“Enhancing IoT Security” Kicks off in Ottawa
While Internet-connected devices afford utility unseen in generations past, they may also create a host of security issues, ranging from insignificant to catastrophic in potential impact. In an effort to mitigate this risk, the Internet Society partnered with Innovation, Science and Economic Development, the Canadian Internet Registration Authority, CANARIE, and CIPPIC to host a multistakeholder meeting on the security of IoT devices. The event takes place in Ottawa, Canada on April 4, 2018.
This meeting will be the first in a year-long process to develop recommendations for a set of norms and/or policies to secure IoT in Canada. This event will serve as an opportunity to begin planning and implementing a bottom-up, organic process to remedy existing and potential security challenges in Canada’s national IoT ecosystem.
This session will focus on IoT as it relates to two specific themes: consumer protection and network resiliency. The event will begin with presentations from engaged stakeholders in order to lay the groundwork for group discussion. Participants will then work in small groups to develop consensus on key IoT issues and determine what can be done to meaningfully impact consumer protection and network resiliency. This will create the basis of discussion Continue reading
Pivot3 Jumps Into Hybrid Cloud Game, Moves HCI Stack to AWS
The software uses a technology Pivot3 calls Intelligent Cloud Engine that extends policy-based management and automation to the cloud.
A Solution to Compression Oracles on the Web
This is a guest post by Blake Loring, a PhD student at Royal Holloway, University of London. Blake worked at Cloudflare as an intern in the summer of 2017.
Compression is often considered an essential tool when reducing the bandwidth usage of internet services. The impact that the use of such compression schemes can have on security, however, has often been overlooked. The recently detailed CRIME, BREACH, TIME and HEIST attacks on TLS have shown that if an attacker can make requests on behalf of a user then secret information can be extracted from encrypted messages using only the length of the response. Deciding whether an element of a web-page should be secret often depends on the content of the page, however there are some common elements of web-pages which should always remain secret such as Cross-Site Request Forgery (CSRF) tokens. Such tokens are used to ensure that malicious webpages cannot forge requests from a user by enforcing that any request must contain a secret token included in a previous response.
I worked at Cloudflare last summer to investigate possible solutions to this problem. The result is a project called cf-nocompress. The Continue reading
SDN Hasn’t Faded, It’s Just Evolved
A look at how software-defined networking is expanding with the incorporation of analytics and how service providers are implementing the technology.
SDN Hasn’t Faded, It’s Just Evolved
A look at how software-defined networking is expanding with the incorporation of analytics and how service providers are implementing the technology.