A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Bypass Paywalls is a popular extension for Firefox and Chrome that does what the name implies: allows your browser to manipulate its cookies so that websites with "soft paywalls" that allow a small number of free articles can't accurately determine if you've already exceeded your limit.
Five and a half years ago, Edward Snowden put his life on the line, gave up his country, and went into exile, just to reveal that he had been part of a widespread, illegal mass-surveillance program within the US government -- an illegal enterprise that the most senior spies in the nation had routinely lied […]
This is for everyone who follows me on social media, or who has read my press criticism. All my former students. Fans of my blog, PressThink. Anyone who owns my book. Anyone who's heard me speak. It is a personal statement, from me to them. I have never asked you for anything. Except maybe to […]
So you’ve got a good eye for pictures? We’ve got a good eye for deals. And this holiday, there are some solid deals out there for photographers. Check out some of our favorite recent discounts on gear, software, and e-learning for photogs of any experience. Gadgets RevolCam: The Multi-Lens Photo Revolution for Smartphones This […]
Take a scroll through any app marketplace and you’ll see that the doors are wide open for any game these days – and any game developer. Like any creation, virtual or analog, it all starts with an idea. And if you’ve got one of those, the Complete Unity Game Developer Bundle can walk you the […]
At the rate the world is shrinking, you don’t need to be a globetrotter for a second language to be a useful skill. And if you’re looking to learn that second language (or a third, or fourth), uTalk Language Education is the learning program that makes progression not only easy but fun. If you can’t […]