DOCSLIB.ORG

Report of the Commission on the Geopolitical Impacts of New Technologies and Data Atlantic Council GEOTECH CENTER

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Report of the Commission on the Geopolitical Impacts of New Technologies and Data Atlantic Council GEOTECH CENTER Atlantic Council GEOTECH CENTER Report of the Commission on the Geopolitical Impacts of New Technologies and Data Atlantic Council GEOTECH CENTER The Atlantic Council GeoTech Center works to shape the global future of data and technology together. ISBN-13: 978-1-61977-178-9 This report is written and published in accordance with the Atlantic Council Policy on Intellectual Independence. The authors are solely responsible for its analysis and recommendations. The Atlantic Council and its donors do not determine, nor do they necessarily endorse or advocate for, any of this report’s conclusions. May 2021 Cover: Double Keck Lasers by Jason Chu Photography, https://jason-chu.pixels.com Website: This report includes an interactive website, https://atlanticcouncil.org/geotechreport Commission on the Geopolitical Impacts of New Technologies and Data In preparing this report for the United States and its allies, to include members of Congress, the new presidential administration, private industry, academia, and like-minded nations, the Commission on the Geopolitical Impacts of New Technologies and Data sought to provide a compass bearing between where the world stood in 2020-2021 and a freer, more secure, and more prosperous world in 2031. Data capabilities and new technologies impact geopolitics, global competition, and global opportunities for collaboration. The coming decade must address the sophisticated but potentially fragile systems Co-Chairs that now connect people and nations, and incorporate resiliency as Mr. John Goodman Ms. Teresa Carlson a necessary foundational pillar of modern life. To maintain national and economic security and competitiveness in the global economy, Honorary Co-Chairs Sen. Mark Warner the United States and its allies must continue to be preeminent in key Sen. Rob Portman Rep. Suzan DelBene technology areas, and take measures to ensure the trustworthiness Rep. Michael McCaul and sustainability of the digital economy, the analog economy, and Commissioners their infrastructures to include: Mr. Max R. Peterson II Mr. Paul Daugherty Global science and technology leadership Mr. Maurice Sonnenberg • Hon. Michael Chertoff Secure data and communications Hon. Michael J. Rogers • Mr. Pascal Marmier Ramayya Krishnan, PhD • Enhanced trust and confidence in the digital economy Hon. Shirley Ann Jackson, PhD Hon. Susan M. Gordon • Assured supply chains and system resiliency Vint Cerf, PhD Zia Khan, PhD Continuous global health protection and global wellness Anthony Scriffignano, PhD • Ms. Frances F. Townsend • Assured space operations for public benefit Admiral James Stavridis, USN, Ret. Director & Executive Team • Future of work David A. Bray, PhD Peter Brooks, PhD Ms. Stephanie Wander The report’s practical, implementable recommendations will enable the United States and like-minded nations to employ data capabilities and new technologies to achieve the goals set by this Commission. Mr. John Goodman, Co-Chair Ms. Teresa Carlson, Co-Chair David A. Bray, Director Report of the Commission on the Geopolitical Impacts of New Technologies and Data Executive Summary he advancing speed, scale, and sophistication of new technologies and data capabilities that aid or disrupt our interconnected world are unprecedented. While generations have relied consistently on technologies and tools to improve societies, we now are in an era where new technologies and data Treshape societies and geopolitics in novel and even unanticipated ways. As a result, gov- ernments, industries, and other stakeholders must work together to remain economically competitive, sustain social welfare and public safety, protect human rights and demo- cratic processes, and preserve global peace and stability. Emerging technologies also promise new abilities to make our increasingly fragile global society more resilient. To sustain this progress, nations must invest in research, expand their digital infrastructures, and increase digital literacy so that their people can compete and flourish in this new era. Yet, at the same time, no nation or international organization is able to keep pace with the appropriate governance structures needed to grapple with the complex and destabilizing dynamics of these emerging technologies. Governments, espe- cially democratic governments, must work to build and sustain the trust in the algorithms, infrastructures, and systems that could underpin society. The world must now start to understand how technology and data interact with society and how to implement solutions that address these challenges and grasp these opportunities. Maintaining both economic and national