Highlighting the fact that securing communications over the Internet is more important than ever before, Afnic launches an issue paper on the DANE protocol
Phishing is a form of internet fraud that aims to steal personal information, like usernames, passwords, and credit card details, by disguising malicious websites as legitimate websites. The document discusses the history and methods of phishing attacks. Phishing messages are commonly delivered through emails, websites, and instant messages. Attack vectors include manipulating URLs, using deceptive websites that mimic real sites, and infecting computers with malware to send phishing messages from compromised devices. Defenses against phishing aim to educate users and implement technical measures at the client, server, and enterprise levels.
This document summarizes the key aspects of designing secure systems:
1) It discusses various common security threats like defacement, infiltration, phishing, and denial of service attacks.
2) It emphasizes the importance of understanding threats and designing security into systems from the beginning, rather than adding it as an afterthought.
3) Using a simple web server example, it shows how not considering security can leave systems vulnerable if authentication, access controls, and input validation are not implemented properly.
Decrypting web proxies allow enterprises to inspect encrypted traffic but undermine the security assumptions of TLS. While they can help detect threats, they break TLS authentication and confidentiality without all parties' consent. The legal and ethical implications are unclear. Full disclosure and user opt-in are recommended to balance security and privacy concerns.
In this abstract, we analyze the state of the art of end-to-end security Instant Messaging applications.
This includes the applications' network architectures, current and future challenges, and potential legal and social impact.
This document summarizes research into the privacy and security of file hosting services. The researchers studied 100 file hosting services and found that many used sequential identifiers for files, weak non-sequential identifiers, or had bugs in their software. They were able to access over 300,000 private files uploaded to services with sequential identifiers. Additionally, a honeypot experiment showed that attackers do access and download files from these services, particularly those containing credentials or other sensitive information. The researchers propose a browser plugin called SecureFS that would encrypt files before upload and require a key to download, in order to better protect user privacy on these inherently insecure file hosting services.
A novel way of integrating voice recognition and one time passwords to preven...ijdpsjournal
Phishing is a threat to all users of the internet who intend to use the web for secure transactions. In the
recent years the number of phishing attacks have increased drastically especially since the advent of ecommerce,
net banking and other services that have an emphasis on security. Phishing is characterized as
any malicious attack aided by a spoofed webpage to encourage users to input their security details.
Phishing is largely done to retrieve passwords and security details of unsuspecting users. This paper
details a new and more secure way to counteract the method of phishing
FreeSpeak- Anonymous messaging over on-demand cloud servicesPablo Panero
This document proposes the design of an anonymous messaging system called FreeSpeak that uses cloud computing and virtualization. The system routes messages through ephemeral virtual nodes similar to fast-flux networks to provide anonymity. However, some key components need high availability so they are protected using Tor hidden services. Both onion routing and public-key encryption are used to encrypt messages and protect them from unauthorized access as virtual nodes alone do not ensure anonymity. The system aims to take advantage of cloud computing features not fully used by other anonymous networks and services.
Encryption works by encoding information in such a way that only those with the key can decode it. There are two main types: symmetric-key encryption where both parties have the same key, and public-key encryption where each party has a public and private key. Popular encryption standards and protocols include AES, SSL/TLS, and algorithms like DES which use varying length encryption keys to encrypt data for transmission.
Phishing is a form of internet fraud that aims to steal personal information, like usernames, passwords, and credit card details, by disguising malicious websites as legitimate websites. The document discusses the history and methods of phishing attacks. Phishing messages are commonly delivered through emails, websites, and instant messages. Attack vectors include manipulating URLs, using deceptive websites that mimic real sites, and infecting computers with malware to send phishing messages from compromised devices. Defenses against phishing aim to educate users and implement technical measures at the client, server, and enterprise levels.
This document summarizes the key aspects of designing secure systems:
1) It discusses various common security threats like defacement, infiltration, phishing, and denial of service attacks.
2) It emphasizes the importance of understanding threats and designing security into systems from the beginning, rather than adding it as an afterthought.
3) Using a simple web server example, it shows how not considering security can leave systems vulnerable if authentication, access controls, and input validation are not implemented properly.
Decrypting web proxies allow enterprises to inspect encrypted traffic but undermine the security assumptions of TLS. While they can help detect threats, they break TLS authentication and confidentiality without all parties' consent. The legal and ethical implications are unclear. Full disclosure and user opt-in are recommended to balance security and privacy concerns.
In this abstract, we analyze the state of the art of end-to-end security Instant Messaging applications.
This includes the applications' network architectures, current and future challenges, and potential legal and social impact.
This document summarizes research into the privacy and security of file hosting services. The researchers studied 100 file hosting services and found that many used sequential identifiers for files, weak non-sequential identifiers, or had bugs in their software. They were able to access over 300,000 private files uploaded to services with sequential identifiers. Additionally, a honeypot experiment showed that attackers do access and download files from these services, particularly those containing credentials or other sensitive information. The researchers propose a browser plugin called SecureFS that would encrypt files before upload and require a key to download, in order to better protect user privacy on these inherently insecure file hosting services.
A novel way of integrating voice recognition and one time passwords to preven...ijdpsjournal
Phishing is a threat to all users of the internet who intend to use the web for secure transactions. In the
recent years the number of phishing attacks have increased drastically especially since the advent of ecommerce,
net banking and other services that have an emphasis on security. Phishing is characterized as
any malicious attack aided by a spoofed webpage to encourage users to input their security details.
Phishing is largely done to retrieve passwords and security details of unsuspecting users. This paper
details a new and more secure way to counteract the method of phishing
FreeSpeak- Anonymous messaging over on-demand cloud servicesPablo Panero
This document proposes the design of an anonymous messaging system called FreeSpeak that uses cloud computing and virtualization. The system routes messages through ephemeral virtual nodes similar to fast-flux networks to provide anonymity. However, some key components need high availability so they are protected using Tor hidden services. Both onion routing and public-key encryption are used to encrypt messages and protect them from unauthorized access as virtual nodes alone do not ensure anonymity. The system aims to take advantage of cloud computing features not fully used by other anonymous networks and services.
Encryption works by encoding information in such a way that only those with the key can decode it. There are two main types: symmetric-key encryption where both parties have the same key, and public-key encryption where each party has a public and private key. Popular encryption standards and protocols include AES, SSL/TLS, and algorithms like DES which use varying length encryption keys to encrypt data for transmission.
The document discusses electronic commerce systems and technologies. It provides an overview of topics like e-commerce models, internet protocols, security issues, and implications for accounting. Specifically, it summarizes key concepts such as the benefits of e-commerce, internet technologies like packet switching and virtual private networks, common protocols, security methods involving encryption and digital signatures, and risks associated with intranets and the internet.
This document provides an overview of botnets, including what they are, how they work, and examples of real botnets. It defines a botnet as a network of compromised computers called bots that are controlled remotely and in a coordinated way without the owner's consent. The document discusses how botnets infect computers using malware, how they communicate with command and control servers, how they are used to conduct DDoS attacks, steal money and personal information, and ways that botnets can be detected and mitigated.
This document provides an overview of fast flux hosting and double flux attacks. It describes how these techniques:
1) Exploit botnets and compromised systems to rapidly change the IP addresses and domains associated with illegal websites and DNS servers, frustrating efforts to take down these systems.
2) Involve underground business relationships where malware authors, bot herders, and fast flux service operators work together to facilitate criminal activities like phishing through these techniques.
3) Recommends education and securing vulnerable systems as ways to reduce the number of compromised systems that can be used in these botnets and fast flux attacks.
This document provides an overview of various types of cyber crimes in India, based on reports from news media and news portals. It discusses cyber stalking, hacking, phishing, cross-site scripting, and vishing. For each crime, it provides a brief definition and examples. The overall document aims to provide insight into the growing issue of cyber crimes in India and the need for law enforcement to address these threats.
