DOCSLIB.ORG

Cyber Defense Emagazine – June 2018 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Defense Emagazine – June 2018 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide …130+ Packed Pages This Month… CyberDefenseTV.com continues to grow with more interviews of C level executives in the Cyber HotSeat… BlackHat Trip Report and Great C Level InfoSec Thought Leader interviews… Transforming Cyber Security An End to the Era of Passwords? The Impact of SOAR on Incident Response Steps The Art of Phishing and How To Fight It …and much more… 1 Cyber Defense eMagazine – June 2018 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide CONTENTS BlackHat Conference 2018 Trip Report........................................................................................ 15 Transforming Cyber Security........................................................................................................ 35 Cyber Security Tips for Business Travelers................................................................................... 38 Building blocks to manage the supply chain ............................................................................... 40 Cyber PSYOP: The New Way to Impact Opinons and Politics ..................................................... 42 Let Passwords Go Extinct ............................................................................................................. 45 The Impact of SOAR on Incident Response Steps ........................................................................ 47 2018 is Late but Still the Right Time to Bid Goodbye to Malware Prone SMBv1 ...................... 50 Best Practices for DDoS Mitigation in the Terabit Attack Era .................................................... 53 How to Protect Your Business From Cyber-attacks? ................................................................... 56 Want to protect your online customers? Keep your website safe. ........................................... 59 Local Backups May Not Keep Your Business Safe From Ransomware ....................................... 61 TOP 10 TIPS FOR WORDPRESS WEBSITE SECURITY ..................................................................... 63 Operation Eligible Receiver - The Birthplace of Cyber Security: Vulnerabilities ........................ 66 Connectivity is key for the logistics of tomorrow........................................................................ 70 Are you correctly tackling the cybersecurity challenge? ............................................................ 73 You Can’t Stop All Malware, But You Can Stop the Damage ..................................................... 75 Protect Your Business with These Foundational Cybersecurity Defenses .................................. 77 2 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. CONTENTS (Cont') How to assess and audit your risk? ............................................................................................. 79 Navigating the ‘Cloudy’ Sky ......................................................................................................... 81 How Automation Can Ensure Speedy, Successful PAM Deployment ......................................... 84 Software, hardware and procedural compliance ....................................................................... 88 Security Risks of the Instant Gratification Culture ...................................................................... 90 The Power of Cloud Technology: Fighting Cyberattacks ............................................................ 92 Practices in Network Security Monitoring................................................................................... 94 The Art of Phishing and How To Fight It...................................................................................... 96 Playing an integral part of the nation’s modernisation through security, fire and safety ....... 99 Free Monthly Cyber Defense eMagazine Via Email ...................................................... 127 Marketing and Partnership Opportunities ................................................................................ 128 Job Opportunities .................................................................................................................. 128 Announcing CYBER DEFENSE GLOBAL AWARDS 2018 .............................................................. 129 3 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. @MILIEFSKY From the Publisher… CyberDefense.TV is now live with more interviews each month… Dear Readers, Today, we launch this August 2018 edition of our eMagazine in parallel with ongoing expansion of CyberDefense.TV at www.cyberdefensetv.com and the shorter url cyberdefense.tv We listened to our friends in cyber security, writers, public relations & marketing experts, C level executives and you, our faithful readers. We are now expanding with our Global Print Edition, Global Awards and in Q4 this year, yet another surprise platform we think you will be very pleased with – one that let’s the 3,000 and growing cyber security companies share their stories with you more frequently and more easily. Key team members have just returned from BlackHat Conference 2018 in Las Vegas, Nevada. We saw many old friends and made new friends. We learned