A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Facebook maintains a repository of success stories trumpeting the advertisers who have attained greatness by buying Facebook ads; most of these are businesses, but until recently, Facebook also trumpeted Florida Governor Rick Scott's use of Facebook ads to "boost Hispanic voter turnout in their candidate’s successful bid for a second term, resulting in a 22% […]
For months, the European Parliament has been negotiating over a new copyright rule, with rightsholder organizations demanding that some online services implement censoring filters that prevent anyone from uploading text, sounds or images if they have been claimed by a copyright holder.
Jason Kottke's blog turns 20 today (our online incarnation is a mere 18.3 years old, though we go back in print by another decade-plus); he celebrates with a lovely essay that recalls some of his thoughts in 2008, when he celebrated his tenth by speculating on whether he'd still be going in 2018, 2028 or […]
Creative designers play a pivotal role in engaging target audiences and customers, and while companies are eager to bring more of these professionals on board, you’ll have a hard time getting your foot in the door if you’re not using the industry’s best tools. From Adobe to Maya, the eduCBA Design & Multimedia Lifetime Subscription Bundle […]
As more companies aim to reel in costs and boost productivity, project managers are becoming an essential part of many operations, and they’re paid handsomely for their expertise. But, while demand is high, you’ll have a hard time getting your foot in the door if you’re not toting the right certifications. The Official Lean Six Sigma […]
Learning how to play the guitar is no easy feat, and plenty of aspiring rock stars wash out due to either lost interest or simply lousy teaching. The Jamstik+ aims to remedy both of these issues with a 21st-century approach. This smart guitar teaches you about chords, scales, and the like via an app on […]