Cloud Hosting

The impact of pulling those certificates would be swift and severe. Once browsers like Chrome and Firefox found them missing, they would flash warnings to any visitors that the sites werent safe. Some browsers would block access altogether. A not insignificant chunk of the internet would effectively be taken out of commission. All because of this one small flaw in one niche corner of the Lets Encrypt operation.

Within two minutes of confirming the bug, the Lets Encrypt team stopped issuing any new certificates in a bid to stanch the bleeding. A little over two hours after that, they fixed the bug itself. And then they let everyone know what was coming.

We cant contact everybody, so we started contacting the largest subscribers, telling them about the situation, getting them as informed as possible, says Aas. And then we worked with them to get them to replace their certificates as quickly as possible.

Once a site operator renewed a certificate, Lets Encrypt could safely revoke the old one. No harm would befall the site. Which sounds like a simple enough solutionbut nothings simple at this kind of scale.

Bigger organizations had an easier time fixing the problem, because they generally have the resources to monitor any signs of trouble that surface and the tools to automate the renewal process. If youve got a dozen or two dozen servers or something, thats some poor sleepy-eyed soul in the middle of the night at a keyboard, says MongoDBs White. We reissued a little over 15,000 certificates [for clients], and we did it in a few hours. There was some work involved, but it wasnt catastrophic. We had measures in place to be able to rotate quickly.

Smaller sites got a big assist from the Electronic Frontier Foundation, which operates Certbot, a free software tool that automatically adds Lets Encrypt certificates to sites and renews them every 60 days. In the last two months alone, Certbot has generated certificates for 19.2 million unique sites. Fortunately we had anticipated the need to check revoked certificates for renewal in 2015, says EFF engineering director Max Hunter. Because Let's Encrypt communicated the issue early, and the code path for the query was already in place, our work was relatively straightforward. By Tuesday a team from EFF, along with volunteers in Paris and Finland, had updated Certbot to renew any revoked certificates.

Meanwhile, Lets Encrypt sent an email to every address it had on file. It created a searchable database of every affected domain so that hosting companies could see if they needed to act. We marked those certificates as expired in our internal system, and then our normal automated processes kicked in to generate and deploy new certificates, says Justin Samuel, CEO of Less Bits, a startup that operates hosting company ServerPilot.

On Tuesday night, 30 minutes before the deadline, Lets Encrypt made another announcement. Of the 3 million potentially impacted sites, 1.7 million had managed to renew their certificates, an astonishing number given the short window of time. No other CA comes close to making large-scale cert reissuing not only feasible but also fast, says Samuel.

That success also emboldened Aas to make a difficult call. Lets Encrypt would let the remaining certificates slide. We made the decision that instead of breaking more than a million websites, potentially, we just arent going to revoke them by the deadline, says Aas. We think its the right decision for the health of the internet.

It was the internet equivalent of a call from the governor minutes before midnight. Lets Encrypt will continue to revoke certificates if it can confirm that the sites have renewed them, but otherwise it is content to leave them be in their slightly broken form. The security risk is small, Aas says, and since Lets Encrypt certificates are only viable for 90 days to begin with, any stragglers will have washed out of the ecosystem by summertime at the latest.

If anything, this just reinforces that they are one of the most transparent, modern certificate authorities in the world, says MongoDBs White, who points to previous certificate snafus that for-profit companies like Symantec have badly mishandled. Its easy to armchair quarterback. But I think if people are overly critical thats misplaced.

The intricacies of internet infrastructure are generally ignored until something goes terrible wrong. This time, though, its useful to reflect on what went right. For once, the story is that nothing broke.

More Great WIRED Stories

See the original post:
The Internet Avoided a Minor Disaster Last Week - WIRED

As New York City hip hop group Non Phixion boldly proclaimed in their 2002 debut album: The Future Is Now. From drone fleets and autonomous transportation systems to smart homes with computer-controlled lighting, heating, media and security systems, a new group of highly-automated technologies is gripping the popular imagination. These technologies known collectively as the Internet of Things (IoT) form advanced ecosystems of interrelated devices with the capacity to monitor, detect, communicate and act on the real world independently of human intervention. Promising to fulfill all of our wildest technological dreams and needs, the IoT age has arrived and it looks like its here to stay.

While the consumer applications of IoT tend to receive the most attention, one area that is seeing strong growth in the uptake of IoT devices is workplace safety. Workplace safety costs businesses billions every year, and industries with especially hazardous working environments Construction, Oil & Gas, Mining, Utilities, Rail, etc. are beginning to adopt IoT technology to help minimize risk and address preventable threats. Before exploring these IoT solutions, however, let us first consider some of the key threats faced by workers in these industries.