security and resiliency requires new ways to develop and deploy critical and emerging technologies, cultivate the needed human capital, build trust in the digital fabric with which our world will be woven, and establish norms for international cooperation. The Commission on the Geopolitical Impacts of New Technologies and Data (GeoTech Commission) was established by the Atlantic Council in response to these challenges and seeks to develop recommendations to achieve these strategic goals. Specifically, the GeoTech Commission examined how the United States, along with other nations and global stakeholders, can maintain science and technology (S&T) leadership, ensure the trustworthiness and resiliency of physical and software/informational technology (IT) supply chains and infrastructures, and improve global health protection and wellness. The GeoTech Commission identified key recommendations and practical steps forward for the US Congress, the presidential administration, executive branch agencies, private industry, academia, and like-minded nations. ES-1 Report of the Commission on the Geopolitical Impacts of New Technologies and Data The GeoTech Decade Data capabilities and new technologies increasingly exacerbate social inequality and impact geopolitics, global competition, and global opportunities for collaboration. The coming decade—the “GeoTech Decade”—must address the sophisticated but poten- tially fragile systems that now connect people and nations, and incorporate resiliency as a necessary foundational pillar of modern life. Additionally, the rapidity of machines to make sense of large datasets and the speed of worldwide communications networks means that any event can escalate and cascade quickly across regions and borders— with the potential to further entrench economic inequities, widen disparities in access to adequate healthcare, as well as to hasten increased exploitation of the natural envi- ronment. The coming years also will present new avenues for criminals and terrorists to do harm; authoritarian nations to monitor, control, and oppress their people; and dip- lomatic disputes to escalate to armed conflict not just on land, sea, and in the air, but also in space and cyberspace. 2001-2011 2011-2021 2021-2031 Decade of Counterterrorism Decade of Decreasing Trust GeoTech Decade where activities globally in government and big technology and new data technology companies capabilities will significantly affect geopolitics, competition, and collaboration Domestically and internationally, the United States must promote strategic initiatives that employ data and new technologies to amplify the ingenuity of people, diversity of talent, strength of democratic values, innovation of companies, and the reach of global partnerships. Geopolitical Impacts of New Technologies and Data Collections Critical technologies that will shape the GeoTech Decade—and in which the United States and its allies must maintain global S&T leadership—can be grouped into six areas. All technologies in these categories will have broad—and interdependent—effects on people and the way they live and work, on global safety and security, and on the health of people and our planet. • Technologies that enable a digital economy: communications and network- ing, data science, and cloud computing: collectively provide the foundation for secure transmission of data for both the public and private sector and establish robust economies of ideas, resources, and talent. • Technologies for intelligent systems: artificial intelligence, distributed sen- sors, edge computing, and the Internet of Things: add new capabilities for ES-2 Report of the Commission on the Geopolitical Impacts of New Technologies and Data understanding changes in the world in both physical and digital environments. The resulting data may supplement human intelligence, social engagements, and other sources of insight and analysis. In select, defined areas, intelligent systems may enhance human governance of complex systems or decisions. • Technologies for global health and wellness: biotechnologies, precision med- icine, and genomic technologies: help create new fields of research, develop- ment, and practical solutions that promote healthy individuals and communities. Nations and health care organizations can use advances in genomics, or more broadly omics,1 to provide sentinel surveillance2 capabilities with respect to nat- ural or weaponized pathogens. Sentinel surveillance can provide early detection, data about how a new element is appearing and growing, and information to guide our response. • Technologies that enlarge where people, enterprises, and governments oper- ate: space technologies, undersea technologies: commercial companies and nations around the world are deploying mega-constellations of satellites, or fleets of autonomous ocean platforms, with advanced, persistent surveillance and communications capabilities.
