A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Zeynep Tufekci (previously) is one of the most consistently astute, nuanced commenters on networked politics and revolutions, someone who’s been literally on the front lines around the world. In a new book called Twitter and Tear Gas: The Power and Fragility of Networked Protest, she sets out a thesis that (as the title suggests) explores […]
The latest Wikileaks release of leaked CIA cyberweapons includes “Scribbles” — referred to by the CIA as the “Snowden Stopper” — a watermarking tool that embeds web-beacon style tracking beacons into secret documents that quietly notify a central server every time the document is opened.
A pair of social scientists from UCSD and Yale conducted an NIH study published in the American Journal of Epidemiology on the link between Facebook use and mental health, drawing on data from the Gallup Panel Social Network Study combined with “objective measures of Facebook use” and self-reported data for 5,208 subjects, and concluded that […]
The Ticwatch 2 Active Smartwatch is a simpler take on an active wearable that raised over $2m dollars on Kickstarter and is currently offered in the Boing Boing Store.Somewhere in between the single-day battery life and platform-specificity of the Apple Watch and Android Wear devices, there exists the Ticwatch. Instead of trying to shoehorn another […]
Loot Crate is a subscription service that delivers a box of curated pop culture goods to your doorstep. To sample their geeky wares, you can order a single mystery box exclusively from the Boing Boing Store.Each month Loot Crate sends you 6-7 unique items and apparel, including collectibles, books, and t-shirts. Pulling inspiration from all […]
Yes, yes there is. The ultraportable Twisty Glass Mini boasts all of the simplicity of its forebear, while fitting just a little bit better in your pocket.The Mini is perfect for casual smokers, and anyone who doesn’t have the patience or fine motor skill for rolling papers. This piece keeps the convenient design of its older […]