The document discusses internet privacy and data protection. It defines internet privacy as the right to privacy regarding personal information stored and shared online. It notes that privacy is recognized as a human right by various international organizations and treaties. However, privacy faces numerous risks online like companies tracking browsing histories and social media sites sharing data. Strong encryption and privacy laws are important to protect individuals' information and uphold their right to privacy on the internet.
This document discusses botnets, which are networks of compromised computers ("bots") that are controlled remotely without the owners' knowledge to perform malicious activities. It describes how botnets are created by infecting vulnerable systems with malware, then propagating across networks. Botnets are controlled through centralized, peer-to-peer, or random command and control techniques using protocols like IRC. They pose major security threats by enabling large-scale spamming, DDoS attacks, phishing and more. Detecting and disrupting botnets is challenging due to their distributed nature and attackers' use of dynamic command channels.
This document provides a monthly roundup of cybersecurity news and events from May 2018. It discusses the emergence of new ransomware variants called Annabelle and MBRlock that encrypt the master boot record. It also reports on alerts issued by the FBI and DHS about malware used by the North Korean hacking group Hidden Cobra called Joanap RAT and Brambul SMB worm. Other topics summarized include a Facebook bug that set posts to public by default, the newly discovered RedEye ransomware, a vishing scam that stole Rs. 7 lakhs from a woman in India, Microsoft's acquisition of GitHub, and data breaches at MyHeritage and Operation Prowli impacting over 40,000 servers.
Analytical Study on Network Security Breach’sijtsrd
Throughout the previous few years, Computer systems were principally utilized by association for correspondence between various divisions. Under these conditions security was not a significant concern and it didnt get part of consideration. Be that as it may, presently, there is an extraordinary effect of between organize job in every single residents life, from Banking – Hospitals Education Transportation and so forth. However, presently arrange has sprouted different security concerns. In any case, presently with the expanding utilization of Computer in everyday action there is a serious requirement for robotized devices for securing touchy information and data put away on the Computer. Especially for the situation for a mutual framework, for example, time sharing framework and where the need is significantly increasingly intense for frameworks that is available for an open phone or an information organize. The standard name for the assortment of devices to ensure information and to forestall Hackers is Computer Security . This proposition talk about and depicts spoofing , which is if an aggressor can tune in for a customers ask for and imitate an answer before the genuine location server can, at that point the customer will utilize the data gave by the hacker. This is known as spoofing. Siddiqui Sana Afreen "Analytical Study on Network Security Breach’s" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30403.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/30403/analytical-study-on-network-security-breach%E2%80%99s/siddiqui-sana-afreen
Ransomware has become a lucrative criminal enterprise, with cyber criminals extorting over $209 million from organizations in just the first three months of 2016 alone. Ransomware works by encrypting files on infected machines and demanding ransom payments in exchange for the decryption key. While early ransomware dated back to 2005, the threat grew significantly in 2015 with over 400,000 infections and $325 million stolen. Ransomware variants now aim to disrupt device usage until payment is made. Organizations can help mitigate the risk of ransomware through practices like regular backups, keeping software updated, limiting user privileges, and restricting unknown applications.
The document provides tips and information about internet safety. It discusses 11 tips for safe internet use such as using strong passwords, not chatting with strangers, and only downloading software from trusted sites. It also discusses security levels on networks including keeping information secret, integrity of data, and availability of resources. Types of internet threats are explored such as passive attacks like traffic analysis and disclosure of message contents. Active attacks like masquerading, message modification, and denial of service are also outlined. Laws around internet safety for children are mentioned like COPPA, which requires parental consent for collection of personal information from kids.
The document provides information about IP address classes and their characteristics. It discusses:
- The five classes of IP addresses (A, B, C, D, E), along with their address ranges and number of hosts/networks supported.
- Common IP address formats and components like subnet masks.
- Private and public IP addresses. Private addresses cannot access the internet directly while public addresses can.
- Other IP-related topics like loopback addresses, IPv4 vs IPv6, and the organization responsible for IP address assignment.
RansomCloud O365: Pay por your Office 365 e-mailTelefónica
This paper describes how next generation of ransonware could attack Office 365 users. The idea is that just stealing an OAuth Token, attacker could encrypt all victim´s inbox.
Ransomware is a PC or Mac-based malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.
Not only can ransomware encrypt the files on your computer; the software is smart enough to travel across your network and encrypt any files located on shared network drives. This can lead to a catastrophic situation whereby one infected user can bring an entire company to a halt.
A presentation I am giving this evening, as a guest speaker, invited by the Wisconsin Union Directorate, on the topics of cybersecurity, hacking, and privacy. The presentation covers some timely topics, such as: Hacking, Botnets, Deep Web, Target Stores Data Breach, Bitcoin and Ransomware. The presentation is designed to educate, stimulate conversation and entertain and is open to all students, faculty and staff of UW-Madison, who are interested in learning more about computer security and IT threats.
The document discusses the need for privacy and security in cyberspace due to vulnerabilities in the current internet. It proposes a new "Internet 2.0" called a multimode internet that would provide both dedicated and private communication using a new transmission protocol. This would allow for more secure communication and the ability to hold hackers accountable. It also discusses the need for a "TelephonyDNS" that would map domain names to telephone numbers to support this new multimode internet architecture.
The document discusses how customer involvement is crucial to defending against phishing attacks. While technology plays a role, phishing relies on tricking users into taking actions. The most effective solutions are regularly educating customers on identifying phishing techniques and conducting "ethical phishing" tests to modify customer behavior over time. By maintaining awareness and vigilance through ongoing training, organizations can significantly reduce the success of phishing scams.
This document discusses several key issues relating to the investigation and regulation of cybercrimes. It covers topics such as obtaining witness cooperation, choosing the appropriate jurisdiction, logistical barriers to international investigations, identifying suspects, challenges with search and seizure of digital evidence, problems of encryption, locating and securing relevant materials, use of mutual assistance treaties, and securing extradition when suspects are located across international borders. Overall, the document outlines the complex legal and technical challenges involved in investigating cybercrimes that cross international lines.
Social enigneering (Security) is the new threat and its growing day by day specially in India and its sub contenents. this presentation is all aout social engineering threat and some tips to prevent from this attack.
What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.
Moving Beyond VoIP to Cloud-Based TelephonyFonality
Dynamic, fast-growing businesses like yours know a lot about staying ahead of the competition. You have to move fast, keep things simple, please your customers, and most of all use your resources wisely – including financial, human and technical resources. VoIP (Voice over IP) technology can help you do many of these things, bringing you a lot of benefits legacy phone systems can’t.
1) The document provides menu options for pizza, pasta, chicken, and salads from California Pizza Kitchen including pizza topped with BBQ chicken and sausage or chicken and mushroom.
2) It also includes kids' meal options and desserts like a triple fudge brownie or fresh fruit sundae.
3) Various drinks like soda, juice, and milk are listed as available beverage options.
The document discusses electronic commerce systems and technologies. It provides an overview of topics like e-commerce models, internet protocols, security issues, and implications for accounting. Specifically, it summarizes key concepts such as the benefits of e-commerce, internet technologies like packet switching and virtual private networks, common protocols, security methods involving encryption and digital signatures, and risks associated with intranets and the internet.
This document provides an overview of botnets, including what they are, how they work, and examples of real botnets. It defines a botnet as a network of compromised computers called bots that are controlled remotely and in a coordinated way without the owner's consent. The document discusses how botnets infect computers using malware, how they communicate with command and control servers, how they are used to conduct DDoS attacks, steal money and personal information, and ways that botnets can be detected and mitigated.
This document provides an overview of fast flux hosting and double flux attacks. It describes how these techniques:
1) Exploit botnets and compromised systems to rapidly change the IP addresses and domains associated with illegal websites and DNS servers, frustrating efforts to take down these systems.
