Internet: Latest News — Arabian Post

Phantom Wallet Surges to Second in U.S. App Store Ranking

The Arabian Post Network — Wed, 20 Nov 2024 10:05:49 +0000

Phantom, the Solana-based cryptocurrency wallet, has surged to become the second-highest-ranked app in the U.S. Apple App Store’s Utilities category, surpassing several competitors and leaving only Google’s suite of apps ahead. This significant rise marks a pivotal moment for Phantom, which has garnered attention as the go-to wallet for Solana and other decentralized finance (DeFi) enthusiasts. The app’s climb reflects broader trends in crypto adoption and the growing reliance on crypto-based financial tools.

Phantom’s progress has been driven by several factors, notably the increasing appeal of Solana, a blockchain praised for its speed and cost-effectiveness compared to Ethereum. As Solana’s ecosystem grows, more users are flocking to Phantom for its user-friendly interface and robust functionality. The wallet not only supports Solana-based tokens and NFTs but also allows for seamless interaction with decentralized applications (dApps). This versatility has proven critical as users seek more integrated, secure, and accessible ways to engage with the expanding crypto space.

In a market often dominated by established players, Phantom’s rise stands out. For months, the wallet has consistently ranked high within its category, a reflection of its growing influence among crypto users. However, the latest achievement places it just behind Google in the U.S. Apple App Store, indicating not only consumer interest but also the app’s increasing dominance in the mobile crypto wallet sector.

The ranking is also a testament to the larger trend of mainstream adoption of decentralized finance tools. As traditional financial services continue to evolve, more users are looking to decentralized solutions for managing their investments. In particular, Phantom’s ability to bridge Solana’s blockchain with everyday users through a mobile platform has allowed it to capture the attention of a wider audience.

However, the success of Phantom is not merely a result of its technical features but also its strategic partnerships and community-driven growth. The wallet has benefited from collaborations within the Solana ecosystem, which has cultivated a thriving user base. These partnerships have allowed Phantom to integrate seamlessly with an array of dApps and decentralized exchanges (DEXs), making it a critical tool for users looking to interact with Solana’s broader blockchain landscape.

This rise in popularity comes at a time when the crypto industry is facing increasing scrutiny and regulatory challenges, particularly in the U.S. Although crypto adoption continues to grow, concerns over security, regulation, and volatility persist. Despite these challenges, Phantom has managed to maintain its position by prioritizing security and enhancing user experience. The app features features like biometric authentication and encrypted key storage, ensuring that users’ digital assets are protected.

Phantom’s success also highlights the broader evolution of the decentralized finance landscape. With millions of users, Solana has become one of the leading smart contract platforms, offering developers a blockchain that prioritizes speed and cost-effectiveness. This has made Solana an attractive option for both decentralized applications and users looking for alternatives to Ethereum, which has often struggled with high fees and slower transaction times.

While Solana has been a major factor in Phantom’s success, the wallet’s adoption has also been spurred by its intuitive design and accessibility. In the often-complex world of cryptocurrency wallets, Phantom stands out with its sleek user interface, making it easier for new and experienced users alike to manage their assets. The wallet’s integration with popular hardware wallets like Ledger and Trezor further enhances its appeal, offering users more flexibility in managing their crypto holdings.

The surge in Phantom’s popularity also reflects the growing integration of blockchain technology into the mainstream tech ecosystem. As mobile users increasingly turn to apps that offer blockchain and cryptocurrency services, wallets like Phantom are positioned to play a crucial role in facilitating this shift. In a world where digital assets are becoming more prominent, apps that offer seamless and secure management of these assets are more important than ever.

The trajectory of Phantom, however, is not without competition. Despite being in second place in the Utilities category, Phantom faces stiff competition from other crypto wallets and DeFi platforms, many of which are vying for dominance in the expanding market. MetaMask, one of the most widely used crypto wallets, remains a formidable player, particularly within the Ethereum ecosystem. However, Phantom’s early focus on Solana has allowed it to carve out a unique space in the market.

The article Phantom Wallet Surges to Second in U.S. App Store Ranking appeared first on Arabian Post.

Benefits and Security of Free VPNs in the Middle East: A Growing Necessity

The Arabian Post Network — Fri, 13 Sep 2024 16:44:44 +0000

In an increasingly digital world, online security and privacy have become paramount, especially in regions like the Middle East, where business, politics, and technology are booming. As more individuals and companies in the UAE and surrounding countries embrace digital tools, the demand for secure internet access has risen sharply. One solution that has gained popularity is the use of a free VPN (Virtual Private Network), offering users the ability to browse the web with enhanced privacy and security.

A free VPN is an essential tool in today’s interconnected world, providing users with anonymity by masking their IP addresses and encrypting their online traffic. In the Middle East, where the digital economy is rapidly growing, and internet censorship can sometimes restrict access to information, VPNs are proving to be indispensable. Individuals looking to protect their personal data or access content across borders find free VPNs especially useful.

Enhanced Privacy and Security

One of the most significant benefits of using a free VPN is the heightened level of privacy and security it provides. Whether you’re an expatriate in Dubai managing sensitive work emails or a student in Saudi Arabia accessing educational resources, a VPN protects your data by encrypting it. This encryption ensures that hackers, government surveillance, or even your Internet Service Provider (ISP) cannot easily intercept or monitor your online activities.

Cybersecurity threats are a growing concern globally, and the Middle East is no exception. According to a report by cybersecurity firm Symantec, the region has seen an increase in cyberattacks, with the UAE ranking as the second most targeted country in the Middle East. In such a landscape, using a free VPN can act as a barrier, preventing malicious actors from gaining access to personal information, financial transactions, or sensitive business data.

Access to Global Content

Beyond privacy, a free VPN allows users in the Middle East to access global content that may otherwise be restricted due to geographical limitations or local regulations. Whether it’s streaming services, news outlets, or educational platforms, a VPN can provide access to the unrestricted internet, broadening horizons for individuals seeking knowledge, entertainment, or business opportunities.

For example, professionals working in Dubai or other Middle Eastern hubs might need to collaborate with international teams or access region-locked research and industry reports. With a free VPN, these professionals can seamlessly bypass such restrictions, staying connected with global markets and developments.

Supporting Remote Work and Business Growth

With remote work becoming the new normal, especially in the post-pandemic world, the use of VPNs has surged globally. This trend is no different in the Middle East, where businesses have adopted remote working models to ensure continuity. Free VPNs are an affordable option for small businesses or startups, allowing employees to securely access company servers and share sensitive documents without the risk of data breaches.

For example, a small tech startup in Dubai may rely on freelancers across various countries. Using a VPN, the company can ensure that sensitive information is transmitted securely between employees, boosting productivity and minimizing the risk of cyberattacks. According to a study by Statista, over 36% of internet users worldwide use a VPN to ensure safe and private internet usage, and the numbers continue to grow as more people work remotely.

Easy to Use and Accessible for Everyone

One of the most attractive aspects of free VPNs is their accessibility. Many free VPN services are easy to install and use, requiring no advanced technical knowledge. This accessibility is particularly important in the Middle East, where diverse populations with varying levels of digital literacy reside. From tech-savvy professionals to casual internet users, a free VPN offers an easy-to-understand interface and functionality, making online privacy a reality for everyone.

Furthermore, many free VPN services are available on multiple devices, from smartphones to laptops, providing users with protection whether they’re working from home, commuting, or even traveling across borders. As mobile phone usage skyrockets in the Middle East—with over 98% of the UAE population owning a smartphone—the importance of secure mobile browsing cannot be overstated. Free VPNs allow users to browse, shop, and interact with online services safely, ensuring that personal data remains private even on public Wi-Fi networks.

Conclusion: A Valuable Tool for the Modern Internet User

In conclusion, the rising use of free VPNs in the Middle East is a reflection of the region’s growing digital footprint and the increased need for privacy and security. Whether it’s accessing global content, protecting personal information, or supporting the region’s booming business sector, free VPNs offer significant benefits. With cybersecurity threats on the rise and online censorship still a challenge in some areas, free VPNs provide a reliable solution to keep users safe, secure, and connected to the world.

As the Middle East continues to embrace technology and digital innovation, the demand for VPNs will likely continue to grow, making them an indispensable tool for internet users in the region.

The article Benefits and Security of Free VPNs in the Middle East: A Growing Necessity appeared first on Arabian Post.

Safest VPN options in UAE?

The Arabian Post Network — Thu, 27 Jul 2023 05:47:46 +0000

In today’s digital age, protecting our online activities has become more important than ever. Whether it is safeguarding sensitive information or bypassing online restrictions, having a reliable virtual private network (VPN) is essential. For UAE residents, finding the right VPN provider can be a daunting task. With strict internet regulations and increasing cyber threats, it is crucial to choose a VPN that offers both security and functionality. That’s where we come in. In this article, we will dive into the top VPN providers specifically tailored for UAE residents. We will explore their key features, performance, and pricing options to help you make an informed decision. So, if you’re seeking to secure your digital footprint in the UAE, look no further. Read on to discover the best VPN providers that offer the ultimate protection and freedom for your online endeavors.

What is a VPN and how does it work?

A VPN is a technology that creates a secure and encrypted connection between your device and the internet. It acts as a middleman, routing your internet traffic through a remote server and masking your IP address. This not only enhances your online security but also allows you to browse the internet anonymously. By encrypting your data and hiding your IP address, a VPN ensures that your online activities remain private and secure.

Benefits of using a VPN in the UAE

The UAE has stringent internet regulations that restrict access to certain websites and online services. A VPN offers several benefits to UAE residents, including:

1. Bypassing online restrictions: With a VPN, you can access blocked websites and services, such as VoIP services or streaming platforms that may be restricted in the UAE.

2. Enhanced online privacy: A VPN encrypts your internet traffic, making it virtually impossible for anyone to monitor or track your online activities.

3. Securely using public Wi-Fi: Public Wi-Fi networks are often vulnerable to hacking and data theft. By using a VPN, you can secure your connection and protect your personal information from prying eyes.

VPN usage statistics in the UAE

According to recent studies, the use of VPNs in the UAE has seen a significant increase in recent years. This can be attributed to the growing concerns about online privacy and the need to bypass internet restrictions. In fact, it is estimated that around 25% of internet users in the UAE utilize VPN services.

Factors to consider when choosing a VPN provider in the UAE

When selecting a VPN provider in the UAE, there are several key factors to consider:

1. Server locations: Ensure that the VPN provider has servers in locations that are important to you. This will allow you to access content from different regions and bypass geo-restrictions.

2. Encryption protocols: Look for VPN providers that offer strong encryption protocols, such as OpenVPN or IKEv2. These protocols ensure that your data remains secure and private.

3. Speed and performance: Check the VPN provider’s performance, including their connection speeds and server reliability. A slow VPN can hinder your browsing experience, so it’s crucial to choose one that offers fast and stable connections.

4. Logging policy: Check the VPN provider’s logging policy. Opt for providers that have a strict no-logs policy, meaning they do not store any information about your online activities.

The top VPN providers for UAE residents – NordVPN, Surfshark VPN, ExpressVPN, VPN.ac

After careful research and analysis, we have identified the top VPN providers specifically tailored for UAE residents. These providers offer a combination of security, functionality, and performance. Let’s take a closer look at each of them:

NordVPN

NordVPN is known for its robust security features and extensive server network. With servers located in numerous countries, you can easily bypass geo-restrictions and access content from around the world. They offer military-grade encryption, ensuring that your data remains secure and private. Additionally, Provider 1 boasts lightning-fast connection speeds, making it ideal for streaming and torrenting.

Surfshark VPN

Surfshark is a popular choice among UAE residents due to its strong privacy features and user-friendly interface. Their servers are strategically located across the globe, allowing you to access blocked content effortlessly. Provider 2 utilizes advanced encryption protocols to safeguard your data, and their no-logs policy ensures that your online activities remain private. Moreover, Provider 2 offers unlimited bandwidth, making it perfect for heavy internet users.

ExpressVPN UAE

ExpressVPN is renowned for its high-speed connections and extensive server network. With servers in over 100 countries, you can enjoy unrestricted access to global content. Provider 3 utilizes cutting-edge encryption technology to protect your data and offers additional features like split tunneling and kill switch for enhanced security. Their user-friendly apps make it easy to set up and use a VPN on various devices.

VPN.ac UAE

Embrace a world of online freedom and peace of mind with VPN.ac, as it continues to earn its reputation as a premier VPN provider, committed to delivering privacy and security without compromise.

Setting up and using a VPN in the UAE

Setting up and using a VPN in the UAE is a straightforward process. Here’s a step-by-step guide:

1. Choose a VPN provider that suits your needs and sign up for an account.

2. Download and install the VPN app on your device.

3. Launch the app and log in using your credentials.

4. Select a server location from the provided list. If you want to access content from a specific country, choose a server in that location.

5. Click on the connect button to establish a secure VPN connection.

6. Once connected, your internet traffic will be encrypted and routed through the VPN server.

7. Enjoy unrestricted access to the internet and browse securely.

Conclusion: Protect your online privacy with a reliable VPN provider

In conclusion, securing your digital footprint is crucial in today’s digital age. By using a VPN, you can protect your online activities, bypass internet restrictions, and ensure your data remains private. For UAE residents, finding the right VPN provider is essential. Consider the key factors, compare the top VPN providers, and choose the one that best suits your needs. With the right VPN, you can secure your digital footprint and enjoy the freedom of the internet in the UAE. So, take control of your online privacy and stay protected with a reliable VPN provider today!

The article Safest VPN options in UAE? appeared first on Arabian Post.

How India’s PM-Kisan Aadhaar Leak is Exposing Indians to Identity Theft

The Arabian Post Network — Thu, 04 May 2023 07:05:18 +0000

The recent leak of the PM-Kisan Aadhaar database has exposed millions of Indian citizens to the risk of identity theft. This leak has raised serious concerns about the security of the Aadhaar system, which is the world’s largest biometric identity system.

The PM-Kisan Aadhaar database contains the personal information of over 8.5 crore farmers, including their names, addresses, bank account numbers, and Aadhaar numbers. This data was stored on an unsecured server, which was accessible to anyone with an internet connection. This means that anyone with malicious intent could have accessed the data and used it to commit identity theft.

Identity theft is a serious crime that can have devastating consequences for victims. It involves the unauthorized use of someone’s personal information to commit fraud or other crimes. Identity thieves can use stolen information to open bank accounts, apply for credit cards, and even take out loans in the victim’s name.

The PM-Kisan Aadhaar leak has put millions of Indian citizens at risk of identity theft. This is because the leaked data contains all the information that an identity thief needs to commit fraud. Furthermore, the Aadhaar system is linked to a variety of other government services, such as banking and tax filing. This means that an identity thief could use the stolen information to access these services and commit further fraud.

The government must take steps to ensure that the Aadhaar system is secure and that the personal information of Indian citizens is protected. This includes implementing better security measures to protect the data, as well as educating citizens about the risks of identity theft and how to protect themselves.

The PM-Kisan scheme is a government initiative that provides financial assistance to small and marginal farmers in India. The scheme was launched in 2019 and has since enrolled over one million farmers. The scheme requires farmers to provide their Aadhaar numbers and other personal information in order to receive the benefits. This data was stored in a government database, which was recently breached, resulting in the leak of the personal information of these farmers.

The leak of this data has serious implications for India’s security. The leaked data can be used by malicious actors to commit identity theft and financial fraud. This could lead to significant financial losses for the farmers, as well as for the government. Furthermore, the leak of Aadhaar numbers could also lead to the misuse of these numbers for other purposes, such as accessing government services or obtaining loans.

The leak of this data also raises questions about the security of government databases. This breach highlights the need for stronger security measures to protect the personal data of citizens. The government must ensure that its databases are secure and that the data is not vulnerable to unauthorized access. Furthermore, the government must also ensure that the data is not shared with third parties without the consent of the individuals.

First, the government should ensure that all data is stored securely. This includes encrypting the data, using secure servers, and regularly updating security protocols. Additionally, the government should ensure that only authorized personnel have access to the data. This can be done by implementing strict access control measures, such as two-factor authentication and role-based access control.

Second, the government should ensure that all data is handled responsibly. This includes implementing policies and procedures to ensure that data is not shared with unauthorized parties. Additionally, the government should ensure that all data is handled in accordance with the law, including the Aadhaar Act and the Information Technology Act.

Third, the government should ensure that all data is monitored regularly. This includes conducting regular audits to ensure that data is being handled securely and responsibly. Additionally, the government should implement a system of alerts and notifications to ensure that any suspicious activity is detected and addressed quickly.

Finally, the government should ensure that all data is backed up regularly. This includes creating regular backups of the data and storing them in secure locations. Additionally, the government should ensure that the backups are tested regularly to ensure that they are up-to-date and can be used in the event of a data breach.

By taking these steps, the government can ensure that the personal data of farmers enrolled in the PM-Kisan scheme is secure and protected. This will help to prevent future leaks and ensure that the data is handled responsibly.

The article How India’s PM-Kisan Aadhaar Leak is Exposing Indians to Identity Theft appeared first on Arabian Post.

6 Tips for Protecting Against Ransomware

The Arabian Post Network — Tue, 16 May 2017 18:03:35 +0000

The Internet Society has been closely monitoring the ransomware cyber-attacks that have been occurring over the last couple of days. The malware, which has gone by multiple names, including WannaCry, WannaDecryptor, and WannaCrypt, exploits a flaw in Microsoft Windows that was first reportedly discovered by the National Security Agency (NSA). A group of hackers leaked the code for exploiting this vulnerability earlier this year, and a fix or patch was available as far back as March 2017. Since Friday, 200,000 computers in 150 countries have been compromised using this exploit. The numbers are expected to grow exponentially as people settle back into their work routines and regular use of computer systems this week. As part of our continuing work in online trust and security, there are some key takeaways from this incident that we want to leave with our community.

