The Chrome Vulnerability
Tips to Protect Yourself
- Do not use the same password or the same few passwords for all accounts. If you cannot keep track of all of your passwords you may want to consider using a password manager like LastPass, Dashlane, and KeePass. These services also enable you to only have to remember one password.
- Change passwords by going directly to the website. If you receive an email from a site encouraging you to change your password, do not follow the link in the email. Whether this email looks legitimate or not, this is a prime opportunity for attackers to attempt to steal data.
- Watch bank accounts and credit report for fraud. The Heartbleed bug and undoubtably a number of other have been in the wild for quite some time (Heartbleed for approx 2 years) so there are always threats and attackers seeking to get your data. Monitor your accounts for irregular and fraudulent activity.
- Change passwords periodically. Changing your passwords can help avoid discovery of passwords and the subsequent access to sensitive data.
- Avoid the automatic login feature. This may not be as critical for some services but should be standard practice for bank accounts and other sites that store or take sensitive data like personal data and banking or credit card information.
- Actively manage the security and privacy setting on the sites you use.
Do you have any additional tips? Do you know anyone affected by either Heartbleed or the Chrome vulnerability? How are you protecting yourself?!
Today, 35 U.S. Senators lead by Senators John Thune (R-S.D.) and Marco Rubio (R-Fla.) sent a letter to the National Telecommunications and Information Administration (NTIA), seeking clarification regarding the recent announcement that NTIA intends to relinquish responsibility of the Internet Assigned Numbers Authority (IANA) functions to the global multistakeholder community. Read my previous post “US to Relinquish Control of the Internet” for more background on this issue.
The letter express the group’s “[strong] support [of] the existing bottom-up, multistakeholder approach to Internet governance.” The letter highlights bipartisan support of S. Con. Res 50 in 2012 that reinforces “the U.S. government’s opposition to ceding control of the Internet to the International Telecommunications Union (ITU), an arm of the United Nations, or to any other governmental body.”
The group cautions: “We must not allow the IANA functions to fall under the control of repressive governments, America’s enemies, or unaccountable bureaucrats.” To read the full text of the letter click here.
As you read it I encourage you to think about a few things:
Are these the right questions?
These are fair questions and likely on the minds of those invested in the outcome of this transition. ICANN & NTIA have pledged transparency throughout this process, therefore, I look forward to their candid responses. None of the questions are out of line or beyond the scope of Congressional oversight.
What other questions should we ask?
The answers to these questions will spark additional questions. However, in my opinion, there are a few other questions the Senators could have posed.
- What happens if the deadline is not met? Is the US prepared to renew the contract? Is the US prepared for the international backlash if the deadline is not met?
- Does the structure of an organization like ICANN, that has an entire constituency of comprised of government representatives (GAC), meet the nongovernmental multistakeholder model? To what extent and how are governments going to be kept out of oversight after the initial launch?
- Whose interests does NTIA seek to serve or protect by initiating this transition?
What other questions do you have?
How hard do you want Congress to push on this issue?
Transparency will help alleviate fears and misconceptions. I think the answers to these questions and those likely to follow with help shape the dialogue as this process continues. Gaining the confidence of the American people and other inter nation critics will serve to make this a smoother process for NTIA and ICANN. I encourage Congress to pursue the answers to these questions and then decisions can be made about how to proceed.
This issue has a long way to go before we can develop a definitive perspective on the positive or negative effect this will have on the future of the Internet. I will continue to monitor the developments but I encourage you think about what concerns you most and leave your thoughts in the comments.
The below are highlights of the questions asked:
- Please provide us with the Administration’s legal views and analysis on whether the United States Government can transition the IANA functions to another entity without an Act of Congress.
- Please explain why it is in our national interest to transition the IANA functions to the “global multistakeholder community.”
- Why does the Administration believe now is the appropriate time to begin the transition, and what was the specific circumstance or development that led the Administration to decide to begin the transition now?
- What steps will NTIA take to ensure the process to develop a transition plan for the IANA functions is open and transparent?