2) Involve underground business relationships where malware authors, bot herders, and fast flux service operators work together to facilitate criminal activities like phishing through these techniques.
3) Recommends education and securing vulnerable systems as ways to reduce the number of compromised systems that can be used in these botnets and fast flux attacks.
This document provides an overview of various types of cyber crimes in India, based on reports from news media and news portals. It discusses cyber stalking, hacking, phishing, cross-site scripting, and vishing. For each crime, it provides a brief definition and examples. The overall document aims to provide insight into the growing issue of cyber crimes in India and the need for law enforcement to address these threats.
The document discusses internet privacy and data protection. It defines internet privacy as the right to privacy regarding personal information stored and shared online. It notes that privacy is recognized as a human right by various international organizations and treaties. However, privacy faces numerous risks online like companies tracking browsing histories and social media sites sharing data. Strong encryption and privacy laws are important to protect individuals' information and uphold their right to privacy on the internet.
This document discusses botnets, which are networks of compromised computers ("bots") that are controlled remotely without the owners' knowledge to perform malicious activities. It describes how botnets are created by infecting vulnerable systems with malware, then propagating across networks. Botnets are controlled through centralized, peer-to-peer, or random command and control techniques using protocols like IRC. They pose major security threats by enabling large-scale spamming, DDoS attacks, phishing and more. Detecting and disrupting botnets is challenging due to their distributed nature and attackers' use of dynamic command channels.
This document provides a monthly roundup of cybersecurity news and events from May 2018. It discusses the emergence of new ransomware variants called Annabelle and MBRlock that encrypt the master boot record. It also reports on alerts issued by the FBI and DHS about malware used by the North Korean hacking group Hidden Cobra called Joanap RAT and Brambul SMB worm. Other topics summarized include a Facebook bug that set posts to public by default, the newly discovered RedEye ransomware, a vishing scam that stole Rs. 7 lakhs from a woman in India, Microsoft's acquisition of GitHub, and data breaches at MyHeritage and Operation Prowli impacting over 40,000 servers.
Analytical Study on Network Security Breach’sijtsrd
Throughout the previous few years, Computer systems were principally utilized by association for correspondence between various divisions. Under these conditions security was not a significant concern and it didnt get part of consideration. Be that as it may, presently, there is an extraordinary effect of between organize job in every single residents life, from Banking – Hospitals Education Transportation and so forth. However, presently arrange has sprouted different security concerns. In any case, presently with the expanding utilization of Computer in everyday action there is a serious requirement for robotized devices for securing touchy information and data put away on the Computer. Especially for the situation for a mutual framework, for example, time sharing framework and where the need is significantly increasingly intense for frameworks that is available for an open phone or an information organize. The standard name for the assortment of devices to ensure information and to forestall Hackers is Computer Security . This proposition talk about and depicts spoofing , which is if an aggressor can tune in for a customers ask for and imitate an answer before the genuine location server can, at that point the customer will utilize the data gave by the hacker. This is known as spoofing. Siddiqui Sana Afreen "Analytical Study on Network Security Breach’s" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30403.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/30403/analytical-study-on-network-security-breach%E2%80%99s/siddiqui-sana-afreen
Ransomware has become a lucrative criminal enterprise, with cyber criminals extorting over $209 million from organizations in just the first three months of 2016 alone. Ransomware works by encrypting files on infected machines and demanding ransom payments in exchange for the decryption key. While early ransomware dated back to 2005, the threat grew significantly in 2015 with over 400,000 infections and $325 million stolen. Ransomware variants now aim to disrupt device usage until payment is made. Organizations can help mitigate the risk of ransomware through practices like regular backups, keeping software updated, limiting user privileges, and restricting unknown applications.
The document provides tips and information about internet safety. It discusses 11 tips for safe internet use such as using strong passwords, not chatting with strangers, and only downloading software from trusted sites. It also discusses security levels on networks including keeping information secret, integrity of data, and availability of resources. Types of internet threats are explored such as passive attacks like traffic analysis and disclosure of message contents. Active attacks like masquerading, message modification, and denial of service are also outlined. Laws around internet safety for children are mentioned like COPPA, which requires parental consent for collection of personal information from kids.
The document provides information about IP address classes and their characteristics. It discusses:
- The five classes of IP addresses (A, B, C, D, E), along with their address ranges and number of hosts/networks supported.
- Common IP address formats and components like subnet masks.
- Private and public IP addresses. Private addresses cannot access the internet directly while public addresses can.
- Other IP-related topics like loopback addresses, IPv4 vs IPv6, and the organization responsible for IP address assignment.
RansomCloud O365: Pay por your Office 365 e-mailTelefónica
This paper describes how next generation of ransonware could attack Office 365 users. The idea is that just stealing an OAuth Token, attacker could encrypt all victim´s inbox.
Ransomware is a PC or Mac-based malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.
Not only can ransomware encrypt the files on your computer; the software is smart enough to travel across your network and encrypt any files located on shared network drives. This can lead to a catastrophic situation whereby one infected user can bring an entire company to a halt.
A presentation I am giving this evening, as a guest speaker, invited by the Wisconsin Union Directorate, on the topics of cybersecurity, hacking, and privacy. The presentation covers some timely topics, such as: Hacking, Botnets, Deep Web, Target Stores Data Breach, Bitcoin and Ransomware. The presentation is designed to educate, stimulate conversation and entertain and is open to all students, faculty and staff of UW-Madison, who are interested in learning more about computer security and IT threats.
The document discusses the need for privacy and security in cyberspace due to vulnerabilities in the current internet. It proposes a new "Internet 2.0" called a multimode internet that would provide both dedicated and private communication using a new transmission protocol. This would allow for more secure communication and the ability to hold hackers accountable. It also discusses the need for a "TelephonyDNS" that would map domain names to telephone numbers to support this new multimode internet architecture.
The document discusses how customer involvement is crucial to defending against phishing attacks. While technology plays a role, phishing relies on tricking users into taking actions. The most effective solutions are regularly educating customers on identifying phishing techniques and conducting "ethical phishing" tests to modify customer behavior over time. By maintaining awareness and vigilance through ongoing training, organizations can significantly reduce the success of phishing scams.
This document discusses several key issues relating to the investigation and regulation of cybercrimes. It covers topics such as obtaining witness cooperation, choosing the appropriate jurisdiction, logistical barriers to international investigations, identifying suspects, challenges with search and seizure of digital evidence, problems of encryption, locating and securing relevant materials, use of mutual assistance treaties, and securing extradition when suspects are located across international borders. Overall, the document outlines the complex legal and technical challenges involved in investigating cybercrimes that cross international lines.
Social enigneering (Security) is the new threat and its growing day by day specially in India and its sub contenents. this presentation is all aout social engineering threat and some tips to prevent from this attack.
What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.
Moving Beyond VoIP to Cloud-Based TelephonyFonality
Dynamic, fast-growing businesses like yours know a lot about staying ahead of the competition. You have to move fast, keep things simple, please your customers, and most of all use your resources wisely – including financial, human and technical resources. VoIP (Voice over IP) technology can help you do many of these things, bringing you a lot of benefits legacy phone systems can’t.
1) The document provides menu options for pizza, pasta, chicken, and salads from California Pizza Kitchen including pizza topped with BBQ chicken and sausage or chicken and mushroom.
2) It also includes kids' meal options and desserts like a triple fudge brownie or fresh fruit sundae.
3) Various drinks like soda, juice, and milk are listed as available beverage options.
La civilización maya se desarrolló entre los siglos III y XV en el sur de México, Honduras y Guatemala. Su economía se basaba principalmente en la agricultura, cultivando maíz, calabaza, frijoles y otros productos. También practicaban la caza, pesca y recolección, así como el comercio de productos entre sus ciudades-estado.
El documento describe varios motores de búsqueda web populares como Google, Yahoo, Bing, Ask y otros, y brinda breves descripciones sobre sus características y orígenes.