Firstly, we want to highlight the extremely negative effects which government stockpiling of vulnerabilities and zero day attacks has on the overall security of the Internet. With over 60 countries known to be developing growing arsenals of cyber weapons, and with many of these exploits leaking into the public domain, the potential for widespread damage is a massive cause for concern. The impact is not only economic in terms of financial loss, but social in terms of how it impacts end user trust, and most importantly human in terms of loss of life (especially given that ransomware attacks have been focusing on hospitals). And with critical infrastructure like power plants, dams, and transportation systems being targeted in nation state cyber offensives, the threat to human life increases exponentially.

Secondly, it would appear that some hospitals are easy targets for ransomware attackers. Their systems house data that is critical to patient care and management, and many of these institutions don’t have the IT resources to support critical process areas like vulnerability management, patch management, business continuity management, etc. In general, hospitals are also now adapting to digital realities and a number of them are playing catchup with regards to cyber readiness. However, the aforementioned challenges are not unique to hospitals, and are faced by many small and medium enterprises (SMEs), and in several instances, large corporations. Individual users are also targeted based on their generally poor Internet hygiene or lack of security awareness.

We want to take this opportunity to emphasize the importance of good online security practices when accessing the Internet. So here are 6 basic tips for protecting against ransomware:

1. Employ strong, multi-layered endpoint security – Using endpoint security that can protect web browsing, control outbound traffic, protect system settings, proactively stop phishing attacks and continuously monitor for anomalous system behavior will allow for better protection of servers, laptops, tablets, and mobile devices.

2. Maintain regular backups of your critical data – Backups can help you to protect your data from more than just ransomware. Other risk events such as malware, theft, fire, flood or accidental deletion can all render your data unavailable. Be certain to encrypt your backed-up data so it can be effectively restored. Backups should also be stored at an offsite location isolated from the local network.

3. Do not open unsolicited emails or messages from unknown senders – Many ransomware variants are distributed through phishing attacks or email attachments. Increased mindfulness when handling ‘suspect’ emails can be effective in combating ransomware.

4. Patch your systems regularly – Patching your systems for vulnerabilities reduces the opportunities for hackers to infect you with ransomware. The fact that a patch was available for the WannaCrypt vulnerability since March highlights the somewhat lax attitude by organizations and individuals to keeping their system patches up to date. That being said, patch management is a complex activity and can impact the availability of key systems. Hence, thorough testing must be conducted to avoid unplanned downtime.

5. Disable macros if possible – Many forms of ransomware are distributed in Microsoft Office documents that attempt to trick users into enabling macros. There are a number of tools available that can limit to functionality of macros my preventing them from being enabled on files downloaded from the Internet.

6. Be aware and vigilant – For individuals, don’t assume that only techies need to know about all the recent malware and trends in online attacks. Subscribe to mailing lists that provide information on common vulnerabilities and exposures. In the case of organizations, developing an information security awareness program is an integral part of improving overall security posture.

Finally, we want to touch on the important work being done by the Online Trust Alliance (OTA), the Internet Society’s newest initiative. The OTA’s mission is to enhance online trust, user empowerment and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, ethical privacy practices and data stewardship. With regards to preventing ransomware attacks, OTA has developed a number of industry best practices that address key threat areas such as email authentication and incident response. These are as follows:

Email Authentication: https://otalliance.org/resources/email-security

Domain-based Message Authentication, Reporting & Conformance (DMARC): https://otalliance.org/dmarc

Cyber Incident & Breach Response: https://otalliance.org/resources/cyber-incident-breach-response

Additional OTA best practices, resources and guidance to help enhance online safety, data security, privacy and brand protection can be found here.

The Spam Toolkit developed by the Internet Society also provides some guidance on addressing online threats.

The Internet Society is committed to the enhancement of online trust, and our work along this vein spans multiple areas. Our goal is to continue to provide our individual members, organizational members, chapters, partners, and other constituents with timely and relevant information and resources that equip and empower them to act.

Source link

The article 6 Tips for Protecting Against Ransomware appeared first on Arabian Post.

Bringing Internet to Venezuela’s Remote Regions – While Setting a World Record

The Arabian Post Network — Fri, 12 May 2017 02:02:32 +0000

My interest in networking began during my time as a professor and head of the telecommunications lab at the University of Los Andes, in Merída, Venezuela, where we began experimenting with computer networks. I was one of the earliest Internet enthusiasts at our university. Our university was the first in Venezuela to get direct access to the Internet backbone in Homestead, Florida, by means of an antenna on the roof of our lab with the satellite modem in my office.

When I’m not working as a professor, though, I love to explore the outdoors. I started wondering, What would it take for me to live in a remote village, instead of living in the city? The answer was simple: I would just need a way to communicate in order to handle emergencies and to get in touch with people. That is how I began trying to bring connectivity to remote villages, places that, at the time, didn’t have telephones or any kind of communication whatsoever.

I’m a HAM Radio enthusiast, so at the time, I was exploring packet radio as a way to provide connectivity. This was still a new technology that allowed you to send data and programs. We used it to build our first network in rural areas surrounding the city of Merida, but there were restrictions since only registered amateurs could legally use it. So, when the ISM frequency bands were made freely available in Venezuela, we bought some spread-spectrum wireless cards, which were meant for local area connectivity. By replacing the stock antennas with home-built Yagi antennas, we were able to cover the same distances we had with packet radio, but at much higher speeds. We were able to connect health and community centers around Merída, and eventually we were able to connect locations all over the state.

That’s how it started…

We had a problem, though. While we were putting together these networks, we didn’t have the manpower to maintain them. There were only four of us. That’s why we started EsLaRed (Escuela Latinoamericana de Redes – Latin American Networking School) – to build that capacity. At the time, I was on sabbatical from the university and my colleagues suggested I spend part of it at the International Centre for Theoretical Physics (ICTP) in Italy — where they were organizing the Second Computer Networking School. I did it. I went to ICTP and once I was there I convinced some of the instructors to come to Merída. That is how we held our first networking school at the end of 1992. We had participants from ten (10) Latin American countries at that meeting. And – as they say – the rest is history. Today EslaRed is a key training event in the LAC region and will celebrate its 25th anniversary in November at a training event in San Salvador.

Back to Community Networks…

We focused on how to extend Internet coverage with wireless over longer and longer distances to connect remote areas. The first 70 kilometer link was to the village of Canagua. The important thing when you’re sending a signal over a long distance is to have a high enough placement to “clear” the line of sight. We were lucky because there is a big mountain just outside of Merída that is easily accessible from the city by cable car. So, we were able to leverage this spot to reach Canagua, while we were also connecting several sites in the city and the surrounding community. And from there, we just kept looking into how to expand the range further and further at a lower cost.

In 2006, we made a link that went 280 kilometers. One end of the network was 4,200 meters and the other end of the network was a hill about 250 meters high, with flatlands between them. This worked as we were able to clear the curvature of the earth. We used repurposed satellite antennas that were 2.9 and 2.4 meters in diameter. The throughput was pretty low, but we did manage to send video. In 2007, we broke the world record for the longest transmission of a WiFi signal, 382 kilometers, at a throughput of 4 Mbps, which has not yet been surpassed.

Ermanno testing the antenna used for Internet Satellite access at the university later repurposed in 2006 for the 280 km WiFi link.

Getting a signal to these places is incredibly important. The telecommunications network in Venezuela is not yet great. I live only five kilometers outside of the city and there’s still no wireline telephone service there. While most cities are connected by fiber optics, in rural areas only wireless service is available, and many villages are not covered at all. By providing Internet coverage with modified WiFi technology, people can also talk to each other using VoIP. This makes a huge difference in their lives.

Promoting Digital Accessibility in Sri Lanka

The Arabian Post Network — Sun, 07 May 2017 10:01:33 +0000

Starting December 2015, the Internet Society Asia-Pacific (ISOC APAC) Bureau in collaboration with local stakeholders including government, industry and the civil society, has led a series of endeavours to help further digital accessibility in Pakistan.

Building on the success of our work in Pakistan, and in an effort to replicate the learnings in other parts of the Asia-Pacific, we recently held a workshop on digital accessibility in Colombo, Sri Lanka, hosted by the ISOC Sri Lanka chapter.

The workshop started off with a training and awareness session on accessibility standards and design principles. The session had Persons with Disabilities (PWDs) sharing their experiences and needs with website and mobile application developers. The moderator, Deshabandhu Manique Gunaratne, explained accessibility features and guidelines with some tips for the development of accessible websites and applications. She also explained some of the approaches to the redesign of the user interface for websites using Website Content Accessibility Guidelines (WCAG) 2.0 standards.

It came as no surprise that most of the developers present had no idea about accessibility features, or of some of the easy-to-implement actions when developing websites and general applications. Sharing the experience of users with visual, hearing and physical impairments, it was stressed that the optimal approach to promoting accessibility is by building it in during the design phase of websites, services and applications.

PWDs also mentioned the affordability of assistive technologies, cultural stigma issues, lack of digital literacy, unavailability of appropriate local language content and connectivity problems as some of the other barriers that limit them from better using the Internet and mobile technologies.

In the latter part of the workshop, various stakeholders, both from the public and private sector, engaged in a dialogue on digital accessibility policies, products and services in Sri Lanka. The Hon. Secretary, Ministry of Telecommunications & Digital Infrastructure, Government of Sri Lanka and Mr. Senarath Attanayake, Member of the Uva Provincial Council were among the session speakers.

During the discussions, it was highlighted that the Sri Lankan Government had issued a policy direction in 2010 to improve both accessibility and usability features of all government websites. However, the implementation of this policy has remained slow – largely because government webmasters are not aware of accessibility design principles.

Some of the other points raised by the PWDs ranged from adoption of standards by government for designing accessible websites and services; the accessibility of emergency services; support for relay services; access to local information about suitable communications products and services; the involvement of PWDs and their representative organisations in policy development processes; and establishing a coordinated monitoring and reporting framework related to the progress of digital accessibility in Sri Lanka.

The workshop concluded with a call for some immediate action, including implementing accessibility features in the top 10 government websites and developing a training program on web accessibility for government employees (especially developers/webmasters) with the support of the Ministry.

Some of the workshop moments are captured at http://bit.ly/2oR00pV

Source link

The article Promoting Digital Accessibility in Sri Lanka appeared first on Arabian Post.

Using the Collaborative Security Approach to Address Internet of Things Security Challenges

The Arabian Post Network — Tue, 02 May 2017 18:00:44 +0000

Two years ago, our “Collaborative Security Approach” proposed a way of tackling Internet security issues based on the fundamental properties of the Internet and the voluntary cooperation and collaboration that’s been prominent throughout the Internet’s history. In this post, let us look at each of the five key Collaborative Security characteristics as they apply to security of the Internet of Things (IoT).

Fostering Confidence and Protecting Opportunities. In short, we should always have these objectives in sight when developing security solutions.

The IoT is a rapidly developing industry sector. Beginning with providing internet connectivity to isolated systems (e.g. cars, early generation SCADA systems), it is evolving into complex distributed systems enabling communication between (embedded) sensors and actuators with application, data storage and middleware components.

The main drivers for this explosive development are:

cheap and small sensors and actuators that can be attached to almost any physical object;
ubiquitous wireless connectivity;
application clouds, allowing to separate an upgradable intellect from the “smart” objects themselves (a more appropriate name would in fact be “dumb objects”).

Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority.

We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn’t shortened there is a high risk of long-term damage to user confidence in the IoT.

Addressing security challenges must be done while preserving the fundamental drivers. For example, too rigorous security requirements for devices may stifle innovation and development, while addressing system wide security is a more appropriate and long-term strategy.

Collective Responsibility. This notes that participation on the Internet means global interdependency. If participants act solely in their own self-interest, not only is the security of the internet affected, the social and economic potential of the internet to the global community also diminishes.

The IoT is not a thing, not even zillions of things; it is an interconnected system. Subsequently, there are many parties with a stake in security, including:

Vendors of sensors and actuators (devices)
Middleware developers
Application developers
Protocol developers
Middleware operators
Application services operators

Figure 1: Generic IoT model

All of them are interested in a sustainable IoT, but not all of them realize its dependence on security. Each player has responsibility in the overall security of the system, and each of them can be the weakest link that undermines it.

And we should not forget another important “stakeholder” – the user, be it an organization, municipality, government, or individual. All of them have a stake and responsibility. Their choices define how valuable security features are.

Fundamental Properties and Values. In short, solutions should be compatible with human rights, values, and expectations (e.g. privacy), and what we call the “Internet Invariants” (open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation, and global reach).

As I just emphasized, the IoT is a system that should be analysed and addressed as a whole. Focusing on isolated components without holistic risk and threat analysis tends to provide temporal fixes (if any), and may significantly hinder the innovative potential of the IoT.

Because the Things in IoT are part of the bigger internet, it is important that the solutions build on and do not harm the fundamental properties of the internet – the Internet invariants.

Privacy implications of unsecured IoT systems are far reaching. Even if the system is secure, the breadth of the data collection should be carefully assessed. Recommendations outlined in the 2016 Global Internet Report provide an essential baseline.

In the IoT world, security and privacy often translate into human safety; these crucial factors should be part of the overall risk analysis and risk management.

Evolution and Consensus. In summary, security solutions must be grounded in experience, developed by consensus, and evolutionary in outlook. They need to be flexible enough to evolve over time. In a quickly evolving system, an open, consensus-based participatory approach is the most robust, flexible, and agile.

Security building blocks with a proven track record of protection and deployment in the greater Internet should be used as much as possible. Not every solution works for the Internet; some take off quickly and some never see wide deployment. This experience should be used when looking at security solutions for the IoT.

IoT is rapidly evolving. The most effective solutions are those that anticipate the development trend and address the problems of tomorrow. In developing such solutions, all players need to be brought to the table to produce most robust, flexible, and agile outcomes.

Today, there is a tendency to associate almost any device connected to the Internet with the IoT. Many such devices, like modems, routers etc., have existed since the birth of the Internet, and if we only focus on solving their problems we will miss important emerging threats. IoT systems are distinct in how the “things” are communicating, and how they are administered and controlled. Recognizing these patterns and trends is a key to effective long-term solutions.

Think Globally, Act Locally. For greater effectiveness and efficiency, solutions should be defined and implemented by the smallest, lowest, or least centralized competent community at the point in the system where they can have the most impact.

IoT security is hampered by negative economic factors, such as negative externalities and information asymmetry. This is not unique to the IoT; our recent analysis of data breaches revealed similar issues.

For instance, device vendors do not provide strong security because they do not bear the costs of security exploits. And consumers have no way to assess the security of the IoT system as a whole, thus diminishing motivation for the vendors to deliver secure solutions. There are other examples.

I mentioned several key players that take part in creating an IoT ecosystem. Understanding the relationships between them, their motivations, and incentives helps steer their behaviour and operation toward most favourable outcomes.

For example, raising consumer awareness of the risks of connected devices can help establish ranking or certification programmes, like the one started by Consumer Reports in the USA.

What is crucial here is “norm setting” based on industry-developed and agreed principles and recommendations. A great example of such an effort is the Online Trust Alliance IoT Trust Framework that includes 37 principles addressing privacy, security, and sustainability of the IoT systems.

Looking at the trends again, it seems that consumers will be less interested in do-it-yourself IoT installations, but rather go for a “platform,” like HomeKit, Alljoyn or Weave. The platform vendors and operators can differentiate themselves based on security and privacy protection of their systems, as well as provide necessary pressure on the component suppliers (for example, through programs like MFi by Apple. Providing independent assessment of the security level of the platforms and associated certification or ranking can have a significant impact on the whole IoT ecosystem. Again, security frameworks like the OTA IoT Trust framework provide a good foundation for such activity.

Conclusion

It is unrealistic to expect we can achieve absolute security for the IoT. Nor it is necessarily desirable, as getting closer to this goal may have unbearable costs. It is about how to keep pace and strike right balances when trade-offs are encountered. We hope that the collaborative security approach can help us think about both.

To learn more, you can read about our Collaborative Security Approach and our work on the Internet of Things.

Source link

The article Using the Collaborative Security Approach to Address Internet of Things Security Challenges appeared first on Arabian Post.

Will Artificial Intelligence Change The World For the Better? Or Worse? Read our new policy paper

The Arabian Post Network — Fri, 28 Apr 2017 01:59:29 +0000

Artificial Intelligence (AI) is a concept that has a long standing tradition in the realm of science-fiction, popularized by Hollywood movies and iconic writers such as Isaac Asimov. However, AI has also received increased attention in recent years following news of progress in the field and the prospect of new, tangible, innovation such as self-driving cars. The Internet has played an important role in these developments, particularly as the platform for AI enabled services – some with significant implications for the continued development of a trusted Internet.

The Internet Society is pleased to release a policy paper on Artificial Intelligence and Machine Learning to help navigate some of the opportunities and challenges the technology presents, and to support an informed debate by de-mystifying some of its fundamental concepts. A key aspect is understanding machine learning, a specific AI technique that has been driving the development of new algorithms to substitute or support human decision-making – some of which are already deployed online. Smart assistants, such as “Siri” or “Alexa”, use machine learning to interpret voice commands, email servers use the technique to better filter out junk mail, and some e-commerce websites use it to personalize the web experience of their users.

AI is taking on an increasingly important role in international discussions on the Internet. Recently in Dusseldorf, as part of the German G20 presidency, ministers responsible for their countries’ digitalization agendas met with other stakeholders to discuss policies for the digital future. The impact of AI driven applications, alongside strategies for how to capitalize on the Internet’s vast opportunities for productivity and economic growth, were centre stage.

The ability of machines to exhibit advanced cognitive skills to process natural language, to learn, to plan or to perceive, makes it possible for new tasks to be performed by intelligent systems, sometimes with more success than humans. By using AI-driven automation in existing industries, alongside using AI technologies in new emerging areas, artificial intelligence could vastly boost productivity and economic growth.

AI is a technology that could change the world for the better. It can make medical procedures safer, increase productivity and boost the economy, or be used in applications to improve the quality of life for the disabled. But, AI is also a technology that comes with challenges, such as accountability, security, technological mistrust, and the displacement of human workers.