Load more

Recommended publications
  • Secure Shell- Its Significance in Networking (Ssh)
    International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: [email protected] Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 SECURE SHELL- ITS SIGNIFICANCE IN NETWORKING (SSH) ANOOSHA GARIMELLA , D.RAKESH KUMAR 1. B. TECH, COMPUTER SCIENCE AND ENGINEERING Student, 3rd year-2nd Semester GITAM UNIVERSITY Visakhapatnam, Andhra Pradesh India 2.Assistant Professor Computer Science and Engineering GITAM UNIVERSITY Visakhapatnam, Andhra Pradesh India ABSTRACT This paper is focused on the evolution of SSH, the need for SSH, working of SSH, its major components and features of SSH. As the number of users over the Internet is increasing, there is a greater threat of your data being vulnerable. Secure Shell (SSH) Protocol provides a secure method for remote login and other secure network services over an insecure network. The SSH protocol has been designed to support many features along with proper security. This architecture with the help of its inbuilt layers which are independent of each other provides user authentication, integrity, and confidentiality, connection- oriented end to end delivery, multiplexes encrypted tunnel into several logical channels, provides datagram delivery across multiple networks and may optionally provide compression. Here, we have also described in detail what every layer of the architecture does along with the connection establishment. Some of the threats which Ssh can encounter, applications, advantages and disadvantages have also been mentioned in this document. Keywords: SSH, Cryptography, Port Forwarding, Secure SSH Tunnel, Key Exchange, IP spoofing, Connection- Hijacking. 1. INTRODUCTION SSH Secure Shell was first created in 1995 by Tatu Ylonen with the release of version 1.0 of SSH Secure Shell and the Internet Draft “The SSH Secure Shell Remote Login Protocol”.
    [Show full text]
  • Tech Companies Call for 'Aggressive' NSA Reforms at White House Meeting
    http://www.theguardian.com/world/2013/dec/17/tech­co mpanies­call­aggressive­nsa­reforms­white­house Tech companies call for 'aggressive' NSA reforms at White House meeting • Executives say programs have undermined user trust • White House had tried to gear meeting towards healthcare site [1] • Pressure mounts on day after judge's ruling against NSA Dominic Rushe in New York, Paul Lewis and Spencer Ackerman in Washington The Guardian, Tuesday 17 December 2013 17.24 EST President Obama vice­president Joe Biden meet with executives from leading tech companies at the White House. Photograph: Michael Reynolds/EPA The top leaders from world’s biggest technology companies called on the US to "move aggressively" to reform the National Security Agency’s controversial surveillance operations after discussions with President Obama on Tuesday, resisting attempts by the White House to portray the encounter as covering a range of broader priorities. Executives from 15 companies, including Google, Apple, Yahoo and Twitter, used a face­to­face meeting with Obama and vice­president Joe Biden to express their concern that the NSA’s wide­ranging surveillance activities had undermined the trust of their users. The meeting came a day after a federal judge ruled that the NSA’s bulk collection of Americans’ phone records was “almost Orwellian” in scope and probably a violation of the US constitution [2]. Some of the tech companies represented at the White House have already expressed deep concern at the wide­ranging nature of NSA surveillance, and the way it apparently draws information from their systems without their knowledge.