Construction is one of the worlds most dangerous occupations, accounting for 1 in 5 worker deaths in the US and incurring tens of thousands of short- and long-term injuries each year. In construction, the major risk is falling from a height, which accounts of 26 per cent of fatal injuries in the workplace. Additional risks come from being struck by vehicles and heavy moving objects, proximity to overhead/underground high voltage power lines, confined spaces, high noise environments, and exposure to dust and fumes.

In underground mining operations, hazards include respiratory health problems

In Mining & Quarrying, sustained overexertion is the most common threat to workplace safety, accounting for 24 per cent of nonfatal injuries. In surface mining operations, specifically, the leading hazards come from geological instability (i.e. falling rocks), blast debris and collisions with large and heavy plant equipment. In underground mining operations, hazards include respiratory health problems (e.g. Black Lung), explosions and gas leaks (particularly in coal mines), heat stress, confined spaces and ionising radiation.

Other industries are often faced with some combination of the above, or similar, threats. In the Rail sector, for instance, there is high risk from collisions with vehicles, objects and machinery and vulnerability to electric shock. In Utilities, the number one risk is slips, trips and falls, accounting for 30 per cent of Lost Workday Injuries (LWIs) in 2016. And in Oil & Gas extraction, exposure to flammable gas, chemical emissions and oxygen-deficient atmospheres creates vulnerability to explosions and chemical poisoning.

What, then, is being done to tackle these threats? In a high-tech world, many safety measures currently in use hardhats, earplugs, gloves, gas masks, guardrails, harnesses, protective goggles and high visibility clothing appear decidedly primitive. Therefore, whilst these measures are still useful in minimizing risk, companies have started to integrate IoT technologies to enhance their application. These technologies bring together real-time analytics, machine learning, advanced sensors and embedded systems to offer a number of key functionalities:

Wearable technology is used to monitor a workers physiological state in real-time. Japanese wearable tech company Mitsufuji is active in this space, creating smart clothes woven from silver-metallised fibres that collect a range of data about its wearer, including heart rate and body temperature. Other examples include wristbands with bio-sensors to accurately measure stress levels and glasses that detect eye movements to identify fatigue and periods of micro-sleep.

Sensors used to measure temperature, radiation, gas leaks, carbon monoxide and other harmful chemicals can automatically alert workers to unsafe external conditions. Additionally, visual imaging software can map 3D representations of a workers environment, facilitating effective two-way communication between supervisors and personnel in the field, and remote guidance technologies provide live assistance to workers caught in serious danger (e.g. guide a miner trapped in a tunnel to the best way out).

Augmented Reality (AR) technologies offer new ways to support decision making in the field by providing holographic representations of physical equipment, while Virtual Reality (VR) technologies offer immersive situational training without the risks associated with real-life procedures. These technologies also offer up valuable behavioral data, which can be used to gauge a workers risk tolerance level and tendency to respond to danger.

Proximity detection systems utilize wearable sensors to monitor workers location, map their movements, and alert them to nearby hazards. One example of this are radio-frequency identification (RFIDs), which can measure a workers proximity to moving equipment and alert them to possible collisions and near misses. Another piece of kit is the smart helmet, which can immediately detect an accident, determine the workers location and send an alert containing coordinates to a safety control centre. The centre is able to make video and audio contact and communicate with the worker until help arrives.

Exoskeletons can assist with heavy lifting and the prevention of musculoskeletal disorders (MSDs) by analyzing worker movements and providing the necessary support. The Chairless Chair, for example, used by factory floor workers, fixes around the back and legs to provide support whenever the worker sits or crouches. Exoskeletons are also used to monitor worker movements, identifying repetitive movements and sustained periods of overexertion.

IoT innovations are helping to improve workplace safety on multiple fronts

Taken together, these IoT innovations are helping to improve workplace safety on multiple fronts. Firstly, they are preventative. By closely monitoring ones environment both internal and external IoT technologies can pre-empt and alert workers to potential dangers. Secondly, they are responsive. In the case of an accident, IoT technologies can alert supervisors and help coordinate a quick and effective response. Thirdly, they are informative. By accumulating and analyzing rich pools of data, IoT technologies can help optimize work in the field and find improved ways to limit risk.

While IoT certainly cannot eliminate all risk from the workplace it cannot prevent rocks falling in quarries, explosions on oil rigs or gas leaks in mines it can go a long way to make these environments safer and better places to work. Because when it comes down to it, workplace safety is certainly no accident!

Read the original here:
How The Internet Of Things Can Transform Workplace Safety | Baird Capital | Security News - SecurityInformed

The Global Internet Security AuditMarket Research report provided by Reports Monitor is a detailed study of the Global Internet Security AuditMarket, which covers all the essential information required by a new market entrant as well as the existing players to gain a deeper understanding of the market. The Global Internet Security AuditMarket report is divided in terms of regions, product type, applications, key players and other important factors. The report also covers the global market scenario, providing deep insights into the cost structure of the product, production and manufacturing processes and other essential factors. The report also covers the global market scenario, highlighting the pricing of the product, production and consumption volume, cost analysis, industry value, barriers and growth drivers, major market players, demand and supply ratio of the market, the growth rate of the market and forecast till 2025.