The private sector has acknowledged these opportunities, and investments in AI have grown over the past several years. Major corporations have invested in developing AI technologies. Forrester predicts that investments in AI are set to grow by 300% in 2017 alone. At the same time, workers fear that their livelihood could be replaced by machines. There are serious questions as to who will benefit and who may lose.

However, beyond the economic impact that AI may have, AI will also affect how people perceive and use the Internet. It has the potential to intensify users’ concerns surrounding the Internet, such as questions of accountability, openness, safety, security, and its socio-economic impacts.

With the potential to dramatically impact the economy and society in the near future, AI has moved to the forefront of many policy debates around the world. These debates range from the governance of AI, such as ensuring accountability of algorithmic decisions, to mitigating the impact of AI on employment. There are clear challenges for AI that must be addressed now to support the technology’s positive future.

It is important to note that the anticipated impact of AI is largely based on predictions and estimates. But regardless of the level of impact, AI will affect the world’s economies, citizens, and the Internet.

It is up to all stakeholders today, be they policymakers, businesses, technical, or civil society, to ensure that AI’s impact is a positive one by proactively tackling the challenges, while ensuring the opportunities remain available.

Please read and share our new policy paper: Artificial Intelligence and Machine Learning.

Source link

The article Will Artificial Intelligence Change The World For the Better? Or Worse? Read our new policy paper appeared first on Arabian Post.

Join forces to eliminate spam – read the new report from the CRTC

The Arabian Post Network — Sun, 23 Apr 2017 09:58:04 +0000

What are the best ways to reduce spam? How can we work together to reduce this threat and create a more trusted Internet?

Last October, in the vibrant city of Bangkok, the Internet Society joined regulators for an in-depth conversation about how to eliminate spam and its harmful effects. Our kind hosts were the Canadian Radio-television and Telecommunications Commission (CRTC) and the International Institute of Communications (ICC).

The CRTC has published a comprehensive and insightful report on the workshop, capturing the key issues, observations, and ways forward. We encourage you to read it carefully. First and foremost, take note of the answer to “why act now?” – it’s a shared responsibility.

This principle lies at the heart of the Internet Society’s Collaborative Security approach. We have a collective responsibility to care for the Internet for everyone.

Spam is not just a nuisance: it’s a vector for malware, fraud and attack. Gone are the days when spam was just an unwanted email. Today, spam is big business.

Spammers are continually adapting their activities to find new ways to: exploit users; maximize their profits; and avoid law enforcement. Two areas of increasing concern are botnets and ransomware, both of which are propagated by spam. Europol’s Serious and Organised Crime Threat Assesssment for 2017 states that ransomware has become “… the leading malware in terms of threat and impact”. And, one only has to look about to the 2016 Mirai botnet DDoS attacks to understand the risk they pose to the stability of the Internet.

Eliminating spam requires efforts on all fronts: legal, technical, economic and social. It’s a problem that will need a collection of solutions, carried out through collaboration across borders and across disciplines.

What can governments do? Governments can contribute to combatting spam and its harmful effects by:

deterring bad actors through law and enforcement
empowering citizens to avoid the dangers of spam
fostering cross-discipline anti-spam efforts
encouraging anti-spam best practices
supporting anti-spam research.

What can you do? Join the fight against spam. Go to our anti-spam toolkit to find out what you can do to protect yourself and others.

Source link

The article Join forces to eliminate spam – read the new report from the CRTC appeared first on Arabian Post.

Deadline 3 May: Recognize an outstanding technologist

The Arabian Post Network — Tue, 04 Apr 2017 23:11:11 +0000

Do you know someone who has made an outstanding contribution to the development of the Internet?

We are pleased to announce that candidate nominations for the 2017 Jonathan B. Postel Service Award are open.

This annual award is presented to an individual or organization that has made outstanding contributions in service to data communications and places particular emphasis on those who have supported and enabled others.

Nominations are encouraged for individuals or teams of individuals from across the data communications industry around the world who are dedicated to the efforts of advancing the Internet for the benefit of everybody.

The award includes recognition at a global conference of the Internet’s technical leaders, as well as a signature crystal globe and a USD 20,000 prize.

Previous awardees include those who have wholeheartedly committed themselves to the technological development, growth and vitality of the Internet.

Nominations can be made either by self-nomination or by third party here.

For more about Jonathan Postel, the award, nomination procedures, and online submission forms view our page about the award.

You can recognize someone you know who has made a special contribution by nominating them for this year’s Postel Award.

The deadline for nominations is 3 May 2017 so be sure to get yours in on time!

For more information about Jon Postel and this award, please view this video narrated by Vint Cerf:

Source link

The article Deadline 3 May: Recognize an outstanding technologist appeared first on Arabian Post.

Encryption is key for a trusted Internet

The Arabian Post Network — Fri, 31 Mar 2017 07:08:15 +0000

One of the few regrets of Vint Cerf, who is often referred to as the ‘father of the Internet’, is the fact that encryption using public cryptography was not baked in the original ARPANET design. While the early Internet was meant to meet a number of requirements such as resilience and openness, encryption was not one of them. Some of this was because of the high cost associated with encryption, and some if it was for other reasons. This explains why encryption was only introduced at later stages when CPU and memory resources were more affordable.

And, after the revelations in recent years of surveillance, hacking, eavesdropping and leaking information, the need to have strong end-to-end encryption cannot be overstated. The rise of the Internet of Things has made those threats even more salient.

ISOC believes in a safer Internet that everyone trusts. If we don’t trust the Internet, put at risk one of the world’s greatest tools for communication, economic growth, and endless positive opportunities we haven’t even thought of yet.

In an effort to make Internet access safer, ISOC is promoting good encryption practices on the infrastructure level through programs such as the Deploy360 program and through campaigns encouraging websites to turn on SSL by default and have DNSSEC compliance.

The proper use of encryption is critical to building that trust.

Knowing The Subtle Differences

Encrypted traffic going from one device to another generally passes through one or more intermediaries. If a message gets encrypted before leaving the device, Internet service provider and other gateways between the device and the platform would not be able to read it.

But some services are known to provide encryption that’s not end-to-end. This is because the data is decrypted on the intermediary servers before being encrypted again and sent to the target device. Some services assign the same private key for the sender and receiver. This is called ‘symmetric’ encryption, which is not a safe way of encrypting your data since it is possible that something, or someone, could read your stuff before it ends up at its destination.

Where You Can Find End-to-End

The good news is various software vendors are increasingly adopting end-to-end encryption. But It is tricky to know for sure which of those vendors are truly offering end-to-end encryption and which ones are not. The Guardian Project listed a number of mobile apps that have implemented end-to-end encryption. Or, if users are a bit more tech savvy, they could do the encryption themselves instead of relying on the vendor’s software. This is often done for email communication through Pretty Good Privacy (PGP) encryption, which is used by many cyber activists and techies. For instant messaging, Off-the-Record Messaging (OTR) is also widely used.

Any encryption is of little meaning if it is not strong enough to sustain brute attacks, which are becoming stronger because of faster processors and cheaper memory. To minimize risk from such attacks, private keys, as well as passcodes, should be sufficiently complex and long.

It’s Up To All Of Us

A safer Internet we trust is going to take all of us. Boosting the strength of encryption Internet users are using is key to preserve their online privacy.

Sometimes using encryption may very well be the difference between life and death for whistleblowers, activists and journalists who use the Internet to send confidential and sensitive information. In many countries under repressive regimes, protecting the confidentiality of data is critical for survival.

The Bottom Line

The bottom line is that Internet access with strong end-to-end encryption is critical in today’s world where cyber threats of all kinds are on the rise. The more of us who start to use encryption, the more trustworthy the Internet becomes since communication channels become safer.

Although we will not be able to turn back time to embed encryption in the original design of the Internet, we can continue working to make it a priority moving forward.

Join us at the Internet Society and let’s work for a safer Internet we can all trust.

Source link

The article Encryption is key for a trusted Internet appeared first on Arabian Post.

Rough Guide to IETF 98: Trust, Identity, and Privacy

The Arabian Post Network — Sun, 26 Mar 2017 15:06:54 +0000

It should come as no surprise that there are numerous activities related to Trust, Identity, and Privacy on the agenda for IETF 98. Below I will highlight a few of the many activities and provide pointers to a number of additional ones. There is something for everyone interested in these areas in Chicago in the coming week!

The fun starts before the meeting even begins with the IETF 98 Hackathon. There are two relevant efforts in the hackathon that I’d like to bring to your attention. The first one is a large collaboration of people working on DNS, DNSSEC, and DNS privacy. This is a well-established project that has been active in several recent IETF Hackathon events. Many of the regular contributors to this project recently met with a number of academic researchers in San Diego at the Network and Distributed System Security (NDSS) Symposium 2017 for a full day workshop on DNS Privacy. This work is actively driving improvements in the DNS privacy space. (See also our Rough Guide on DNS Privacy and Security.)

The second hackathon project related to our overarching topic of trust is the one on COSE/JOSE. Javascript Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) are two related standards for the definition of objects for signing and encryption for JSON and CBOR environments respectively. These efforts are foundational to some continuing work in the IETF around tokens in the web and IoT spaces.

After a few days of diving deep into the details, it might be time to broaden the perspective again. The next session I’d like to suggest, especially to those new to the development of IETF protocol standards, is the Sunday tutorial on Security Considerations. This tutorial explores some of the many aspects of security that might get overlooked during the development of a protocol. The IETF security community is in the process of updating the current guidelines represented in RFC 3552 “Guidelines for Writing RFC Text on Security Considerations.” Additional volunteers are being sought to help finish this effort.

For those with a keen interest in privacy, the W3C Privacy Interest Group (PING) will again be meeting for its regular PING and friends get-together during the lunch break on Thursday, 30 March in Montreux2. Anyone with an interest in privacy is invited to join the meeting (but it is bring your own lunch).

Unfortunately, in a slot directly conflicting with the W3C PING meeting is a session that is also of potential interest. It is a lunch talk by John Mattsson, a Senior Specialist at Ericsson Security Research with a focus on Security Protocols, Cryptography, and IoT. This talk will look at the evolution of cellular security from cryptographic beginnings in 2G to a vision for 5G with improved security and privacy. Grab a quick sandwich and head to what is sure to be an interesting and informative session. The good news is that this session will be streamed live and archived on the IETF YouTube channel.

With the hackathons, tutorials, side meetings, and guest lectures covered, we have now arrived at the detailed work of the IETF. The first step to adopting work in the IETF is a Birds of a Feather (BoF) session, and there is one relevant BoF in our space this time. The Protocol for Dynamic Trusted Execution Environment Enablement (TEEP) BoF is considering an effort to define a standardized version of an application layer security protocol for the configuration of security credentials and software running on a Trusted Execution Environment (TEE). There is a proposal available (https://tools.ietf.org/html/draft-pei-opentrustprotocol-03) to help jump start the activity.

The Network Time Protocol (NTP) working group has been working for some time to define a replacement for the NTP Autokey protocol. Autokey was developed many years ago, has been identified with numerous flaws, was published as an Informational RFC because of those flaws, and has never been broadly deployed and used. The Network Time Security (NTS) for NTP effort (https://datatracker.ietf.org/doc/html/draft-ietf-ntp-using-nts-for-ntp) specifies a mechanism to provide cryptographic security for NTP for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD). Accurate, reliable, and precise time synchronization is key to a number of underlying security protocols, and this improvement to NTP is long overdue and needed. The NTP working group will also be discussing the publication of a BCP for NTP addressing some of the key misconfiguration issues that lead to DDoS attacks on NTP and some minor updates to NTPv4 to fix some outstanding issues.

The Public Notary Transparency (TRANS) working group has been working since 2014 to improve the confidence of users in the Web PKI. The underlying premise of this work is to create transparent logs of certificates so that mis-issuance can be detected. That which is transparent can be observed and monitored for unexpected behavior. The core document (https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis) has been through Working Group Last Call and 24 revisions. A number of recent issues have been raised and will be discussed this coming week. Additionally, the working group will be discussing redaction, the threat analysis document, and using transparency to improve trust of binaries.

The Web Authorization Protocol (OAUTH) working group has been working for years on mechanisms that allow users to grant access to web resources without necessarily compromising long-term credentials or even identity. It has been a very prolific working group with around 14 RFCs published to date. IETF 98 will be another busy week for those interested in this area including sessions on both Monday and Friday. Agenda items for these sessions include token exchange, device flow for and input constrained devices without browsers, authorization server metadata, token binding, proof of possession, authorization server to client key distribution, the OAuth 2.0 authorization framework, and additional security topics. This is a full agenda indeed! There is also some related work in the Hackathon and rumors of an OpenID working group hands-on session on building mobile apps with AppAuth (Native Applications Best Practices) to be held on Sunday, 26 March.

There are two additional working groups meeting this coming week that are related to the OAUTH work. The first is the Token Binding (TOKBIND) working group that is tasked with specifying a token binding protocol and specifying the use of that protocol with HTTPS. Additionally, the Security Events (SECEVENT) working group is working on an Event Token specification that includes a JWT extension for expressing security events and a syntax for communicating the event-specific data.

Wrapping up our tour through the trust-related working group activity this week, we have the ACE and LAMPS working groups. The Authentication and Authorization for Constrained Environments (ACE) working group is working to develop standardized solutions for authentication and authorization in constrained environments (think IoT). They published a use cases document last year, and this week’s agenda includes architecture, actors, and the CBOR Web Token (CWT) with multiple drafts to support the conversations. And the Limited Additional Mechanisms for PKIX and SMIME (LAMPS) is (as the name implies) making some specific updates to PKIX and SMIME. The agenda for the week includes drafts to update both RFC 5750 and RFC 5751.

Finally, no IETF week is complete without the Security Area Advisory Group (SAAG) meeting. This meeting features a quick run through all the working groups doing security related work in the IETF across all areas, a set of short talks, and an open session to bring issues and topics forward from the community.

All in all, an action packed week for trust, identity, and privacy related topics here at IETF 98!

Relevant Working Groups at IETF 98:

TEEP BoF (A Protocol for Dynamic Trusted Execution Environment Enablement)
Tuesday, 28 March, 14:50-16:20, Zurich E/F
About: https://datatracker.ietf.org/wg/teep/about/

NTP (Network Time Protocol)
Monday, 27 March, 13:00-15:00, Montreaux 3
Documents: https://datatracker.ietf.org/group/ntp/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ntp/

TRANS (Public Notary Transparency)
Tuesday, 28 March, 13:00-14:30, Montreaux 3
Agenda: https://datatracker.ietf.org/meeting/98/agenda/trans/
Documents: https://datatracker.ietf.org/group/trans/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-trans/

OAUTH (Web Authorization Protocol)
Monday, 27 March, 17:10-18:10, Zurich C
Friday, 31 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/oauth/
Documents: https://datatracker.ietf.org/group/oauth/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-oauth/

TOKBIND (Token Binding)
Monday, 27 March, 15:20-16:50, Zurich A
Agenda: https://datatracker.ietf.org/meeting/98/agenda/tokbind/
Documents: https://datatracker.ietf.org/group/tokbind/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-tokbind/

SECEVENT (Security Events)
Wednesday, 29 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/secevent/
Documents: https://datatracker.ietf.org/group/secevent/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-secevent/

ACE (Authentication and Authorization for Constrained Environments)
Monday, 27 March, 09:00-11:30, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/ace/
Documents: https://datatracker.ietf.org/group/ace/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-ace/

LAMPS (Limited Additional Mechanisms for PKIX and SMIME)
Thursday, 30 March, 17:40-18:40, Vevey 1/2
Agenda: https://datatracker.ietf.org/meeting/98/agenda/lamps/
Documents: https://datatracker.ietf.org/group/lamps/documents/
Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/

SAAG (Security Area Open Meeting)
Thursday, 30 March, 15:20-17:20, Zurich D
Agenda: https://datatracker.ietf.org/meeting/98/agenda/saag/

There’s a lot going on in Chicago, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://www.internetsociety.org/rough-guide-ietf98.

Source link

The article Rough Guide to IETF 98: Trust, Identity, and Privacy appeared first on Arabian Post.

Rough Guide to IETF 98: Internet Infrastructure Resilience

The Arabian Post Network — Tue, 21 Mar 2017 23:05:20 +0000

Let’s look at what’s happening in the area of Internet infrastructure resilience in the IETF and at the upcoming IETF 98 meeting. My focus here is primarily on the routing and forwarding planes and specifically routing security and unwanted traffic of Distributed Denial of Service Attacks (DDoS) attacks. There is interesting and important work underway at the IETF that can help address problems in both areas.

DDoS attacks are a persistent and growing threat on the Internet. And as DDoS attacks evolve rapidly in the aspect of volume and sophistication, a more efficient cooperation between the victims and parties that can help in mitigating such attacks is required. The ability to quickly and precisely respond to a beginning attack, communicating the exact information to the mitigation service providers is crucial.

Addressing this challenge is what keeps the DDoS Open Threat Signaling (DOTS, http://datatracker.ietf.org/wg/dots/) WG busy. The goal of the group is to develop a communications protocol intended to facilitate the programmatic, coordinated mitigation of such attacks via a standards-based mechanism. This protocol should support requests for DDoS mitigation services and status updates across inter-organizational administrative boundaries. Specifications outlining the requirements, architecture and the use cases for DOTS are maturing and will be discussed at the meeting.

Draft “Inter-organization cooperative DDoS protection mechanism” (https://datatracker.ietf.org/doc/draft-nishizuka-dots-inter-domain-mechanism) goes further than communication between a victim and a mitigation service provider. It attempts to describe possible mechanisms that implement the cooperative inter-organization DDoS protection by DOTS protocol, leveraging the capacity of the protection by sharing the resources among several organizations.

A recently chartered SIDR Operations Working Group (SIDROPS) has taken over the technology developed in the SIDR WG and is focused on developing guidelines for the operation of SIDR-aware networks, and providing operational guidance on how to deploy and operate SIDR technologies in existing and new networks. The working group meets for the first time and will, among other things, discuss mitigation mechanisms for route leaks.