about new technologies, innovative ways to stop cyber attackers and of course, more vulnerabilities and exploits than any one person or organization could handle. BlackHat continues to grow at an amazing pace, yet its theme is consistent – sharing all the best information on risk – threats, vulnerabilities and assets – from the cloud to satellites to voting gear and cars, nothing was off limits except maybe for the casino slot machines. In this environment hackers are extremely welcome, and they are not afraid to share every possible exploit or methodology to prove yet another weakness needing a better form of defense. This is an exciting time to be part of a growing infosec community. Thank you so much for your continued support! We’re so thankful and honored to have you! Gary S. Miliefsky, CEO, Cyber Defense Media Group Publisher, Cyber Defense Magazine 4 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. @CYBERDEFENSEMAG @CyberDefenseMag CYBER DEFENSE eMAGAZINE Published monthly by Cyber Defense Magazine and distributed electronically via opt-in Email, HTML, PDF and Online Flipbook formats. PRESIDENT & CO-FOUNDER Stevin Miliefsky [email protected] EDITOR-IN-CHIEF & CO-FOUNDER Pierluigi Paganini, CEH [email protected] ADVERTISING Sarah Brandow, VP of Marketing [email protected] Interested in writing for us: [email protected] Our Vision: To be the Global Leader of Cyber CONTACT US: Defense Knowledge & Information Cyber Defense Magazine Toll Free: 1-833-844-9468 International: +1-603-280-4451 SKYPE: cyber.defense http://www.cyberdefensemagazine.com From the Copyright © 2018, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP Editor… (a Steven G. Samuels LLC d/b/a) PO BOX 8224, NASHUA, NH 03060-8224 It’s friends at Trend Micro and WatchGuard and EIN: 454-18-8465, DUNS# 078358935. All rights reserved worldwide. RSA and HelpSystems and many others you’ll find advertising with us, providing great content PUBLISHER Gary S. Miliefsky, CISSP® to us and partnering for interviews with us at CyberDefense.TV that have helped us continue Learn more about our founder & publisher at: http://www.cyberdefensemagazine.com/about-our-founder/ to grow. We’ve learned about ThreatBook from China and FFRI from Japan and WhiteHatSecurity and so many other innovators. With events like WE’RE CELEBRATING BlackHat and upcoming CloudSec in London in 6 YEARS OF EXCELLENCE! September and IPEXPO Europe in October, we Providing free information, best practices, tips and continue to stay informed and share our ever techniques on cybersecurity since 2012, Cyber Defense expanding infosec knowledge with our readers. magazine is your go-to-source for Information Security. We’re a proud division of Cyber Defense Media Group: For that we are so thankful. CYBERDEFENSEMEDIAGROUP.COM To our faithful readers, MAGAZINE TV AWARDS Pierluigi Paganini SEE US IN OCTOBER AT… 5 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. 6 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. 7 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. 8 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. 9 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. 10 Cyber Defense eMagazine – August 2018 Edition Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide. Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep understanding of your web application vulnerabilities, how to prioritize them, and what to do about them. With this trial you will get: An evaluation of the security of one of your organization’s websites Application security guidance from security engineers in WhiteHat’s Threat Research Center Full access to Sentinel’s web-based interface, offering
Load more

Recommended publications
  • Success Strategies in Emerging Iranian American Women Leaders
    Pepperdine University Pepperdine Digital Commons Theses and Dissertations 2017 Success strategies in emerging Iranian American women leaders Sanam Minoo Follow this and additional works at: https://digitalcommons.pepperdine.edu/etd Recommended Citation Minoo, Sanam, "Success strategies in emerging Iranian American women leaders" (2017). Theses and Dissertations. 856. https://digitalcommons.pepperdine.edu/etd/856 This Dissertation is brought to you for free and open access by Pepperdine Digital Commons. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of Pepperdine Digital Commons. For more information, please contact [email protected], [email protected], [email protected]. Pepperdine University Graduate School of Education and Psychology SUCCESS STRATEGIES IN EMERGING IRANIAN AMERICAN WOMEN LEADERS A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Education in Organizational Leadership by Sanam Minoo July, 2017 Farzin Madjidi, Ed.D. – Dissertation Chairperson This dissertation, written by Sanam Minoo under the guidance of a Faculty Committee and approved by its members, has been submitted to and accepted by the Graduate Faculty in partial fulfillment of the requirements for the degree of DOCTOR OF EDUCATION Doctoral Committee: Farzin Madjidi, Ed.D., Chairperson Lani Simpao Fraizer, Ed.D. Gabriella Miramontes, Ed.D. © Copyright by Sanam Minoo 2017 All Rights Reserved TABLE OF CONTENTS Page LIST OF TABLES ........................................................................................................................
