Last week at RSA, more than 30 global companies came together to sign the Cybersecurity Tech Accord “to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.” It is an example of collaboration, which demonstrates the commitment and focus of the signatory companies to take action in order to tackle the significant security threats we are currently facing. It is this type of collective action we have promoted as part of our collaborative security
The Tech Accord is a positive step by large corporations across the globe involved in security to come together in the name of collaboration and make security commitments that resonate with the demands of Internet users everywhere. Per the Accord’s website, there are four main tenets of the Tech Accord:
Celebrating the work of women who are making a difference in their communities by using the Internet is something that at the Internet Society we care about. Women are building businesses, learning new professions, sharing, and collaborating online. Women are creating new opportunities for themselves and their families by taking advantage of what the Internet has to offer.
And it’s important to continue recognizing the work of these women.
EQUALS in Tech Awards is an opportunity to do so. By providing a platform for outstanding initiatives, the awards are a key piece in increasing the visibility of projects that use the power of technology to empower women and girls all across the globe.
This year’s EQUALS in Tech Awards is looking for initiatives from all stakeholders that improve women’s access to technology, promote female leadership in the tech sector, and build relevant digital skills for women and girls. Research that produces reliable evidence to tackle the digital gender divide will be also recognized.
The awards are organized annually by the EQUALS Global Partnership, an multistakeholder initiative which seeks to achieve gender equality in the digital age.
The Internet Society is proud to be vice-chair of this global movement. As such we work side by side with over 60 other organizations, companies Continue reading
Another BGP hijacking event is in the news today. This time, the event is affecting the Ethereum cryptocurrency. (Read more about it here, or here.) Users were faced with an insecure SSL certificate. Clicking through that, like so many users do without reading, they were redirected to a server in Russia, which proceeded to empty the user’s wallet. DNSSEC is important to us, so please check out the Deploy360 DNSSEC resources to make sure your domain names are protected. In this post, though, we’ll focus on the BGP hijacking part of this attack.
First, here’s a rundown of routing attacks on cryptocurrency in general – https://btc-hijack.ethz.ch/.
In this case specifically, the culprit re-routed DNS traffic using a man in the middle attack using a server at an Equinix data center in Chicago. Cloudflare has put up a blog post that explains the technical details. From that post:
“This [hijacked] IP space is allocated to Amazon(AS16509). But the ASN that announced it was eNet Inc(AS10297) to their peers and forwarded to Hurricane Electric(AS6939).
“Those IPs are for Route53 Amazon DNS servers. When you query for one of their client zones, those servers Continue reading
At the Women’s Special Interest Group of the Internet Society we are committed to promoting the participation of women in the Internet ecosystem. We also consider it important to increase the content created by and about women on the Internet to give voice and make visible the actions, work, and participation of women in Information and Communication Technologies (ICT).
Just 17% of Wikipedia biographies are of women. This happens because of the invisibility on the Internet of their work, which makes it difficult to create their biographies, no matter how valuable their work is.
April 26 is the International Day of Girls in ICT, promoted by the ITU. It aims to reduce the digital gender gap and encourage and motivate girls to participate in tech careers. With the support of the Wikimedia Foundation and Internet Society Chapters, we are going to commemorate the Girls in ICT Day with an editathon marathon in Wikipedia, to include all the women who are working to build an open Internet, free, safe, transparent, and affordable for everyone.
The important thing about this Global Editathon “Girls in ICT” is that the content will be created by women in their native language or in the Continue reading
The Internet Engineering Task Force (IETF) has been working recently to update its administrative arrangements to match the changing requirements it faces as the premiere Internet standards organization.
It has been more than a decade since the IETF became an organized activity of the Internet Society. Given the changes in the world and the Internet in the intervening time, it is natural to reconsider how to most effectively organize and implement its administrative structure. The Internet Society Board of Trustees supports the IETF in this work, and has set aside funding for this purpose. Internet Society staff are prepared to help implement the changes required.
Aspects of the mutual relationship between the Internet Society and the IETF, such as the role of the Internet Society in the standards appeal process, the confirmation of the Internet Architecture Board (IAB) members by the Internet Society’s Board of Trustees, and four members of the Internet Society’s Board of Trustees being appointed by the IAB on the IETF’s behalf, are not subject to change.
Both the Internet Society and IETF will benefit from an updated administrative structure for the IETF that continues to provide a solid foundation for the development of open standards for the global Internet.
