Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Who Runs The Internet
While no one “owns” the Internet (for now, despite republican plans) there are a handful of companies that control the Internet. Unless you are a techno-geek, these six organizations that control how the Internet works, most likely fly under your radar.
International Telecommunications Union
The first organization that is actively trying to take over the functions of the Internet is the United Nations International Telecommunications Union (ITU). The ITU in my and many other opinions an outdated, pointless throw-back to the days of the telegraph, with policies to match. I covered the last power grabs by the UN’s ITU here.
Internet Architecture Board
Next is the Internet Architecture Board (AIB). The IAB is the overseer of the technical evolution of the Internet. The IAB supervises the Internet Engineering Task Force (IETF), which oversees the evolution of TCP/IP, and the Internet Research Task Force (IRTF), which works on network technology.
The IAB declared a major strategic move for the Internet. The Internet Architecture Board is calling for global encryption on the web (which I have covered many times from my Bach Seat) to become the norm across the Internet in a move to lock down the privacy and security of information exchange according to Dark Reading.
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) develops and promotes voluntary Internet standards. It is most well known for the standards that make up the Internet protocol suite (TCP/IP). It is an open standards organization, with no formal membership or membership requirements. All participants and managers are volunteers, though their work is usually funded by their employers or sponsors. The IETF is also well-known for its RFCs or Request for Comment documents like RFC RFC 1918 and RFC 873.
Internet Society
Another organization that shapes the Intertubes is ISOC. The Internet Society (which I am a member of) was formed in 1992 by Vint Cerf and Bob Kahn. ISOC was formed to provide a corporate structure to support the Internet standards development process.
Internet Corporation for Assigned Names and Numbers
The Internet Corporation for Assigned Names and Numbers (ICANN) is perhaps the most critical organization that helps run the Internet. ICANN coordinates the distribution of IP addresses and the Internet’s Domain Name System (DNS). IP addresses are the numbers that are assigned to every computer on the Net to uniquely identify each device. There are two types of IP addresses, IPv4 and IPv6. The web has run out of IPv4 addresses (which I covered here and here) and is very slowly being replaced with IPv6 addresses. ICANN doles out these addresses.
ICANN also manages the Domain Naming System (DNS) on the web that converts IP addresses to names. DNS makes it possible to remember www.google.com, which is easy for humans to remember instead of remembering https://web.archive.org/web/20150507211330/http://74.125.224.72/, which is easy for computers to deal with, to get to Google.
The U.S. government funds ICANN. They Feds have gotten heat from around the globe after Eric Snowden’s revaluations about global spying operations. The role of ICANN is changing.
Internet Service Providers
The only group that makes money on the Internet but does not help run the Internet (yet) are the Internet Service Providers (ISP). ISP’s control nearly everyone accesses it. The gatekeepers to the web are ATT (T), Comcast (CMCSA), Charter (CHTR) and Time Warner Cable (TWC) are the biggest names of ISP’s. ISP’s “perform” two key functions. First, they provide last-mile connections, that is the connection to your home or business to their offices, which we all over-pay for. Next, they provide back-haul or backbone services that move your email across the town or across the globe. The ISP’s also make money on these ISP-ISP connections.
Right now the FCC is considering the future of the Internet during its Net Neutrality decisions. If the ISP’s get their way, it is likely that homes and businesses will be required to pay the ISP’s more money to maintain the crappy service we already get.
rb-
Let’s add this up big business telecom money + millionaire politicians = the 1% screwing the rest of us. Get involved, save the Internet, get in touch with your alleged representatives and tell them NO MORE.
Related articles
- When the US lets go of the keys to the internet, what about our protocols? (go.theregister.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, ARPANET, ICANN, IETF, Internet Architecture Board, Internet Assigned Numbers Authority, Internet protocol suite, IP address, ISOC, Networking, Transmission Control Protocol, Vint Cerf
2014’s Major Web Vulnerabilities
2014 was the year of cyber-security mega-vulnerabilities. What makes mega vulnerabilities unique are they strike at the core of the Internet infrastructure and can impact nearly every connected device and every Internet user on the globe. 2014 saw the emergence of three mega-vulnerabilities Hearbleed, Shellshock, and POODLE.
Heartbleed, Shellshock, and POODLE were the top three major web vulnerabilities uncovered in 2014 according to Fred Donovan at FierceITSecurity. In case you have not heard of this trio of troublemakers, Web security firm Incapsula produced the following infographic.
The Incapsula infographic looks at each of these vulnerabilities and layout when they were discovered, what type of vulnerability they are, what systems and the number that are affected, the risks posed by the vulnerabilities, their severity, how easy they are to exploit, and the difficulty of fixing. Tim Matthews, vice president of marketing for Incapsula wrote in their blog:
What makes these mega vulnerabilities special is that unlike most vulnerabilities that are specific to a particular OS, browser or software application, these three relate to the core Internet infrastructure (e.g., SSL and Linux devices) and, in essence, affect just about every connected device owner and every Internet user on the globe.
rb-
In their blog, Incapsula warns this is the tip of the iceberg of mega-vuln‘s that exploit other structural core functions of the Intertubes. Wired reports that after 8 months, 300,000 machines remain unpatched against Heartbleed.
