From koalafil at gmail.com Thu May 4 11:00:22 2017 From: koalafil at gmail.com (Filiz Yilmaz) Date: Thu, 4 May 2017 11:00:22 +0200 Subject: [cooperation-wg] [iot-discussion] Cerf on the ethics of IoT In-Reply-To: <67447B40-E50C-44DA-8EC6-0B003318C800@ripe.net> References: <67447B40-E50C-44DA-8EC6-0B003318C800@ripe.net> Message-ID: Hi Marco, all, Apologies if this was noted in these lists before: There is also an IEEE initiative which was open for public comments up until recently, on a related note: The IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems http://standards.ieee.org/develop/indconn/ec/autonomous_systems.html Wanted to share. Kind regards Filiz On Thu, May 4, 2017 at 10:32 AM, Marco Hogewoning wrote: > Dear colleagues, > > Somebody drew my attention to an article by Vint Cerf and Francine Berman > on the ethics of IoT, some of you might find it an interesting read as well. > > http://www.cs.rpi.edu/~bermaf/Berman+Cerf_IoT.pdf > > Following this, an interview with Berman was published on The Atlantic > earlier this week > > https://www.theatlantic.com/technology/archive/2017/05/ > internet-of-things-ethics/524802/ > > As a reminder, we are still setup to have a BoF aiming to discuss some of > this space as well, in particular the expected or desired role of the > parties providing connectivity to these devices. > > This ?IoT Security BoF? will take place after the main RIPE 74 program, on > Tuesday May 9 at 18:00 in the Tutorial Room of the meeting venue. > Unfortunately, due to this being a BoF and as this room only has a very > limited technical setup there won?t be any remote participation offered. > > So hope to see many of you in the room in Budapest next week, > > Groet, > > MarcoH > > > _______________________________________________ > iot-discussion mailing list > iot-discussion at ripe.net > https://lists.ripe.net/mailman/listinfo/iot-discussion > -------------- next part -------------- An HTML attachment was scrubbed... URL: From corinnecath at gmail.com Thu May 4 16:47:55 2017 From: corinnecath at gmail.com (Corinne Cath) Date: Thu, 4 May 2017 15:47:55 +0100 Subject: [cooperation-wg] cooperation-wg Digest, Vol 64, Issue 1 Message-ID: Dear all, I have been heavily involved in that IEEE work, do let me know if you would like more info on it. Best, On Thu, May 4, 2017 at 11:00 AM, wrote: > Send cooperation-wg mailing list submissions to > cooperation-wg at ripe.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.ripe.net/mailman/listinfo/cooperation-wg > or, via email, send a message with subject or body 'help' to > cooperation-wg-request at ripe.net > > You can reach the person managing the list at > cooperation-wg-owner at ripe.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cooperation-wg digest..." > > > Today's Topics: > > 1. Re: [iot-discussion] Cerf on the ethics of IoT (Filiz Yilmaz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 4 May 2017 11:00:22 +0200 > From: Filiz Yilmaz > To: Marco Hogewoning , cooperation-wg at ripe.net > Cc: iot-discussion at ripe.net > Subject: Re: [cooperation-wg] [iot-discussion] Cerf on the ethics of > IoT > Message-ID: > gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hi Marco, all, > > Apologies if this was noted in these lists before: > > There is also an IEEE initiative which was open for public comments up > until recently, on a related note: > > The IEEE Global Initiative for Ethical Considerations in Artificial > Intelligence and Autonomous Systems > > http://standards.ieee.org/develop/indconn/ec/autonomous_systems.html > > Wanted to share. > > Kind regards > Filiz > > > > On Thu, May 4, 2017 at 10:32 AM, Marco Hogewoning wrote: > > > Dear colleagues, > > > > Somebody drew my attention to an article by Vint Cerf and Francine Berman > > on the ethics of IoT, some of you might find it an interesting read as > well. > > > > http://www.cs.rpi.edu/~bermaf/Berman+Cerf_IoT.pdf > > > > Following this, an interview with Berman was published on The Atlantic > > earlier this week > > > > https://www.theatlantic.com/technology/archive/2017/05/ > > internet-of-things-ethics/524802/ > > > > As a reminder, we are still setup to have a BoF aiming to discuss some of > > this space as well, in particular the expected or desired role of the > > parties providing connectivity to these devices. > > > > This ?IoT Security BoF? will take place after the main RIPE 74 program, > on > > Tuesday May 9 at 18:00 in the Tutorial Room of the meeting venue. > > Unfortunately, due to this being a BoF and as this room only has a very > > limited technical setup there won?t be any remote participation offered. > > > > So hope to see many of you in the room in Budapest next week, > > > > Groet, > > > > MarcoH > > > > > > _______________________________________________ > > iot-discussion mailing list > > iot-discussion at ripe.net > > https://lists.ripe.net/mailman/listinfo/iot-discussion > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: attachments/20170504/1a707089/attachment-0001.html> > > End of cooperation-wg Digest, Vol 64, Issue 1 > ********************************************* > -- Corinne J.N. Cath