    [Show full text]
  • You Really Shouldn't Roll Your Own Crypto: an Empirical Study of Vulnerabilities in Cryptographic Libraries
    You Really Shouldn’t Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries Jenny Blessing Michael A. Specter Daniel J. Weitzner MIT MIT MIT Abstract A common aphorism in applied cryptography is that cryp- The security of the Internet rests on a small number of open- tographic code is inherently difficult to secure due to its com- source cryptographic libraries: a vulnerability in any one of plexity; that one should not “roll your own crypto.” In par- them threatens to compromise a significant percentage of web ticular, the maxim that complexity is the enemy of security traffic. Despite this potential for security impact, the character- is a common refrain within the security community. Since istics and causes of vulnerabilities in cryptographic software the phrase was first popularized in 1999 [52], it has been in- are not well understood. In this work, we conduct the first voked in general discussions about software security [32] and comprehensive analysis of cryptographic libraries and the vul- cited repeatedly as part of the encryption debate [26]. Conven- nerabilities affecting them. We collect data from the National tional wisdom holds that the greater the number of features Vulnerability Database, individual project repositories and in a system, the greater the risk that these features and their mailing lists, and other relevant sources for eight widely used interactions with other components contain vulnerabilities. cryptographic libraries. Unfortunately, the security community lacks empirical ev- Among our most interesting findings is that only 27.2% of idence supporting the “complexity is the enemy of security” vulnerabilities in cryptographic libraries are cryptographic argument with respect to cryptographic software.
    [Show full text]
  • SSL Checklist for Pentesters
    SSL Checklist for Pentesters Jerome Smith BSides MCR, 27th June 2014 # whoami whoami jerome • Pentester • Author/trainer – Hands-on technical – Web application, infrastructure, wireless security • Security projects – Log correlation – Dirty data – Incident response exercises • Sysadmin • MSc Computing Science (Dist) • www.exploresecurity.com | @exploresecurity Introduction • Broad review of SSL/TLS checks – Viewpoint of pentester – Pitfalls – Manually replicating what tools do (unless you told the client that SSL Labs would be testing them ) – Issues to consider reporting (but views are my own) • While SSL issues are generally low in priority, it’s nice to get them right! • I’m not a cryptographer: this is all best efforts SSLv2 • Flawed, e.g. no handshake protection → MITM downgrade • Modern browsers do not support SSLv2 anyway – Except for IE but it’s disabled by default from IE7 – That mitigates the risk these days – http://en.wikipedia.org/wiki/Transport_Layer_Security#W eb_browsers • OpenSSL 1.0.0+ doesn’t support it – Which means SSLscan won’t find it – General point: tools that dynamically link to an underlying SSL library in the OS can be limited by what that library supports SSLv2 • Same scan on different OpenSSL versions: SSLv2 • testssl.sh warns you – It can work with any installed OpenSSL version • OpenSSL <1.0.0 s_client -ssl2 switch – More on this later • Recompile OpenSSL – http://blog.opensecurityresearch.com/2013/05/fixing-sslv2-support- in-kali-linux.html • SSLyze 0.7+ is statically linked – Watch out for bug https://github.com/iSECPartners/sslyze/issues/73
    [Show full text]
  • Security Economics in the HTTPS Value Chain
    Security Economics in the HTTPS Value Chain Hadi Asghari*, Michel J.G. van Eeten*, Axel M. Arnbak+ & Nico A.N.M. van Eijk+1 * [email protected], [email protected] Delft University of Technology, Faculty of Technology Policy and Management + [email protected], [email protected] University van Amsterdam, Faculty of Law, Institute for Information Law Abstract. Even though we increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. We present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. We conceptualize the security issues from the perspective of the HTTPS value chain. We then discuss the breaches at several Certificate Authorities (CAs). Next, we explore the security incentives of CAs via the empirical analysis of the market for SSL certificates, based on the SSL Observatory dataset. This uncovers a surprising pattern: there is no race to the bottom. Rather, we find a highly concentrated market with very large price differences among suppliers and limited price competition. We explain this pattern and explore what it tells us about the security incentives of CAs, including how market leaders seem to benefit from the status quo. In light of these findings, we look at regulatory and technical proposals to address the systemic vulnerabilities in the HTTPS value chain, in particular the EU eSignatures proposal that seeks to strictly regulate HTTPS communications. Keywords: HTTPS, Cybersecurity, Internet Governance, Constitutional Values, E-Commerce, Value Chain Analysis, Security Economics, eSignatures Regulation, SSL, TLS, Digital Certificates, Certificate Authorities.