    [Show full text]
  • Understanding Flaws in the Deployment and Implementation of Web Encryption
    Understanding Flaws in the Deployment and Implementation of Web Encryption Suphannee Sivakorn Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2018 © 2018 Suphannee Sivakorn All rights reserved ABSTRACT Understanding Flaws in the Deployment and Implementation of Web Encryption Suphannee Sivakorn In recent years, the web has switched from using the unencrypted HTTP protocol to using encrypted communications. Primarily, this resulted in increasing deployment of TLS to mitigate information leakage over the network. This development has led many web service operators to mistakenly think that migrating from HTTP to HTTPS will magically protect them from information leakage without any additional effort on their end to guar- antee the desired security properties. In reality, despite the fact that there exists enough infrastructure in place and the protocols have been “tested” (by virtue of being in wide, but not ubiquitous, use for many years), deploying HTTPS is a highly challenging task due to the technical complexity of its underlying protocols (i.e., HTTP, TLS) as well as the complexity of the TLS certificate ecosystem and this of popular client applications suchas web browsers. For example, we found that many websites still avoid ubiquitous encryption and force only critical functionality and sensitive data access over encrypted connections while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality tothird parties. Thus, it is crucial for developers to verify the correctness of their deployments and implementations.
    [Show full text]
  • Building Secure and Reliable Systems
    Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems Compliments of Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea & Adam Stubblefi eld Praise for Building Secure and Reliable Systems It is very hard to get practical advice on how to build and operate trustworthy infrastructure at the scale of billions of users. This book is the first to really capture the knowledge of some of the best security and reliability teams in the world, and while very few companies will need to operate at Google’s scale many engineers and operators can benefit from some of the hard-earned lessons on securing wide-flung distributed systems. This book is full of useful insights from cover to cover, and each example and anecdote is heavy with authenticity and the wisdom that comes from experimenting, failing and measuring real outcomes at scale. It is a must for anybody looking to build their systems the correct way from day one. —Alex Stamos, Director of the Stanford Internet Observatory and former CISO of Facebook and Yahoo This book is a rare treat for industry veterans and novices alike: instead of teaching information security as a discipline of its own, the authors offer hard-wrought and richly illustrated advice for building software and operations that actually stood the test of time. In doing so, they make a compelling case for reliability, usability, and security going hand-in-hand as the entirely inseparable underpinnings of good system design. —Michał Zalewski, VP of Security Engineering at Snap, Inc. and author of The Tangled Web and Silence on the Wire This is the “real world” that researchers talk about in their papers.
    [Show full text]
  • Improving Security and Performance in Low Latency Anonymous Networks
    Improving Security and Performance in Low Latency Anonymous Networks by Kevin Scott Bauer B.S., University of Denver, 2005 A thesis submitted to the Faculty of the Graduate School of the University of Colorado in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science 2011 This thesis entitled: Improving Security and Performance in Low Latency Anonymous Networks written by Kevin Scott Bauer has been approved for the Department of Computer Science Prof. Dirk Grunwald Prof. Douglas Sicker Prof. Shivakant Mishra Prof. Nikita Borisov Prof. Stefan Savage Date The final copy of this thesis has been examined by the signatories, and we find that both the content and the form meet acceptable presentation standards of scholarly work in the above mentioned discipline. Bauer, Kevin Scott (Ph.D., Computer Science) Improving Security and Performance in Low Latency Anonymous Networks Thesis directed by Co-Chairs Prof. Dirk Grunwald and Prof. Douglas Sicker Conventional wisdom dictates that the level of anonymity offered by low latency anonymity networks increases as the user base grows. However, the most significant obstacle to increased adoption of such systems is that their security and performance properties are perceived to be weak. In an effort to help foster adoption, this dissertation aims to better understand and improve security, anonymity, and performance in low latency anonymous communication systems. To better understand the security and performance properties of a popular low latency anonymity network, we characterize Tor, focusing on its application protocol distribution, geopo- litical client and router distributions, and performance. For instance, we observe that peer-to-peer file sharing protocols use an unfair portion of the network’s scarce bandwidth.
