Cybersecurity |
Sponsored by |
|
Next Monday the WSIS+10 Second Informal Interactive Consultations will take place at the UN Headquarters in New York. Much of the discussions will focus on what is called the "zero draft", which is the draft outcome document of the overall ten-year Review of the World Summit on the Information Society (WSIS). As it stands, the text is an effort from the negotiators to collect multiple perspectives, reconcile differences and hopefully make progress towards consensus before the UN General Assembly High-Level Meeting in December. more
There's been a lot of media attention in the last few days to a wonderful research paper on the weakness of 1024-bit Diffie-Hellman and on how the NSA can (and possibly does) exploit this. People seem shocked about the problem and appalled that the NSA would actually exploit it. Neither reaction is right. In the first place, the limitations of 1024-bit Diffie-Hellman have been known for a long time. RFC 3766, published in 2004, noted that a 1228-bit modulus had less than 80 bits of strength. That's clearly too little. more
Near the end of the first decade of this century, the world reached an Internet milestone. The number of Internet-connected devices surpassed the number of people alive on planet Earth. At the time, seven billion devices had already been connected to the Internet, and this went completely unnoticed by most people. This moment represented an important sign of the rapid pace in which we are adopting technology and embracing Internet connectivity. more
Over 260 global network and security experts have collectively responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by proposing a new approach to improve the security of these devices. The letter warns FCC ruling will cause more harm than good and risk a significant overreach of the Commission's authority. more
NANOG 65 was once again your typical NANOG meeting: a set of operators, vendors, researchers and others for 3 days, this time in Montreal in October. Here's my impressions of the meeting... The opening keynote was from Jack Waters from Level 3, which looked back over the past 25 years of the Internet, was interesting to me in its reference to the "Kingsbury Letter". more
Any form of public communications network necessarily exposes some information about the identity and activity of the user's of its services. The extent to which such exposure of information can be subverted and used in ways that are in stark opposition to the users' individual interests forms part of the motivation on the part of many users to reduce such open exposure to an absolute minimum. The tensions between a desire to protect the user through increasing the level of opacity of network transactions to third party surveillance, and the need to expose some level of basic information to support the functions of a network lies at the heart of many of the security issues in today's Internet. more
The Internet was not originally designed as a single network that serviced much of the world's digital communications requirements. Its design was sufficiently flexible that it could be used in many contexts, including that of small network domains that were not connected to any other domain, through to large diverse systems with many tens of thousands of individual network elements. If that is indeed the case, then why is it that when networks wish to isolate themselves from the Internet, or when a natural calamity effectively isolates a network, the result is that the isolated network is often non-functional. more
In defining what is meant by "Internet Fragmentation" it is useful to briefly describe what is meant by its opposite, an "Open and Coherent Internet". As we've explored in the previous section, "coherence" implies that each of the elements of the Internet are orchestrated to work together to produce a seamless Internet which does not expose the boundaries between discrete elements. more
Federal databases, such as those being compiled by the Consumer Financial Protection Bureau and the Federal Trade Commission, contain data about many people and businesses. Although some of this data may be protected personal information (PPI), there is also extensive information in federal databases that is publicly disseminated via the internet. If the information is wrong, it has the potential to be a vector of tortious mischief. more
On Thursday, Oct 1, 2015, from 9:30am-4:30pm US EDT (UTC-4), Dyn will be holding their "TechToberFest" event in Manchester, NH, and also streaming the video live for anyone interested. There are a great set of speakers and a solid agenda. As I wrote on the Internet Society blog, I'll be part of the security panel from 3-4pm US EDT... and we who are on the panel are excited to participate just for the conversation that we are going to have! It should be fun! more
Earlier this year, I wrote about a recent enhancement to privacy in the Domain Name System (DNS) called qname-minimization. Following the principle of minimum disclosure, this enhancement reduces the information content of a DNS query to the minimum necessary to get either an authoritative response from a name server, or a referral to another name server. more
The primary means of authentication on the Internet is the password -- a half-century old, shared secret mechanism that is difficult to use (especially on mobile devices) and has acknowledged security flaws including attacks at scale. Even so, passwords remain the most prevalent form of authentication with efforts to enhance security typically relying on "bolt on" solutions that increase user friction. more
Senior U.S. and Chinese officials concluded a four day meeting on Saturday discussing cyber security issues ahead of Chinese President Xi Jinping's visit to Washington later this month. more
If this past quarter's stories are any indication, we could very well be seeing the rise of a new wave of threats that will affect people in a more pronounced and physical level, reports Trend Micro in its Q2 Security Roundup Report. more
Ubiquiti Networks Inc., a San Jose based maker of networking technology, has disclosed that cyber criminals stole $46.7 million via a "business email compromise fraud involving employee impersonation." more