There are still two proposals addressing the route leak problem. One is an IDR WG document, “Methods for Detection and Mitigation of BGP Route Leaks” (http://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation), where the authors suggest an enhancement to BGP that would extend the route-leak detection and mitigation capability of BGPSEC. Another is an independent submission, “Route Leak Detection and Filtering using Roles in Update and Open messages” (https://tools.ietf.org/html/draft-ymbk-idr-bgp-open-policy). This proposal enhances the BGP Open message to establish an agreement of the (peer, customer, provider, internal) relationship of two BGP neighboring speakers in order to enforce appropriate configuration on both sides. Propagated routes are then marked with a flag according to agreed relationship allowing detection and mitigation of route leaks. An updated version of the specification allows signaling a potential leak more than one hop away.

Both proposals will be discussed at the SIDROPS as well as at the IDR WG sessions.

Another item that can certainly contribute to better resilience of an IXP infrastructure and is on the agenda of the IDR WG session is a proposal, “Making Route Servers Aware of Data Link Failures at IXPs” (https://datatracker.ietf.org/doc/draft-ietf-idr-rs-bfd/). When route servers are used, the data plane is not congruent with the control plane. Therefore, the peers on the Internet exchange can lose data connectivity without the control plane being aware of it, and packets are dropped on the floor. This document proposes a means for the peers to verify connectivity amongst themselves, and a means of communicating the knowledge of the failure back to the route server.

To summarize – there is important work underway at the IETF that will hopefully lead to a more resilient and secure Internet infrastructure.

Related Working Groups at IETF 98

SIDROPS (SIDR Operations) WG
Tuesday, 28 March, 14:50-16:20, Zurich C
Agenda: https://datatracker.ietf.org/meeting/98/agenda/sidrops/
Charter: https://datatracker.ietf.org/wg/sidrops/charter/

GROW (Global Routing Operations) WG
Monday, 27 March, 17:10-18:10, Zurich G
Agenda: https://datatracker.ietf.org/meeting/98/agenda/grow/
Charter: https://datatracker.ietf.org/wg/grow/charter/

IDR (Inter-Domain Routing Working Group) WG
Friday, 31 March, 09:00-11:30, Zurich G
Agenda: https://datatracker.ietf.org/meeting/98/agenda/idr/
Charter: https://datatracker.ietf.org/wg/idr/charter/

DOTS (DDoS Open Threat Signaling) WG
Tuesday, 28 March, 16:40-18:40, Zurich G
Agenda: https://datatracker.ietf.org/meeting/98/agenda/dots/
Charter: https://datatracker.ietf.org/wg/dots/charter/

Source link

The article Rough Guide to IETF 98: Internet Infrastructure Resilience appeared first on Arabian Post.

Community Forum Launches the Search for 25 Under 25

The Arabian Post Network — Fri, 17 Mar 2017 07:04:41 +0000

Today, the Internet Society hosted a special Community Forum, “Youth on the Internet.” Hundreds of participants from across 6 continents joined the conversation to share their views on what the Internet means to them.

A special thanks to our Next Generation Leaders who were panellists – Evelyn Namara (Uganda), Veronica Arroyo (Peru), Yuza Setiawan (Indonesia) for a vibrant discussion on topics such as how young people can address privacy and security concerns, and how the Internet can help close the gender gap.

We also launched the new “25 Under 25” initiative. In celebration of the Internet Society’s 25th anniversary and as we look to the future, we want to identify 25 passionate, young people between the ages of 13 and 25 who are using the Internet to make a difference in their communities.

Awardees will be guests at a reception in their honour co-located with the 2017 Internet Hall of Fame induction ceremony in September. There will be plenty of opportunities for the 25 under 25 awardees to network with the Internet pioneers, innovators and global connectors who made significant contributions to the development and advancement of the Internet.

Nominations are now open for 25 under 25. We look forward to hearing more about the next generation of entrepreneurs and influencers on the Internet.

If you missed today’s Community Forum, the recording can be found on the Internet Society’s Facebook page and on Connect, a platform for Internet Society members. If you don’t have an account, you can join and create one for free.

If you know someone who is under 25 and changing the world using the Internet – tell us about them!

Source link

The article Community Forum Launches the Search for 25 Under 25 appeared first on Arabian Post.

Barev dzez! You are listening to Radio MENQ. The voice of the visually impaired of Armenia.

The Arabian Post Network — Sat, 11 Mar 2017 15:19:14 +0000

Beyond the Net Journal: Armenia Chapter #3 Episode

When Armenia declared independence in 1991, the Internet access finally became available, allowing people to be part of the world again. The creation of an Internet Availability Center in 2012 (funded by Internet Society’s grant) at the Culture House for the Blind in Yerevan, triggered creative ideas among active members of the center.

They came to conclusion that an Internet radio station would be the greatest opportunity for helping the blind and visually impaired. The project started in January 2016 supported by the Internet Society’s “Beyond the Net Funding Programme”. Today, it is a dream come true.

Radio MENQ (“We” in Armenian language) has become a platform empowering people with disabilities. The programming covers practical and psychological matters. Many artists and scientists with disabilities have been invited as guests to share their lived experiences. This radio station is opening up new horizons for the visually impaired and their families.

The project team is comprised of people with disabilities of various specialties. All of them are proficient in their areas and highly motivated in bringing change to people’s lives. Radio MENQ is contributing to the cultural and spiritual development of its audience through psychological advice, reading of prose and fairy tales for children, gaming competitions, and hours of music.

Just taking a look at some of the programs currently on air illustrates the important role this station plays:

“You can” – 13 episodes about people who are blind, from ancient to modern times, who demonstrated notable achievements, like Ray Charles, Stevie Wonder, Andrea Bocelli, Diana Gurtskaya, Louis Braille
“Internet and the blind” – Opportunities and how to use them
“Psychology in life” – How to use internal resources to achieve goals
“Toward Independence” – Ways to improve self-dependence
“Problem and solution” – What role can visually-impaired people play in the society. The role of family and education in the process of socialization. How to overcome psychological barriers when searching for a job.
“Rights and privileges” – About legislative solutions for blind people
“Loving a person” – How to destroy barriers in relationships
“My Universities” – How to get a higher education and find a job
“Sports and We” – Brilliant victories in Paralympics sports
“Learn to play Chess” – Lessons from the blind master Yura Awetisyan

Radio MENQ has been promoted through mass media, social networks and public events with the involvement of the Ministry of Labor and Social Affairs of Armenia Republic. We are proud to say that the blog is getting up to 2,800 visits monthly, and a mobile application to reach a wider audience is in the pipeline.

In Armenia, the estimated number of blind and visually impaired people is 25,000 and in Diaspora 50,000. While the team was discussing ways to expand the project to Diaspora communities, they received this message from United States: “Barev dzez! My name is Laurel and I am a blind student studying at the University of Oklahoma. My instructor is Armenian, and I got inspired to learn Armenian as well. I found your radio station online. I love listening to your programs, and I use it to help teach myself Armenian. When I discovered how hard it was to read with a screen reader in Armenian, I thought why not do something. I am actually working on creating a project that could help blind people in Armenia, Georgia and Russia through technology and educational opportunities. I would really like to connect with the blind community in Armenia, and I plan to visit Yerevan in September.”

The famous blind pianist Levon Karapetyan, who used to move around with helpers, is another inspiring story. While he was in France for a study period he listened to Radio MENQ’s “Toward Independence” and he got very interested in self-development tools mentioned in the program. When he came back to Armenia he visited the station and asked the team to teach him how to use the white cane and other tips to move independently. The mobility training changed his life for the better. A special episode devoted to his experience will be broadcast in the future.

In addition to being a public health concern, blindness also has a great impact on the social and economic wellbeing of an individual. First efforts to educate the blind were attempted at the beginning of the 19th century thanks to the Louis Braille system. Until that time, blind people were considered mostly uneducable and untrainable. One of the worst stereotypes about blindness is the belief of that it limits to the kind of jobs you can do. Blind children acquire this sad way of thinking from society.

The radio station aims to raise awareness about how an appropriate environment can increase the ability of a person with disabilities to work independently and add value to society. After Radio MENQ went on air, many young people have started to learning how to be program presenters and sound technicians. The Armenian blind community is starting to break the stereotypes and prove they are able to work on equal footing.

This project is illustrating the power of the Internet in creating innovation and local solutions with global impact. Radio MENQ is becoming a reference for visually impaired people, also facilitating the collaboration and partnerships needed to achieve the Sustainable Development Goals.

Watch the video and see the amazing job they are doing

Listen to Radio MENQ

This project is relevant to achieving the following SDGs goals:

More projects for the visually impaired:

Stay tuned for the upcoming blog and follow our stories on Twitter

Share this story
If you like this story, please share it with your friends. That would tremendously help in spreading the word and raising the visibility of this project. Help more people understand how the Internet can change lives.

We are interested in your project

We are looking for new ideas from people all over the world on how to make your community better using the Internet. Internet Society “Beyond the Net Funding Programme” funds projects up to $ 30.000 USD.

Applications are open until 23th March
Find out more about the programme

Source link

The article Barev dzez! You are listening to Radio MENQ. The voice of the visually impaired of Armenia. appeared first on Arabian Post.

DNS Privacy: Solutions emerging, but deployment lags

The Arabian Post Network — Mon, 06 Mar 2017 23:17:53 +0000

I recently attended the DNS Privacy Workshop colocated with this year’s NDSS 2017 in San Diego, California. DNS privacy has received considerable attention from researchers and engineers since the Snowden revelations of state-backed pervasive surveillance in 2013 and the workshop covered a lot of ground.

For some Internet users, anonymity is critically important and a service like ToR exists to obfuscate the location and browsing habits of ToR users. Even ToR users have a need to resolve names using DNS however (for non-hidden services) and they are then vulnerable to the exit relay operator’s DNS configuration. The addition of DNS data to existing attack techniques makes attacks more precise, especially for infrequently visited websites (e.g. dissident sites). Exit relay operators are therefore advised to run their own resolvers with QNAME minimisation. In the long term, adding confidentiality to DNS is necessary to prevent it being used as a vector for de-anonymisation of ToR users.

Curiously, ToR was also discussed as a potential solution to the problem of DNS recursive resolver logs falling into the wrong hands. Incorporating a micropayment solution to align incentives and using ToR to anonymise traffic could create a recursive resolution service that wouldn’t have the logging vulnerability problems we see today. Latency of such a service would however be an issue in many cases, which brings me to my next point.

There is a critical tension between contemporary uses of the DNS to provide resilient and low-latency services versus the desire for greater privacy. Most DNS TTLs of the Alexa top 500 are less than 20 minutes. TTLs of 20 minutes make caching solutions and tools like Namecoin effectively impractical for popular sites. One suggestion is to download large caches of DNS data from relatively anonymous locations (libraries, coffeeshops, etc.) and then use those when in more privacy-vulnerable locations, e.g. at home. However within a 2 week window one third of A records (and nearly two thirds of AAAA records … go figure) for the Alexa top 500 have changed, so this approach, while certainly possible, has clear limitations.

While DNS privacy seems like an unambiguously good thing, greater confidentiality of DNS traffic will impact researchers and service providers that rely on passive collection of DNS information. Codifying anonymisation and data access practices may help here.

Workshop participants heard concerns about the pace with which the technical building blocks for adding confidentiality to DNS, namely DNS-over-TLS, are being adopted. However, we should remember that DNS-over-TLS was only standardized 9 months ago in RFC 7858.

In addition to addressing the implementation and deployment challenge, the DNS community needs to heed the lessons about usable security that have been learned, e.g. from HTTP(S) security indicators and SSL Certificate warnings. In order for DNS privacy solutions to become pervasive, addressing the usability challenge is essential. It may be that the emerging solutions to the DNS privacy problem are not sufficiently baked or too hot off the press to expect much deployment to have taken place, or a stronger effort to evangelise the availability of new tools may be necessary.

The workshop also considered a detailed analysis of padding DNS queries and responses (padding encrypted DNS messages makes it harder to apply size-based correlation with known unencrypted messages), securing DNS Service Discovery, and a detailed analysis of the tradeoffs between the numerous authentication mechanisms for DNS privacy enabling recursive resolvers.

The workshop concluded with breakouts creating content for the workshop report including conclusions, recognised challenges and research agenda recommendations. A full report of the workshop will be available in due course.

Slides from the workshop are available and audio should also be available soon. The DNS Privacy Project pages provide extensive further reading and details regarding available implementions of servers and clients supporting DNS-over-TLS.

Source link

The article DNS Privacy: Solutions emerging, but deployment lags appeared first on Arabian Post.

An eventful week at SANOG 29

The Arabian Post Network — Thu, 02 Mar 2017 07:17:19 +0000

After a long wait of 4.5 years, the 29th edition of SANOG came back to Pakistan, this time in the countrys capital, Islamabad. The Pakistan Telecom Authority (PTA) and the Higher Education commission of Pakistan (HEC) came forward to jointly host the event at the HEC headquarters.

SANOG 29 consisted of two days of conference, one day of tutorial alongside the Internet Society’s ION Conference, and the usual five days of workshops with three parallel tracks. Eight days of action-packed agenda was good enough to attract a lot of audiences.

The ION Conference was inaugurated by chairman HEC Dr. Mukhtar Ahmed and PTA chairman Dr. Ismail Shah, with two keynotes from distinguished industry experts: Mr. Yousuf Bhaiji discussed the “Future of Networks, Networking, and Networkers” and Mr. Haris Shamsi shared his views on “Software Defined Everything”.

The opening ceremony was well-attended by many network professionals and academia delegates from all over Pakistan. There was good media presence as well. A number of foreign delegates participated in the event, representing Facebook, Google, Internet Society, NL-IX, DE-CIX, IIJ, APNIC, NSRC, University of Tokyo and ICANN, making it one of the most successful SANOGs in Pakistan after the first SANOG in 2006.

PKNOG was inaugurated during the conference day, with a dedicated plenary session to announce its establishment. It took a very long time for the Pakistani technical community to create their own NOG where they can discuss and share technical knowledge with each other. Tentatively, the standalone first PKNOG event will be organised in the third quarter this year.

An issue that was underlined throughout the conference and tutorial was the dire state of IPv6 deployment in Pakistan. Unfortunately, Pakistan is lacking in this arena, with IPv6 traffic at less than 1% of the total internet traffic as per measurements by APNIC. But recently there has been a great deal of interest and enthusiasm in the community towards IPv6 deployment and hopefully, this will increase in the coming months.

Another great news was announced during SANOG: the establishment of PKIX (Pakistan Internet Exchange) in Islamabad. It was formally inaugurated by the Minister of IT and Telecom, Ms. Anusha Rehman. PTA, ISOC and APNIC played a vital role in setting up PKIX. Discussions are underway to establish other nodes in Karachi and Lahore. ISOC and PTA are also engaging with stakeholders on how this process may be streamlined.

After the conference and tutorial there were five days of hands-on workshops which were conducted by foreign delegates on following topics:

Dr. Philip Smith (NSRC) and Dr. Nimal (NSRC) – Campus Design and Security

Champika Wijayatunga (ICANN) and Dr. Rao Naveed – DNS and DNSSEC Deployment

Aftab Siddiqui (ISOC) and Matsuzaki Yoshinobo (IIJ) – IPv4/v6 routing

The closing ceremony was held on the last day of the workshop, with the Minister of Education as the chief guest. Certificates were distributed to participants and shields given to the instructors and organizers. It was a very successful event that will hopefully jumpstart a PKNOG meeting in the near future.

Source link

The article An eventful week at SANOG 29 appeared first on Arabian Post.

The Internet of Things as an Attack Tool

The Arabian Post Network — Sat, 25 Feb 2017 15:16:40 +0000

Akamai has published its Q4 2016 State of the Internet/Security report As always, an interesting read and an opportunity to look at trends in attacks.

Not all trends are up and to the right. As the report states, Q4 2016 was “the third consecutive quarter where we noticed a decrease in the number of attack triggers”. Still, “the overall 2016 attack count was up 4% as compared to 2015”. Also, the volume and number of “mega-attacks” is on the rise.

And of course, there was the Mirai malware recruiting poorly secured devices connected to the Internet. The Mirai-based botnet produced the largest-ever DDoS attacks, with volume peaking at 623 Gbps. That drew a lot of media attention to the dark side of the Internet of Things (IoT), calling for action before it is too late.

Let us look at a few trends playing out in this area.

First, the IoT. Lacking an agreed definition, there is a tendency to call anything connected to the internet, except conventional computers, an IoT device. Not trying to craft yet another definition, an important question is what makes these new types of connected devices different from the ones that were connected in the past? In the context of DDoS attacks I can only think of the three:

– Increased number. Twenty years ago, a household would have a home router and one or two computers connected. Then the smartphone revolution came and significantly more devices were added: gaming consoles, smartphones and tablets. Now with the ability to easily connect anything there is a potential that the number of connected things per household, but also in other areas, such as industrial systems and “smart” environments, will increase in orders of magnitude. And since any device is potentially vulnerable, that increases opportunities for an attacker.

– Limited user interaction. Smart objects are designed to operate autonomously, in the background, without requiring user intervention and offering a limited user interface (if there is one at all). That means that the user won’t administer the device – install updates, monitor its performance, scan for malware and clean it up. But quite frankly, this does not happen much with computers and smartphones either. The difference is that in the latter area the industry has matured and consolidated, realizing the need and offering proven security solutions without relying on a user.

– Constrained. On one hand, that means that implementing security functions is more difficult, but on the other – malware has to deal with the same constraints. As recent attacks showed in the context of a DDoS, we should be more afraid of unconstrained devices such as home routers and set top boxes. Such devices have presented a threat since 2003, when a software flaw in Netgear cable modems cased a DDoS attack on the University of Wisconsin, USA. Also, many of these unconstrained devices are always on – another useful feature for a bot.

Increasing complexity, expanding code base, larger attack surfaces as new users and devices are connected to the Internet, less reliance on the user as the Internet has become a commodity – these are general trends related to growth and development, not just an IoT revolution.