    [Show full text]
  • An Experience Sampling Study of User Reactions to Browser Warnings in the Field
    An Experience Sampling Study of User Reactions to Browser Warnings in the Field Robert W. Reeder1, Adrienne Porter Felt1, Sunny Consolvo1, Nathan Malkin2, Christopher Thompson2, and Serge Egelman2;3 1Google, Mountain View, CA 2University of California, Berkeley, CA 3International Computer Science Institute, Berkeley, CA {rreeder,felt,sconsolvo}@google.com, {nmalkin,cthompson,egelman}@cs.berkeley.edu ABSTRACT Due to their importance, browser warnings have received a Web browser warnings should help protect people from mal- great deal of attention. Initially, browser warnings gained ware, phishing, and network attacks. Adhering to warnings a reputation for low adherence rates [17, 19, 37, 40, 41]. keeps people safer online. Recent improvements in warning Vendors responded to this research with improvements. In design have raised adherence rates, but they could still be 2013, the Chrome and Firefox teams released data showing higher. And prior work suggests many people still do not that contemporary warnings had relatively high adherence understand them. Thus, two challenges remain: increasing rates—except for the Chrome HTTPS error warning, which both comprehension and adherence rates. To dig deeper into still suffered from low adherence (only 30% of users adhered user decision making and comprehension of warnings, we to the warnings) [2]. After further work, Chrome’s HTTPS performed an experience sampling study of web browser secu- error warning caught up, and now up to 70% of users adhere rity warnings, which involved surveying over 6,000 Chrome to the warnings [21, 22, 44]. Despite these improvements, and Firefox users in situ to gather reasons for adhering or not HTTPS warning adherence rates can still be improved.
    [Show full text]
  • (2010-2013). He Is a Creator of the Spread Toolkit ( the First Scalable Group Communication System with Strong Semantics
    Forum on Cyber Resilience Member Biographies as of 2019-04 Fred B. Schneider (NAE), is Samuel B. Eckert Professor of Computer Science at Cornell University. He joined Cornell's faculty in Fall 1978, having completed a Ph.D. at Stony Brook University and a B.S. in engineering at Cornell in 1975. Schneider's research has always concerned various aspects of trustworthy systems —systems that will perform as expected, despite failures and attacks. Most recently, his interests have focused on system security. His work characterizing what policies can be enforced with various classes of defenses is widely cited, and it is seen as advancing the nascent science base for security. He is also engaged in research concerning legal and economic measures for improving system trustworthiness. Schneider was elected a fellow of the American Association for the Advancement of Science (1992), the Association of Computing Machinery (1995), and the Institute of Electrical and Electronics Engineers (2008). He was named Professor-at-Large at the University of Tromso (Norway) in 1996 and was awarded a Doctor of Science honoris causa by the University of Newcastle-upon-Tyne in 2003 for his work in computer dependability and security. He received the 2012 IEEE Emanuel R. Piore Award for "contributions to trustworthy computing through novel approaches to security, fault-tolerance and formal methods for concurrent and distributed systems". The U.S. National Academy of Engineering elected Schneider to membership in 2011, the Norges Tekniske Vitenskapsakademi (Norwegian Academy of Technological Sciences) named him a foreign member in 2010, and the American Academy of Arts and Sciences elected him in 2017.
    [Show full text]
  • Women Know Cyber
    WOMEN KNOW CYBER 100 Fascinating Females Fighting Cybercrime STEVE MORGAN & DI FREEZE WOMEN KNOW CYBER: 100 Fascinating Females Fighting Cybercrime Copyright © 2019 by Cybersecurity Ventures ISBN 978-1-7330157-0-7 All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at the address below. Cybersecurity Ventures 83 Main Street, 2nd Floor, Suite 5 Northport, N.Y. 11768 This book is dedicated to my six children. Without you, my first book would have been completed thirty years ago. I thank God for showing me what’s most important in life. – Steve Morgan Cybersecurity Conference Sponsor FutureCon produces cutting-edge events aimed at CISOs, IT security professionals, and cybersecurity companies – bringing together the best minds in the industry for a unique experi- ence. These one-day events in more than 20 cities throughout North America feature thought- provoking presentations by industry leaders, esteemed keynote speakers, and a panel session with cybersecurity experts. Each FutureCon event provides attendees with the very latest and highest level vendor-neutral training in the security community. FutureCon's founder, Kim Hakim, is a U.S. Navy veteran with more than two decades of experience producing thousands of cybersecurity conferences. "Women Know Cyber" book signings and special programs will be held at FutureCon events.