Miguel Ángel Mauleón ha dedicado 60 años a las artes plásticas, creando más de 2,000 obras que describen paisajes y aspectos culturales de México. Ha realizado 42 exposiciones individuales y 78 colectivas en México y otros países. A lo largo de su carrera ha recibido varios reconocimientos por su contribución al arte mexicano.
Este CV presenta la experiencia profesional y educativa de José María Medina Villaverde. Detalla su educación como Ingeniero de Caminos, Canales y Puertos y Doctor en Ciencias del Mar, así como su experiencia como Director General de una compañía de ingeniería marítima y profesor universitario. También incluye información sobre sus diversas certificaciones profesionales, publicaciones, pertenencia a asociaciones y experiencia docente.
Beim Symposium zum 6. Europäischen Antibiotikatag am 15. November 2013 im Festsaal des Gesundheitsministeriums (BMG) wurden die jüngsten Entwicklungstrends in der Human- und Veterinärmedizin sowie der Österreichische Aktionsplan gegen Antibiotika-Resistenzen (NAP-AMR) präsentiert. Ziel der gemeinsamen Bemühungen der Bereiche Human- und Veterinärmedizin sowie Lebensmittelsicherheit ist es, die Entstehung und Ausbreitung von antimikrobiellen Resistenzen nachhaltig zu vermindern, um die Wirksamkeit der vorhandenen antimikrobiell wirksamen Substanzen zu erhalten und die Qualität der antimikrobiellen Therapien zu fördern. Die AGES-ExpertInnen arbeiten an der Erstellung des AURES-Resistenzberichts mit, um für Österreich repräsentative Daten zur antimikrobiellen Resistenz und Entwicklungstrends zum Verbrauch antimikrobieller Substanzen darstelle zu können. Außerdem erhebt die AGES die verkauften Mengen von Antibiotika in der Nutztiermedizin seit 2010: In Österreich wurden 2012 insgesamt 53,22 Tonnen Antibiotika an TierärztInnen für den Einsatz in der Veterinärmedizin verkauft. Der Trend ist insgesamt rückläufig. Link: http://www.ages.at/ages/ages-akademie/programm/15112013-symposium-zum-6-europaeischer-antibiotikatag/
Este documento describe diferentes tipos de dispositivos eléctricos utilizados en instalaciones interiores, incluyendo dispositivos libres de potencial, automáticos de escalera, interruptores crepusculares, detectores de presencia, reguladores de intensidad luminosa, relés y contactores, temporizadores, termostatos, anemómetros y mandos a distancia por infrarrojos.
Este documento describe la diabetes mellitus. Define la diabetes como un trastorno metabólico caracterizado por hiperglicemia crónica debido a alteraciones en el metabolismo de los hidratos de carbono, grasas y proteínas. Clasifica la diabetes en cuatro tipos: tipo 1, tipo 2, otros tipos específicos y diabetes gestacional. La diabetes tipo 1 resulta de la destrucción de las células beta pancreáticas que producen insulina, mientras que la tipo 2 resulta de un defecto progresivo en la secreción de insulina en el contexto de resistencia a
Pablo Escobar fue un narcotraficante colombiano y fundador del cartel de Medellín. Nació en 1949 y murió en 1993. Dirigió uno de los carteles más grandes y poderosos dedicados al tráfico de cocaína desde Colombia hacia Estados Unidos en las décadas de 1970 y 1980. Utilizó tácticas terroristas para oponerse a la extradición hacia EE.UU. y desestabilizar el gobierno colombiano.
Quadrilaterals & their properties(anmol)Anmol Pant
This document defines and compares different types of quadrilaterals. It discusses their defining properties, including:
- Quadrilaterals have four sides and the interior angles sum to 360 degrees.
- Specific types include parallelograms, rectangles, squares, rhombuses, trapezoids, and kites. Each have unique properties like pairs of parallel sides, right angles, or congruent sides.
- Trapezoids can be either isosceles, with two equal legs, or general with unequal legs. Properties like median length and diagonal length are described.
La festividad de San Juan en Barcelona conmemora el solsticio de verano con hogueras, fuegos artificiales y la "Coca de Sant Joan". Se celebra el 23 de junio con reuniones familiares alrededor de hogueras y fuegos artificiales para honrar al rey Sol. Aunque hay prohibiciones como hacer fogatas para reducir el impacto ambiental, la noche se llena de luz, color y sonido gracias a los fuegos artificiales.
C 2 Puntos Informática S.L. ofrece una variedad de servicios informáticos como reparación y venta de ordenadores, programación a medida, mantenimiento de empresas, venta de consumibles, montaje de redes, recarga de teléfonos, tarjetas prepago, recuperación de datos, y fotocopias. También proporcionan presupuestos sin compromiso para proyectos como reparaciones, programas personalizados, mantenimiento de redes, y recuperación de datos dañados.
El documento explica cómo diferentes grupos de personas pueden usar varias redes sociales y herramientas en línea para compartir información sobre temas relacionados con la gestión de procesos universitarios. Se asignan diferentes redes y herramientas a estudiantes universitarios de todas las carreras, estudiantes de ingeniería, colegiales y bachilleres, profesionales de áreas administrativas y abogados para que puedan interactuar y contribuir a una mejor comprensión de la importancia de la gestión de procesos.
The National ICT Conference 2009 was held from 9-11 June 2009 at the Putrajaya International Convention Centre. The theme of the conference was "Connected Government For 1Malaysia" with the goal of enhancing public and private sector partnerships to improve ubiquitous, reliable, trusted, consistent and hassle-free government service delivery. Over the three days, the conference featured sessions on global best practices, innovation, security, community engagement, and strategies for realizing a connected government. High-level representatives from both public and private sectors in Malaysia and other countries participated in panels, plenaries and discussions.
This document introduces Shane Russell's book "What Makes Money Grow on Trees", which provides steps and techniques for becoming successful. It promotes Russell's business consulting services and coaching program to help readers start and build their own business. The document contains an introduction, overview of consulting services, and table of contents that outlines the book's chapters on getting started, creating a website, and various methods for making money online like affiliate marketing, pay-per-click, creating a niche, writing eBooks, and social networking. It encourages readers to become insider members on Russell's website for free resources and products.
Catálogo mitsubishi electric aire acondicionado msz hjRooibos13
La serie MSZ-HJ de Mitsubishi Electric ofrece aire acondicionados con tecnología avanzada a un precio asequible, proporcionando control preciso de la temperatura, alta eficiencia energética y un diseño compacto y elegante.
The document discusses securing remote access connections by using a virtual private network (VPN) with Windows Server 2012 R2's Routing and Remote Access feature. It will use Extensible Authentication Protocol-Transport Level Security (EAP-TLS) and smartcards for authentication to encrypt traffic and securely connect remote users to the network. The goal is to properly secure these connections to provide end users with secure access to potentially sensitive company data and resources from outside the office.
A Presentation by:
REMMY NWEKE, 2016 Fellow, Cyber Security Policy Defender
Secretary, Cyber Security Experts Association of Nigeria (CSEAN)
Lagos Branch
To mark the Cyber Security Awareness Campaign,
October 2016
The document discusses various topics related to the internet and social media. It defines internet as a vast collection of interconnected networks that allow sharing of data. It explains key concepts like the world wide web, internet protocols, domain name system, IP addresses, electronic mail, browsers, search engines, and social media platforms. It provides advantages and disadvantages of social media and discusses privacy issues associated with social media use.
This document provides an overview of how the internet can be used for forensic investigations. It discusses how the internet is a network of networks that connects computers globally. It describes how the world wide web, email, internet cookies, browsing history and bookmarks can be analyzed forensically to find evidence of a user's online activity. It also discusses how IP addresses, internet logs, volatile memory and network traffic can be investigated to identify hackers or in intrusion cases.