- Will NTIA actively participate in the global multistakeholder process to develop a transition plan for the IANA functions, or will the Administration leave the process entirely in the hands of ICANN?
- What specific options are available to NTIA to prevent [a government or inter-governmental solution] from happening?
- How can the Administration guarantee the multistakeholder organization that succeeds NTIA will not subsequently transfer the IANA functions to a government or intergovernmental organization in the future, or that such successor organization will not eventually fall under the undue influence of other governments?
- How did NTIA determine that ICANN is the appropriate entity to lead the transition process, and how will NTIA ensure that ICANN does not inappropriately control or influence the process for its own self-interest?
- Does NTIA believe ICANN currently is sufficiently transparent and accountable in its activities, or should ICANN adopt additional transparency and accountability requirements as part of the IANA transition?
- Is it realistic to expect that an acceptable transition plan can be developed before the IANA functions contract expires on September 30, 2015? Is there another example of a similar global stakeholder transition plan being developed and approved in just 18 months?
- How will NTIA ultimately decide whether a proposed transition plan for IANA, developed by global stakeholders, is acceptable? What factors will NTIA use to determine if such a proposal supports and enhances the multistakeholder model; maintains the security, stability, and resiliency of the Internet Domain Name System; meets the needs and expectation of the global customers and partners of the IANA services; and maintains the openness of the Internet?
- Will NTIA also take into account American values and interests in evaluating a proposed transition plan? How?
What is a Bitcoin?
A bitcoin is a form of virtual currency that only operates in cyberspace.
A virtual currency can be defined as a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community. In 2009, the “Bitcoin” network was launched, introducing a worldwide virtual currency.
- Bitcoin is typically stored on a user’s personal computer or in cloud based accounts called “wallets.”
- Bitcoin wallets do not meet the UCC’s definition of a deposit account as they are not maintained with a bank.
- Bitcoin wallets are not insured by the FDIC.
- Bitcoin has a high likelihood for extreme value fluctuations.
- Bitcoin is gaining popularity.
On March 11, 2014, FINRA issued an Investor Alert to caution investors of the “significant risks” of buying and speculating in bitcoin and other digital currencies, as well as the risk of fraud and cybercrime related to online bitcoin exchanges and other bitcoin-related service providers.Specifically, the alert outlines several risks surrounding the usage of and speculating in bitcoin, including:
- Bitcoin and other digital currencies are not legal tender and if the trust built up among individual users and businesses should vanish, bitcoin would be valueless.
- Online exchanges that allow users to buy and sell bitcoin and digital wallet services that allow users to store bitcoin are magnets for cyberthieves.
- Because bitcoin transactions are essentially anonymous, users must take extra care to avoid fraudsters posing as legitimate services.
- Bitcoin has been used for illicit transactions and such activities could impact users and speculators if an online exchange or service is shut down by law enforcement.
- Price volatility has been bitcoin’s hallmark in recent years, and there is no uniform value of bitcoin across the various exchanges.
Is bitcoin the future?
Given the variable nature of bitcoin, it’s hard to foresee the future. Many questions remain: How will state or federal legislators regulate the bitcoin system? Will volatility and data security destroy confidence in bitcoin? Will bitcoin emerge as a standard payment option, remain a niche product, or otherwise become less interesting, but more predictable under new regulations? Will the average consumers embrace this new currency?
On Friday, the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) announced it is giving up control of a system that directs Internet traffic and Web addresses. As a result, Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit organization charged with managing the Internet, is tasked to convene global stakeholders to develop a proposal to transition the current role played by NTIA in the coordination of the Internet’s domain name system (DNS). This announcement came as a surprise to many but a coalition of nations has been calling for the US to relinquish control of the Internet for at least the last nine months. Politically this takes the US out of the line of fire but practically what does this do for the culture of the Internet?
Why is this important to you? Because it may change the Internet as you know it….
What exactly was the US Doing?