    [Show full text]
  • Enhancing Cybersecurity: the Role of Innovation Ecosystems
    SEMINAR SUMMARY APRIL 2019 ENHANCING CYBERSECURITY: THE ROLE OF INNOVATION ECOSYSTEMS EXECUTIVE SUMMARY This document summarizes the conversations from the seminar “Enhancing Cybersecurity – The Role of Innovation Ecosystems” that took place on February 13th 2019 at the Massachusetts Institute of Technology in Cambridge, Massachusetts. The goal of the Seminar was to advance participants’ knowledge of innovation ecosystems for innovation in cybersecurity. Its approach was to emphasize the growing agglomeration of innovation-driven enterprises creating innovative solutions, and the tightly-coupled inter- dependencies in these hubs of entrepreneurs, governments, risk-capital, universities and large corporations. The Seminar was organized by the MIT Innovation Initiative (MITii), the Federmann Cyber Security Center at the Hebrew University of Jerusalem (HCSRC), Israel’s National Cyber Directorate (INCD), the UK Department for Digital, Culture, Media & Sport (DCMS), and the UK Science & Innovation Network. Forty participants representing all of the ecosystem stakeholders (governments, universities, corporations, entrepreneurs, and risk capital) were invited to participate (see Appendix B). The Main Insights: • Cybersecurity is an area of technological, corporate and regulatory innovation that emphasizes the growing agglomeration of innovation-driven enterprises and inter- dependencies between entrepreneurs, governments, risk-capital, universities and large corporations. Innovation ecosystems thus provide an important lens to understand the specific case of innovation in cybersecurity, and to enhance our understanding of innovation ecosystems in general. • This insight is key for practitioners and promoters of innovation in cybersecurity, as the lessons from wider ‘innovation ecosystems’ become more and more relevant to their efforts. As such, the multi-stakeholder ecosystem approach (broadly defined) can help enhance and accelerate innovation in cybersecurity, as it has elsewhere.
    [Show full text]
  • Winter 2017 Vol
    ;login WINTER 2017 VOL. 42, NO. 4 : & Neural Nets Improve Password Choices William Melicher, Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor & DNSSEC: Useless as Used Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, and Christo Wilson & Fixing the Bitcoin Blockchain Shehar Bano, Mustafa Al-Bassam, and George Danezis & Psychological Safety in SRE Teams John P. Looney & Interview with Peter G. Neumann Columns Exiting Gracefully in Python David Beazley Perl without Perl David N. Blank-Edelman tcpdump as a Monitoring Tool Dave Josephsen Using Vault in Go Chris “Mac” McEniry Collecting Big Data Dan Geer UPCOMING EVENTS Enigma 2018 USENIX Security ’18: 27th USENIX Security January 16–18, 2018, Santa Clara, CA, USA Symposium www.usenix.org/enigma2018 August 15–17, 2018, Baltimore, MD, USA Submissions due February 8, 2018 FAST ’18: 16th USENIX Conference on File and Storage www.usenix.org/sec18 Technologies Co-located with USENIX Security ’18 February 12–15, 2018, Oakland, CA, USA SOUPS 2018: Fourteenth Symposium on Usable Privacy www.usenix.org/fast18 and Security August 12–14, 2018 SREcon18 Americas Abstract submissions due February 12, 2018 March 27–29, 2018, Santa Clara, CA, USA www.usenix.org/soups2018 www.usenix.org/srecon18americas WOOT ’18: 12th USENIX Workshop on Offensive NSDI ’18: 15th USENIX Symposium on Networked Technologies Systems Design and Implementation August 13–14, 2018 www.usenix.org/woot18 April 9–11, 2018, Renton,
    [Show full text]
  • The Computer Fraud and Abuse Act: Protecting the United States from Cyber-Attacks, Fake Dating Profiles, and Employees Who Check Facebook at Work, 5 U
    University of Miami Law School Institutional Repository University of Miami National Security & Armed Conflict Law Review 7-1-2015 The omputC er Fraud and Abuse Act: Protecting the United States from Cyber-Attacks, Fake Dating Profiles, and Employees Who Check Facebook at Work Kristin Westerhorstmann Follow this and additional works at: http://repository.law.miami.edu/umnsac Part of the Military, War and Peace Commons, and the National Security Commons Recommended Citation Kristin Westerhorstmann, The Computer Fraud and Abuse Act: Protecting the United States from Cyber-Attacks, Fake Dating Profiles, and Employees Who Check Facebook at Work, 5 U. Miami Nat’l