The report seems to confirm this: “While there were plenty of IoT-fuelled DDoS attacks in the fourth quarter, none of the fourth quarter’s attacks over 300 Gbps were IoT-based. The Attack Spotlight looks at the botnet that generated the top 3 largest DDoS attacks and delves more deeply into the largest attack this quarter, a 517 Gbps attack with signatures from the Spike DDoS toolkit.”

Another interesting trend highlighted in the report is related to competition for resources: “Our examination of the use of ntp reflection as an attack amplifier last quarter suggests that new attack types peak shortly after they appear. But as these attacks gain in popularity, competition for the resources needed to make them begins. While the number of attacks goes up, the size of individual attacks is pushed down, as there are fewer resources available for each of the botnets.”

What does this mean?

I think that if we talk about DDoS attacks and botnets we must build on more than two decades of experience dealing with this phenomenon. So far three strategies have been applied with relative success:

1. Making the edge more secure

The frightening trend here is that many device manufacturers put features and price on top, and security at the bottom of their priority list. That also includes absence of a software or firmware update mechanism. This creates a long-lasting vulnerability at the edges.

A positive trend here is that the standards development and open source communities are putting a lot of efforts into designing building blocks and ready-to-use solutions in this area. Last year the IAB organised a workshop, “ Internet of Things (IoT) Software Update (IoTSU)”, where participants discussed the software/firmware update mechanisms. A BoF to further work in this area is scheduled for the IETF 98 meeting in Chicago from March 26-31: “A Protocol for Dynamic Trusted Execution Environment Enablement (TEEP) BoF”. Significant efforts are being put into building IoT frameworks, some of which are open source, like AllJoyn by the Open Connectivity Foundation (OCF), and some of which are closed, such as HomeKit by Apple.

2. Detection and disinfection

A good example here is the ” Anti-Bot Code of Conduct for Internet Service Providers” outlining five areas where ISPs can take action and help reduce end-user bots. These are: Education, Detection, Notification, Remediation, and Collaboration.

Users can also take responsibility and keep their home networks clean. This is more and more in their own interest – from performance degradation to privacy and even physical threats as the IoT penetrates our material life. Developments like SENSE from F-Secure can provide households with necessary tools.

3. Mitigation

Botnets usually rely on so-called Command & Control (C&C) servers to get instructions for their operation. Disabling the C&C server effectively means disabling the botnet. For example, this approach was successfully applied in mitigating the Conficker botnet.

Interestingly, there is no (at least not that I have found) mention of this approach when addressing the Mirai botnets. Given that the source code has been released, tracing and taking down C&C servers should be easier.

Does the IoT change this?

The emergence of the IoT makes addressing the issue more challenging, but so is the growth of the Internet in terms of bandwidth and number of connected users. That makes it more important to re-inforce and foster the approaches that worked.

It is true that the IoT brings new challenges and threats, and at different scale. Imagine cars colliding without reason, or smart cities getting the time of day wrong, or power plants misreading parameters of the reactor. What could make these nightmares materialize themselves are vulnerabilities of the components, not only devices, but also communication links and protocols, software, apps, etc. And the question is – how do we secure these systems? A common approach is based on holistic risk assessment. But this is a topic for another post.

So, does the IoT bring a radical change to the DDoS attack landscape? If it does, which of the current approaches in addressing botnet issues and DDoS mitigation work and which do not? What new approaches are required? We welcome your thoughts, opinions and ideas here in the comments.

Source link

The article The Internet of Things as an Attack Tool appeared first on Arabian Post.

Usable Security Highlighted at NDSS 2017

The Arabian Post Network — Mon, 20 Feb 2017 23:12:13 +0000

A number of seminal papers appeared towards the end of the 20th century calling for more attention to be paid to the human in the security loop. For example, Anne Adams and Angela Sasse’s “Users are not the Enemy” and Mark Ackerman and Lorrie Cranor’s “Privacy critics: UI components to safeguard users’ privacy.” The research field of Usable Security was thereby launched, and quickly garnered interest amongst academics and in industry. Almost two decades later this field has achieved independent status with a number of conferences and workshops being dedicated to this research field. USEC is a proud member of these bespoke conferences, rubbing shoulders with SOUPS, EuroUSEC and STAST. Other international conferences, such as CHI, HICSS and IEEE S&P, have strands dedicated to usable security, demonstrating a growing recognition of this field as a serious research endeavour.

Just before NDSS 2017 this year, we’ll hold the sixth USEC workshop/mini-conference and it is starting to exhibit signs of maturity. This is the sixth USEC workshop/mini-conference and it is starting to exhibit signs of maturity. This year we received an unprecedented 58 submissions, a gratifying confirmation of the growing number of researchers working in the field, all doing great research and wanting to share it with others. It also means that USEC, as a workshop, is firmly on the map, being deemed a worthy venue for publishing and presenting valuable research results.

Unlike the situation in the 20th century, we no longer have to convince anyone of the importance of the human in the security loop. Hardly a day goes by that the newspapers do not carry a report about a successful hack, and many of these are facilitated by the humans who own and use the computers that have been hacked, either deliberately or inadvertently. Much of the research in this area works to help users to understand security and privacy concepts, to help them to gain the skills to repel the efforts of myriad hackers and to provide end users with tools to bolster their personal and organisational security more effectively.

The papers we accepted for USEC 2017 fall into three rough groups. The first is authentication. Any conference of this kind receives a number of authentication-related papers. This is not unusual since this is the point where end-users and security are guaranteed to meet. This is the space that causes both security professionals and end-users a great deal of pain. The second group of papers addresses perceptions – contemplating how people perceive security and privacy aspects of systems. The final group addresses new topics in the research area – perhaps we can refer to these as stretch papers.

We’re looking forward to an excellent workshop, with much to discuss, think about and explore in future research. Above all, this is a great opportunity to make new friends, catch up with old ones and enjoy the wonderful San Diego weather.

The USEC workshop depends on the highly-valued contributions of our sterling Programme Committee, who do the reviewing without remuneration. We extend our heartfelt thanks to them. We also thank our Steering Committee: Angela Sasse, Jean Camp, Jim Blythe, Matthew Smith and Andrew Adams, for their guidance and assistance.

Source link

The article Usable Security Highlighted at NDSS 2017 appeared first on Arabian Post.

CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier

The Arabian Post Network — Thu, 16 Feb 2017 07:11:14 +0000

Today at the RSA Conference 2017 in San Francisco, our Chief Internet Technology Officer Olaf Kolkman will be speaking as part of a panel on:

Internet of Insecurity: Can Industry Solve It or Is Regulation Required?

The abstract of the session is:

The rise of IoT has brought forth a new generation of devices and services representing significant innovation, yet all too many ship insecure and are not supported over their life. They have become proxies for abuse with a capacity for causing significant harm. Can we wait for industry and stakeholders to adopt trust frameworks and seal programs or do we need government to step in?

The other panelist will be reknown security researcher Bruce Schneier and the moderator is Craig Spiezle, Executive Director and President of the Online Trust Alliance.

The panel starts at 8:00am Pacific (UTC-8) in the Moscone North 130 room. Unfortunately it is not being live streamed, but you can follow our @InternetSociety account on Twitter for live updates.

As background reading related to Internet of Things (IoT) security, I suggest:

If you are there at the RSA Conference today, please do visit this session and engage in the discussion.

If you are a journalist and would like to speak with Olaf more about this topic, please contact Allesandra Desantillana who is at the RSA Conference and can assist in connecting you with Olaf.

Please also watch this blog as we plan to post more information after the event.

Source link

The article CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier appeared first on Arabian Post.

Rejoignez-nous pour la 5ème édition du forum de système de noms de domaine africain!

The Arabian Post Network — Sat, 11 Feb 2017 15:09:53 +0000

Mt_Kilimanjaro.jpg.jpeg

Réservez ces dates pour les 3 jours de partage d’informations, d’apprentissage et de networking à l’occasion de la 5ème édition du forum de système de noms de domaine africain de l’an 2017 !

Date : 26-28 Juillet 2017

Pays : Dar es Salaam, Tanzanie

Lieu : À confirmer

Qu’est-ce le forum de système de noms de domaine africain ?

Le forum de système de noms de domaine africain est un évènement annuel ouvert pour toutes les parties prenantes de l’industrie de noms de domaine en Afrique, organisé par l’organisation des domaines africaines de premier niveau (AfTLD), la Société pour l’attribution des noms de domaine et des numéros sur Internet (ICANN) et l’Internet Society.

L’objectif de cet évènement de 3 jours est d’aider l’industrie de noms de domaine africain en Afrique à se développer à une vitesse compétitive et à assurer que le continent soit sur un pied d’égalité avec le reste du monde .

Qui devrait y participer?

Les registres, les opérateurs de registre, les revendeurs, ceux qui se sont enregistrés, les experts de système de noms, les représentants de Gouvernements, les décideurs politiques provenant de la région africaine et d’au-delà ainsi que les entrepreneurs intéressés à investir dans le cadre du nom de domaine africain.

Pourquoi y participer?

Plus de 200 personnes issues des milieux technique, commercial et gouvernemental de l’Afrique entière prendront part à ce forum à multiples parties prenantes. Lors de ces réunions se tiendront plusieurs discussions intéressantes mettant en évidence les opportunités de l’industrie de noms de domaine en Afrique. Cette version représentera la 5^ème édition du forum venant après les éditions de Durban, en Afrique du Sud (2013), d’Abuja, au Nigeria (2014), de Nairobi, au Kenya (2015) et du Marrakech, au Maroc (2016).

Plus d’informations sur l’événement à venir

Source link

The article Rejoignez-nous pour la 5ème édition du forum de système de noms de domaine africain! appeared first on Arabian Post.

Responsible Disclosure from a Collaborative Security Perspective

The Arabian Post Network — Fri, 03 Feb 2017 01:59:19 +0000

I recently wrote about an agenda to mitigate the threats of insecure devices on the Internet of Things. One of the requirements expressed in that agenda is “For every product sold, there is a way that security researchers can responsibly disclose vulnerabilities found”. In this post I want to reflect on the issue of responsible disclosure from the perspective of the Collaborative Security approach, how responsible security researchers are helping to make the Internet more secure, and to explore how collaboration around disclosure helps to improve trust in the Internet.

Responsible disclosure can be seen as a social compact between those who find new vulnerabilities — often called “zero-day” vulnerabilities — and those that fix them: the discovering party discloses knowledge of the vulnerability to the fixing party, and keeps the vulnerability confidential from the general public until the fixing party has the opportunity to roll out the fix to the market[1].

Security vulnerabilities in software and hardware are often the stepping stones for gaining access to the systems that contain them. Vulnerabilities often result in the installation of malware. The ability of researchers to find and report vulnerabilities is becoming more and more important, now that traditionally unconnected devices are getting connected to the Internet: cameras, cars, light bulbs, TVs, wristwatches, alarm systems, door locks, toilet seats, toy dolls. When they are compromised these devices can be used for attacks against the user of the device and against the core of the Internet. There have been a few stunning examples lately. Security research and testing is critical in protecting society from such harm[2].

Unfortunately, there are asymmetries in the responsible disclosure compact. Security researchers that are on the hunt for vulnerabilities often find themselves in areas where laws or regulations forbid or hinder tinkering with devices and software. Security researchers are at particular risk where copyrighted information is involved. For instance, in the USA the Digital Millennium Copyright Act (“DMCA”) prohibits circumvention of technological measures that control access to copyrighted works. And as our colleagues at the EFF put it: “If you circumvent DRM locks for non-infringing fair uses or create the tools to do so you might be on the receiving end of a lawsuit”[3]. Among its resources the EFF has plenty of examples of intimidated bona-fide security researchers.

Two clarifications on the above: first, when I talk about security researchers, I am not necessarily referring to academics or engineers who have ‘researcher’ as a job title. I refer to those motivated by natural curiosity to tinker with devices and software, the non-criminal hackers. From personal experience I can confirm that the ability to tinker leads to deeper understanding and the ability to innovate. However, the difference between the tinkerer, researcher and the criminal hacker often lies in the intent, not in the activities they perform during their research. Second, I am not arguing against any laws. Laws are needed to provide certainty, and set boundaries. They are also necessary if we are to have those who engage in criminal behavior face the consequences. What I am talking about is the unintended side effects of these laws.

The collaborative security approach is a way of tackling security issues on the Internet[4].

The collaborative security perspective on responsible disclosure is that it is the collective responsibility of

producers of software and hardware
security researchers
law makers and law enforcers

to develop a shared expectation of mutual responsibilities.

Because law makers and enforcers may be involved, those mutual expectations often need to be coordinated at the national scale. However, with a global market and a global medium like the Internet, the security researchers may be located far away from the origin of the product. Therefore it is important that there is some compatibility in the approach and that mutual expectations are globally communicated.

Here are some examples, to make this less abstract.

Changing the law

There are examples emerging where laws and regulations with unwanted side effects on responsible disclosure can be modified to minimize those side effects.

This is a US specific example related to the DMCA. In October 2016 the copyright office of the US Library of Congress (the agency responsible for DMCA implementation) announced some grounds for exemption[5] that will allow security researchers to research software and hardware devices. The exemption is temporary and is restricted to devices owned by the researcher. This is a step in the right direction even though, as reported in this Wired article[6], security researchers could “still be sued or prosecuted under the Computer Fraud and Abuse Act if, for instance, they’re determined to be gaining “unauthorized access” to a computer they don’t own”.

Creating practices, guidelines and a responsible disclosure ecosystem.

Governmental, business, technical and civil society stakeholders can all help to share their expertise and experience.

For instance, the Global Forum for Cyber Expertise organized an expert meeting in Budapest, in March 2016. The reports of that meeting[7] indicated a number of challenges in the responsible disclosure ecosystem, including:

complexity in the supply chain (that is, the manufacturer of a product may be multiple steps away from the producer of the software embedded in it)
management of sensitive information
(in)compatibility of legal approaches.

The report points to a Dutch “Responsible Security Guideline” [8] (targeted at organizations and security researchers). The guideline is well worth a read, as it gives practical guidance which organisations and incident reporters can use

“… to facilitate responsible reporting and handling of vulnerabilities in information systems, software and other ICT products. Organisations can use the guideline to help them draft their own responsible disclosure policies. The security of information systems, software and other ICT products is principally the organisation’s responsibility. That said, however, incident reporters also have responsibilities, such as holding off on publication until the organisation has been able to remedy the problem”.

In practice, we see organizations taking responsibility for creating a responsible disclosure ecosystem in which the expectations are transparently stated. Network companies like Arbor Networks[9], platforms like Facebook[10], and retail companies like Walmart[11] publish their policies. Some of these may be inspiring examples of the instruments that an organization can put in place if it wants to organize its own responsible disclosure policy.

Then there are the commercial efforts to improve bug disclosure coordination. Examples of these are Hackerone and Bugcrowd, companies to which businesses can outsource the whole process of bug validation, interaction with the researchers, and the implementation of bounty programs.

These examples and the report from the Budapest meeting all reward security researchers for their responsible disclosures. While that reward does not always need to be monetary, an ecosystem in which there are carrots to lure researchers to come forward with their findings will be more effective than an ecosystem in which the researchers are under threat of lawsuit or criminal punishment. A reasonable reward will also help prevent the vulnerability being sold on the vast black markets for software vulnerabilities.

While talking about disclosure ecosystem, I want to give a shout out to the GDI Foundation. In their Project366, the protagonists (Vincent Toms and Victor Gevers) spent all their free time, during 2016’s 366 days, to find no less than 690 severe security vulnerabilities – which they reported to 590 organizations in 71 countries. Here we have volunteering individuals with an exemplary track record of coordination and shared responsibility.

Covenants

Another approach to implementing a responsible disclosure compact has been proposed in the context of W3C work around the standardization of Encrypted Media Extensions in HTML5. The Open Source Initiative published a reference example of such a covenant, which in essence would bind the signatories to not file suit against security researchers. The introduction of the proposal in a W3C[12] context surfaced the complexity of achieving consensus between the various stakeholders. However, the idea of introducing such covenants to standardization bodies, or between the members of trade associations or other overarching coordination bodies, is an interesting one.

So far I have been describing a relatively straightforward environment where there is a producer of ICT products with vulnerabilities, security researchers identifying those vulnerabilities, and a government that strives to have a generally healthy cyber security environment while at the same time retaining the ability to prosecute cyber criminals and to have a generally healthy cyber security environment. In reality the ecosystem is more complicated.

For instance, governments may have an interest in not disclosing vulnerabilities they have found, in order to use them for law enforcement, national security, or intelligence purposes. The complication is that the disclosure of a bug serves a public need in keeping the global cyber ecosystem healthy and secure, while the exploitation of the bug serves the public needs of being able to catch criminals, not necessary those of the cyber type.

In the US, the Vulnerability Equity Process (VEP) is an attempt to provide some clarity around the roles and responsibilities in that ecosystem. Schwartz and Knake of the Belfer Center argue that the VEP is by no means a perfect instrument. But their recommendation that “Clear high-level criteria that informs [sic] disclosure or retention decisions should be subject to public debate and scrutiny” is a generally applicable principle.

As you can see, there are somewhat contradictory interests at play, here: even when policies are in place to allow for hoarding and use of vulnerabilities by certain branches of government, it is also still the responsibility of those same governments to help develop the responsible disclosure compact between ICT producers and security researchers.

The Collaborative Security aspects of responsible disclosure are about making sure that local action has appropriate global impact, and that there is collaboration between security researchers and producers of ICT products, all in the absence of formal contracts but in the context of a social compact.

As remedies against bad actors are developed, we don’t want to sweep in responsible actors that are helping to make the ecosystem more secure. Also, governments should invite them, the responsible actors, to the table when developing policy because that will yield a better result.

For Security researchers, the social compact implies that they should act according to some well understood principles. For-instance those mentioned in the Dutch Responsible Disclosure Guideline:

The discloser must report the vulnerability as quickly as is reasonably possible, to minimise the risk of hostile actors finding it and taking advantage of it.  