NTIA is the Executive Branch agency that advises the President on telecommunications and information policy issues. NTIA’s programs and policymaking focus largely on expanding broadband Internet access and adoption in America. NTIA controls the DNS which essentially converts the web addresses (URLs) we type in to the search bar into the correct IP address to retrieve the website you requested. Whether you are accessing a Web site or sending e-mail, your computer uses DNS to look up the domain name you’re trying to access. This system is essential to the functionality and security of the Internet.
If not the US, then who?
This contract to control DNS has allowed the U.S. government to exert what some claim is too much influence over the Internet. technology that plays such a pivotal role in society and the economy. So if not the US, then who with the world feel comfortable wielding that power and influence?
There’s a meeting, ICANN 49, March 23 in Singapore and the future of the Internet is at the top of the agenda.
According to Lawrence Strickling, assistant secretary at the Commerce Department, “[The department] will not accept a proposal that replaces the NTIA’s role with a government-led or intergovernmental solution.” Does that leave ICANN or a similar organization to maintain the DNS?
Why should you care?
Because this could mean a very different Internet…
While companies like Verizon applaud the move, ITIF and other organizations have argued before that U.S. government oversight has played an essential role in maintaining the security, stability, and openness of the Internet and in ensuring that ICANN satisfies its responsibilities in effectively managing the Internet’s DNS. Without the U.S. government’s presence some lawmakers and members of the tech industry have expressed concern that relinquishing control of IANA will open up the Internet to threats from other governments that seek to censor it. This could mean a very different Internet.
Are their concerns justified? No one really knows right now but what we can surmise is that the Internet is in for some changes in the years to follow the change of control. Many countries have dealt with privacy and censorship in ways different from that of the US. How will ICANN deal with these conflicting views democratically and ensure Internet users from all economies and sovereign nations will be represented and heard? Will the standards of openness and free flow of information embraced today remain the baseline? Does the “global multistakeholder community” NTIA is referring to exist? What is the legal jurisdiction for both ICANN and this new multistakeholder body?
There are no answers to these questions because so little is known about whats to come. I look forward to the information and ideas that flow from the ICANN meeting next week. The questions need to be among those at the top of the list.
We have all become accustomed to having our technology cater to most of our needs in very personal way. However, we all desire to retain a certain amount of privacy. For example, our cellphones track our every move and click while occasionally make calls – and yet we would be lost without the maps and ability to request anything from “Siri.” Our cable boxes may bring our favorite shows and movies but they also report back to providers all of your family’s television viewing habits. We all appreciate the convenience that customization provides however that means a loss of privacy….
BYOD (bring your own device) is a buzz word amongst company IT departments and policy makers. BYOD is an employee-purchased and owned device (i.e., laptop, smartphone, tablet) that is connected to a corporate information network system or otherwise used to conduct company business. A recent Cisco study found that 90% of full-time American workers use their personal smartphones for work purposes. In this cyber age where privacy and cyber security are major concerns for employers and employees alike, BYOD is a proverbial minefield for those unaware of the legal, security and privacy risks.
Emerging BYOD Legal Risks
In this world of telecommuting and start-ups, many companies allow employees to use their own laptops and smartphones. Companies have thereby ended the Apple v. Android, Mac v. PC debates, a win-win for employees and their employees. This all might sound great for both employers and employees, but as with any new invention, the risks of BYOD policies have not yet been resolved. Nor have we seen any BYOD policies take center stage of a publicized legal dispute. We have, however, seen disputes arise over storing company data on personal devices. In Barrette Outdoor Living, Inc. v. Michigan Resin Representatives, the Court ordered an employee to pay $35,000 in sanctions for failing to preserve his cellular phone and deleting 270,000 company files from his personal laptop. Even when using a personal device, employees may have a duty to maintain corporate information if their employer goes to trial. Employees may face personal legal liability for actions taken while using their BYOD device.
Understanding BYOD Security Risks
When employees have access to company networks and data through their personal devices, the company becomes increasingly vulnerable to security and legal risks. Companies that allow broad access face the risk of employees to deleting company data and are susceptible to the carelessness of employees and third-party users. These users can be anyone from a child using a parent’s phone to office visitors connecting to the company wi-fi. When BYODs and third-party devices bypass security features normally applied to corporate devices, they are vulnerable to malware—a costly risk, particularly in regard to Android devices. Additionally, BYODs that bypass network security elevate the risk of non-compliance with data privacy laws and regulatory requirements.
