Cybersecurity |
Sponsored by |
|
Last week, I re-tweeted Cloudflare's announcement that they are providing universal SSL for their customers. I believe the announcement is a valuable one for the state of the open Internet for a couple of reasons: First, there is the obvious -- they are doubling the number of websites on the Internet that support encrypted connections. And, hopefully, that will prompt even more sites/hosting providers/CDNs to get serious about supporting encryption, too. Web encryption -- it's not just for e-commerce, anymore. more
You may not connect the cheap cigarettes sold under the counter (or out of a trunk, bodega or by a street vendor) with the mysterious charges on your credit card that you don't remember making or the cash that has, somehow, just disappeared from your bank account. You also may not connect that website selling cheap cigarettes made in second and third world countries with Shellshock or whatever the fashionably scary cyber-threat of the day is when you're reading this. more
While in recent years, HTTPS has become integral part of protecting social, political, and economic activities online, widely reported security incidents -- such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed -- have exposed systemic security vulnerabilities of HTTPS to a global audience. more
Maintaining an 150 year old house requires two things, a lot of time and a lot of trips to the hardware store. Since the closest hardware store to my house is Home Depot, it is rare that a weekend passes without at least one trip to Home Depot. So now in the wake of the Home Depot data breach I am through no fault of my own in a situation where any or all of the bank cards I use regularly could be cancelled if the issuer decides they might be compromised. And this is not the first time this has happened to me this year. more
On Tuesday, September 9, 2014, you have a great opportunity to watch live a very packed agenda full of great sessions about IPv6, DNSSEC, routing/BGP security and other components of Internet infrastructure streaming out of the UKNOF / ION Belfast event in Belfast, UK. All of the sessions can be seen live. more
IT disasters can strike anywhere, anytime. In 1983, a faulty Soviet warning system nearly precipitated World War III -- the system claimed five missiles were en route from the U.S. Only quick thinking by Lt. Col. Stanislav Petrov saved the day when he realized the United States would never launch so few warheads. And in 2004, a private contractor working with the British Child Support Agency (CSA) suffered a glitch that overpaid 1.9 million people and underpaid 700,000. more
Who would have thought that typewriters and handwritten letters would ever be back in fashion? But back in 2013 it was reported that Russia was buying large quantities of typewriters. When this was further investigated the country denied that this was for security reasons. Since the Snowden revelations there has been a further rush on typewriters, both by government officials and by a range of, mainly corporate, businesses. more
Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. more
As few as seven years ago, cyber-threat intelligence was the purview of a small handful of practitioners, limited mostly to only the best-resourced organizations - primarily financial institutions that faced large financial losses due to cyber crime - and defense and intelligence agencies involved in computer network operations. Fast forward to today, and just about every business, large and small, is dependent on the Internet in some way for day-to-day operations, making cyber intelligence a critical component of a successful business plan. more
At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP. The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. more
Those who care about security and usability - that is, those who care about security in the real world - have long known that PGP isn't usable by most people. It's not just a lack of user-friendliness, it's downright user hostile. Nor is modern professional crypto any better. What should be done? How should crypto in general, and PGP in particular, appear to the user? I don't claim to know, but let me pose a few questions. more
Whether you view Edward Snowden as a criminal or a hero, or somewhere in between, you cannot dispute that his revelations about pervasive surveillance have changed the discussions about the Internet on both technology and policy levels. If you are interested in hearing what Edward Snowden has to say himself, he is scheduled to speak today, Saturday, July 19, 2014, at 2:00pm US EDT at the HOPE-X conference in New York City. more
For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more
Google today revealed a new initiative, named Project Zero, with the objective to "significantly reduce the number of people harmed by targeted attacks." To carry out the project, Google is recruiting a team of experienced hackers - "practically-minded security researchers" - to contribute 100% of their time toward improving security across the Internet. more
The public discussion of surveillance one year on from the Snowden revelations remains a search for the biggest sinner. New stories 'outing' countries and companies are great transparency and essential for healthy societies but they have a side effect that isn't so benign: they create an evergreen source of new justifications for security services to demand more money for a surveillance and counter-surveillance arms race. more
A World-Renowned Source for Internet Developments. Serving Since 2002.