TheTop Leading players operating in the market: Covered in this Report: Symantec, Intel Security, IBM, Cisco, Trend Micro, Dell, Check Point, Juniper Networks, Kaspersky, Hewlett Packard, Microsoft, Huawei, Palo Alto Networks, FireEye, AT&T Cybersecurity, AVG Technologies, Fortinet, ESET, Venustech, H3C Technologies, NSFOCUS & More.

To Download PDF Sample Report, With 30 mins free consultation! Click Here: https://www.reportsmonitor.com/request_sample/887996

With this global Internet Security Auditmarket research report, all the manufacturers and vendors will be aware of the growth factors, shortcomings, threats, and the lucrative opportunities that the market has to offer in the next few years. The Internet Security Auditmarket research report also highlights the revenue, industry size, types, applications, players share, production volume, and consumption to gain an understanding about the demand and supply chain of the market.

Product Type Coverage (Market Size & Forecast, Major Company of Product Type etc.):System Level AuditApplication Level AuditUser Level AuditApplication Coverage (Market Size & Forecast, Different Demand Market by Region, Main Consumer Profile etc.):GovernmentEducationEnterpriseFinancialMedicalAerospace, Defense and IntelligenceTelecommunicationOthers

Global Internet Security AuditMarket: Regional SegmentationNorth America(United States, Canada, and Mexico)Europe(Germany, France, UK, Russia, and Italy)Asia-Pacific(China, Japan, Korea, India, and Southeast Asia)South America(Brazil, Argentina, Colombia, etc.)Middle East and Africa(Saudi Arabia, UAE, Egypt, Nigeria, and South Africa)

Grab Your Report at an Impressive Discount! Please click [emailprotected]https://www.reportsmonitor.com/check_discount/887996

Years that have been considered for the study of this report are as follows:

What does the report offer?

Click to view the full report details, Reports TOC, Figure and [emailprotected]https://www.reportsmonitor.com/report/887996/Internet-Security-Audit-Market

Contact UsJay MatthewsDirect: +1 513 549 5911 (U.S.)+44 203 318 2846 (U.K.)Email:[emailprotected]

Read the original:
Internet Security Audit Market Report 2020: Acute Analysis of Global Demand and Supply 2025 with Major Key Player: Symantec, Intel Security, IBM,...

China switched on the largest commercial 5G network to date on October 31, 2019. Thats when Chinas three state-owned wireless carriers, China Mobile, China Unicorn, and China Telecom, unveiled 5G subscription packages. The wireless carriers noted that they would be charging customers for speed rather than data useand peak speed would cost around $45 a month. Beijing has promised that the next-generation network will unleash a technological revolution. The announcement is a message to the United States and the world that Chinas push toward 5G global dominance will not be slowed by U.S. opposition.

Chinas investment in next-generation technologies, including information communications technology (ICT), artificial intelligence, big data analytics, cloud computing, and blockchain among others has become a high priority under President Xi Jinping. A series of government directives, white papers, initiatives, and planning strategies have pushed Chinese tech firms toward the right technologies. This ambition to turn China into a global technological and cyber power is openly geopolitical in nature as the 2016 Outline of the National Strategy for Innovation-Driven Development shows: disruptive technologies are constantly emerging, continually reshaping the worlds competitive landscape, and changing the balance of power among states.

Beijings rapidly-expanding digital and telecoms infrastructure projectsall part of the Digital Silk Roadacross the Eurasian landmass will have real-world effects on the people who live within such systems, impacting systems of governance and state power over data. As Chinese tech firms export these complex ecosystems of technologies, norms, and standards in the Smart City and Smart Port programs, the United States and its allies will have to monitor how they impact recipient nations.

For while the normative impact of these technologies is of concern, it is their wider structural potential on the global order that is the most alarming.If one considers the constituent components of the Western orderfinance, banking, technological dominance, influence over market and trade rulesit is clear that Beijing is offering alternatives at every level, constructing a vast new order that suits its own preferences. Despite the disparate nature of Chinas activities, collectively they form the basis for future hegemony. In this article, we focus on three areas in which the PRC is using technology to advance its aims: values and governance, markets and trade, and shipping.