However, the discloser must do so in a manner that safeguards the confidentiality of the report so that others do not gain access to the information.  

The discloser’s response must not be disproportionate

[…]

The other side of the compact is a set of expectations on products and software developers. They should have the appropriate mechanisms to deal with disclosures. In their IOT framework the Online Trust Alliance recently recommended the following:

Establish and maintain processes and systems to receive, track and promptly respond to external vulnerabilities [sic] reports from third parties including but not limited to customers, consumers, academia and the research community. Remediate post product release design vulnerabilities and threats in a publicly responsible manner either through remote updates and/or through actionable consumer notifications, or other effective mechanism(s). Consider “bug bounty” programs, and crowdsourcing methods to help identify vulnerabilities that companies’ own internal security teams may not catch or identify.

That is a very clear call to action, not only for IOT vendors, but for all organizations that produce computing devices and services that connect to the Internet. Between the Dutch guidelines and the OTA advice we have a way forward.

[1] In informing the market about a vulnerability there is also an aspect of responsibility. For instance rolling out the information in such a way that critical pieces of infrastructure have a chance to fix before the knowledge is disclosed to the large community. That aspect is out of scope for this piece.

[2] In addition to vulnerability research, it is important to have independent research and review of the privacy properties of these systems. Wouldn’t we like to know what data the newly-bought doll for our 4-year-old is collecting about the dear child?

Source link

The article Responsible Disclosure from a Collaborative Security Perspective appeared first on Arabian Post.

Shield & Sword – 10 tips to protect yourself online

The Arabian Post Network — Sun, 29 Jan 2017 09:58:34 +0000

Last weekend, millions joined the Women’s March in the US and across the world. They stood up for their rights, and the rights of everyone. We need to do the same on the Internet.

The Internet gives everyone a voice, but we need people to protect those voices.

Online harassment and cyber bullying are real. And, some groups are targeted more than others.

Last year, the Guardian exposed the stark reality in the field of journalism. An analysis of written comments posted in response to articles on the Guardian website revealed that of the ten journalists who received the most abusive comments, eight were women, and the two men were black.

They concluded this “provides the first quantitative evidence for what female journalists have long suspected: that articles written by women attract more abuse and dismissive trolling than those written by men”.

Sadly, who you are affects how you are treated by others online, as well as offline.

However, a powerful way to counter online abuse, threats and violence is to share our knowledge with each other so that we can become stronger champions of privacy and security, and to stand up for others when they need it.

So, to mark this year’s International Data Privacy Day, the Internet Society would like to share with you 10 tips to protect yourself online.

1. Know the terrain.

The Internet is a powerful tool for communication. Learn how to use the Internet, keep your eyes open for good and bad actors, and make the most of what the Internet offers.

2. Keep your private life private.

Keep your personal information separate from your professional role. Use different personas for different roles.

3. Protect communications.

Use end-to-end encryption and two-factor authentication for confidential communications.

4. Obscure your location.

Remove location data from images and videos before posting. Turn off application access to location. Don’t disclose your location in public posts.

5. Guard your devices.

They’re more precious than any jewels. Protect them from both physical and digital tampering. Use encryption and strong access credentials.

6. Prepare for an attack.

Find allies and prepare a plan for dealing with online harassment, doxing and other forms of abuse. Don’t feed the trolls! They don’t deserve your attention.

7. Stand firm.

Don’t let cyber bullies undermine what you are doing. Show them you are not afraid. Others will stand with you. Be willing to ask for help.

8. Beware of Trojan horses.

Look out for spear-phishers. Check before connecting with someone new. If something seems too good to be true, it probably isn’t!

9. Lead.

Share your experience with others. Let people know that you are there to help.

10. Protect others.

If you host user-generated content, prevent users from posting derogatory or other abusive messages. Help remove personal information that has been exposed to hurt someone. Report offenders.

Please share your tips! This year, don’t sit by when you see abuse on social media. Offer a helping hand.

Source link

The article Shield & Sword – 10 tips to protect yourself online appeared first on Arabian Post.

Watch Live Today – State of The Net 2017 conference in Washington, DC – security, privacy, IoT and more

The Arabian Post Network — Tue, 24 Jan 2017 17:57:00 +0000

Starting at 9:00am US EST (UTC-5) today, January 23, the State of the Net 2017 conference will stream live out of Washington, DC. This annual event brings together politicians, U.S. Congressional staff and other policy makers to discuss the current state of Internet policy, particularly as it relates to U.S. positions and policies. Given the new U.S. President, this year’s event should be of special interest. You can watch live at:

We will have two Internet Society staff participating:

Steve Olshansky will be part of the 12:00noon panel on “Securing the Future of the Internet of Things” discussing our concerns about IoT security – and what solutions might be possible.
Mark Buell will participate in the 3:30pm panel on “Assessing The Legitimacy Of Structures and Processes: An Open Forum On Internet Governance” which should have a vigorous discussion.

The full agenda from 9:00am until 5:00pm shows the breadth of topics to be discussed.

We encourage you all to tune in and watch live!

P.S. The sessions will be recorded so you will be able to watch them later.

4 Critical Internet Questions The G20 Leaders Will Debate in 2017

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Source link

The article Watch Live Today – State of The Net 2017 conference in Washington, DC – security, privacy, IoT and more appeared first on Arabian Post.

Public Spectrum for Public Access

The Arabian Post Network — Fri, 20 Jan 2017 01:51:02 +0000

An extraordinary moment has arrived in the evolution of the internet. For all the transformation that has occurred over the 20+ years since the arrival of the World Wide Web and for the billions of people whose economic, civic and social circumstances have been improved, most people remain without internet connections.

Residing in every country, these unconnected billions still wait for affordable meaningful access to this essential service. Without access to the internet, people cannot even begin to participate in the global digital economy.

In the context of the UN’s 2030 Sustainable Development Goals (SDG’s), the World Bank/IMF, in partnership with the US State Department, recently launched the Global Connect Initiative(GCI) with the goal of bringing the next 1.5 billion people online by 2020.

A consensus approach has emerged that connecting public access facilities represents the most economical, expedient and equitable way to provide a basic level of service to the greatest number of users. Public libraries, offering low-fee/no-fee access “entry points” combined with necessary training and support services, have proven to optimize chances for successful adoption.

According to the GCI, “Programs to deploy Wi-Fi hotspots in community centers, libraries, schools, and clinics; and to leverage emerging technologies for reaching remote communities, will greatly expand broadband communications access.” Libraries or other community centers can be connected at a fraction of the cost to reaching every home or office. These neighborhood nodes may also serve as “intermediate end points”, potentially as interconnect hubs in wider buildout schemes.

Even with economies of scale gained by connecting community access hubs, a critical barrier to adoption remains a lack of adequate telecom infrastructure. Cell-tower based systems have rapidly brought a convenient yet limited form of connectivity to billions. For billions more the cost of access services and devices remains prohibitively expensive.

Clever new enabling techniques for sharing spectrum across a wide range of licensed as well as license-exempt frequencies have greatly expanded capabilities to conenct. Additionally, new open spectrum is arriving in the form of a low cost wireless infrastructure utilizing unused spectrum in the old analog TV broadcast bands called TV WhiteSpace(TVWS).

Rapid deployment of TVWS together with traditional WiFi and other license free or “lightly licensed” spectrum technologies to libraries, schools and other centers appears to offer the most promising path to providing connections to 100’s of millions of new users within the next few short years. TVWS systems require no monthly fees, 3rd parties, carriers, towers nor other permissions once national use standards are in place.

TVWS, as a nearly “weightless” infrastructure, can quickly extend the edges and fill gaps of any network. Low power transceivers, as nodes in semi-autonomous wide area IP networks, lend themselves to pairing with small solar or wind generators to supply enough electricity in remote or otherwise isolated locations to run the equipment and also serve as charging stations for end user devices.

Successful implementation will depend on worldwide advocacy and country by country adoption of enabling regulations for open shared use of this powerful TV band spectrum. A contrary argument often appears, “Why should we give away something for free that we could sell for billions?”, begging the question, “Who is this ‘we’?” TVWS, like all radio spectrum, originates as perhaps the most in-common public property, the public airwaves.

Rather than the public sell all of this precious asset, only to have to buy some back to enable public services, it makes more sense to retain a portion of these valuable frequencies for shared public use. It would be as if a community sold off all of its open land only to use the proceeds to lease back space for public parks. In perpetuity.

—————

Note from Jane Coffin: This blog post is part of a series of posts about the importance of community networks, anchor institutions – like libraries, and the importance of the unconnected connecting themselves. A cadre of experts around the world are seeking ways to provide information, case-studies, training, and more to tip the balance in favor of the unconnected who would like to be connected.

Source link

The article Public Spectrum for Public Access appeared first on Arabian Post.

2017: the Internet Society's 25th Anniversary Year

The Arabian Post Network — Sun, 15 Jan 2017 09:50:06 +0000

Happy New Year! Along with the excitement and expectations each new year brings, 2017 marks a significant milestone for the Internet Society. This year, we celebrate 25 years of dedication to an open, secure Internet that benefits all people throughout the world.

We all know how far the Internet has come since the early 1990’s, but today our work has never been more important. As the Internet ecosystem becomes increasingly complex, so too do the issues it faces. We have an important role to play in highlighting the challenges that need attention and in mapping out a path forward to safeguard and protect the Internet we believe in.

In 2017 we will continue to promote the life-changing benefits that access to an open Internet can bring as we work to extend its reach to those who are not yet connected. We will also continue to reinforce and address the many issues around trust in the Internet, focusing on security for its users as a priority. No other set of issues affects our mission more today than the existential threat posed by a growing range of security challenges and the erosion of trust amongst users. There is much at stake for the Internet, and this year we must recommit ourselves to our core mission and maximize the collective power of our global community.

As part of our 25year commemoration, we have exciting plans that include:

A global awareness campaign and new tools for our community to enhance the visibility of the Internet Society and to help us have more impact around the world;
The launch of our Future Internet Scenarios, based on insights from our global community, along with a series of roundtables to discuss the challenges facing the Internet today and in the next 5-10 years;
A special edition of our global membership meeting, InterCommunity, with a new focus, streamlined format, and name to highlight our milestone year – ISOC@25;
A new class of Internet Hall of Fame inductees with a ceremony held in conjunction with ISOC@25; and
A new program called 25 under 25 designed to recognize the next generation of Internet leaders as we look to the next quarter of a century.

The year ahead will be busy with opportunities to reflect on past achievements, to dig even deeper to address the issues of access and trust, and to reinforce the founding principles that we cherish. To read a brief historical account of the Internet Society, visit: https://www.internetsociety.org/internet-society-founding.

I thank all of our Internet Society community and those who support our work for your steadfast commitment to the Internet and to our mission.

It will take all of us working together to keep the Internet open and secure for future generations.

Source link

The article 2017: the Internet Society's 25th Anniversary Year appeared first on Arabian Post.

Holiday DDoS Attacks: Targeting gamers (and five things you can do about it)

The Arabian Post Network — Tue, 10 Jan 2017 17:46:12 +0000

Over the past few years, a new tradition has emerged, the Holiday DDoS Attack.

While distributed denial of service (DDoS) attacks happen throughout the year, some of the highest profile attacks occur during the holidays, when the most users will be impacted. Attackers may target online shopping sites to disrupt pre-holiday gift buying. Or they may attack voice over IP services, like Skype, which are used to talk to family members over the holidays. But gaming networks are most often targeted by DDoS attacks, as the end of year holidays usually bring many users online who are eager to try out their new games and systems. In December 2014 and 2015, both Sony’s PlayStation Network and Microsoft’s Xbox Live gaming networks experienced outages as a result of DDoS attacks, leaving users unable to access or play their games online.

On 23 December 2016, Steam, a digital distributions platform and multiplayer network for PC gaming, went offline for several hours. A group of hackers took credit for the outage, claiming they downed the service through a DDoS attack. Valve Corporation, the developer of Steam, did not publicly identify the cause of the outage. When the outage occurred, Steam was in its first day of its annual Winter Sale, which could have produced a large increase in legitimate traffic that could have overloaded their systems, but a DDoS attack is far more likely.

In each of these cases, thousands of average Internet users inadvertently contributed to these DDoS attacks through the participation of their unsecured and infected devices.

While DDoS attacks are annoying for the users impacted, they are incredibly expensive for the companies attacked. According to a study by Incapsula, a web security company, DDoS attacks cost companies an average of $40,000 an hour. For the Steam attack, the cost was likely much higher. The Winter Sale produces some of their largest revenues of the year. The attack’s timing just days before Christmas may have caused Valve Corporation to lose customers, who may have opted to buy their gifts from other companies when they could not access the Steam website. Some users may have lost some confidence in Steam, worrying that the attackers may have also stolen private customer data such as their billing information, and moved to a different service.

DDoS attacks work by flooding systems with seemingly legitimate traffic. The systems are overloaded, leaving legitimate users unable to access them. Since differentiating between illegitimate and legitimate traffic is difficult, DDoS attacks are hard to defend against. Defenders can attempt to block spoofed traffic, provision more bandwidth to counteract the increased traffic, or use other mitigation techniques.[1] However, if the DDoS attack is large enough, and especially if it is made up of unspoofed traffic from many sources, it can be difficult to mitigate. For this reason, DDoS attacks have become the weapon of choice for attackers looking to gain notoriety during the holiday season.

While it can be hard to mitigate a large DDoS attack, everyone can take actions to prevent them. DDoS attacks rely on networks (botnets) of infected devices (bots) to create the massive amounts of traffic necessary to overload systems. Without large numbers of bots, it is much harder for attackers to create large amounts of traffic, making attacks easier to mitigate. We can all take small actions to ensure that our devices do not double as bots. DDoS attacks can only truly be stopped if everyone does their part and protects their own devices. Until that happens, the holiday DDoS attack will remain a threat for years to come.

Five actions to protect your devices from becoming bots:

Create and use strong passwords for all your devices. Do not use the default. This is especially important for smart devices, routers, and other devices with which you may not interact directly.
Update your devices! Software is often patched to remove known vulnerabilities, greatly strengthening your defenses.
Monitor your devices. If a device is acting strangely, investigate it. One example is bounced email messages. If email messages are not reaching their destination, your device could be infected and sending spam as a part of a botnet.[2]
Run anti-virus scans and use other security tools to find and remove malicious software.
Be careful to avoid infecting your devices. Avoid opening suspicious emails, attachments, or risky websites. Some anti-malware services include website security checks.

Notes

[1] Spoofed traffic is Internet traffic that is forged to look like it is from another source.
[2] For more specific tips for fighting spam, see our Anti-Spam Toolkit users page.

Source link

The article Holiday DDoS Attacks: Targeting gamers (and five things you can do about it) appeared first on Arabian Post.

State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed

The Arabian Post Network — Fri, 06 Jan 2017 01:45:20 +0000

Did you know that 89% of top-level domains are now signed with DNSSEC? Or that over 88% of .GOV domains and over 50% of .CZ domains are signed? Were you aware that over 103,000 domains use DANE and DNSSEC to provide a higher level of security for email? Or that 80% of clients request DNSSEC signature records in DNS queries?

All these facts and much more are available in our new State of DNSSEC Deployment 2016 report.

For many years a wide variety of statistics about DNSSEC deployment have been available, but it’s been challenging to get an overall view. With this report our goal is to help people across the industry understand where the deployment of DNSSEC is at – and what challenges still need to be overcome.

To back up a bit, the “DNS Security Extensions”, or “DNSSEC”, provide a way to be sure you are communicating with the correct web site, service, or application. Before your mobile phone, laptop or other device connects to a site on the Internet, it must first obtain the correct IP address from the Domain Name System (DNS). Think of DNS similar to the “address book” you may have in your phone. You may look up “Dan York” in your contact list and call me – but underneath that your phone figures out the actual telephone number to call to reach me. DNS provides a similar directory function for the Internet.

The challenge is that there are ways an attacker can spoof the DNS results which could wind up with you connecting to the wrong site. Potentially you could wind up providing information to an attacker or downloading malware.

DNSSEC uses a system of digital signatures – and the checking of digital signatures (what we call “validation”) – to ensure that the information you get out of DNS is the same information that the operators of the domains put into DNS.

At a high level, this is what DNSSEC does – it makes sure you can trust the information you get from DNS. (You can read more on our DNSSEC Basics page.)

The basics of DNSSEC have been standardized for most of 20 years, but until the root zone of DNS was signed in 2010, there wasn’t much deployment. In the six years since, deployment has continued to grow. This report outlines that growth and provides a view into where that growth is happening and much more.

We encourage you to read and share this report widely. And if you haven’t yet started deploying DNSSEC validation on your own networks – or haven’t started signing your domains with DNSSEC – you can visit our Deploy360 Start page to find resources to help you begin.

Using DNSSEC allows us to have a higher level of trust in the domain names we use every day on the Internet. I hope you will join with me and others in deploying DNSSEC and building a more trusted Internet!

Source link

The article State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed appeared first on Arabian Post.

What India's Banking Industry Breach Can Teach Us About the Importance of Collaboration

The Arabian Post Network — Sun, 01 Jan 2017 09:44:32 +0000

Towards the end of October 2016, several Indian banks announced they would be recalling millions of debit cards in the wake of a data breach that affected the backend of software that powered an ATM network there.

It was a situation that could have been better mitigated; a government-sponsored organization tasked with sharing information about data breaches completely missed the warning signs that a breach was taking place. As a result, no one connected the dots until millions of fraud cases had been detected.

Raj Singh, Regional Bureau Director for the Asia-Pacific region, Internet Society, recently gave me his insights into the lessons that organizations in all industries can learn about mitigation from this incident, as well as how to overcome barriers that prevent collaboration, which is vital to mitigation efforts.

Information Sharing and Collaboration: The Keys to Successful Mitigation

Data breaches are all too prevalent nowadays. “Hackers will always try to find a weakness in the system,” Singh asserted. While organizations should continue their efforts to prevent such breaches, they must also have a mitigation strategy in place to offset the disastrous effects of cyber crime.

