It’s surprising the internet works at all, given the age of its core software. The question is, can we catch it before it falls over?A panel of academic experts recently took part in a discussion on the future of the internet, and among other things highlighted its fragility, the ease with which it can be disrupted and its seeming resistance to change.

The weaknesses arise primarily from the fact that the internet comprises protocols for Layer 3 networking in the TCP/IP stack, invented many years ago.“There are a lot of challenges for the internet. We face daily problems,” said Timothy Roscoe, a professor at ETH, Zurich’s science, technology and mathematics university in Zurich.

 

“Most of what we do is at Layer 3, which is what makes the internet the internet.” However, new and incredibly popular services, such as YouTube, Netflix, Twitter and Facebook, have put pressures on these protocols.

 

New age, old protocols

Laurent Vanbever, an assistant professor at ETH, said: “There is a growing expectation by users that they can watch a 4K video on Netflix while someone else in the house is having a Skype call. They expect it to work but the protocols of the internet were designed in the 1970s and 1980s and we are now stretching the boundaries.”

The internet is often described as a network of networks. What makes these networks communicate with one another is BGP, the border gateway protocol. In essence, it’s the routing protocol used by internet service providers (ISP). It makes the internet work.

Roscoe said: “BGP is controlled by 60,000 people, who need to cooperate but also compete.” These people, network engineers at major ISPs, email each other to keep the internet running.

 

Routing for trouble

“When you visit a website, you really don’t know where your internet traffic goes,” said Roscoe. One would assume the route network traffic takes from a user’s computer to the server is the shortest possible.

 

But often, according to Roscoe, this is not the case. “I have seen network packets taking remarkably bizarre paths across the internet,” he said, and added that Pakistan was able to route all YouTube traffic through its servers, blocking the traffic, and effectively taking YouTube offline.Due to the way BGP and other protocols work, he said, there is “very little control over where traffic goes”. The question is why there is so little control.

Mark Handley, a professor of network systems at University College, London, said: “The internet is built out of a set of networks, where the operators have their own desires about what they want their network to do. Internet operators partially hide pricing and routing policy information, while needing to communicate with their neighbours.”

So, there’s a paradox, driven by competition to route traffic, and they [the operators] “are hiding who they will talk to, while trying to talk to each other”, said Handley.More recently, Edward Snowden’s revelations propelled into the public domain the ease with which the internet’s traffic can be routed and moved, highlighting the mass collection of internet data by US government spooks.

 

No need for internal change

Adrian Perrig, a network security professor at ETH Zurich, said his group at the university has been working on a new protocol and trying to tackle the internet’s secure routing challenge, in a way that is also more efficient than existing methods.

He said: “The architecture was started as an academic exercise, but we realised it is not that hard to deploy, as we do not need to change the internals of networks. We only need to change the points where different ISPs touch each other.”

So far, three major ISPs have begun deploying the new protocol along with a few banks ­– who want to gain greater transparency over their network packets. Perrig and his team are attempting to develop a protocol that can easily be deployed.

 

Too complex to change

Matt Brown, site reliability engineering head at Google, said: “A lot of the core protocols of the internet we rely on are very old. There are many improvements that need to be made to give us the level of robustness and security needed for the role the internet has in society.”But, he argued, it is still extremely hard to upgrade these protocols. “With a network you get network effects. You are effectively constrained by the lowest common denominator, like the last person who hasn’t upgraded who holds everybody back.”

For instance, he said the digital subscriber line (DSL) router provided by ISPs to people at home to allow an internet connecting may be four years old, yet it contains critical protocols.

“Getting new functionality to everyone in the world is a huge challenge,” he added. For instance, while the number of available IPv4 addresses has effectively run out, Google recently found that only 10% of the world’s traffic has upgraded to the next version, IPv6.There is a cost for ISPs if they want to make these changes. Moreover, as the slow rollout of IPv6 is revealing, many prefer to stick with old technology, simply because it can be made to work.

Source:  http://www.computerweekly.com/news/450296912/Network-Collapse-Why-the-internet-is-flirting-with-disaster

 

 

 

 

 

 

Categorized in Online Research

Another day, another hack. At least, that's how it's starting to feel.

People are getting hacked or becoming otherwise compromised in their digital lives at an alarmaing rate, and it seems as though that's not going to slow down any time soon.