This paper analyzes vulnerabilities of the SSL/TLS
Handshake
protocol
, which
is
responsible
for
authentication of
the parties in the
communication
and
negotiation of
security parameters
that
will be used
to protect
confidentiality and
integrity of the
data
. It
will
be
analyzed the
attacks
against the implementation of Handshake
protocol, as well as the
attacks against the other
elements
necessary to SSL/TLS protocol to discover security
flaws that were exploited, modes of
attack, the potential consequences, but also studyi
ng methods of defense
.
All versions of the
protocol are going to be the subject of the researc
h but
emphasis will be placed
on the critical
attack that
the most endanger the safety of data.
The goal of
the research
is
to point out the
danger of
existence
of at least
vulnerability
in the SSL/TLS protocol
, which
can be exploited
and
endanger the safety of
the data
that should be protected.
This paper analyzes vulnerabilities of the SSL/TLS Handshake protocol, which is responsible for authentication of the parties in the communication and negotiation of security parameters that will be used to protect confidentiality and integrity of the data. It will be analyzed the attacks against the implementation of Handshake protocol, as well as the attacks against the other
elements necessary to SSL/TLS protocol to discover security flaws that were exploited, modes of
attack, the potential consequences, but also studying methods of defense. All versions of the
protocol are going to be the subject of the research but emphasis will be placed on the critical attack that the most endanger the safety of data. The goal of the research is to point out the
danger of existence of at least vulnerability in the SSL/TLS protocol, which can be exploited and endanger the safety of the data that should be protected.
This document discusses security measures for e-commerce, including securing communication channels through SSL/TLS and VPNs, protecting networks with firewalls and proxy servers, and protecting servers and clients with operating system security enhancements and anti-virus software. It provides details on how these technologies establish secure connections, filter traffic, prevent unauthorized access, and protect against viruses and hackers. The goal is to secure e-commerce transactions and sensitive information from interception or modification during transmission.
The document describes a man-in-the-middle attack against server-authenticated SSL sessions. It discusses how an attacker can: (1) redirect traffic by manipulating DNS or network topology; (2) sniff and modify traffic in real-time using a program; and (3) forward modified traffic while handling SSL/TLS encryption to avoid detection. The attack relies on flaws in SSL/TLS implementation and users' tendency to ignore security warnings to intercept secure connections without triggering alerts.
Blaa is a hybrid (POW + POS) based crypto asset that combines mining coins and platforms such as Ethereum, Blood Mainnet.
It will be used as a major currency system that is universally used in the virtual district called Bloodland, with over 8,000 owners of Bloodland and 1 million cells in the virtual district were sold. Based on the secure chat called BlaaChat, an application consisting of a messaging service, game, blood donation, and the virtual district Bloodland, has already been launched in Google Play and App Store. In the future, Bloodland will be realized by matching the virtual communication world with the actual location of the Earth based on VR.
Blaa is one of the BF3 Blood Mainnets. This is to complete the world view of Blood that has a variety of world views such as security chat, blockchain, and Bloodland on the BlaaChat platform, which combines the advantages of POW and POS to increase the versatility of the Blood Mainnet and its external appearance. It has a purpose to expand to.
This document discusses network security and cryptography. It begins by introducing network security concepts like secrecy, authentication, nonrepudiation, and integrity. It then discusses cryptography topics such as symmetric and public key encryption. Specific algorithms like RSA are explained. The document also discusses security issues at different layers of the network and summarizes techniques used at each layer.
This document summarizes certificate authorities (CAs) and their role in authenticating users and their public keys. It discusses how CAs operate in a hierarchical structure, with root CAs at the top preloaded on devices. Lower level CAs can be authenticated by verifying the chain of certificates up to a root CA. The document also describes how certificates, which are a user's public key signed by a CA, can be used to authenticate parties when exchanging keys for encrypted communication. It provides an overview of the certificate format and validation process.
Digital certificates are used to verify the identity of entities providing services over the internet and ensure secure communication. A digital certificate contains a public key, identity information, and has an expiration date. It is issued by a trusted certificate authority to validate the owner of a public key. When requests are made to a service, the recipient can verify the certificate to confirm the sender is authentic. Certificates help establish encrypted connections and trust in online transactions. Expired or stolen certificates still allow the thief to use the public key until the expiration date, so timely renewal and revocation is important for security.
Internet security involves protecting systems and data from unauthorized access. Common security threats include hacking, viruses, phishing, and denial of service attacks. It is important for users to implement security measures like firewalls and keep software updated to prevent intrusions and thefts of personal information.
Internet security involves protecting systems and data from unauthorized access. Common security threats include hacking, viruses, phishing, and denial of service attacks. It is important for users to implement security measures like firewalls and keep software updated to prevent intrusions and thefts of personal information.
WebRTC introduces new security considerations for real-time communications. The document discusses various VoIP attacks that could impact WebRTC like denial of service, fraud, and illegal interception. It also examines vulnerabilities from accessing devices, signaling sent in plain text, and cross protocol attacks. The presentation recommends using TLS for signaling, getting user permission for devices, DTLS-SRTP for media encryption, and identity management through providers. Integrating WebRTC with IMS can leverage the authentication of IMS subscriptions for web credentials.
- VoIP attacks Denial of service. Fraud. Illegal interception. Illegal control.
- Adhoc WebRTC attacks: malicious HTML code. Webservers. Forced DoS. Cam/mic control. Etc.
- Protection: Role of border elements (SBC, media gateways,...). WebRTC Portal and web servers. Browser mechanisms
- Identity Management: Anonymous calls. OpenID and third parties. Telco identity. Real implementations
The document discusses the evolution and key concepts of the internet and web infrastructure that supports e-commerce. It describes how the internet originated and was developed in three phases from 1961 to present. It also explains important technologies like packet switching, TCP/IP protocols, client-server computing, and cloud computing. Finally, it outlines several internet protocols, services provided by internet service providers, features of the internet and web that enable e-commerce, and mobile commerce applications.
The document provides information on basics of internet, intranet, email, audio and video conferencing. It defines internet as a worldwide network of interconnected computer networks that transmit data. An intranet is a private network within an organization that uses internet protocols. Email consists of a header with sender/recipient fields and a message body. Audio and video conferencing allow real-time communication over the internet.
Similar to Securing Internet communications end-to-end with the DANE protocol (20)
L’Afnic publie désormais un bilan trimestriel de ses procédures alternatives de résolution de litiges. Découverte de l’étude de ce premier trimestre 2015.
Sécuriser les communications sur Internet de bout-en-bout avec le protocole DANEAfnic
Alors que la sécurisation des communications sur Internet n’a jamais été autant d’actualité, l’Afnic lance un dossier thématique consacré au protocole DANE
AFNIC just published a Practical Guide to DNSSEC deployment: this implementation and deployment manual provides practical guidance for DNS hosts to configure DNSSEC on their infrastructure;
L'Afnic vient de publier un guide pratique de déploiement de DNSSEC : ce manuel de mise en œuvre et de déploiement permet d’aider concrètement les hébergeurs de DNS à configurer DNSSEC sur leurs infrastructures. Plus d'information sur http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7380/show/l-afnic-s-engage-dans-la-promotion-de-dnssec-2.html
The document discusses the life cycle of .FR domain names. Domain names are registered for 1 to 10 years and must be renewed before expiration to remain active. Domain names that are not renewed on time will first be put on hold, then deleted and made available for new registration after a certain waiting period if not renewed by the original owner.