Security & Armed Conflict L. Rev. 145 (2015) Available at: http://repository.law.miami.edu/umnsac/vol5/iss2/9 This Note is brought to you for free and open access by Institutional Repository. It has been accepted for inclusion in University of Miami National Security & Armed Conflict Law Review by an authorized administrator of Institutional Repository. For more information, please contact [email protected]. The Computer Fraud and Abuse Act: Protecting the United States from Cyber- Attacks, Fake Dating Profiles, and Employees Who Check Facebook at Work Kristin Westerhorstmann* ABSTRACT Each year, the frequency andseverityof cyber-attacks continue to increase. With each new threat comes more pressure on the government to implement an effectiveplanforpreventing these attacks. The first instinct has been to attempt either to enact more laws,orto broaden thescope of already-existing laws such as the Computer Fraud and Abuse Act (CFAA). The CFAA, the federal hacking statute, has been called the worst law in technology for itsexcessively broad scope and vague provisions, whichhaveresulted in arbitrary and discriminatory enforcement, conflicts with the federal private nondelegation doctrine, and in overcriminalization.
    [Show full text]
  • Measuring HTTPS Adoption on The
    Measuring HTTPS Adoption on the Web Adrienne Porter Felt, Google; Richard Barnes, Cisco; April King, Mozilla; Chris Palmer, Chris Bentzel, and Parisa Tabriz, Google https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/felt This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX Measuring HTTPS Adoption on the Web Adrienne Porter Felt1, Richard Barnes2, April King3, Chris Palmer1, Chris Bentzel1, Parisa Tabriz1 1Google, 2Cisco, 3Mozilla 1felt, palmer, cbentzel, [email protected], [email protected], [email protected] Abstract [1, 24, 32, 3]). They plan to make further changes as HTTPS becomes the default standard [30, 3]. How HTTPS ensures that the Web has a base level of pri- close is the Web to considering HTTPS a default? vacy and integrity. Security engineers, researchers, and browser vendors have long worked to spread HTTPS to as much of the Web as possible via outreach efforts, de- In this paper, we measure HTTPS adoption rates from veloper tools, and browser changes. How much progress the perspectives of both clients and servers. A key chal- have we made toward this goal of widespread HTTPS lenge is that there are many ways to measure client us- adoption? We gather metrics to benchmark the status age and server support of HTTPS, each yielding differ- and progress of HTTPS adoption on the Web in 2017. ent findings on the prevalence of HTTPS. For example, To evaluate HTTPS adoption from a user perspective, HTTPS is a much higher fraction of browser page loads we collect large-scale, aggregate user metrics from two if the metrics count certain types of in-page navigations.
    [Show full text]
  • Towards More Effective Censorship Resistance Systems
    Towards more Effective Censorship Resistance Systems by Mohammad Tariq Elahi A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Computer Science Waterloo, Ontario, Canada, 2015 © Mohammad Tariq Elahi 2015 Some rights reserved. BY NC SA This thesis consists of material all of which I authored or co-authored: see Statement of Contributions included in the thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Statement of Contributions The content in Chapter 2 was co-authored with Colleen Swanson, who provided the dis- cussion of the global adversary and the failed limited sphere of influence assumption. John Doucette provided the framework and preliminary analysis of the simple censor cases, Steven Murdoch provided the real world problem motivation and the simulator and its de- scription, and Hadi Hosseini provided a portion of the related work discussion in Chapter 3. George Danezis provided a sketch and core code for the two PrivEx variants in Chapter 4. Kevin Bauer provided the Tor simulation patch and scripts while Mashael AlSabah pro- vided the related work discussion in Chapter 5. The rest of this thesis contains original content and was authored under the supervision of Ian Goldberg. iii Abstract Internet censorship resistance systems (CRSs) have so far been designed in an ad-hoc manner. The fundamentals are unclear and the foundations are shaky. Censors are, more and more, able to take advantage of this situation.
    [Show full text]