The post Continuing Support for the Work of the IETF appeared first on Internet Society.
Encryption is an important technical building block for Internet trust. It secures our infrastructure, enables e-commerce, ensures the confidentiality of our data and communications, and much more. Yet, because bad actors can also use encryption to hide their activities, it can present challenges for law enforcement.
How, or even if, law enforcement should gain access to encrypted content has remained a divisive issue for the last twenty years. Yet, even as encryption tools have grown in variety and use, the public debate has become over-simplified into a battle between those for and against encryption. That public debate often fails to address the nuances of the digital-communications and data-storage landscape, or how it has evolved. With both sides largely talking at each other, rather than listening to one another, there has been little headway towards a solution, or set of solutions, that is acceptable to all.
In October of 2017, the Internet Society and Chatham House convened an experts roundtable under the Chatham House Rule to deconstruct the encryption debate. They explored ways to bridge two important societal objectives: the security of infrastructure, devices, data, and communications; and the needs of law enforcement. The roundtable brought together a diverse set of Continue reading
AI Hits the Right Notes: Artificial intelligence-generated music is reshaping the industry, but that’s not such a bad thing, notes Billboard.com. AI won’t replace the artists we love or end creativity, but it could empower creators with new songwriting and other tools, the story suggests.
Drilling for AI: Oil producers are also turning to AI to help them with several tasks, according to an interview with oil executive Philippe Herve of SparkCongnition, published in Houston’s Chron.com. AI can assist oil producers with predictive maintenance of their expensive field equipment and help them make sense of all the data they collect, he said.
Collateral damage for app ban: Russia has attempted to shut down messaging app Telegram, after the service refused to provide authorities encryption keys to its software. It’s not going so well, however. Russian’s attempts to block the app have inadvertently knocked out a bunch of small business websites in the country, reports the New York Times. Telegram attempted to get around the ban by shifting its service to U.S. Web hosts Google Cloud and Amazon Web Services, while repeatedly changing its IP address. In response, Russia shut down huge blocks of subnets instead of trying Continue reading
The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop during the ICANN62 meeting held from 25-28 June 2018 in Panama City, Panama.
If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to [email protected] by Friday, 4 May 2018
The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments. For reference, the most recent session was held at the ICANN Community Forum in San Juan, Puerto Rico on 14 March 2018. The presentations and transcripts are available at:
As this is the shorter “Policy Forum” format for ICANN meetings, the DNSSEC Workshop Program Committee is developing a 3-hour program. Proposals will be considered for the following topic areas and included if space permits. In addition, we welcome suggestions for additional topics either for inclusion in the ICANN62 workshop, or for consideration for Continue reading
As we continue our work related to the upcoming General Data Protection Regulation (GDPR), we have published an updated Privacy Policy for all visitors to our websites. This version makes some minor clarifications to our previous Privacy Policy from August 2017.
We also published a Privacy Policy Frequently Asked Questions (FAQ) list with more details about how we comply with various provisions of the policy. If you have any questions about this, please contact me at [email protected].
See also:
The post Updated Privacy Policy with minor clarifications appeared first on Internet Society.
The Internet Society Elections Committee is pleased to announce the final results of the 2018 elections for the Board of Trustees. The voting concluded on 9 April 2018. The challenge period (for appeals) was opened on 11 April and closed on 18 April.
There were no challenges filed. Therefore the election results stand:
Also, following the process documented in RFC 3677, the Internet Architecture Board has selected and the IETF has confirmed:
to each serve second terms on the board.
The term of office for all 4 of these Trustees will be 3 years, commencing with the 2018 Annual General Meeting of the Internet Society, 29 June – 1 July.
The Elections Committee congratulates all of the new and renewing Trustees. We also extend our thanks again to all the candidates and to everyone who participated in the process this year.
The post 2018 Internet Society Board of Trustees Final Election Results & IETF Appointments appeared first on Internet Society.
Wouldn’t it be nice if you could trust that your device is secure, so that it isn’t leaking your private data, becoming a bot and attacking other users, or putting you at risk?
We think so too.
By using their buying power to influence the market, combined with forward-looking, smart policies and regulations, governments can help build an Internet of Things (IoT) we can trust. With over ten billion IoT devices, applications, and services already in use, and the number of connected devices forecasted to jump to over thirty-eight billion by 2020, ensuring that governments take the right actions now around IoT security is critical.