In the case of the Indian ATM data breach, the Information Sharing and Analysis Centre (ISAC) established by the Indian government failed to detect the breach in time because each compromised debit card was flagged as a case of fraud rather than the result of a cyber attack. Before this incident, banks bore the responsibility of tracking and handling fraud cases. No one raised an alarm until millions of debit card customers complained of fraudulent charges.

Singh pointed out that the situation could have been managed much better “if people had realized that hacks and breaches have multiple dimensions.” If ISAC had treated each case of debit card fraud as a cyber crime, a pattern would have emerged much sooner. When the Indian government founded ISAC, no one considered the possibility that credit and debit cards were so vulnerable to hackers. “People are focused on the door when the hacker is coming in through the window,” Singh added.

In general, the finance industry has some strong information sharing mechanisms in place that have a good reputation for mitigating the impact of data breaches. Singh noted that Singapore’s Association of Banks (SAB) and the global Financial Services – Information Sharing and Analysis Center (FS-ISAC) are two examples of organizations that enable members to share news of threats so that others can attempt to prevent or at least mitigate attacks.

It’s becoming abundantly clear that information sharing and collaboration must take place outside of the finance industry, too. The EU’s Agency for Network and Information Security (ENISA) published a report at the end of December 2015 about the importance of information sharing and collaboration in prevention and mitigation of cyber attacks for all industries. In the Obama administration’s final cybersecurity report, released at the beginning of December 2016, researchers stressed how crucial it is that the private sector and the public sector share information to prevent mass cyber attacks from taking place.

Easier Said than Done: Barriers to Information Sharing and Collaboration

Making recommendations and even being a member of an information sharing network still isn’t enough to keep incidents such as the one in India from unfolding. Singh observed that barriers hamper vital collaboration between firms and organizations that would otherwise counter or at least mitigate the consequences of a cyber attack.

For a start, SAB and FS-ISAC only share information with members. So, if your company doesn’t operate within the finance industry, you don’t have access to details of threats submitted by SAB or FS-ISAC members.

Secondly, Singh observed that businesses tend to be quite competitive and hesitant to share information about any possible weakness. Yahoo is a recent example of just such a company. In 2014, hackers stole encrypted passwords and personal data from over 500 million accounts. It took Yahoo over two years to uncover the breach and disclose it. Users responded by threatening to shut down their accounts. American senators expressed their dismay at Yahoo’s slow detection and response to the attack. After disclosing the breach, the value of Yahoo’s stock fell three percent.

Another barrier to information sharing and collaboration is the “it can’t happen here” mindset. “There’s a lack of empathy and understanding,” Singh explained. Businesses might say, “Oh, a data breach hit a bank. We’re not in the banking sector, so we don’t need to worry about something like that affecting us.” While some businesses in industries outside of finance might pay attention, others won’t because they haven’t been hit by hackers yet, or they’re unaware that they’ve been attacked. Of course, that mindset leads to firms falling prey to hackers. “A data breach can happen anywhere, anytime,” Singh emphasized.

Overcoming the Hurdles to Improve Breach Mitigation

Singh doesn’t view these burdens as insurmountable. He believes that organizations can improve collaboration and information-sharing efforts in order to mitigate breaches.

One of the first steps is stronger regulations and enforcement of existing rules on data breach disclosure and data sharing. “From what I hear, everyone says that they’re talking to each other and working with each other,” Singh remarked. “But that’s taking place at conferences. What’s happening on the ground?” He added that self-regulation is unreliable, because of the competitive nature of business and the desire to be seen as strong and invulnerable. Although many countries have enacted personal data protection laws, they don’t seem to be powerful enough to force companies to collaborate so that incidences such as the one in India don’t take place again.

As consumers share more information with organizations, and those organizations rely on interconnected digital systems that are prone to breaches, the risk for hacks will only continue to rise. When businesses work together and treat information on data breaches as something to be disclosed rather than a closely guarded secret, they have the power to better protect their customers and keep their reputations (and profits) intact.

Editor’s note: For more on data breaches and their impact, please see the Internet Society’s 2016 Global Internet Report.

Source link

The article What India's Banking Industry Breach Can Teach Us About the Importance of Collaboration appeared first on Arabian Post.

Bridging California’s Rural Digital Divide

The Arabian Post Network — Tue, 27 Dec 2016 17:39:50 +0000

The stadium lights ripped the darkness over an empty field.
They weren’t supposed to be on. The lights at Princeton University’s stadium, recently upgraded, should have followed an automated cycle, reducing the need for human oversight.
Instead, the…

27 December 2016

26 December 2016

The Wandera 2017 Mobile Leak Report, a global analysis of almost 4 billion requests across hundreds of thousands of corporate devices, found more than 200 mobile websites and apps leaking personally identifiable information across a range of…

23 December 2016

This week, the Internet Society announced the six recipients of funding from its Beyond the Net initiative. Among these amazing projects (you can read more about them here) is the San Francisco Bay Chapter’s Bridging California’s Rural/Urban Digital…

23 December 2016

The Beyond the Net Funding Programme is proud to announce the results of our November 2016 grant application cycle.
This cycle, we received 39 amazing applications from around the world. The project ideas were varied, original, and focused on…

20 December 2016

Source link

The article Bridging California’s Rural Digital Divide appeared first on Arabian Post.

Beyond the Net announces the results for the November 2016 cycle

The Arabian Post Network — Fri, 23 Dec 2016 01:38:56 +0000

The Beyond the Net Funding Programme is proud to announce the results of our November 2016 grant application cycle.

This cycle, we received 39 amazing applications from around the world. The project ideas were varied, original, and focused on helping local communities. It was hard, but the Selection Committee managed to pick six projects for funding.

These projects were selected for their uniqueness, structure and the benefits they will provide to their communities. With these new additions, Beyond the Net will have funded 26 projects since its inception.

These projects are at the core of our mission and we would like to congratulate and welcome the new grantees!

We would also like to thank all the applicants for their efforts, and we encourage them to keep on submitting innovative projects.

Get to know the projects:

Bridging California’s Rural/Urban Digital Divide with Mobile Broadband
San Francisco Bay Chapter

California’s Central Valley is a major provider of food to both the United States and the world, but its own development is hindered by inadequate broadband service. The broadband speeds touted by local providers never seem to materialize for users.

Precision agriculture is the suite of technologies that lets farmers to gather data about their fields, allowing them to provide optimal irrigation and pest control for their crops. This makes it possible for them to maximize production while minimizing environmental impact. The latest generation of precision agriculture technology is highly reliant on cloud computing. Field data can now be transmitted to companies for real-time analysis, making precision agriculture even more precise.

The goal for this project is to establish the level of mobile broadband performance in agricultural regions of Yolo County, and compare that performance to both provider-claimed performance and the level of performance required by current precision agriculture technology. These data sets will be able inform public policy making on rural broadband. The objectives are as follows:

(1) Measure the performance of mobile broadband in 200 farm field locations across Yolo County, using the CalSPEED mobile applications.
(2) Compare the download and upload speeds to those reported by the mobile broadband providers on their Form 477 mobile broadband deployment data.
(3) Compare that performance to the performance requirements of precision agriculture technologies being piloted by Valley Vision in Yolo County.

Digital Fabrication Laboratory and Radio Telecommunication Network in rural areas of Nicaragua
Nicaragua Chapter

The Autonomous Region of the Caribbean North Coast of Nicaragua (RACCN) has more people living extreme poverty than any other region in the country. Sixty-nine percent of the region’s population lives below the poverty line. It is also a region which is highly vulnerable to natural disasters, dealing with the effects of drug trafficking, and prone to riots and political unrest. It is also experiencing an invasion of settlers from the north and central regions of Nicaragua as they move across the country in search of new agricultural territory. It is a largely rural area with only minimal access to basic services, poor road conditions, and with very little public investment in technology and education.

The aim of the project is to provide to teach RACCN residents to use information and communication technologies, so they can access information and educational opportunities, which will in turn help them make decisions to spur local growth. One of the specific goals is to provide farmers from communities across the region with access to information on market prices, product demand and sales opportunities in both other municipalities and foreign countries.

COWShED: COmmunication within White Spots for brEeDers
Senegal Chapter

The livestock transhumance — the movement of cattle from one grazing ground to another — happens throughout Senegal. It is particularly common in the sylvo-pastorale areas of the Ferlo region. In that part of the country, it is difficult — and sometimes impossible — to use traditional, terrestrial telecommunications systems. This is because there are too many white spots, or areas with zero cellular coverage.

Satellite phones can be used in white spots, but are often prohibitively expensive.

Our proposal is to set up a low-cost communication network for rural people, particularly breeders and farmers, based on long range radio communication within ISM (Industrial, Science and Medical) bands. We will be able to keep costs low because the ISM band is free. The proposed autonomous mobile MESH network is developed by breeders, allowing them to safely lead livestock between grazing pastures and water points. Our main goal is to encourage activities that can generate financial returns for rural population, while also preserving the environment.

NYC Mesh: Internet for Everyone
Mesh Team with the Support of the New York Chapter

More than one in four New Yorkers lack access to broadband Internet at home, according to the city comptroller. Race and class dynamics highlight this divide. Black and Hispanic households are 23 percent more likely to be without broadband access, and people without a high school diploma are 360 percent less likely to have broadband than New Yorkers with a bachelor’s degree or higher. In the comptroller’s own words the “two major causes of Internet inequality in New York City are the high cost and poor quality of broadband compared to other cities.” (Internet Inequality Stringer, City of New York 2014).

Our goal with this project is to get Internet access and open-source software into the hands of people who have been purposefully excluded by the large telecommunications companies. We intend to install 50 nodes around three neighborhoods. This will allow us to extend cheap or free access to 50 buildings. We will also be making sure to connect at least two households per building. This will not only provide free, street-level access for an area of up to several blocks, depending on building height, topography, and density, but it will also lower the marginal cost of access for everyone in the neighbourhood.

CSIRT for Educational and Academic institutions in Kazakhstan
Kazakhstan Chapter

Communication networks and information systems have become an essential part of Kazakstan’s economic and social development. That means security of those systems, and their availability, is of increasing concern to Kazakhs. Kazakhstan’s universities and academic institutions are experiencing a serious shortage of trained information security professionals. That means they often don’t have anyone on staff who capable of protecting their digital infrastructure from external and internal threats.

The goal of this project is to set up a Computer Security Incidents Response Team (CSIRT) for the academic community in Kazakhstan. A CSIRT is a team of IT security experts tasked with responding to computer security incidents. The team will help their clients to fix and recover from security breaches.

CNL-ISOCpy
Paraguay Chapter

The development of experiences based on the incorporation of ICT in school work has acquired a variety of formats and has obtained different results; This project will provide low-income schools with fixed broadband access and a classroom equipped with state-of-the-art computers in proportion to the student population, as well as educational management software for principals, teachers, parents and students.

The incorporation of new information and communication technology in schools opens up a world of possibilities for students and teachers. Our project will provide schools in low-income areas with broadband access and a classroom equipped with state-of-the-art computers, enough that every student will be able to use them regularly. It will also give schools educational management software that will connect administrators, teachers, parents and students, allowing them to monitor each student’s progress and give them the help the need to succeed.

Do you have a great idea?

Source link

The article Beyond the Net announces the results for the November 2016 cycle appeared first on Arabian Post.

Reflections on a successful IGF 2016

The Arabian Post Network — Sun, 18 Dec 2016 09:36:49 +0000

Many stakeholders are now coming home after a productive week at the 2016 Internet Governance Forum (IGF) in Guadalajara, Mexico.

As the first IGF since its 10 year mandate renewal by the UN General Assembly, this was a key edition to set the stage for multistakeholder cooperation in the next few years, and to identify the issues that will have to be addressed by the global Internet community now and in the near future.

And the challenges are not missing. In a context where nationalist and de-globalization movements makes progress in all parts of the world, and where concerns of cyber security is growing, we see a new focus on borders and government control that threatens to splinter the Internet into separate networks based on technology and regulations.

It is an existential threat to the Internet we know as global, open, and reslient, but as expressed by our CEO Kathy Brown in the IGF opening ceremony, we cannot let policies of fear damage the foundational values that have defined the Internet since its creation. Openness, transparency and inclusiveness is at the heart of the Internet’s governance model, and its technical architecture is designed to facilitate change. Together they are the means to protect it.

The IGF is in this sense more important than ever, because it is the place where concerns, ideas and solutions are exchanged. It was never designed to solve the Internet’s challenges on its own, but on the contrary to support a distributed governance model based on shared principles and objectives for collaborative answers. To this end, the IGF provides a starting point in which the stakeholders can discuss their concerns such as cybersecurity, trade agreements, or how over-the-top services could create fragmentation on digital spaces – issues in which it is more important than ever to shape a common understanding of how they can be solved.

Following the ten-year review of the World Summit on the Information Society (WSIS), we have entered a new phase where the question is not anymore whether or not the multistakeholder model is a valid approach or not, but rather on how to implement it concretely to address very real issues. To us at the Internet Society, and as described in our 2017 Action Plan, this challenge can broadly be separated into Access and Trust, reflecting the fact that people need to be able to get online, but also have confidence in the system, in order for the Internet to reach its full potential.

The successful IANA transition, where the contractual relationship between the US government and ICANN on the performance of the key Internet domain name functions was transferred to the global multistakeholder community, was a good example of how all relevant stakeholders came together and reached consensus on how to govern an important function for the Internet. This was no easy process, but different views were reconciled through a common vision for the good of the Internet.

However, the IANA transition was a relatively simple challenge compared to the issues we are facing now: connecting the unconnected and taking those measures that the users of the Internet can have reasonable expectations of trust while the Internet becomes part of their lives.

Some say that easy problems on the Internet have been solved 20 years ago, and the challenges that we are facing today are those that we can only solve by realizing that the Internet is a a dynamic systems with many actors that have both self-interests and shared-interests. The Internet is an inherently complex and decentralized system where solutions come about by seeing stakeholders gaining shared understanding, assuming responsibility and taking action globally, regionally, and locally.

At last week’s IGF, we saw examples from Best Practice Forums and the Connecting the Next Billion track. We saw Dynamic Coalitions proving essential in advancing the needle on key issues, and we saw workshops on specific solutions such as the work on community networks. It has also been refreshing to see so many workshops using breakout sessions as a way to engage participants and harness expertise from a diverse audience, making the most of the opportunity that the IGF brings.

Let us also not underestimate the power of the hallway, the connections that are made between communities and the understanding that is deepened over a coffee or tequila all increase the odds that participants go home and inspire their local community, perhaps with help of new partners, to take action and to address difficult issues head on.

What is particularly inspiring are the hundreds of young fellows, often under 20, who brought their dynamism and unique perspectives on a variety of topics. This is essential, as these young leaders will be the shapers of tomorrow.

We look forward to the work and cooperations that will keep us engaged until the next IGF.

Source link

The article Reflections on a successful IGF 2016 appeared first on Arabian Post.

The Fight For Telephony

The Arabian Post Network — Tue, 13 Dec 2016 17:35:50 +0000

When I first moved to Mexico, I started working with a really cool organization called Palabra Radio, which is a community radio organization here in Oaxaca. I was really impressed with how communities were operating, owning, and sort of dealing with everything that comes with operating their own low power FM radio station. That gave me the idea to try and do something similar with mobile communication, which is how Rhizomatica came about.

Before coming to Mexico, I’d been working in Nigeria, where I’d done some work on small scale, DIY rural mobile networks. What we wanted to do here is that, but on a larger scale, so to make a system that was replicable and relatively easy for communities to set up.

We got our first network up and running in March of 2013, but it took a lot to make that happen. We put up the first network, but that was sort of a test; can we do this? Will the community actually like it once it’s up? But we got really good feedback from people, and then more and more communities kept asking us to do help them do a similar thing. Communities get in touch with us, we go through a bit of a diagnostic with them: do you have the money? Do you have the capacity? Do you have support from the whole community? And if we see that all that is in place, we move forward with them. In the last three-and-a-half years, we’ve helped 19 communities set up networks.

Communities now have the technological means, have the legal pathway to set up their own Global System for Mobile Communications (GSM) networks, as well as a set of different organizational models for how the networks can be run. So, with our help, they set up their own base station, which gives signal to the community and connects to other equipment that we help provide to them, but that they pay for and own. We help out by providing some ongoing technical support, legal support and so on. But the community then has their own little network, which can cover about 500 users before it starts getting saturated, at which point we can install more equipment. They run the service themselves, and it costs about two or three dollars a month per user.

The networks we’ve helped set up have made a huge difference for people in these communities. It lowers the cost of communications tremendously, so you’ll see savings of close 98 percent over other options. Something that cost a dollar a minute now costs one or two cents per minute. That changes how much and how often people communicate. It also makes things easier, having a mobile phone as opposed to having to walk to a payphone somewhere. It costs less and you can do it more. It also changes how people do business, it makes it easier for people to buy and sell things. It makes emergency services easier for people to access. These are mostly agricultural communities, so if someone has an accident in the fields, they can call for help.

We’re trying to build off this success in a couple ways. One is we’re starting to look at building hybrid networks, so networks that can handle both telephony and Internet. That way people can start doing VOiP calling and things like that. That’s still a few months away. The other thing we’re doing is looking at ways we can export this project. We’re looking at opportunities in Columbia, in Brazil, in Nicaragua, in Botswana, countries that have organizations that are trying to do similar things to what we’re doing here. If things have to get modified a bit, that’s fine too. But we have the experience and expertise and willingness to help those places get going and build their own local infrastructure organizations.

There’s a lot of activism around the Internet, but there’s very little activism around telecommunications networks and telephony, and what there is very localized, but when you make telephony available to people it can make a tremendous impact.

Source link

The article The Fight For Telephony appeared first on Arabian Post.

Day 3: Human Rights, Cyber Security, and Standing Up for Inclusiveness.