Voir cette présentation en vidéo sur http://www.youtube.com/watch?v=mLQT_i-Lgsk
Isabelle Chrisment (Inria) présente "L'initiative PLATON (PLATeforme d'Observation de l'interNet) lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
JCSA2013 07 Pierre Lorinquer & Samia M'timet - Observatoire de la résilience ...Afnic
Voir la présentation en vidéo sur http://www.youtube.com/watch?v=lhkAtsCm6fw
Pierre Lorinquer (ANSSI) et Samia M'Timet (Afnic) présentent l'essentiel de l'Observatoire 2012 de la résilience de l'Internet en France lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
L'Observaoire en question est en ligne sr http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7126/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012-2.html
JCSA2013 06 Luigi Iannone - Le protocole LISP ("Locator/Identifier Sepration ...Afnic
Voir la présentation en vidéo sur http://www.youtube.com/watch?v=Om1zqb2VuPM
Luigi Iannone (Télécom ParisTech) présente "Vers un renforcement de l'architecture Internet : le protocole LISP ("Locator/Identifier Separation Protocol")" lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
JCSA2013 05 Pascal Thubert - La frange polymorphe de l'InternetAfnic
Pascal Thubert (Cisco) présente "La frange polymorphe de l'Internet" lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
JCSA2013 04 Laurent Toutain - La frange polymorphe de l'InternetAfnic
Voir la vidéo sur http://www.youtube.com/watch?v=tVzz_CSFs8A
Laurent Toutain (Télécom Bretagne) présente "La frange polymorphe de l'Internet" lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
JCSA2013 03 Christian Jacquenet - Nouveau shéma d'acheminement de trafic déte...Afnic
Retrouvez la vidéo en français sur http://www.youtube.com/watch?v=3ezs-JDac0k
Christian Jacquenet (Orange Labs) présente "Un nouveau shéma d'acheminement de trafic déterministe" lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
JCSA2013 01 Tutoriel Stéphane Bortzmeyer "Tout réseau a besoin d'identificate...Afnic
Voir la vidéo de cette présentation sur http://www.youtube.com/watch?v=HW1gkg8D7s8
Stéphane Bortzmeyer (Ingénieur R&D à l'Afnic) présente son tutoriel "Tout réseau a besoin d'identificateurs. Lesquels choisir ?" lors de la Journée du Conseil scientifique de l'Afnic 2013 (JCSA2013), le 9 juillet 2013 dans les locaux de Télécom ParisTech.
Au sujet de ce tutoriel, Stéphane Bortzmeyer indique :
Dans tout réseau, il faut identifier les objets (machines, humains, programmes en cours
d'exécution, fichiers, etc.). Cela a toujours mené à des très longs débats. Par exemple, dans les cours universitaires classiques, mais aussi dans des normes techniques comme le RFC 791, on trouve de savantes définitions des noms, des adresses, des routes, définitions que je trouve imparfaites et qui, surtout, ne collent pas du tout avec la réalité de l'Internet. On entend aussi souvent des erreurs comme de prétendre qu'un URL indique où se trouve une ressource (rien n'est plus faux). Il vaut donc mieux adopter une autre perspective, celle des propriétés.
Plutôt que d'essayer de définir la différence entre un nom et une adresse, ou de reprendre le débat philosophique entre URL et URN, attachons-nous à déterminer les propriétés des différents types d'identificateurs et voyons lesquelles sont importantes pour chaque cas d'usage.
La discussion est d'autant plus importante que, si certains identificateurs n'ont qu'on rôle technique et sont largement cachés à l'utilisateur (pensons aux adresses MAC par exemple), d'autres sont un vecteur d'identité.
Sur l'Internet, vous n'êtes pas Jean Dupont, né le 3 octobre 1978 à Bois-le-Roi, vous êtes "jdupont43" sur Twitter, vous êtes jean.dupont.fr, vous êtes jeannot@gmail.com, et
ces identificateurs, qui apparaissent à tous, sont votre identité. La première partie de l'exposé portera donc sur ces vecteurs d'identité. Quel est notre futur ?
Quelle identité sera la principale ? Aurons-nous une pluralité d'identités ou bien Facebook sera t-il le seul fournisseur d'identité (comme c'est le cas aujourd'hui pour certaines entreprises qui mettent leur identifiant Facebook sur leurs cartes de visite et publicités) ? Les identités seront-elles basées sur un système centralisé comme Facebook, sur un système arborescent comme les noms de domaine (avec, par exemple, la technologie WebFinger) ou sur autre chose ?
La deuxième partie sera consacrée aux identificateurs fondés sur le contenu. Popularisés par les magnets (utilisés notamment par BitTorrent), normalisés sous la forme des URI "ni", quelle place prendront-ils dans le bestiaire des identificateurs ? Des systèmes de résolution efficaces seront-ils mis en place pour ces identificateurs ?
The document discusses the introduction of new generic top-level domains (gTLDs) by the Internet Corporation for Assigned Names and Numbers (ICANN). It notes that while most domain names use .com and country code TLDs, ICANN's new gTLD program will allow for greater diversification. The new gTLDs will launch starting in late 2013, with some targeting specific regions, communities or industries. However, uptake of new gTLDs will depend on promotion efforts and whether users find them intuitive. The document analyzes challenges around establishing new gTLDs and ensuring users understand and adopt them.
Observatoire sur la résilience Internet en France-2012Afnic
Créé par l’Afnic & l’ANSSI, il a pour objectifs de définir puis de mesurer des indicateurs représentatifs de la résilience de l'Internet français.
Plus d'information sur http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7126/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012-2.html
Afnic Public Consultation overview on the Opening of 1 and 2 charactersAfnic
This document provides an overview of a public consultation conducted by Afnic, the .fr registry, regarding opening registration of 1 and 2 character domain names under .fr. The consultation gathered opinions on possible opening procedures and naming restrictions through an online survey. Most discussion of the consultation was positive on social media. Contributions recommended a sunrise period to protect rights holders, special high pricing to prevent speculation, and limited naming restrictions. In general, the consultation suggested opening with a sunrise period, dissuasive pricing, and limited restrictions for 1 and 2 character .fr domains.
Cleades Robinson, a respected leader in Philadelphia's police force, is known for his diplomatic and tactful approach, fostering a strong community rapport.
Methanex is the world's largest producer and supplier of methanol. We create value through our leadership in the global production, marketing and delivery of methanol to customers. View our latest Investor Presentation for more details.
ZKsync airdrop of 3.6 billion ZK tokens is scheduled by ZKsync for next week.pdfSOFTTECHHUB
The world of blockchain and decentralized technologies is about to witness a groundbreaking event. ZKsync, the pioneering Ethereum Layer 2 network, has announced the highly anticipated airdrop of its native token, ZK. This move marks a significant milestone in the protocol's journey, empowering the community to take the reins and shape the future of this revolutionary ecosystem.
The E-Way Bill revolutionizes logistics by digitizing the documentation of goods transport, ensuring transparency, tax compliance, and streamlined processes. This mandatory, electronic system reduces delays, enhances accountability, and combats tax evasion, benefiting businesses and authorities alike. Embrace the E-Way Bill for efficient, reliable transportation operations.
World economy charts case study presented by a Big 4
World economy charts case study presented by a Big 4
World economy charts case
World economy charts case study presented by a Big 4
World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4
World economy charts case study presented by a Big 4
World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4World economy charts case study presented by a Big 4study presented by a Big 4
MUTUAL FUNDS (ICICI Prudential Mutual Fund) BY JAMES RODRIGUESWilliamRodrigues148
Mutual funds are investment vehicles that pool money from multiple investors to purchase a diversified portfolio of stocks, bonds, or other securities. They are managed by professional portfolio managers or investment companies who make investment decisions on behalf of the fund's investors.
MUTUAL FUNDS (ICICI Prudential Mutual Fund) BY JAMES RODRIGUES
Securing Internet communications end-to-end with the DANE protocol
1. Issue paper n°12
Securing End-to-End
Internet communications
using DANE protocol
Today, the Internet is used by nearly 2.5 billion people to communicate, provide/get information. When the communication involves sensitive information such as bank details, credit card numbers, health records etc., the communication method must be secure. The exchange of information on the Internet is not secure by default, and that
leads to a variable risk of malicious attacks such as data corruption, identity theft etc.