    [Show full text]
  • An Analysis of the Transport Layer Security Protocol
    An Analysis of the Transport Layer Security Protocol Thyla van der Merwe Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group School of Mathematics and Information Security Royal Holloway, University of London 2018 Declaration These doctoral studies were conducted under the supervision of Professor Kenneth G. Paterson. The work presented in this thesis is the result of original research I conducted, in collabo- ration with others, whilst enrolled in the School of Mathematics and Information Security as a candidate for the degree of Doctor of Philosophy. This work has not been submitted for any other degree or award in any other university or educational establishment. Thyla van der Merwe March, 2018 2 Dedication To my niece, Emma. May you always believe in your abilities, no matter what anybody tells you, and may you draw on the strength of our family for support, as I have done (especially your Gogo, she’s one tough lady). “If you’re going through hell, keep going.” Winston Churchill 3 Abstract The Transport Layer Security (TLS) protocol is the de facto means for securing commu- nications on the World Wide Web. Originally developed by Netscape Communications, the protocol came under the auspices of the Internet Engineering Task Force (IETF) in the mid 1990s and today serves millions, if not billions, of users on a daily basis. The ubiquitous nature of the protocol has, especially in recent years, made the protocol an attractive target for security researchers. Since the release of TLS 1.2 in 2008, the protocol has suffered many high-profile, and increasingly practical, attacks.
    [Show full text]
  • The Heartbleed Bug: an Open Secure Sockets Layer Vulnerability
    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Impact Factor (2012): 3.358 The Heartbleed Bug: An Open Secure Sockets Layer Vulnerability Thabiso Peter Mpofu1, Noe Elisa2, Nicholaus Gati3 1M. Tech. Student, Department of Computer Science, School of IT, Jawaharlal Nehru Technological University Hyderabad, India 2, 3M. Tech. Student, Department of Computer Networks and Information Security, School of IT, Jawaharlal Nehru Technological University Hyderabad, India 3M. Tech Student, Department of Computer Networks and Information Security, School of IT, Jawaharlal Nehru Technological University Hyderabad, India, Abstract: The Open Secure Sockets Layer (OpenSSL) is used to provide a secure platform for transactions that happen over the internet. About two thirds of the servers on the internet use the OpenSSL platform to provide secure transaction over the internet. The OpenSSL is a widely used open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Transactions such as online shopping, emails and online banking are carried out on the internet through the OpenSSL and other platforms which provide a security. Vulnerabilities have however been found in the OpenSSL that has resulted in a wide public outcry all over the world. A vulnerability referred to as the Heartbleed Bug has sent shockwaves all over the internet. From the study we conducted, the scope of the data that has been potentially compromised is astronomical and includes usernames, passwords, bank account and credit card numbers, medical data, documents in online cloud storage. Not only has all of this user data been directly compromised, but, what are worse, the private keys of the servers running the vulnerable versions of OpenSSL were also almost certainly compromised.
