In a direct response to the reported “pervasive surveillance” that is being carried out, the Internet Architecture Board (IAB) said in a statement that protocol designers, developers, and operators should make encryption the norm. Not only should encryption be “deployed throughout the protocol stack”, given that “not a single place within the stack where all kinds of communication can be protected”, but that new protocols should be designed with confidential operation by default.
They go on to say:
Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance.
Their aim of the changes are to “help restore the trust users must have in the Internet”.
Whilst I think this is a good idea and should improve security, it does pose questions for network and security administrators. It will make their jobs a lot harder if everything they see across the network is encrypted. The IAB seem to recognize this and are willing to work cooperatively to provide a solution that will hopefully benefit all.
I also find it encouraging that they are trying to get those developers who don’t even necessarily deal with user information to also use encryption so that they don’t reveal anything that might point to user information. Whilst I am glad the IAB has put this out and they recognize that it will take time, I wonder if it is feasible.
If you are not already aware, there is a major security risk with many Apple products. The issue affects both iOS and Mac OS X and would potentially allow a hacker to obtain your private information and/or potentially change it whilst in transit. The good news is there is a patch available.
For those who have an iPhone or iPad then you should update to iOS 7.0.6. To do this go to Settings > General > Software Update > iOS 7.0.6.
If you have a Mac and you are running Mountain Lion or later then you can update by opening the Mac Store app and select the update – “OS X version 10.9.2”. Alternatively, on the top left hand corner click on the Apple logo and select “Software Update”. Either option should give you the chance to update and patch your system.
If you don’t update then many applications such as Safari, iMessage and FaceTime would send your data in an insecure manner. Any credentials you use would potentially be at risk of being intercepted, if in range. The update takes less than 10 minutes so there is really no reason not to update.
Apple TouchID, the fingerprint scanner for the iPhone5S, is reported to have been hacked. Within hours of the iPhone5S being launched there was a website setup to see who would be the first person to be able to hack it and show proof. The website, isTouchIDhackedyet.com, wanted to know if it was possible. Continue reading Apple TouchID: Secure for just a day after being hacked.
Those of you who have been wondering why the Apple Developer website has been down since Thursday now have an answer. See this communication from Apple: Continue reading Why the Apple Developer website is down