Ready to Start Your Career?
December 15, 2017
UNM4SK3D: Net Neutrality, Starbucks, and ROBOT
December 15, 2017
#badnewsToday was a sad day for the Internet and sites like Cybrary. The Federal Communications Commission voted today to deregulate the broadband industry and eliminate net neutrality rules that "prohibit Internet service providers from blocking and throttling Internet traffic." For those of you have been following the news, there's been much debate surrounding this issue as polls indicated that majorities of both Democratic and Republican voters supported keeping net neutrality, and net neutrality supporters protested outside the FCC headquarters before the vote. It was also discovered through an in-depth analysis that prior to the vote, two million online comments about net neutrality stole real Americans' identity. These comments included more than 100,000 comments per state from New York, Florida, Texas, and California, which are the most heavily affected states.The result of the vote means that Internet service providers and mobile carriers will no longer have to adhere to strict net neutrality rules and will be allowed to block or slow down Internet traffic or offer priority to websites and online services in exchange for payment. Say goodbye to a cheap Netflix membership with quick streaming. It appears many were for net neutrality rather than against, yet it was still able to pass. We'll keep our thoughts as to why to ourselves.Ajit Pai, FCC Chairman, was a major proponent of this new ruling, saying "under Title II, investment in high-speed networks has declined by billions of dollars." However, there have been no statistics to support this statement, not to mention that major broadband providers have told investors that Title II hasn't harmed their investment. There is also no data to support his claim that "only a few small Internet providers were hurt by the rules." As a matter of fact, Comcast already deleted a 'no paid prioritization' pledge from its net neutrality webpage, opening the door to charging websites for priority. There are also a number of consumer protections being lost in this vote, including the removal of mandatory notices to customers regarding hidden fees and penalties for exceeding data caps.
I dissent. I dissent from this fiercely spun, legally lightweight, consumer-harming, corporate-enabling Destroying Internet Freedom Order. The FCC is handing the keys to the Internet... over to a handful of multi-billion dollar corporations," she continued. The repeal plan has drawn a bipartisan outcry "because the large majority of Americans are in favor of keeping strong net neutrality rules in place. -FCC Commissioner Mignon ClyburnFor the initial coverage on Cybrary about net neutrality, read this edition of 'UNM4SK3D.'
Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand.. cc @GMFlickinger -tweet from Noah DinkinKeep your cryptocurrency safe! Read 'Cryptocurrency Security: How to Safely Invest in Digital Currency' from Heimdal Security
#vulnerabilityA ROBOT from 1998? Yup- this critical vulnerability has resurfaced and is making websites vulnerable to attackers who could decrypt encrypted data and sign communications using the sites’ own private encryption key.ROBOT, which stands for 'Return Of Bleichenbacher’s Oracle Threat,' named after Daniel Bleichenbacher, the researcher who originally discovered it, has returned. This vulnerability is found in the transport layer security protocol used for Web encryption. "A successful attack could allow an attacker to passively record traffic and later decrypt it or open the door for a man-in-the-middle attack, according to researchers." The most recent version of this attack was discovered through Facebook’s bug bounty program, by researchers Hanno Böck, Juraj Somorovsky, and Craig Young.The attack involves sending queries which generate “yes” or “no” answers in a type of brute-force guessing attack. Using this technique, called an 'adaptive chosen-ciphertext attack,' can force the TLS server to reveal the session key, allowing an attacker to decrypt HTTPS traffic sent between the TLS server and the user’s browser. “We discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet,” said the researchers. From this discovery, it seems a number of vendors failed to properly implement countermeasures needed to protect against this vulnerability.
We have identified vulnerable implementations from at least seven vendors including F5, Citrix, and Cisco. Some of the most popular webpages on the Internet were affected, including Facebook and Paypal. In total, we found vulnerable subdomains on 27 of the top 100 domains as ranked by Alexa. -researchersWant to learn more about man-in-the-middle attacks? Read 'Man in the Middle Attacks' Explained Through ARP Cache Poisoning.'