Values and Governance

As aforementioned, Smart Cities, built on the data-rich bedrock of 5G networks, integrate disparate information from different sources to create a centralized data-exchange platform critical to day-to-day operations of administrative, industrial, environmental, energy, and security systems. The premise is that a better-integrated and effectively-operated city boosts economic activity, and promotes sustainable growth into the future, a promising technology for many municipalities in South Asia where population growth is creating fast-growing new cities. However, China will export values and norms as it trains future users of its equipment, using research networks like the National Engineering Laboratory (NEL) for Big Data Application on Social Security Risks Sensing, Prevention and Control. A 2018 Freedom House report noted how China offers training packages to foreign officials on how to handle big data on public opinion management and new media development. ZTE has helped Venezuela surveil and control its population through a smart ID card system. Linked to Chinas satellite system, the cards store location data, financial information, banking transactions, healthcare, and even voting records. The government uses the cards to control access to public benefits. Some states are shaping their cyber laws to mimic those of China with Vietnam, Egypt, Tanzania, and Uganda, producing laws, not unlike the 2016 China Internet Security Law, which requires the collection and verification of users identities.

There is a very real danger that as the chief architect and administrator of these digital networks and Smart Cities, Beijing will have access to reams of data in recipient nations, either through intelligence-sharing pacts or through direct server accessanother requirement of the 2016 Internet Security Law. Access to this dataand the ability to harvest it using big data analyticswould give Beijing leverage in the form of kompromat, using sensitive information to influence key foreign leaders on issues critical to Chinese interests.

Markets and Trade

The proliferation of Chinese mobile payment appssuch as Alipay, Baidu Wallet, and WeChat Paywill increase the amount of financial data going through Chinese hands as all such transactions must pass through a Peoples Bank of China clearinghouse, Wanglian. This enables not only Chinese tech companiesbut also its state bankto know foreign financial transactions in real-time. Aside from the expansion of mobile Chinese electronic payments systems, Chinese-built ICT networks and systems across the Digital Silk Road push recipient nations to favor both Chinas currency and its companies. In addition to currency swap agreements with many BRI partners, China has made clear its intent to de-entrench the world economy from the dominance of the dollar. The Cross-Border Inter-Bank Payments System is thought by some to be a challenge to the U.S.-led Society for Worldwide Interbank Financial Telecommunication.

As Chinese fintech grows, Chinese firms will benefit from valuable consumer information, similar to how Amazon employs real-time search aggregation to gain insights into consumer trends and wants. Chinese companies can use artificial intelligence to assess real-time market needs on a global scale. Privileged companies can bring desired products to the market ahead of domestic or U.S. companies. Moreover, Chinese companies understand the exact capacities and needs of the host countries, giving them a distinct competitive advantage over both Western and local firms in product design and production. This advantage is likely to be particularly acute in areas that China believes to be strategically important, such as in autonomous vehicles, artificial intelligence, and the Internet of Things.

SLOC Transportation Pillar

One of the oldest pillars of hegemonic power has been controlling thesea lanes and the trade that takes place upon them. Eighty percent of global trade is transported by sea and nearly two-thirds of sea trade passes through Chinese-owned ports. As of 2019, Chinese State-owned enterprises like COSCO and China Merchants own forty-two major ports in thirty-four countries across the Eurasian and African coastlines. Here, Chinas Digital Silk Road and its Maritime Silk Road come together in the form of Smart Ports. Centralizing data and increasing automation will create efficiencies and automation in loading, thus increasing capacity.

In one network, the Big Data Risk Monitoring Platform at Nannings Customs Office tracks cross-border trade with twenty-six ports across Southeast Asia. This platform allows China to track the real-time status of goods, destinations, and relationships around the world. While shipping manifests do track the movement of goods, never before have ports had the capability to comprehensively map real-time global supply chains. This information allows for an unofficial sanction system that targets the goods of nations (or even individuals) that the PRC wishes to influence. Indeed, China has already done this in a low-tech way when it restricted Philippine banana exports from entering Asian markets between 2016 and 2018 over bilateral tensions related to the South China Sea.

The world is rapidly changing and there are signs that Chinas ambitions with the Belt and Road Initiativeand all its digital componentsare part of the sticky power of a new hegemony. Chinese leaders recognize that new disruptive technologies are harbingers of change for people-to-people contacts and can also change how states trade, police, and run their municipalities. Beijings promotion of its tech firms across the Eurasian landmass allows for the future exploitation of international data for political effectallowing Chinese leaders to set rules, create norms and standards, and to control trade and political activity. We are entering an age of competition and it is not only between nations but between ideologies and the states that host them.

Dr. John Hemmings is an associate professor at the Security Studies College of the Daniel K. Inouye Asia Pacific Center for Security Studies, a US Department of Defense regional center as well as a senior associate fellow at the Henry Jackson Society, a London-based think tank. He writes in his own personal capacity.

Patrick Cha is an intern at the Daniel K. Inouye Asia Pacific Center for Security Studies. He is a 2019 graduate of the Woodrow Wilson School of Public and International Affairs at Princeton University.

Image: Reuters

Read more here:
The Hidden Dangers of China's Digital Silk Road - The National Interest