As the Internet evolved, the need for new security mechanisms arose, either due to a new type of attack or identification of a new security hole. Solutions were proposed and deployed progressively. Such solutions include,
but are not limited to Internet Protocol Security (IPSec) for securing the network layer (aka, the IP layer), Transport
Layer Security (TLS) for securing communication between two Internet applications, such as a web server and a
web browser, Domain Name System Security Extensions (DNSSEC) for securing the DNS resolution process, etc.
1
Problem Statement
2
A solution which permits to
have end-to-end security:
DANE
3
Conclusion: DANE - the
missing piece in End-to-End
Internet security
During the few recent years, some high profile attacks, targeting the
X.509 Public Key Infrastructure (PKIX), used for securing Internet
communication has initiated an urgent need for a technology to plug
the security hole in the PKIX ecosystem. It is in this context, that
the Internet Engineering Task Force (IETF) proposed the DNS-Based
Authentication of Named Entities (DANE) protocol/mechanism.
This document explains the DANE protocol and also how DANE
could provide the required trust in the last mile with DNSSEC. This
document is intended for an audience who have some knowledge of
Internet protocols in general and Domain Name System (DNS) in particular. This document introduces the DANE protocol and explains
how DANE plugs the existing flaw in the Internet while securing endto-end communication. This document is not sufficient enough to
implement DANE for a domain administrator.
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
2. Issue paper n°12
The following figure (Figure 1) depicts a typical Internet communication, browsing the Web.
Different type of
attacks possible
during this
communication
An encrypted
communicatoin
1
192.134.4.20
www.afnic.fr ?
Fig: 1
A typical
Internet
communication
with attack
possibilities
during both
operations
2
http://www.afnic.fr
This figure shows two operations:
1. ince the human brain is not capable of remembering many numbers (IP addresses) at a time, but is well equipS
ped to remember names, normally domain names are used while querying for a service in the Internet. But,
since Internet applications need IP addresses to communicate with each other, the DNS is used as a “Name
directory” to typically obtain the IP address associated to a given server identified with its name.
2. The obtained IP address is then used by the application (i.e. the web browser in Figure 1) to engage in an Internet communication with the remote web server.
Both the two operations mentioned previously are not implicitly secure. By default, information transmitted during
either DNS resolution or during accessing the server for data exchange, no authentication or encryption services
are applied. Thus, there are numerous possibilities during those operations wherein an attacker could provide
false information, such as rogue IP address during DNS resolution and thereby redirect the user to a fraudulent
server.
For the first operation (DNS resolution), securing the communication could be provided by DNSSEC. How DNSSEC provides security will be describer later in this article? For the second operation (connection between the
browser and the web server), the TLS protocol comes to the rescue, wherein it allows the client and the server
to authenticate each other, and to negotiate an encryption algorithm and cryptographic keys before the data is
exchanged. TLS makes sure that data cannot be read or tampered by a third-party during transit, since the data
is encrypted.
2
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
3. Issue paper n°12
Encrypting and decrypting the data in the TLS protocol is done by a matching pair of cryptographic keys: public
and private key. The Data encrypted by a public key can be decrypted only by the corresponding private key,
and vice versa. This makes it possible to have secure communication with unknown users. For example, a Bank
publishes its public key for anyone to download. An account holder in the bank, Alice encrypts a message using
the public key, and sends it to the bank. Only the bank can decrypt the message using its private key. Thus Alice
is sure that her message is not read by anyone else.
In a TLS connection, the browser asks the web server to send its public key. The public key sent by the web server
to the browser is in the form of X.509 certificate, which is further explained in section-II.
1
Problem Statement
Public-Key Infrastructure X.509 (PKIX)
On the other hand, there is a possibility that an impersonator publishes his/her public key posing as Alice’s bank.
Alice will encrypt the message using the impersonator’s public key and send it to her bank, where the impersonator does a “man-in-the-middle” and copies the message. As he/she is the owner of public key, he/she also has
the private key which enables him/her to decrypt and read the message. Looking at an analogy for web browsing,
anyone can create a public-key for accessing any domain name. In security terms, this is a disaster, since any
impersonator can create a public key for domains such as www.example.com, and fool the user to access a fraudulent server.
Hence there is a necessity of a binding between the identity (e.g. the domain name) and the public key. The X.509
standard proposed by the ITU and ISO provides mechanism to bind a particular public key to a particular identity.
This binding can be autonomously done by the domain holder and in that case it is called self-signed certificate.
If the self-signed certificate is obtained from a trusted source by the application using the certificate for authentication, then it is accepted, otherwise there is no guarantee of the certificate’s authenticity.
The Certification Authorities (CAs) role
This is where the need for a trusted third party arises. It is just similar to the passport case, where the trusted third
party is the concerned government which has issued the passport. In a passport, the government attests that the
person in the photo is identified by a particular name, surname and other credentials.
In the web browsing use case, the certificate issued, is like the passport. In the PKIX ecosystem, the role of the
government is played by organizations called CAs. A certificate issued by a given CA, binds the given domain
name with information such as who has assigned the certificate, the entity which has requested the certificate, its
validity period etc.
3
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
4. Issue paper n°12
Similar to wherein, a passport attested by one government, is accepted by other governments, as a validated
document for authenticating a person, browser vendors such as Firefox, Chrome, Internet explorer, Safari etc.,
accept digital certificates created only by certain CAs. The browser vendors authorize an organization to be a CA,
only after understanding that they are trustworthy, and they follow well defined principles and procedures to provide certificates only for correct domain holders. Once the browser vendors authorize an organization to be a CA,
the latter is added to the list of trusted CAs in the browser library. Thus, once a client using a browser accesses a
domain name which has a digital certificate generated by one of the CAs among its pre-installed list, the certificate
is implicitly trusted as shown in Figure 2.
Fig: 2 Communication between the browser and the web
server is secured using the PKIX ecosystem and TLS, but
still there are attack possibilities
Different type of
attacks possible
during this
communication
Obtains the web
certificate to
start the secure
communication
2
An attack possibility is
- by compromising one
of the CA in the list
and generating a certificate for the domain in
question and that certificate is send to the
client before the client
receives the original
certificate
192.134.4.20
1
www.afnic.fr ?
IP Address of
the domain
requested
1
IP adress of the
domain requested
https://www.afnic.fr
3
The browser validates the
Certificate obtained with the
CA (if it is in its default list)
mentioned in the certificate
4
A Secured encrypted
connection using TLS
4
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
5. Issue paper n°12
The problem of many
At a glance, if we look at the size of the list of CAs accepted by popular browsers such as Chrome, Firefox, Internet
explorer, etc., it varies, but is in the range of hundreds. For example, a browser such as Firefox trusts 1,482 CA
Certificates (as per EFF SSL observatory1) provided by 651 organizations. Complementing the issue is that in the
CA ecosystem there is a practice of a CA providing authorization to other organizations, or its branches to create
certificates on its behalf. They are called subordinate CAs. A browser will trust the digital certificate created by the
subordinate CA also.
Even if only CA among the list of CAs, or its subordinates are compromised, it can generate a certificate for any
domain name which could be then authenticated by a browser such as Firefox, and thereby compromising a
secure web communication of an end-user who is using Firefox. For instance, two different CAs (where one is a
compromised CA) can issue two different certificates for the same domain and both of them will be trusted by
the browser. The fault here is that the owner of a domain had up to now, no way of telling the world, which CA or
certificate should be used to authenticate to connect to the server of the particular domain.
Need for a solution
The use of PKIX for securing web communication has been there for a while. Browser vendors, users, Standards
Development Organizations (SDOs) have been all aware of the issue - «Problem of many». There were some
attempts (Perspectives, Trust on First Use (ToFU), Channel Id, Certificate Transparency, etc.) to limit the issue.
But these attempts became more focused after the two high profile attacks on the CAs - Comodo and DigiNotar.
