A slightly updated version of the Online Trust Audit & Honor Roll is now available in English, French, and Spanish.
Changes include:
The Online Trust Audit & Honor Roll assesses nearly 1,200 organizations, recognizing excellence in online consumer protection, data security, and responsible privacy practices. This Audit of more than 1,200 predominantly consumer-facing websites is the largest undertaken by OTA, and was expanded this year to include payment services, video streaming, sports sites, and healthcare.
This is the first time in the Audit’s 10-year history that we’ve translated it, and we’re proud to bring it to a wider audience. Going forward, we will work toward adding more global sectors and regions into the report findings.
The Trust Audit Planning Committee, open to Internet Society organization members, has already had its first meeting to discuss the methodology for next year’s Audit. A public call for comment on the draft methodology will come later this year, so watch this blog or follow us on Twitter or Facebook to keep up with our Continue reading
I’ve been developing yet more automation recently, and I’ve been hitting two major stumbling blocks that have had a negative impact on my ability to complete the tooling.
When APIs were first made available, the documentation from many vendors was simply incomplete; it seemed that the documentation team was always a release or two behind the people implementing the API. To fix that, a number of vendors have moved to a self-documenting API system along the lines of Swagger. The theory is that if you build an API endpoint, you’re automatically building the documentation for it at the same time, which is a super idea. This has improved the API’s endpoint coverage but in some cases has resulted in thorough documentation explaining what the endpoints are, but little to no documentation explaining why one would choose to use a particular endpoint.
As a result, with one API in particular I have been losing my mind trying to understand which endpoint I should use to accomplish a particular task, when no less than three of them appear to handle the same thing. I’m then left using trial and error to determine the correct path, and at the end Continue reading
This blog post is part of Crypto Week 2019.
Trust on the Internet is underpinned by the Public Key Infrastructure (PKI). PKI grants servers the ability to securely serve websites by issuing digital certificates, providing the foundation for encrypted and authentic communication.
Certificates make HTTPS encryption possible by using the public key in the certificate to verify server identity. HTTPS is especially important for websites that transmit sensitive data, such as banking credentials or private messages. Thankfully, modern browsers, such as Google Chrome, flag websites not secured using HTTPS by marking them “Not secure,” allowing users to be more security conscious of the websites they visit.
This blog post introduces a new, free tool Cloudflare offers to CAs so they can further secure certificate issuance. But before we dive in too deep, let’s talk about where certificates come from.
Certificate Authorities (CAs) are the institutions responsible for issuing certificates.
When issuing a certificate for any given domain, they use Domain Control Validation (DCV) to verify that the entity requesting a certificate for the domain is the legitimate owner of the domain. With DCV the domain owner:
It’s based on technology that VMware acquired when it bought public cloud security startup...
My ‘do not use underscores in DNS’ war story: Back in the day when NetBIOS name services (NBNS) mattered more than DNS, people would put names on the their machines so they could access the shared resources from the Windows finder. Developers and certain types of ‘security professionals’ who have opinions on underscores vs dashes […]
The post Why I Do Not Use Underscores in DNS, A ‘War’ Story. appeared first on EtherealMind.
One of my readers sent me this question:
How can I learn more about reading REST API information from network devices and storing the data into tables?
Long story short: it’s like learning how to drive (well) - you have to master multiple seemingly-unrelated tasks to get the job done.
Read more ...As you most likely will have seen, Cisco is “rebooting” their certifications to better align with what is expected of the future work force. As I’ve been busy with Cisco Live, I’m only now starting to write these posts. I’m expecting to write a couple of them rather than writing one LONG one.
As a member of the CCIE Advisory Council, I’ve been in the loop for a while and I truly believe these changes are for the better. We’ve tried to do what is best for people that are certified or looking to get certified. There will certainly be corner cases or questions that need answers, but we have done our best to leave noone behind.
This first post will look at what is changing at a high level and then we can dive deeper into the different certifications in the coming posts.
DevNet certifications – There has been some training on automation and even some exams, but no real certifications. This is all changing now. There will be corresponding DevNet certifications for CCNA, CCNP and in the future, CCIE. This offers more career paths within the Cisco world. I will cover the DevNet certifications in a future post.
In this Tech Byte episode we delve into security policy orchestration and automation with sponsor Tufin. Tufin integrates with firewalls, next-gen firewalls, routers, switches and more to help you understand and automate controls and policies on premises and in the cloud.
The post Tech Bytes: Security Policy Orchestration And Automation With Tufin (Sponsored) appeared first on Packet Pushers.
Huawei has for the first time quantified how much the United States-led campaign against the...
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post History Of ATM (Part 1) – Daniel Grossman appeared first on Network Collective.
The SD-Branch platform uses its FortiGate Next-Generation Firewall, FortiNAC Network Access...
Way back in the day, when telephone lines were first being installed, running the physical infrastructure was quite expensive. The first attempt to maximize the infrastructure was the party line. In modern terms, the party line is just an Ethernet segment for the telephone. Anyone can pick up and talk to anyone else who happens to be listening. In order to schedule things, a user could contact an operator, who could then “ring” the appropriate phone to signal another user to “pick up.” CSMA/CA, in essence, with a human scheduler.
This proved to be somewhat unacceptable to everyone other than various intelligence agencies, so the operator’s position was “upgraded.” A line was run to each structure (house or business) and terminated at a switchboard. Each line terminated into a jack, and patch cables were supplied to the operator, who could then connect two telephone lines by inserting a jumper cable between the appropriate jacks.
An important concept: this kind of operator driven system is nonblocking. If Joe calls Susan, then Joe and Susan cannot also talk to someone other than one another for the duration of their call. If Joe’s line is tied up, when someone tries to Continue reading