A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Earlier this month, I gave the afternoon keynote at the Internet Archive’s Decentralized Web Summit, and my talk was about how the people who founded the web with the idea of having an open, decentralized system ended up building a system that is increasingly monopolized by a few companies — and how we can prevent the same things from happening next time.
At this week’s O’Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN — a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees.
Like many youtubers, the incomparable, fast-talking, sharpie-doodling mathematician Vi Hart (previously) was stunned by the Orlando shooting of Christina Grimmie, a Youtube singing star who broke out into the mainstream, and who was murdered by a man who attended her public appearance.
Some truths are universal. For one, your phone will always run out of power when you most need it. For another, the charging cords that come packaged with your Apple device will fray, split, and rip faster than Usain Bolt in a game of tag.Instead, pick up a charging cord that anyone would have a tough […]
Some people say magic tricks are nerdy and best left to your 12-year-old asthmatic cousin. But others see value in perfecting the slight of hand and showmanship associated with a perfectly executed routine. We’re firmly in the latter camp. And now, we’re giving you the ability to put a few parlor tricks up your sleeve with the Penguin […]
Bluetooth speakers may be convenient to use, but many of them just aren’t that powerful. Sure, it may be fine if you’re seated in front of the speaker. But move across the room, and you may strain to hear what’s coming from those tiny drivers.There’s a reason why the G-BOOM Wireless Bluetooth Boombox (now $79.99 in the Boing […]