There’s a big problem with little devices on the Internet. A lot of them have really sloppy security. They have default passwords which require extra effort to change. Some have their own Web servers for no fathomable reason, and others have unsecured Wi-Fi connections. People install them with very little thought and no configuration.
These devices are vulnerable to attacks that take them over remotely, incorporating them into botnets. The October 21 attack on Dyn’s DNS servers made many websites unreachable for a large part of the day. The attack came from thermostats, refrigerators, security cameras, and light bulbs. It’s like an episode of The Twilight Zone.
Continue reading Should the Internet of Things Be Regulated?
The reporting about the Cloudflare leak had me puzzled. Apparently reliable reports said that its parser bug had leaked customer sites’ HTTPS data, including passwords. My immediate reaction was to wonder how this was even possible. You can’t pull data out of someone else’s HTTPS transactions without their private key. I asked about this in a comment on a Dreamwidth post that raised the matter, and was told I was being “belligerant” by asking. Hmm … At least one IT person doesn’t want me asking. Something interesting must be going on.
Continue reading The real problem exposed by the Cloudflare leak
There is a big push for news organizations to adopt HTTPS, because it will make it harder for snoopers to observe what people are reading. In countries where information is seriously censored, this protection could save people from unpleasant consequences. Just how much privacy does HTTPS give us, though?
Continue reading How private is HTTPS?