Just earlier this month, it was revealed that hackers had gained access to millions of Twitter accounts, and not by hacking into Twitter itself. No, instead they simply gathered passwords from previous hacks and matched them with usernames.

With hackers on the rampage, there are plenty of things to keep in mind - things that will help you protect yourself and your online data, and ensure that you retain full control over your personal information.

How hackers are getting your information

Often when we think of the word "hacking", we imagine pages and pages of code, hours spent cracking away on a computer, and finding a way to get around having to use passwords. In reality, however, hackers can simply write a program that will look through information to find what they need to log in to a user's account. That's without having to spend hours at the computer combing through code.

"Hackers will most often parse existing breach data for emails, usernames, and passwords, and then attempt to reuse those credentials on popular websites," Alexander Heid, Chief Risk Officer at SecurityScorecard, a security monitoring service, tells TechRadar. "To achieve this, hackers will make use of 'checker' scripts. These are scripts which are designed to test batches of username:password combinations on specific websites to identify valid accounts. These scripts exist for every imaginable service, and are constantly updated and circulate within the hacker underground."

So, what does that mean? When you create a new account somewhere, you likely reuse at least some information for its creation. Even if you're not using the same username or password, information like answers to security questions or other details can all help hackers gain access to your account.

Hacker Source Flickr credit -650-80

Of course, some hackers are a little more hands on. That's where malware comes in. Malware is basically a type of software designed specifically to infect your computer, often in an attempt to steal your personal information.

A prominent form of malware is a keylogger, which basically tracks everything you type and then sends that information back to the hacker who wrote the malware code. That makes it way too easy for hackers to gain access to your accounts; all they have to do is wait until you log on to something and they'll be able to do the same.

There's one more method that hackers often use to get username and password information - phishing emails. These are essentially emails designed to look like they're from a company like Apple or Amazon, and trick you into willingly giving over your information.

Often times, there's a link in these emails that will take you to an official-looking website where you're supposed to log in to an account. Only, the website isn't official, it just looks like it is. Log in, and you're basically handing your information over to whoever sent the email.

How can you stay safe?

Now that you know how hackers are acquiring personal information, it's sure to be a little easier to protect yourself. The first thing to talk about is passwords.

Make passwords a priority

As mentioned, hackers are often able to use previous data breaches to find passwords, then find accounts on other sites and use the same username:password combination to get in. That should be far too easy for hackers to get into an account, but, in reality, people continue to use the same password, or the same few passwords, for their entire digital lives.

The solution? Come up with a new password for every account you have. Yes, it's a pain, but the fact is that creating unique and secure passwords for each of your accounts is an important step in remaining secure online. Not only that, but it could help save you time in the long run; if one of your accounts is hacked, having unique passwords prevents you from having to change the password for all of your accounts.

Source: http://www.inc.com/john-boitnott/how-entrepreneurs-can-ride-the-internet-of-things-to-success.html

Categorized in Internet Privacy

Signs of improved intelligence communications

 

Most American counterterrorism, espionage and counterintelligence operations, from the Cold War to the Iraq War, are unknown to the public at large.

But we know, implicitly, that the U.S. intelligence community, military and special operations forces work quietly in the shadows to keep America safe.

And today, espionage threats against the United States pose as great a threat as ever.

Hundreds of intelligence officers from foreign nations continue to pose as diplomats, journalists and businessmen, just as they have for hundreds of years.

Recent decades have seen the addition of other types of intelligence gathering: improved signals intelligence to spy on enemy communications, image intelligence that uses photography from space, and most recently what is commonly called cyberespionage, or using computers to monitor, sabotage or steal classified information online.

For too long the public largely ignored or misunderstood the threat posed by cyberespionage. High-profile breaches at the State Department and Officer of Personnel Management and efforts by hacking collectives, Eastern European and Asian criminals and even Hollywood have raised awareness of the general threat, which continues to spread as more Americans have their identities or credit card information stolen.

But unlike most traditional methods of intelligence, cyberespionage has become a multiheaded hydra, targeting more than just America's government and military.

In a more complex area, and one of graver importance, cyberespionage now endangers American companies' intellectual property.

This threat we see from China and Russia, in particular, threatens our soft underbelly: our private sector. Not long ago, security analysts estimated the global economic cost of cybercrime to be $445 billion.