Related articles
- Web Freedom Is Seen as a Growing Global Issue (cacm.acm.org)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
More Competition – Birch Enters Detroit Market
Atlanta-based Birch Communications a technology service provider of IP-based communications, broadband, cloud and IT services to small, mid-sized, enterprise and wholesale businesses is expanding into Detroit. Birch already operates in all 50 states, Washington D.C., Canada and Puerto Rico. The firm is opening a new sales branch office in Livonia, MI, and expanding its sales force according to FierceTelecom.
The new office is located at 17197 North Laurel Park Drive, Suite 281, Livonia, MI, and occupies 2,305 square feet of space in the Laurel Office Park III. The new regional office will be fully staffed by the Summer of 2015.
Complementing the direct sales force is a series of Detroit-based indirect and enterprise sales channel partners. Leading the new Detroit sales team will be Birch’s regional general manager of direct sales, Michael Perrone said in a presser:
I’m very excited to open our Detroit office. Having lived in the community from 2009 to 2011, I’m very pleased to be serving the market with a new direct sales force. Our TotalCloud PBX offering and network capabilities are a win-win for this marketplace and we’re proud to deliver a full suite of products to our customers.
The opening of the new sales office in Detroit comes on the heels of Birch’s acquisition of Cbeyond to attract new customers and help keep existing ones from potentially churning to another CLEC or cable operator. Birch acquired Cbeyond in early 2014 through an all-cash $323 million deal. Cbeyond had a presence in Farmington Hills, MI until the Birch transaction.
The service provider said that it chose Detroit as its next area of expansion because it lies on the backbone of its IP network, which extends to 41 markets in 22 U.S. states.
rb-
Good to see a new player in the Detroit market. Hopefully, they can last for a while and shake up the Detroit IT services status quo.
Related articles
- Stolen 5,000-pound bridge recovered in Michigan (reviewtimes.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
UMich Helps Secure the Web with Let’s Encrypt
The University of Michigan is teaming up with leading Internet firms to help secure the web. UMich, Cisco (CSCO), Akamai (AKAM), Mozilla, the Electronic Frontier Foundation, and public key certificate authority IdenTrust, have launched a new free certificate authority (CA) called Let’s Encrypt.
The Let’s Encrypt CA, which will be available in the Summer of 2015. It aims to get people to encrypt their connections to their websites according to a recent GigaOM article. Let’s Encrypt goal is to make it easier to get a proper Secure Sockets Layer/Transfer Layer Security (SSL/TLS) certificate. That way the certs can be deployed to secure a Web server and its users.
Let’s Encrypt will help secure the Internet
According to the article Let’s Encrypt, comes as the tech industry scrambles to encrypt the web. This is more important after the mass surveillance revelations of NSA leaker Edward Snowden. The CA will aid other efforts to secure the Internet.
Let’s Encrypt is developing the Automated Certificate Management Environment or ACME protocol. The ACME protocol. will sit between Web servers and the CA. It includes support for new, stronger forms of domain validation.
Let’s Encrypt will serve as its own root CA. The nonprofit CA public benefit corporation, Internet Security Research Group (ISRG) will run the root CA. Josh Aas, the executive director of ISRG, explained securing the web is just not a simple thing to use Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL). He explains that getting, paying for, and installing a certificate is too hard for many network administrators.
The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.
According to the statement, Let’s Encrypt’s certificates will be free. It will have an automated issuance and renewal protocol – an open standard. A step to reduce the need for input from the domain holder’s side. According to an EFF blog post, “switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.”
Records of certificate issuance and revocation will be publicly available. The organizations behind Let’s Encrypt are stressing that the system won’t be under any one organization’s control.
The EFF has been working on helping users take advantage of HTTPS for a while. The EFF worked with the Tor Project, to create the HTTPS Everywhere extension for Firefox, Firefox for Android, Chrome, and Opera browsers.
The Let’s Encrypt project will use Internet-wide datasets of certificates to make higher-security decisions about when a certificate is safe to issue. The data will include the EFF’s Decentralized SSL Observatory, the University of Michigan’s scans.io, and Google‘s (GOOG) Certificate Transparency logs.
In addition to the Let’s Encrypt project, some of the paths to secure the web include:
- The next version of the HTTP protocol will likely be encrypted by default.
- Mozilla and Firefox are collaborating with the EFF to bring Microsoft, Google, Opera, and others to add Let’s Encrypt to their list of valid CAs.
- Google will rank up sites that use SSL/TLS encryption.
- The content delivery and security outfit Cloudflare is offering free SSL encryption for millions of its customers.
- And now Let’s Encrypt aims to equip websites with free certificates – the proof they need to tell users’ browsers that their public encryption keys are genuine and the connection is properly secured.
rb-
Many websites currently use the HTTP protocol, a standard that exposes site owners to a number of threats including cyber espionage, keyword-based censorship, account hijacking, and a host of web application attacks such as SQLi and XSS. Let’s Encrypt helps reduce these risks which I think it is a good step in the right direction.
Larry Seltzer argues on Wired that Let’s Encrypt does not go far enough. We want the project to not only encrypt data but also authenticate users. IMHO that is a pipe dream. Authentication will step on the toes of Symantec, Oracle, and other hugely funded firms that will squash anybody doing the right thing that threatens their profits.
Related Posts
- Power Up 2014: Double Your Impact! (eff.org)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