The Arabian Post Network — Fri, 09 Dec 2016 01:34:56 +0000

Day3.jpg

Today looks like it’s going to be a really interesting day the Internet Governance Forum (IGF). Talks on human rights, cyber security, and how to stand for diversity and inclusiveness in discussions around how the Internet grows.

Day 3: Thursday, December 8

WHAT	WHEN / WHERE	ISOC REPRESENTATIVE
BPF Cybersecurity	9:00-10:30 Workshop Room 9	Hiroshi Esaki speaking
Human Rights: Broadening the Conversation	10:00 – 13:00 Main Session Room	Sally Wentworth speaking
WS 37: Internet Fragmentation: Getting next 4billion online	12:00 – 13:30 Workshop Room 4	Karen Rose speaking
DC on Blockchain Technologies	12:00-13:30 Workshop Room 8	Walid Al-Saqaf speaking
WEF Open Forum: Internet for All working group	12:30 – 13:30 Workshop Room 3	Raùl Echeberrìa speaking
WS99: Multicultural and Multistakeholder Capacity Building	15:00-16:30 Workshop Room 1	Olga Cavalli speaking
WS165: Fostering Digital Capacities for Decent Life in MENA	15:00-16:30 Workshop Room 2	Walid Al-Saqaf speaking

Quick Links

Source link

The article Day 3: Human Rights, Cyber Security, and Standing Up for Inclusiveness. appeared first on Arabian Post.

Data Breaches and You – our Global Internet Report 2016 explains the critical steps you need to take now

The Arabian Post Network — Sun, 04 Dec 2016 09:32:51 +0000

Data breaches are the oil spills of the digital economy. Over 429 million people were affected by reported data breaches in 2015 – and that number is certain to grow even higher in 2016.

These large-scale data breaches along with uncertainties about the use of our data, cybercrime, surveillance and other online threats are eroding trust on the Internet.

This is why the 2016 edition of our Global Internet Report is dedicated to exploring data breaches, their impact on user trust and their consequences for the global digital economy.

These consequences, not surprisingly, can be serious. The purpose of the report is not to emphasize the problem, but to offer solutions and to emphasize the important role that companies and organizations play in building a more trusted Internet.

A key question raised by the report is:

why are organisations not taking all available steps to protect the personal information they collect from each of us?

The report examines the issues and walks through a number of case studies that highlight the concerns. It ends with a series of five concrete recommendations for actions we need to take.

This video provides a preview:

We ask you to please read the 2016 GIR, to share the report widely, and to take whatever actions you can to bring about a more trusted Internet.

This issue of trust is so serious that we risk undoing all of the progress we have made over the past three decades. It is time we act together to solve it.

Source link

The article Data Breaches and You – our Global Internet Report 2016 explains the critical steps you need to take now appeared first on Arabian Post.

Supporting Internet Infrastructure security in Africa

The Arabian Post Network — Sun, 04 Dec 2016 09:28:51 +0000

India is an interesting country when it comes to Internet access.
On the one hand, India has the second most Internet subscribers in the world. There are over 450 million people online here. On the other hand, we also have the largest number…

02 December 2016

30 November 2016

There is an old adage that trust takes years to build, seconds to break, and forever to repair.
When it comes to the Internet and its users, the same holds true. For average Internet users, trust in the Internet has to be built. They have to gain…

29 November 2016

“Humanity has been building and programming general purpose computers for about six decades now, with spectacular results, mostly good. As we contemplate the ‘Internet of Things’ in light of our collective experience, there are some disturbing…

28 November 2016

In collaboration with the African Union Commission, the Internet Society will be holding an experts’ workshop on Internet Infrastructure Security from 28-29 November 2016 in Nairobi, Kenya. Selected experts from within and outside the…

25 November 2016

Source link

The article Supporting Internet Infrastructure security in Africa appeared first on Arabian Post.

When your Internet history is no longer history – the danger of the UK's new Investigatory Powers Act

The Arabian Post Network — Sun, 04 Dec 2016 09:25:29 +0000

There is an old adage that trust takes years to build, seconds to break, and forever to repair.

When it comes to the Internet and its users, the same holds true. For average Internet users, trust in the Internet has to be built. They have to gain confidence in the safety of their private information online. When a user’s private online information is made public, they lose trust in the Internet and its services.

It is critical that the actions taken by governments foster Internet trust and do not put users, or their data, at greater risk. One of the simplest means of achieving this is through data minimization.

Today, the United Kingdom passed the Investigatory Powers Act 2016 into law. The Act widens the scope of investigatory powers for UK security and law enforcement agencies online. Under the new law, the agencies will have expanded powers of surveillance, hacking, and interception of communications. The biggest impact of these expanded powers is likely to be on British Internet users who can no longer trust that their online communications are private or secure.

There are several aspects of the Act which are likely to damage user trust. The first requires communications service providers (CSPs) to provide a “technical capability” to help the government access encrypted data. How this will be put into practice remains to be seen. However, this could take the form of adding an encryption “backdoor” or involve removing encryption on request, putting user data at risk. This obligation could also discourage CSPs from offering encryption, thus weakening security for all British Internet users.

Another is bulk “equipment interference,” or hacking, performed on devices in a designated geographic area. Bulk hacking, like mass surveillance, collects data from innocent citizens alongside suspected criminals.

The aspect which may have the biggest direct impact on user trust is mandatory data collection.

Under the Act, CSPs must record and keep customers’ communications metadata for 12 months for use by law enforcement in the event of an investigation. But safeguarding the data will be impossible. The task will be expensive for CSPs and stored data will be an enticing target for attackers. Already in the UK, TalkTalk and Three mobile have experienced major breaches. Following implementation of this new rule, a massive data breach is almost inevitable. Criminals will likely steal, sell, or make available to the public the data of millions of citizens.

For Internet service providers, the law requires they collect customers’ web history and other data. Web history is information that most users want to keep private. After all, there is a reason the delete history function exists on most browsers. Web history can reveal large amounts of personal information. This includes political views, religion, interests, daily routines, illnesses, and much more. The personal and visible nature of the data collected by CSPs, such as web history, makes its exposure so destructive to the trust of everyday users.

While access to communications data could help law enforcement carry out its activities, mandatory data retention is dangerous for the Internet and its users.

Any legislation to increase public security must also ensure the security and privacy of citizens’ information. In particular:

Law enforcement should undertake focused and proportional investigatory efforts. They should not engage in pervasive surveillance or bulk hacking.
Governments should promote trust-enabling technologies, such as end-to-end encryption, and never limit them or compromise their effectiveness.
Governments should advocate for data minimization even in the context of law enforcement. Evidence suggests that data breaches are almost inevitable. The less data collected and retained by CSPs, the less devastating the breaches will be to user privacy and trust.

We have more recommendations for promoting trust online in our Internet Society Policy framework for an open and trusted Internet and our Global Internet Report 2016 on data breaches. We encourage you to read and share these recommendations with policy makers in your region.

When trust in the Internet breaks down, everyone loses.

Image credit: Robin Wilton CC BY NC ND

Source link

The article When your Internet history is no longer history – the danger of the UK's new Investigatory Powers Act appeared first on Arabian Post.

WhatsApp with the UK's new Information Commissioner?

The Arabian Post Network — Sun, 04 Dec 2016 08:41:23 +0000

The UK’s Information Commissioner, Elizabeth Denham, has been in post just under four months, but already the differences between her approach and those of her two most recent predecessors (Richard Thomas and Christopher Graham) are starting to become clear. This may be due partly to the fact that she comes to the role with six years’ experience as the Information and Privacy Commissioner for British Columbia, whereas Thomas and Graham came, respectively, from legal practice and the BBC.

Recently, Denham posted an update on the first eight weeks of her team’s investigation into personal data sharing between WhatsApp and Facebook. The bottom line is this: she thinks consumers and their data are not being properly protected, and she offers the prospect of enforcement action if Facebook uses consumers’ data without consent. Here’s how she thinks Facebook is falling short of the legal requirements:

Subscribers are not properly protected, or properly informed about uses of data about them;
Facebook does not have valid consent for sharing personal data;
Users are not given sufficient control over data about them.

The Commissioner also highlights risk in a number of other areas:

“Free” services are not a licence for the service provider to do as they please with users’ data;
Vague terms of service don’t adequately protect the intimacy revealed by our online data;
Company mergers, and aggregation of the resulting data, create privacy risks that go beyond simple data protection.

The tone of the Commissioner’s post is firm but understated. It focuses on basic steps: inform users, get meaningful consent, give users proper control, and be transparent about terms and conditions. The Commissioner’s concerns echo those expressed by the wider group of European information commissioners, the Article 29 Working Group. The head of that group, Isabelle Falcque-Pierrotin, has expressed its concern that, following WhatsApp’s acquisition by Facebook, personal data is being used for purposes that were not included in the terms users signed up to.

Some may point out that, in strict legal terms, consent is just one of a number of valid grounds for the processing of personal data. My personal view is that there is no need for equivocation here. I don’t care (and neither should consumers) if consent isn’t the only basis for legal processing: if the end result is not what I signed up for, and it increases privacy risk, I should be made aware of that and given the option to say no.

The Commissioner has set out her position, simply and clearly. It will be interesting to see what the next eight weeks bring.

Source link

The article WhatsApp with the UK's new Information Commissioner? appeared first on Arabian Post.

Build The Internet: Training Barefoot Network Engineers

The Arabian Post Network — Sun, 04 Dec 2016 08:40:04 +0000

India is an interesting country when it comes to Internet access.

On the one hand, India has the second most Internet subscribers in the world. There are over 450 million people online here. On the other hand, we also have the largest number of unconnected people. Only about 35 percent of our population is online, including more than 70 percent of women. Between 70 and 80 percent of our landmass isn’t connected, including most rural parts of the country. So we have a severe problem when it comes to connectivity.

I helped found the Digital Empowerment Foundation about 20 years ago, with the aim of fixing these connectivity problems. Our goal is to overcome information poverty and make the Internet accessible to the remotest part of the country, for the poorest of the poor.

One of the core problems is a lack of last mile infrastructure. The “last mile” refers to the final leg of the network, the one that delivers the Internet to people’s homes and businesses. Telecom companies here have been reluctant to invest in the last mile in rural areas because it doesn’t make sense for them as an investment. They say the cost is higher than the return. That’s often where we come in.

There are certain bands of wireless spectrum that are unlicensed, which means anyone can use them for community networks. By using unlicensed spectrum, we’ve managed to bring the Internet into telecom dark areas. If you build a tall enough relay tower, you can easily get a line of sight that will allow the signal to carry for up to 40 kilometres. And you can set up a series of these towers. That’s how we build networks. We started in 2010 when we first started partnering with ISOC. It began with a pilot program in a handful of communities. Now, we’re in over 100 communities, and we’re still growing.

What’s amazing, though, is how the network gets built and maintained. Over the years, we’ve trained hundreds of people to become what we call barefoot network engineers. These are regular people in rural villages, often without much formal education, who we train to be network engineers. With ISOC’s help, we’ve developed a multi-lingual kit and guidebook that explains the technology and equipment at a literacy level that works for them. So local people can maintain and troubleshoot the network themselves. And this is tremendously empowering, not only for the individuals we train but for the whole community.

The access itself gives people a tremendous sense of liberty. Suddenly, they can access government programs, which used to be controlled by middlemen. They can run their own business. They can buy things at better prices. They can access doctors through telemedicine. They can access education. Because it’s a broadband connection, they can do video conferencing, which has an enormous appeal to people who might not have high levels of literacy. Also, they use it for entertainment. That’s important, too.

The biggest achievement is that people aren’t just acting as a consumer of information, but they’re talking to each other. They’re sharing knowledge. They’re talking about their rights, about access to services, about democracy. You see it the most with the women in the community. India is still a very patriarchal society, but in our programs, women play a key role. In many of these communities, the men have to migrate to other parts of the country for work, but the women usually stay put. As a result, they’re often in charge of the community access points and the computers themselves. They’re the keepers of the information, and having that role gives them more leverage to make decisions in their households and communities.

Community networks are one of the most viable, available technology-based solutions for last-mile access to underserved communities. What we’ve been doing in India could become a prototype or a scaleable model for connectivity all over the world. But right now, it’s still seen as a novel idea, not something that could be rolled out on a large scale. Organizations like ours need to work with each other, as well as with larger organizations like ISOC, to advocate for community networks to become a global, mainstream phenomenon. Because when you connect these communities, amazing things happen. I’ve seen it first-hand.

Impressed by Osama’s story? Tell your local policy maker. Share this and the Policy Framework for an Enabling Internet Access and help make access possible.

Source link

The article Build The Internet: Training Barefoot Network Engineers appeared first on Arabian Post.

You Can Build the Internet

The Arabian Post Network — Sun, 04 Dec 2016 08:39:39 +0000

Community Networks are connecting people in underserved rural, remote, and urban areas around the world. They have existed for decades in small out-of-the-way or unknown pockets. Local champions – normal people who just believe in making things happen – are creating these networks with-for-and-by communities. It starts with people and the belief that something should change because they know that access to affordable connectivity can change lives.

Small, DIY networks are connecting people in remote parts of the globe, from the Amazon Rainforest to the Himalayas, to the fly-in communities of Canada’s north. They are are making connectivity affordable to more and more people in around the world. Community networking puts technology into the hands of the people who use it. It helps demystify the Internet and proves that people, no matter what their background is, can run and maintain a network.

Community networks turn people from consumers of the Internet to Citizen-builders of the Internet.

All over the world, people are setting up these sorts of networks, for reasons that vary from the need for low-cost VoIP connections to a burning desire to play Call of Duty. Many are working in isolation. And, we know that when we bring people together who share a passion for making change – amazing things happen. The “human chemical reaction” and “trust networks” start to form, and people start to connect with people to shift the balance.

The Internet Society and our partners want to bring them together to share ideas and build a stronger network of people.

We’re going to bring some of these people together at the Internet Governance Forum in Guadalajara, to learn from each other and help grow community networking as a movement. Over the next few weeks, we’ll be bringing you a few of their stories.

If you’re working to bring your community online, or if you want to, get it in touch!

If you want to take part in the Internet Governance Forum (IGF) from the comfort of your home, here’s how you can join.

There are some cool activities taking place! More can be found here.

Source link

The article You Can Build the Internet appeared first on Arabian Post.

Internet: Latest News — Arabian Post

Phantom Wallet Surges to Second in U.S. App Store Ranking

Benefits and Security of Free VPNs in the Middle East: A Growing Necessity

Safest VPN options in UAE?

What is a VPN and how does it work?

Benefits of using a VPN in the UAE

VPN usage statistics in the UAE

Factors to consider when choosing a VPN provider in the UAE

The top VPN providers for UAE residents – NordVPN, Surfshark VPN, ExpressVPN, VPN.ac

ExpressVPN UAE

VPN.ac UAE

Setting up and using a VPN in the UAE

How India’s PM-Kisan Aadhaar Leak is Exposing Indians to Identity Theft

6 Tips for Protecting Against Ransomware

Bringing Internet to Venezuela’s Remote Regions – While Setting a World Record

Promoting Digital Accessibility in Sri Lanka

Using the Collaborative Security Approach to Address Internet of Things Security Challenges

Fostering Confidence and Protecting Opportunities. In short, we should always have these objectives in sight when developing security solutions.

Collective Responsibility. This notes that participation on the Internet means global interdependency. If participants act solely in their own self-interest, not only is the security of the internet affected, the social and economic potential of the internet to the global community also diminishes.

Think Globally, Act Locally. For greater effectiveness and efficiency, solutions should be defined and implemented by the smallest, lowest, or least centralized competent community at the point in the system where they can have the most impact.

Conclusion

Will Artificial Intelligence Change The World For the Better? Or Worse? Read our new policy paper

Join forces to eliminate spam – read the new report from the CRTC

Deadline 3 May: Recognize an outstanding technologist

Encryption is key for a trusted Internet

Knowing The Subtle Differences

Where You Can Find End-to-End

It’s Up To All Of Us

The Bottom Line

Rough Guide to IETF 98: Trust, Identity, and Privacy

Relevant Working Groups at IETF 98:

Follow Us

Rough Guide to IETF 98: Internet Infrastructure Resilience

Follow Us

Community Forum Launches the Search for 25 Under 25

Barev dzez! You are listening to Radio MENQ. The voice of the visually impaired of Armenia.

Beyond the Net Journal: Armenia Chapter #3 Episode

DNS Privacy: Solutions emerging, but deployment lags

An eventful week at SANOG 29

The Internet of Things as an Attack Tool

Let us look at a few trends playing out in this area.

What does this mean?

Does the IoT change this?

Usable Security Highlighted at NDSS 2017

CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier

Rejoignez-nous pour la 5ème édition du forum de système de noms de domaine africain!

Mt_Kilimanjaro.jpg.jpeg

Responsible Disclosure from a Collaborative Security Perspective

Changing the law

Creating practices, guidelines and a responsible disclosure ecosystem.

Covenants

Shield &amp; Sword – 10 tips to protect yourself online

1. Know the terrain.

2. Keep your private life private.

3. Protect communications.

4. Obscure your location.

5. Guard your devices.

6. Prepare for an attack.

7. Stand firm.

8. Beware of Trojan horses.

9. Lead.

10. Protect others.

Watch Live Today – State of The Net 2017 conference in Washington, DC – security, privacy, IoT and more

Public Spectrum for Public Access

2017: the Internet Society's 25th Anniversary Year

Holiday DDoS Attacks: Targeting gamers (and five things you can do about it)

State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed

What India's Banking Industry Breach Can Teach Us About the Importance of Collaboration

Bridging California’s Rural Digital Divide

Beyond the Net announces the results for the November 2016 cycle

Get to know the projects:

Do you have a great idea?

Reflections on a successful IGF 2016

The Fight For Telephony

Day 3: Human Rights, Cyber Security, and Standing Up for Inclusiveness.

Day3.jpg

Day 3: Thursday, December 8

Quick Links

Data Breaches and You – our Global Internet Report 2016 explains the critical steps you need to take now

Supporting Internet Infrastructure security in Africa

Shield & Sword – 10 tips to protect yourself online