Governments have important choices to make now to help ensure that IoT consumers are secure, innovation can flourish, and we can all fully benefit from IoT.
We are pleased to release IoT Security for Policymakers, a discussion paper to help provide a solid foundation for policymakers and regulators as they address IoT security. In the paper, we highlight key issues and challenges of IoT security, along with guiding principles and recommendations. While many of IoT’s challenges are technical, some of the most pressing are social, economic, or legal. There are countless consumers with little Continue reading
A new space race is developing, bringing with it the potential to spread broadband to unserved areas of the world.
A handful of satellite companies, including SpaceX, are planning to deploy large-scale, low-orbit constellations that could bring high-speed broadband service to wide geographic areas. SpaceX’s main competitor is one-time partner OneWeb, which like its rival, is planning a huge network of satellites that could blanket most of the Earth with high-speed broadband service.
Other companies are competing as well. While SpaceX and OneWeb plan to launch thousands of satellites in the coming years, Canadian firm Telesat is also planning to offer global coverage through a polar-orbit constellation of just 117. Space Norway plans to cover the Arctic area, and LeoSat plans to specialize in high-speed encrypted services for large businesses.
These proposed services would be in addition to incumbent satellite Internet providers like HughesNet and Exede Internet, which focus on serving the United States.
Proponents of the proposals say they have the potential to offer broadband at speeds that rival wired fiber service. The new providers could achieve faster speeds and lower latency than current generation satellite Internet service using a combination of low orbits, a large number Continue reading
Half of the world’s languages are expected to disappear by the end of the century. This is a huge cultural loss to humanity. When we think about endangered languages, we usually consider them as part of traditions that link us to the past. From a forward-looking perspective, they mean more than cultural heritage. When a language dies, a unique vision of the world is gone forever.
Does the language we speak online matter? Studies show that it deeply affects people’s experience of the Internet. It determines how much information we can access, who we choose to connect with and how we behave in our community. Keeping languages alive is essential to shape our future. The Internet offers the greatest chance to have a public voice in response to cultural globalization, a languages renaissance.
UNESCO is convinced that multilingualism on the Internet has a key role to play in fostering pluralistic, open and inclusive knowledge societies.
A project called Siminchikkunarayku, supported by The Internet Society Peru Chapter and the Beyond the Net Funding Programme, aims to build the linguistic corpus of the southern Quechua language by collecting and digitizing 10,000 hours of speeches. The Quechua is a family Continue reading
I used to love the old Space Invaders arcade game – waves of enemy attackers came in faster and faster while you tried to defend your base. With experience you could learn their tactics and get pretty adept at stopping them. For today’s enterprise IT staff, consumer-grade IoT devices must certainly feel like those space invaders of old.
There’s good news and bad news about these new creatures in the enterprise. The good news is that they don’t start with mal-intent and can be profiled well enough to confine their activity. The bad news is that they’re coming in waves, often slipping under the radar, and the consequences can be much bigger than getting blasted and placing a few more quarters in the slot.
To help enterprise IT staff deal with this new wave we released “The Enterprise IoT Security Checklist: Best Practices for Securing Consumer-Grade IoT in the Enterprise” today, outlining best practices for securing consumer-grade IoT in the enterprise. The Checklist includes ten actions, based roughly in chronological order from purchase, through installation, to ongoing support, meant to raise awareness of the common vulnerabilities presented by these devices and how to address them.
Many of these Continue reading
The APAN 45 meeting was held on 25-29 March 2018 in Singapore, where Kevin Meynell presented the MANRS routing security initiative during the Network Engineering Workshop.
We’ve previously discussed the underlying trust-based issues of BGP that MANRS attempts to address in a number of blogs, but we’re particularly interested in partnering with R&E networking communities for the reasons that National Research and Education Networks (NRENs) are often early adopters of new technologies and initiatives, they’re interested in distinguishing themselves from commercial operators, and the R&E community is a collaborative one.
This engagement resulted in significant interest from a number of NRENs in becoming MANRS participants, with AARNet (Australian Academic and Research Network) signing-up shortly afterwards (AS 7575). The presentation is available on the APAN 45 website, and may be freely used by those interested in promoting MANRS to raise awareness of routing security issues and promote the initiative.
