides of the ad transaction chain. Large ad firms could operate supply-side brokers selling publisher ad space, demand-side brokers selling ads, or ad exchanges connecting buyers and sellers – but not more than one of these.

Continue reading

America bucks global smartphone decline with help from Apple

Cupertino's 51% control is why NA market grew while the world shrunk, says Canalys

Smartphone markets the world over are in decline, but that news doesn't appear to have reached North America, where the market grew by 4 percent in the first quarter of 2022.

Tech market analytics firm Canalys reported that smartphone manufacturers shipped a total of 39m units in North America in Q1 2022, and most of it was driven by Apple, which saw 19 percent growth in Q1 to reach 51 percent of the smartphone market in the US, Canada and Mexico.

Apple may lead the quarter in terms of shipments and market share, but Google was the growth leader: It added 380 percent to its North American market share from Q1 2021 to Q1 2022. Still, that only brought it to 3 percent of the market, putting it in fifth place. 

Continue reading

Export bans prompt Russia to use Chinese x86 CPU replacement

With few options, Russia will look to half-fast chips from Chinese maker

With Russia cut off from foreign processor makers Intel and AMD, the country has been scrambling to switch to more local CPUs and components.

Russia's latest step in securing supply chains for new computers comes in the form of a newly released desktop motherboard designed to support x86-compatible CPUs made by Chinese chip designer Zhaoxin, which is a joint venture between Taiwan's Via Technologies and the Shanghai municipal government.

The new motherboard, called MBX-Z60A, is made by electronics manufacturer Dannie, which has headquarters in Russia and China, according to a machine translation of an article published last week by Russian-language news aggregator Habr.

Continue reading

Acer's TravelMate laptops arrive – complete with Microsoft Pluton chips

MS's TPM tip finally gets a grip – but shh – don't mention the Chromebooks

You can imagine the sighs of relief all round in Redmond, Washington this week as Acer launched its new TravelMate range, which has Microsoft's Pluton silicon built-in.

Continue reading

Ryzen shines with remote management on Qualcomm Wi-Fi kit

Working to compete with Intel as FastConnect comes to AMD-processor-powered PCs

AMD and Qualcomm have rolled out a joint effort that brings remote management capabilities over Wi-Fi for AMD business systems, potentially boosting their appeal for corporate IT departments.

The two companies said they were working together to improve Qualcomm's FastConnect wireless kit for AMD compute platforms based on the Ryzen chips for desktops and laptops. The starting point for this is AMD Ryzen-powered business laptops using Qualcomm's FastConnect 6900 system that delivers Wi-Fi 6 and 6E plus Bluetooth 5.3, supporting Wi-Fi connection speeds up to 3.6Gbps.

Remote management is enabled by the combination of the AMD Manageability Processor now embedded in Ryzen PRO 6000 systems and the FastConnect 6900 system, AMD and Qualcomm said, with support for the DASH client management standard developed by the Distributed Management Task Force (DMTF).

Continue reading

Fastly buys dev platform and web IDE Glitch

CDN biz hopes merger will add a new way to use its edge services

Updated Content delivery network Fastly is purchasing Glitch, the company behind the web-based IDE of the same name.

Glitch is a full-stack platform that officially supports JavaScript, but allows coding in CSS, HTML, and other languages as well. It's designed to operate much like other cloud platforms and is able to run full-stack apps on demand, with Glitch handling all of the hardware and devs allowed to focus on coding.

By being absorbed into Fastly, Glitch vowed that the service will remain unchanged for users. "You're good, we got you. Nothing changes about your apps or your Glitch account," the company said in its announcement. It also said no employees would be lost in the merger.

Continue reading