A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Frontier is the bottom-rung of the top-tier of US ISPs, serving customers in 29 states. Despite enjoying monopoly control over its customers' online lives, and despite massive government handouts and a lackadaisical approach to maintenance, and despite out-and-out theft from customers, the company is filing for bankruptcy, having accumulated $16.3b in debt through mismanagement.
Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good."
Long before 4chan and other anything-goes forums existed, every major online community had a similar community: the Well had its "weird" forum, Usenet had alt.syntax.tactical (among others), and Something Awful had the "Fuck You and Die" forum, where people were funny, mean, obscene, and gross, sometimes all at once.
Maybe you had a piano teacher as a kid that drove you off the instrument forever. Or maybe you always wished for some serious training, but never found the time. Whether you have dreams of tossing off a Beethoven or Chopin piece at the drop of a hat or you have visions of being the […]
When you see that curved arrow on the side of a cardboard box, you instantly know that box came from Amazon. The unfurled rainbow feathers of a peacock immediately scream NBC. And a partially eaten piece of fruit in the profile is a world-recognized symbol of tech titan Apple. Icons are powerful symbols, condensing volumes […]
Call it retro. Call it a throwback. Even call it kitsch. But the 80s are still a singular time in pop culture history. From Ghostbusters and Back to the Future to your neighborhood arcade and the Atari 2600, artifacts of that seminal decade still resonate, evoking audible excitement and sighs of pleasant yesteryear remembrance. But […]