Ph.D. Candidate, Oxford Internet Institute & Alan Turing Institute Web: www.oii.ox.ac.uk/people/corinne-cath Email: ccath at turing.ac.uk & corinnecath at gmail.com Twitter: @C_Cath -------------- next part -------------- An HTML attachment was scrubbed... URL: From rleaning at ripe.net Mon May 15 07:57:23 2017 From: rleaning at ripe.net (Richard Leaning) Date: Mon, 15 May 2017 06:57:23 +0100 Subject: [cooperation-wg] WannaCry Ransomware References: <4B98E66DAF2D4548947BF2CA1EADA0DB4BCDD89C@COIMBRA.europol.eu.int> Message-ID: <5961E790-4494-46F4-A71C-6C34B4DDA8D0@ripe.net> Dear Colleagues, The European cybercrime centre at Europol have asked us to circulate the below. I hope you find it useful and please forward it on to anyone who you may think will benefit from it. Kind regards Richard Leaning External Relations RIPE NCC > Begin forwarded message: > > From: "O3 - European Cybercrime Centre (EC3)" > Subject: @EXT: WannaCry Ransomware > Date: 14 May 2017 at 19:06:20 BST > Cc: "Amann, Philipp" , Mounier, Gr?gory , "Sanchez, Maria" , "O372 Advisory Groups Support" > > Dear AG members, > > As you are no doubt aware, we are currently experiencing an unprecedented ransomware attack at a global scale. The malware was detected on 12 May 2017 and has the capability to spread across networks taking advantage of a critical exploit in a popular communication protocol used by Windows systems. > > Many of you have already reached out and are actively involved in containing this threat. However, since we believe that the infection and propagation rate may go up on Monday when people return to their workplaces, we would like to ask you to please help us distribute information that can help contain this threat. To this end, we have compiled a list of recommendations and also prepared an infographic (see attachment). Please feel free to use this information for reaching out to your network and to complement your advice, if and where useful. > > Also, the No More Ransom (NMR) initiative, actively supported by many of you already, remains an essential source of information. Together with you and other partners, we will continue to update the information available via the NMR portal, so it is important to watch this space as well. > > If you want to share any other prevention, protection or awareness information with us, please do not hesitate to contact us. > > Thank you again for your continued support. > > Kind regards, > EC3 Outreach & Support > > -------------------------------- > > If you are a victim or have reason to believe that you could be a victim > > This is link provides some practical advice on how to contain the propagation of this type of ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance > > The most important step involves patching the Microsoft vulnerability (MS17-010): > https://technet.microsoft.com/en-us/library/security/ms17-010.aspx > > A patch for legacy platforms is available here: > https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks > > In instances where it is not possible to install the patch, manage the vulnerability becomes key. One way of doing this would be to disable the SMBv1 (Server Message Block) protocol: > https://support.microsoft.com/en-us/help/2696547 > and/or block SMBv1 ports on network devices [UDP 137, 138 and TCP 139, 445]. > > Another step would be to update endpoint security and AV solutions with the relevant hashes of the ransomware (e.g. via VirusTotal). > > If these steps are not possible, not starting up and/or shutting down vulnerable systems can also prevent the propagation of this threat. > > How to prevent a ransomware attack? > > Back-up! Back-up! Back-up! Have a backup and recovery system in place so a ransomware infection can?t destroy your personal data forever. It?s best to create at least two back-up copies on a regular basis: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one stored locally (portable hard drive, thumb drive, etc.). Disconnect these when you are done and store them separately from your computer. Your back-up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure. > Use robust antivirus software to protect your system from ransomware. Always use the latest virus definition/database and do not switch off the ?heuristic? functions as these help the solution to catch samples of ransomware (and other type of malware) that have not yet been formally detected. > Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. If the software you use offers the option of automatic updating, enable it. > Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don?t know. Similarly, don?t open attachments in emails from somebody you know but from whom you would not expect to receive such as message. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system. If in doubt, call the sender at a trusted phone number to confirm the legitimacy of the message received. > Enable the ?Show file extensions? option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ?.exe?, ?.com?, ?.vbs? or ?.scr?. Cybercriminals can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or report.doc.scr). > If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) ? this will prevent the infection from spreading. > > > > > ******************* > > DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. > Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. > > ******************* -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: NEW_Infographic - Ransomware_Final.pdf Type: application/pdf Size: 1307117 bytes Desc: not available URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2611 bytes Desc: not available URL: From gordon.lennox.13 at gmail.com Mon May 15 13:59:31 2017 From: gordon.lennox.13 at gmail.com (Gordon Lennox) Date: Mon, 15 May 2017 13:59:31 +0200 Subject: [cooperation-wg] WannaCry Ransomware In-Reply-To: <5961E790-4494-46F4-A71C-6C34B4DDA8D0@ripe.net> References: <4B98E66DAF2D4548947BF2CA1EADA0DB4BCDD89C@COIMBRA.europol.eu.int> <5961E790-4494-46F4-A71C-6C34B4DDA8D0@ripe.net> Message-ID: Thanks Richard for distributing this. However I am sure everybody else on this list had already checked their favourite sources of information well before this was sent out. Europol has to be much faster. ?a critical exploit in a popular communication protocol used by Windows systems?? OK again people here know what was going on: it was not the protocol but the implementation. If Europol is going to address the wider public then they have to use simpler, cleaner language. Anyway what Europol omits to even hint at is that this bit of poor programming from Microsoft was known to certain government agencies from way back. And they tried to kept secret so they could use it themselves? We need a better discussion about this. Access providers are being asked to carry out user surveillance / logging on behalf of LEAs. Meanwhile the IETF is encouraging encryption while government ministers are trying to discourage encryption. Meanwhile governments know where common systems are vulnerable and yet neither tell the public nor protect the public. Gordon > On 15 May 2017, at 07:57, Richard Leaning wrote: > > Dear Colleagues, > > The European cybercrime centre at Europol have asked us to circulate the below. I hope you find it useful and please forward it on to anyone who you may think will benefit from it. > > Kind regards > > Richard Leaning > External Relations > RIPE NCC > > > ///snip From mir at ripe.net Wed May 17 14:12:04 2017 From: mir at ripe.net (Mirjam Kuehne) Date: Wed, 17 May 2017 14:12:04 +0200 Subject: [cooperation-wg] New IPv6 Support for Governments Programme Message-ID: <76efa876-1a7d-4cb9-d626-7abff25a2976@ripe.net> Dear colleagues, Governments planning IPv6 deployments can now access assistance through our new IPv6 Support for Governments Programme. This is part of our ongoing efforts to work more closely with governments and encourage IPv6 adoption throughout our service region.?? We have explained our approach in more detail in a RIPE Labs article here: https://labs.ripe.net/Members/arne_kiessling/ipv6-support-for-governments-programme We have also documented this on our website here: https://www.ripe.net/manage-ips-and-asns/ipv6/ipv6-for-governments If you represent a government that is planning to make an IPv6 allocation request, please get in touch with us by emailing . Kind regards, Mirjam Kuhne RIPE NCC From michele at blacknight.com Tue May 23 12:32:44 2017 From: michele at blacknight.com (Michele Neylon - Blacknight) Date: Tue, 23 May 2017 10:32:44 +0000 Subject: [cooperation-wg] WannaCry Ransomware In-Reply-To: References: <4B98E66DAF2D4548947BF2CA1EADA0DB4BCDD89C@COIMBRA.europol.eu.int> <5961E790-4494-46F4-A71C-6C34B4DDA8D0@ripe.net> Message-ID: Gordon 100% agree with you on all points. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 15/05/2017, 12:59, "cooperation-wg on behalf of Gordon Lennox" wrote: Thanks Richard for distributing this. However I am sure everybody else on this list had already checked their favourite sources of information well before this was sent out. Europol has to be much faster. ?a critical exploit in a popular communication protocol used by Windows systems?? OK again people here know what was going on: it was not the protocol but the implementation. If Europol is going to address the wider public then they have to use simpler, cleaner language. Anyway what Europol omits to even hint at is that this bit of poor programming from Microsoft was known to certain government agencies from way back. And they tried to kept secret so they could use it themselves? We need a better discussion about this. Access providers are being asked to carry out user surveillance / logging on behalf of LEAs. Meanwhile the IETF is encouraging encryption while government ministers are trying to discourage encryption. Meanwhile governments know where common systems are vulnerable and yet neither tell the public nor protect the public. Gordon > On 15 May 2017, at 07:57, Richard Leaning wrote: > > Dear Colleagues, > > The European cybercrime centre at Europol have asked us to circulate the below. I hope you find it useful and please forward it on to anyone who you may think will benefit from it. > > Kind regards > > Richard Leaning > External Relations > RIPE NCC > > > ///snip