APAN (Asia Pacific Advanced Network) supports the R&E networks in the region to help them to connect to each other and to other R&E networks around the world, allows knowledge to be exchanged, and coordinates the activities, services and applications of its members for their common good. APAN and the preceding APNG Continue reading
Do you trust this documentary? Do You Trust This Computer? is a new documentary from filmmaker Chris Paine that’s dedicated to the dangers of artificial intelligence. Elon Musk, who’s been vocal about the potential downsides of the technology, appears in the film and has promoted it. But The Verge finds the film a bit overly dramatic, saying “feels more like a trailer for a bad sci-fi movie than a documentary on AI.”
Or you could just get a dog: Speaking of AI, researchers at the University of Washington in Seattle are using canine behavior to train an AI system to make dog-like decisions, reports MIT Technology Review. The researchers are using dog behavior as a way to help AI better learn how to plan, with hopes of helping AI better understand visual intelligence, among other things.
News apps meet the Great Firewall: The Chinese government has temporarily blocked four news apps from being downloaded from Android app stores, ZDNet reports. The apps, with a combined user base of more than 400 million, have been suspended for up to three weeks in an apparent government media crackdown. Meanwhile, Chinese regulators have permanently banned a joke app for supposed vulgar content.
Are you attending the RSA USA 2018 Conference this week in San Francisco? If so, please plan to join this panel session happening Tuesday, April 17, 2018, from 3:30 – 4:14pm (PDT):
IoT Trust by Design: Lessons Learned in Wearables and Smart Home Products
Moderated by my colleague Jeff Wilbur, Director of the Online Trust Alliance (OTA), the panel abstract is:
The world has awakened to the need for tighter security and privacy in consumer-grade IoT offerings. This panel will present a trust framework for IoT, and wearable and smart home experts will discuss top attack vectors, typical vulnerabilities in devices, apps and systems, common reasons for design compromise, the evolution of security and privacy in IoT and where it needs to go.
They will be discussing the OTA’s IoT Trust Framework, as well as some new mechanisms available to help enterprises understand the risks associated with IoT devices.
If you believe securing the Internet of Things is a critical step to having a secure Internet, please join Jeff and his panelists to learn more.
Unfortunately there appears to be no live stream available but they do seem to be recording many of the sessions. If Jeff’s Continue reading
On, April 10, 2018 I joined over fifty like-minded individuals signing a letter emphasizing the importance of security research. The letter renounces a number of recent lawsuits, such as Keeper v. Goodlin and River City Media v. Kromtech, against security researchers and journalists and highlights the importance of the work they are doing to defend against a rapidly increasing number of security threats.
Security research, sometimes called white-hat hacking, is a practice by ethical hackers whereby they legally find flaws in information systems and report them to the creators of those systems. The ability to find and report these vulnerabilities before other bad actors can manipulate them has become increasingly important, especially in the context of the Internet of Things (IoT).
As we discussed at Enhancing IoT Security in Ottawa, Canada this week, Internet-connected devices offer great promise, but they can also create a host of security issues. It is crucial that we continue to encourage individuals to seek out and correct flaws in these devices as their application and use grows.
As Olaf Kolkman, Chief Internet Technology Officer at the Internet Society, wrote recently, security researchers are helping to make the Internet more secure. Collaboration between those Continue reading
On April 4, 2018, over 80 individuals met in Ottawa and virtually via livestream for the first event in the Canadian Multistakeholder Process – Enhancing IoT Security series. Participants represented a wide-range of stakeholder groups, including government, academia, public interest, and industry representatives. Two Internet Society Organization Members, the Canadian Internet Registration Authority and CANARIE, as well as Innovation, Science and Economic Development Canada and the Canadian Internet Policy and Public Interest Clinic were partners for this event. IoT security is a complex issue that requires all stakeholders to cooperate and participate in the development of solutions, and we were pleased to have such truly multistakeholder representation.
The event kicked off with an interactive presentation from Larry Strickling, Executive Director of the Collaborative Governance Project. Strickling provided an overview of the multistakeholder process and facilitated a discussion among participants to determine ground rules and define what constitutes consensus. Participants, both those remote and in person, outlined over a dozen rules and three key metrics for determining consensus, which will be used throughout the entirety of the project.
In the morning, participants heard from a series of speakers who presented on IoT security and risk, the balance between IoT’s technological Continue reading