    [Show full text]
  • IT Security Guidelines for Transport Layer Security (TLS)
    IT Security Guidelines for Transport Layer Security (TLS) National Cyber Security Centre The National Cyber Security Centre (NCSC), in collaboration with The following organizations and individuals have provided the business community, government bodies and academics, is valuable contributions: working to increase the ability of Dutch society to defend itself in - Autoriteit Persoonsgegevens the digital domain. - Belastingdienst - Centric The NCSC supports the central government and organisations in - Dienst Publiek en Communicatie the critical infrastructure sectors by providing them with expertise - Forum Standaardisatie and advice, incident response and with actions to strengthen crisis - IBD management. In addition, the NCSC provides information and - KPN advice to citizens, the government and the business community - NLnet Labs relating to awareness and prevention. The NCSC thus constitutes - Northwave the central reporting and information point for IT threats and - Platform Internetstandaarden security incidents. - RDW - SURFnet These IT Security Guidelines for Transport Layer Security were frst - de Volksbank published by the NCSC in 2014. This update (v2.1) was published in - Z-CERT 2021. See the appendix Changes to these guidelines for more details. - Daniel Kahn Gillmor, ACLU This publication was produced in collaboration with the following - Tanja Lange, Eindhoven University of Technology partners: - Kenny Paterson, ETH Zurich - the national communication security agency (NBV), part of the - Rich Salz, Akamai Technologies general
    [Show full text]
  • A Blockchain Based PKI Validation System Based on Rare Events Management
    future internet Article A Blockchain based PKI Validation System based on Rare Events Management Maurizio Talamo 1, Franco Arcieri 1, Andrea Dimitri 1,* and Christian H. Schunck 1,2 1 INUIT Foundation—University of Rome Tor Vergata, 00133 Rome, Italy; [email protected] (M.T.); [email protected] (F.A.); [email protected] (C.H.S.) 2 Fraunhofer Institute for Industrial Engineering IAO, Nobelstraße 12, 70569 Stuttgart, Germany * Correspondence: [email protected] Received: 19 December 2019; Accepted: 11 February 2020; Published: 14 February 2020 Abstract: Public key infrastructures (PKIs) are the cornerstone for the security of the communication layer of online services relying on certificate-based authentication, such as e-commerce, e-government, online banking, cloud services, and many others. A PKI is an infrastructure based on a hierarchical model, but the use of PKIs in non-hierarchical contexts has exposed them to many types of attacks. Here, we discuss weaknesses exploited in past attacks and we propose a solution based on an original consensus algorithm developed for use on blockchain technology. In this implementation we retain the full functionality around X.509 certificates, i.e., for the triad (server name, server address, X.509 server certificate), and demonstrate a mechanism for obtaining fast consensus. The main properties of the solution are that a consensus may be reached even when not all members of the involved PKI participate in a transaction, and that no advanced trust agreement among PKIs is needed. The proposed solution is able to detect PKI attacks and can distinguish errors from attacks, allowing precise management of anomalies.
    [Show full text]
  • SSL Vulnerabilities and Best Practices to Secure Your SSL/TLS Implementation
    SSL Vulnerabilities and best practices to secure your SSL/TLS Implementation Felipe Tribaldos, CISSP felipe@cloudflare.com DISCLAIMER: When we say SSL we mean TLS except when referring to SSL 2.0/3.0 Who are we ? CloudFlare SSL Many Recent SSL Vulnerabilities • BEAST – Sept. 2011 (CVE-2011-3389) • Heartbleed – April 2014 (CVE-2014-0160) • POODLE Vulnerability (SSL3.0) Oct. 2014 - (CVE-2014-0160)’ • BERserk (Mozilla) • TLS POODLE – Feb. 2015 - (CVE-2014-8730) • FREAK SSL/TLS Vulnerability – March 2015 (CVE-2015-0204) • LOGJAM – May 21 • … OpenSSL vulnerabilities by year Source: http://www.cvedetails.com/product/383/Openssl-Openssl.html?vendor_id=217 BEAST – Sept. 2011 (CVE-2011-3389) • Severity: HIGH • RCE: No • MITM Attack: YES • Mitigation: Update TLS 1.0 & TLS 1.1, Prioritize RC4 Ciphers • RC4 since been deprecated. Browser support to Mitigate fully. • Others: CRIME, BREACH HEARTBLEED – Sept. 2014 (CVE-2014-0160) • What: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server (a.k.a. Heartbleed) • Severity: HIGH • RCE: No • MITM Attack: YES • Mitigation: Patch OpenSSL Versions POODLE – Sept. 2014 (CVE-2014-0160) • What: A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server (a.k.a. Heartbleed) • Severity: HIGH • RCE: No • MITM Attack: YES • Mitigation: Deprecate SSL 3.0, Patch OpenSSL Versions • TLS POODLE: Feb. 2015 FREAK SSL/TLS Vulnerability – (CVE-2015-0204) • What: FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.