Mitigating Security Risks & Maintaining Employee Privacy
The most effective mitigation strategy will couple emerging tools with a BYOD policy to protect company assets and security, examples of which include:
- Developing a BYOD policy that addresses ownership, password requirements, employee privacy, liability, limitations on access/use, search parameters and what situations trigger which reactions.
- Selectively publishing company data to new mobile apps; users get the data they need, and the company has greater control over data security.
- Requiring device encryption.
- Installing software to track which documents employees download.
- Installing technology to wipe only corporate settings, data and apps to protect business assets while leaving personal data and settings intact.
- Exploring geo-fencing to protect company information and prevent data breach by disabling device features such as the camera within company space.
Use and implementation of these tools will depend on company needs but should be considered to mitigate legal, security and privacy risks.
To see more from me on this issue visit: http://techpageone.dell.com/technology/byod-policies-tangle-hr-legal/
What is a gTLD? gTLD stands for generic top-level domain and is an Internet extension such as “.COM,” “.NET” or “.ORG.” Right now there are a little over two dozen gTLDs, but soon, there could be hundreds. The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for the coordination of the global Internet’s systems of unique identifiers and, in particular, ensuring its stable and secure operation. According to ICANN the new gTLD program was developed to increase competition and choice in the domain name space. As the new gTLDs launch and threaten to change the Internet as we know it there are a lot of things you should know but here are five to start. For additional background information about new gTLDs, please visit some of my previous posts “What do you know about the new top level domains?” & “Will You Be Confused When The New Generic Top Level Domains (gTLDs) Launch?”
1. Be careful of services “guaranteeing” to get a domain name for you
2. The first non-Latin character new gTLDs were delegated
What does delegated mean? This means that the gTLDs or strings have successfully completed the new gTLD Program and has officially been selected as a new gTLD that will go live for use. This will be the first time non-Latin characters can be used in a TLD and not just in the second level domain. Click here for more information from ICANN.
One is شبكة, the Arabic word for “web” or “network”, while another is 游戏, which means “game” in Chinese.The other two – онлайн and сайт – are both Russian words, meaning “online” and “website” respectively
3. First nine LATIN new gTLDs were delegated
The first nine new gTLDs delegated last week were:
The “sunrise period” for registration of the first seven gTLDs is “.BIKE,” “.CLOTHING,” “.GURU,” “.HOLDINGS,” “.PLUMBING,” “.SINGLES,” “.VENTURES.” will begin November 26 and general availability to anyone will begin January 29, 2014. Keep any eye out for new gTLDs as they are delegated. Consider whether you or your company wants to purchase a domain. And monitor the official launch of these new gTLDs starting in January. Monitor how your brand and ineffectual property are being used on this new gTLDs. To keep up with delegated strings click here.
4. The launch of new gTLDs multiplies the size of the Internet and presents increased security and intellectual property infringement risks.
- Pay attention to the gTLD in the address bar. New gTLDs give malicious actors more platforms to attack the unsuspecting. Pay attention to the address you are trying to get to and make sure all parts of the address are correct. Also if you search for a website make sure the site that comes up is the legitimate website.
- Companies must monitor the use of their intellectual property on new gTLDs. Companies should currently have a plan in place to protect their IP investments through motoring, preemptive registrations, the Trademark Clearinghouse and other rights protection mechanisms provided by ICANN. Be proactive!
5. Launch of new gTLDs presents a number of opportunities to market your brand or yourself. This will present business and consumers with a new and unique user experience and online footprint. There will be a lot more room for customization online and opportunities for marketers to be creative with how to reach consumers. I am excited to see the innovative means of reaching the public that are birthed from the new gTLD launch.Please ask any questions you have about new gTLDs, protecting yourself, rights mechanisms, IP protection, security concerns etc. Start the discussion!