Criminals, nation-states and nation-state-sponsored hackers have begun bleeding businesses of their extensively researched and developed products, simply replicating materials for a fraction of the cost and putting them back on the world market in direct competition with American goods.

And because the United States represents a free market economy that respects property rights, rather than one of gross cronyism, we are unable and unwilling to respond in kind.

Those same countries also use cyberespionage in more traditional ways: to steal government secrets and sniff out American spies, and identify America's Chinese or Russian assets. The Chinese have also been accused of hacking pro-democracy groups in Hong Kong to disrupt their activities and eavesdrop on their communications.

And in a technological twist on its authoritarian tendencies, the Russian intelligence services now use the Internet and satellite television for propaganda purposes, including to quell internal dissent and manipulate public dialogue in the United States and elsewhere.

Meanwhile, cyberespionage can occasionally work hand in glove with another central aspect of our changing intelligence landscape: cyberwarfare.

We saw in the Republic of Georgia in 2008 and in Ukraine in 2014 how Russian forces prepped the battlefield by causing power outages and shutting down government computer systems.

China has reportedly made the decision to boost its cyberwarfare capabilities by as much as 30% in a move designed to try to give it parity, if not an asymmetric edge over other major powers in that battle space.

Cybertheft, cyberespionage and cyberwarfare represent the Wild West of intelligence and direct action, with poorly delineated lines setting the three apart, and poorly formed internationally accepted norms guiding responses to the threats. With the ability to hide a hacking trail, use proxies in an attack or feed government-level technology to criminals, the attribution capability for such activity continues to be murky, with easy deniability for unsavory actors.

Recently, a fourth area of threatening cyberactivity has surfaced: nation-states using destructive hacking for political purposes. The Iranians who hacked the Las Vegas Sands Corp. and the North Koreans who attacked Sony Pictures crossed a new threshold by targeting private companies for punitive, rather than pecuniary, reasons.

No company, no matter how prepared, can withstand the determination and resources of a country.

And just this week, Russian hackers allegedly broke into the Democratic National Committee's servers and stole research on presumptive Republican presidential nominee Donald Trump.

As my new CNN Original Series "Declassified" will show, patriots work every day and night to protect American lives and assets from enemies all over the world. The cyber realm presents a new arena for their efforts, one that we have not yet quite mastered. With new frontiers of concern still unfolding, however, you can bet we will see the emergence of more intelligence activity in the cyber realm.

Source:  http://www.siouxlandmatters.com/news/whos-spying-on-the-us-today-and-how

 

Categorized in Internet Privacy

Last week, the world heard that the Singapore Government plans to restrict Internet access for all public servants from May next year.

On the one hand, critics have argued that the policy will set Singapore back and that it contradicts our Smart Nation aspirations. On the other hand, cyber security experts have supported the plan to keep secure systems and e-mail segmented away from the Internet. Similar segmentation is already practised in sensitive parts of both private and public sectors such as banking and the military. As businesses, the general public and even other countries are watching this controversial step closely, it is important for us, as a nation and society, to send the right messages about cyber security and Internet access.

We need to make clear that segmenting Internet access is one of several ways to be secure. Segmentation reduces the risk of spear phishing, where employees mistakenly click on links in fake e-mail which lead to dangerous websites. It also reduces the risk of ransomware, where malicious software locks up all the computers of an organisation. It is a sensible solution since reports indicate that Singapore is a prime target for both of these cyber attacks. However, for the many organisations, businesses and individuals that cannot afford to disconnect themselves from the Internet, they need alternatives to reduce their risks such as identity management systems and next-generation firewalls.

We still need to prepare the nation to respond to cyber security breaches. Segmenting a network does not guarantee that it will never be hacked. For example, Iran's Natanz nuclear plant was not connected to the Internet, but it was nonetheless attacked by the Stuxnet virus and forced to close down.

Hackers are also increasing their use of cyber-attack methods that do not require Internet access, such as insider attacks and social engineering, using psychology to deceive others to grant access. Some day, a serious breach could take place and systems could be disrupted, or substantial personal data or money could be stolen.

Singapore will be resilient enough to withstand this if it has already set up backup systems, services to help victims, laws to protect the rights of victims and well-crafted emergency plans, and conducts regular drills much like the fire drills widely practised today.