    [Show full text]
  • Securing the SSL/TLS Channel Against Man-In-The-Middle Attacks: Future Technologies - HTTP Strict Transport Security and Pinning of Certs
    OWASP The OWASP Foundation AppSec APAC 2012 http://www.owasp.org Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs Tobias Gondrom Board member of OWASP London Chair of IETF Web Security WG [email protected] Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. Tobias Gondrom • 12 years information security experience as Global Head of Security Team of global ISV, CISO • 10 years application development experience • Information Security & Risk Management, Research and Advisory, Director • Author of Standards on Digital Signatures and Secure Archiving • Chair of IETF Web Security Working Group http://datatracker.ietf.org/wg/websec/charter/ Member of the IETF Security Directorate • London OWASP chapter board member (former OWASP Germany chapter lead) www.owasp.org Defending against MITMA • Recent Attacks/Breaches • Insufficient Transport Layer Protection • Possible Solutions • HSTS - Secure Channels: Strict Transport Security • Cert Pinning • When 3 Defending against MITMA • Recent Attacks/Breaches • Insufficient Transport Layer Protection • Possible Solutions • HSTS - Secure Channels: Strict Transport Security • Cert Pinning • When 4 CA breaches March 15th 2011: Comodo breach • Nine fake certificates for seven domains were issued: mail.google.com, login.live.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and
    [Show full text]
  • Microsoft Ecosystem Phone: (425) 882-8080
    Microsoft Corporation 1 Microsoft Way, Redmond, WA, 98052 Microsoft Ecosystem Phone: (425) 882-8080 www.microsoft.com Outside Relationships Microsoft Corporation (Washington Corporation) Securities Outside Relationships Regulation and Regulators Regulators Capital Suppliers Customers Equity Structure NASDAQ Listing Customers Suppliers Capital DebtDebt StructureStructure Debt ( $63.3B @ 6/30/20) Credit Ratings: Aaa (Moody’s), AAA (S&P) Rules Bond Equity Securities Bond Financing 2039 Notes: $559M @ 5.20% 2022-2042 Notes: $1,650M @ 2.13-3.50% 2021-2056 Notes: $16,955M @ 1.55-3.95% Dividends and Common Significant Regulators Common Stock Share Repurchase Program Holders 2023-2043 Notes: $2,919M @ 2.38-4.88% Stock Repurchases Shareholders Authorized: 24 Billion Shares Authorized: $40 Billion US Securities 2020-2040 Notes: $1,571M @ 3.00-4.50% 2022-2057 Notes: $12,385M @ 2.40-4.50% Vanguard 2021-2033 Notes: $4,549M @ 2.13-3.13% Equity and Outstanding: 7.57 Billion Shares Available: $31.7 Billion Group Capital Exchange 2021-2041 Notes: $1,270M @ 4.00-5.30% 2020-2055 Notes: $15,549M @ 2.00-4.75% 2050-2060 Notes: $10,000M @ 2.53-2.68% Recordholders: 91,674 Expiration: None (7.70%) Commission BlackRock Fund The NASDAQ GovernanceGovernance Corporate Matters Advisors Stock Market Board of Directors Human Resources Sales and Finance and Legal (4.55%) John W. Thompson (Chair) Satya Nadella John W. Stanton (A, RPP) SSgA Funds Compensation & Benefits Marketing Accounting Cyber Security Management Reid G. Hoffman Sandra E. Peterson (C, GN) Emma N. Walmsley (C, R) Strategic Planning Acquisitions (3.97%) Culture Privacy Hugh F. Johnston (A) Penny S.
    [Show full text]