A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Frontier is the bottom-rung of the top-tier of US ISPs, serving customers in 29 states. Despite enjoying monopoly control over its customers' online lives, and despite massive government handouts and a lackadaisical approach to maintenance, and despite out-and-out theft from customers, the company is filing for bankruptcy, having accumulated $16.3b in debt through mismanagement.
Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good."
Long before 4chan and other anything-goes forums existed, every major online community had a similar community: the Well had its "weird" forum, Usenet had alt.syntax.tactical (among others), and Something Awful had the "Fuck You and Die" forum, where people were funny, mean, obscene, and gross, sometimes all at once.
Gather round, young and old — and hear tales of bygone days. Back in olden times, citizens would mass at a house of coffee, wherein skilled java alchemists would concoct special blends and apply artisanal wizardry to make each steaming chalice an appointment for the taste buds. Granted, said wizards, once known as baristas, were […]
Whether it was Bach or Chopin, Ray Charles or Jerry Lee Lewis, Stevie Wonder, Elton John, Alicia Keys or Norah Jones, there was someone whose mastery on the piano made you think, wow, I wish I knew how to do that. It’s a singular, almost timeless skill — and if you love music, there’s no […]
With everything happening now, even the most jaded among us are bound to feel some pangs of anxiety now and again. It’s a crazy time. When we crawl into bed each night, it’s common for our brains to go into overdrive and start thinking — and worrying — about what’s going on and what’s to […]