In the meantime, there is a need to encourage organisations in both public and private sectors to work with their employees to find or develop secure Internet tools for work. Some government ministries may be able draw a line between "work" on secure systems and "surfing the Net" on less secure computers. But in many other organisations today, employees carry out their "work" by "surfing the Net", including research, procurement of goods and services, monitoring markets and competitors, and communicating with customers.

Employees may also use webmail to access e-mail from outside office and cloud services to transfer large documents because they are more efficient. Some public servants will use dual computers because they need to access both the secure government network as well as the Internet. Others might need to use personal devices to read work documents that come through the Internet, or use cloud services like Dropbox or Google Drive to receive large documents.

All of them need to be given secure yet efficient methods of transferring information and documents from external sources into the secure network in order to carry out their daily work productively while protecting the system from infection.This message that Internet separation is but one of several ways to be secure is especially important for the digital native generation, who have grown up using the Internet and find it natural to use Internet tools and resources to work productively.

Organisations in the public and private sectors which want to attract the best and brightest young talents from this generation, and to benefit from their fresh ideas, cannot afford to send the message that the Internet is unwelcome in their workplace.

On a broader scale, government and businesses need to assure the public that the Internet is safe enough for transactions like government e-services, banking and e-commerce, provided they observe secure behaviour. While cyber threats are increasing, so are security measures such as two-factor authentication. The challenge is to teach everyone, from the Pioneer Generation to the very young, how to use online services securely. As Singapore progresses with the Smart Nation and fintech initiatives, and more public and private services are provided online, we should not have any segment of the population that avoids using them because of fear, uncertainty and doubt.

Finally, as consumers, we need to demand that makers and providers of smart services and devices build in more security. Many Internet Of Things devices like pacemakers, fitness trackers, smart locks, security cameras and even our cars can be attacked through the Internet, and we need them to be more secure as we embark on the Smart Nation initiative.

At this time when misconceptions still abound about the safety of using the Internet, it is vital to spread the correct messages on cyber security to ensure that our public sector, businesses and the general public are able to securely and productively benefit from the technological advances of our Smart Nation.

Source:  http://www.straitstimes.com/opinion/sending-the-right-message-about-internet-and-security

Categorized in Internet Privacy

With its colossal acquisition of LinkedIn this morning, Microsoft gets an immediate, powerful asset for its software sales pitch: A social dataset of 400 million-plus users.

That should fray nerves at Google, and raise pressure on it to respond with an acquisition of its own, one aimed at expanding its reach with business customers. It had already informally sounded out some mid-market business-focused cloud apps for acquisition earlier this year.

Over the past year, the search giant has directed considerable attention and resources to building out a sizable enterprise operation, an attempt to diversify its business (an ads one). One of the two pillars of the operation, apps for businesses, competes head-on with Microsoft.

And now Microsoft has a pool of valuable data — based on personal and professional information — that Google, despite its expensive past efforts, does not.

Google will have to answer — particularly since one product Microsoft said LinkedIn will assist with is Cortana, its artificial intelligence-powered personal assistant. AI is a linchpin feature that Google is using with its enterprise software sales pitch. Google's AI is widely considered best in the industry; but with LinkedIn's data, Microsoft could have a critical edge in its offering that trumps Google.

With its colossal acquisition of LinkedIn this morning, Microsoft gets an immediate, powerful asset for its software sales pitch: A social dataset of 400 million-plus users.

That should fray nerves at Google, and raise pressure on it to respond with an acquisition of its own, one aimed at expanding its reach with business customers. It had already informally sounded out some mid-market business-focused cloud apps for acquisition earlier this year.

Over the past year, the search giant has directed considerable attention and resources to building out a sizable enterprise operation, an attempt to diversify its business (an ads one). One of the two pillars of the operation, apps for businesses, competes head-on with Microsoft.

And now Microsoft has a pool of valuable data — based on personal and professional information — that Google, despite its expensive past efforts, does not.

Google will have to answer — particularly since one product Microsoft said LinkedIn will assist with is Cortana, its artificial intelligence-powered personal assistant. AI is a linchpin feature that Google is using with its enterprise software sales pitch. Google's AI is widely considered best in the industry; but with LinkedIn's data, Microsoft could have a critical edge in its offering that trumps Google.

If it wants to catch up, Google's not short on the cash. Nor is it short on will. Diane Greene, its enterprise SVP, who wields considerable power in the company, has an edict to grow her unit, even through acquisition, as Recode reported earlier.

Should Greene and Google go on a spree, here are some potential big targets:

Slack: The fast-growing workplace messaging app boasts three million users every day, and about a third of them use it from accounts paid for by their employers. While generally known as a popular tool at young tech and media companies, it's on track to launch an enterprise version that delivers the scale necessary for use in larger companies sometime this year. It's also working on enhancing the service with AI features that would give the Slack application the brains to anticipate a user's day-to-day business needs, boosting its appeal in an area Google already considers a priority.

And valued at less than $4 billion as of its most recent funding round, Slack is affordable. One important complication: Slack runs entirely on Amazon Web Services. Migrating it to Google's cloud service would be a big job.

Box: The cloud storage, sharing and collaboration platform was the darling of Silicon Valley ahead of its IPO last year. It's a different company today, with a fully imagined long-term strategy to help specific industries build custom applications and to act as the central cog connecting numerous existing business apps including Microsoft's Office, Salesforce.com, and, by the way, Google Apps. Its customers include household names like the Campbell Soup company, industrial giant GE and The Gap, and 10,000-seat deals with large customers are not uncommon.

Box's low share price, down 52 percent since its debut on the New York Stock Exchange, also creates an opportunity.

Dropbox: What Dropbox lacks in a fully articulated vision for doing business with large companies, it makes up for with the scale of its numbers: More than half a billion people use Dropbox, plus 150,000 businesses. Its bread-and-butter business is file storage, sharing and syncing across multiple devices. And it works.

It recently moved its data off of Amazon's cloud and onto one of its own making. Privately held, its mutual fund investors have in recent months written down the value of their shares, suggesting it's worth about $10 billion. That may make it too big a bite even for Google, though parent company Alphabet has just over $75 billion in combined cash on hand.

Source:  http://www.cnbc.com/2016/06/14/microsofts-big-linkedin-purchase-puts-the-pressure-on-google-to-respond.html

Categorized in Internet Privacy

Firewall is a term that most internet users are familiar with. They may have come across the term at the office when they browse the web, or at home, when several people use the same connection, where security needs to be setup. But what is Firewall, and how does it work? Although many people might have heard of the term, few are aware of its uses.

‘Firewall’ refers to a security system that is employed to keep out the viruses and doubtful networks. It  can be software based or hardware based. It regulates the information flowing in and out of the network and have a set of rules that is used to filter the trusted networks, prevent unauthorized access of information, as well as remote access to your network.

Most Firewalls employ the use of filters, which means the information or data that is flagged by the filters are not allowed through. Firewalls use several methods for this purpose; packet filtering, application gateways, proxy service and Stateful inspection. The good thing is, Firewalls are customizable, allowing you to choose the unique features for your protection online. You can customize them according to the level of security you need. Often, Firewalls use two or more of the techniques mentioned above for greater security. Such Firewalls are known as Hybrid Firewalls. You can also use settings which block out content with certain words, which is often done in offices, or at home, to filter out inappropriate content when children are using computers.

There are also several options of Firewall security that can be used. You may choose between the hardware firewall and a software firewall. Hardware firewall can be purchased, but usually comes preinstalled on a standard router, while software firewall is installed on computers as an added security measure. Hardware firewall is used typically by large corporations, who want a single security umbrella for several departments and systems. They can hide your IP from the connections outside, along with providing protection within corporations and between departments. However, since it is a place based security system, it is usually not recommended for individual users and personal computers. Software Firewalls can operate outside your home and office, hence it is recommended for digital security when you are on the move.

Firewall is a useful tool in protecting your PC from the external environment. It protects your computer from harmful content while protecting your personal information being sent out. It acts as a guard screening all the incoming and outgoing traffic from your computer. While different security levels can be established by different settings on Firewalls, it can also be customized to suit your needs. You can also choose between the hardware and software firewall, both of which work well in different situations.

Summary:

Firewall is a security system to protect your PC from the external environment. They are customizable, for you to choose a combination that suits your needs. Yu can also choose between the hardware and software firewall, both of which work well in different situations. 

 

Categorized in Internet Privacy

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now