The sequence of the events was as follows. Comodo found that on March 15 2011, one of its affiliate Registration Authority2 (RA) was compromised and the attacker created a user account with the affiliate RA. Using this
account, the attacker created 9 Certificate Signing Requests for high valued web sites such as login.live.com,
mail.google.com, login.yahoo.com etc. and it is believed that the attacker got at least one X.509 certificate issued
out of their 9 requests.
Not going into the politics of this attack, an attacker who has created the fraudulent certificates as in the case of
Comodo, could do a Man-In-the-Middle, and redirect the user to a spoofed server which resembles that of the
original site (phishing). The certificates provided by the spoofed server will be accepted by the browser, since it
is generated by the CA which is trusted by the browser. Everything the user reads or writes (such as user name,
password, email etc.) can be seen and copied by the spoofing server.
1
https://www.eff.org/observatory
RAs collect and verify identity information from Direct Subscribers using certain procedures that implement the identity validation policies. The RA creates the
Certificate Signing Requests for submission to a CA. The CA signs the Certificate Signing Requests and issue public X.509 certificates to direct subscribers.
2
5
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
6. Issue paper n°12
As per reports, the same hacker who intruded into Comodo was also responsible for intruding into DigiNotar
systems. Even though the attack came into notice publicly in end of August 2011, investigations reveal that the
intruder gained access to DigiNotar system as early as June 17, 2011. Similar to Comodo attack, the intruder has
created fraudulent digital certificates for high profile web sites. Investigations also reveal that, the generated certificates were used to redirect users to spoofed servers and obtain user credentials.
Both DigiNotar and Comodo were not ordinary companies. They were high profile security companies trusted by
number of organizations including governments and millions of users. Subsequent attacks on such high profile
companies demonstrated that it was not just enough in increasing the security of the infrastructure of the CAs, but
emphasized the need for reducing the attack scope in the PKIX model.
Limiting the attack surface, what are the options?
As mentioned earlier, the issue is not the security of the PKIX technology, but with such a big list of the CAs
accepted by the browsers by default, there is a higher probability of being compromised while establishing the
TLS connection, using the PKIX; rather than resolving the IP addresses, using the DNS. As mentioned earlier,
with the current PKIX model, a domain owner does not have the possibility of telling the browser that any user’s
connection to his/her domain should get validated by a certificate provided by a particular CA.
Different techniques were proposed to reduce the attack probability in the PKIX model such as Trust on First Use
(ToFU), Perspectives3, Certificate Transparency4 (CT), Certificate Authentication and Authorization (CAA)5 and
DANE
Of the different technologies proposed to limit the attack surface, ToFU is the easiest to implement because it
needs only for a browser to install the ToFU compatible browser add-on. Perspectives and CT are based on a
system of Notary service which does not completely coexist with the current PKIX model and needs additional
services acting as notary services. CAA is like a hack which does not need any modifications, and in the short term
looks a better option in limiting the attack surface. But looking at security from an end-to-end perspective and at
providing more options to the users (such as self-signed certificates), DANE happens to rank high.
3
http://perspectives-project.org/
4
http://www.certificate-transparency.org/
5
http://tools.ietf.org/html/rfc6844
6
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
7. Issue paper n°12
2
A solution which permits to have end-to-end security: DANE
DANE - Augmenting the security in PKIX
This section will further elaborate on how DANE reduces the scope of an attack in the PKIX ecosystem and based
on a secure DNS infrastructure thanks to DNS Security Extensions (DNSSEC6). Using DANE protocol, a domain
owner will sign the certificate provided by the web server based on different options (explained below) and publish
it in the domain’s DNS zone (signed with DNSSEC), thus, enabling the domain owner, an option of informing the
application (e.g. browser) on how to validate the certificate obtained from the web server. For example, if the CA
for the domain www.example.com is «X», with DANE mechanism, the browser will only accept a certificate from
CA «X» for authenticating the server, thus, reducing the attack probability.
DANE was conceived and standardized at the IETF. Two RFCs relating to DANE have been published by the IETF:
1. DANE Use case RFC 6394
2. DANE Protocol RFC 6698
RFC 6698 focuses on standardizing and usage of the TLSA resource record. The basic role of this record is to be
published in a DNS zone, and to indicate the certificate information that corresponds to a specific service on a
specific port of a name in that zone.
Matching
Usage type
Port n°
Certificate for association
443._tcp.dane.rd.nic.fr. IN TLSA 3 0 1 c68ebcc998fda83222cabf2c0228ecc413566e709e5dc5cf25396a8bf4342dd3
Protocol
used
Selector
Fig: 3 TLSA Resource Record explained
As shown in Figure 3, the TLSA resource record consists of four fields: the “certificate Usage”, “a Selector”, “a
Matching type” and the “Certificate for association” data. The application must match the ‘certificate for association data field’ in the TLSA RR with the target certificate (i.e. the certificate obtained from the domain’s web server)
based on the other values (certificate usage, selector and matching type) in the TLSA resource record.
The ‘certificate Usage field’ is briefly summarized here. For further details on other parameters of the TLSA RR
please refer to RFC 6698.
• ‘0’ - During validation, the browser should use only the specific CA mentioned in the “Certificate for association»
field of the TLSA RR for validating the target certificate.
• ‘1’ - The browser should validate the target certificate only with the certificate mentioned in the «Certificate for
association» field of the TLSA RR.
There are other two values (‘2’ and ‘3’) in the “certificate Usage” field which will be explained later.
6
See mechanism description later
7
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
8. Issue paper n°12
Why DNSSEC is vital for DANE?
The “certificate usage 0/1”, demonstrates how the attack surface can be reduced in the PKIX ecosystem while
validating the target certificate provided by the server. Supposing the attacker has done a Man-in- the-Middle”
attack during DNS resolution (i.e. the “first operation in Figure 4), and provided a fraudulent IP address for the
domain requested, the browser will use the IP address obtained, to access the server. With the attacker creating
a digital certificate for the spoofed server from an authorized CA, the attacker can convince the browser that a
server of the attacker’s choice legitimately represents the victim’s service.
DNSSEC7 makes it possible for a user to verify, based on a cryptographic chain of trust that the information resulting from a DNS resolution query originates from the legitimate DNS zone corresponding to the queried domain
name. In other words, when used in the end-to-end DNS resolution process, DNSSEC extensions prevent data
from being tampered while transiting down to the requesting user. Hence, in order for DANE to augment the
security in the existing PKIX model, the information obtained during DNS resolution should be validated using
DNSSEC. This is the reason why RFC 6698 (DANE protocol), states that the DNS zone which has a TLSA RR must
be signed by DNSSEC and the applications which query the domain for TLSA RR validation should use a DNSSEC
aware resolver. To simplify, DANE is not effective if it does not rely on a DNSSEC infrastructure.
Thus DANE with DNSSEC provides an end-to-end security for an Internet communication (as shown in Figure 4)
at both stages: first during the preliminary DNS resolution, then at the connection set up with the domain’s server.
Fig: 4 Probability of compromising a secured
communication greatly reduced with the help
of DANE & DNSSEC
With DNSSEC,
data forgery, data
modification will
be detected
With TLS, data
communication between
the browser and the web
server is encrypted
An attack could happen
only by modifying
the information in the
domain’s DNS zone,
AND by compromising
the parent of domain,
AND by compromising
the specific CA
of the domain and
creating a spoofed
certificate
1
IP Address and
the TLSA record
of the domain
requested using
DNSSEC
1
IP adress of the
domain requested
3
The browser uses the
information obtained from
the TLSA RR, to validate the
target Certificate
7
2
Obtains the web certificate to
start the secure communication
http://tools.ietf.org/html/rfc6698/
8
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
9. Issue paper n°12
DANE - Using DNSSEC as an alternative PKI
Until now, the concentration was on a PKI based on digital certificates i.e. the PKIX model. The DNS, leveraged by
DNSSEC has become a de facto PKI. Like in the case of the PKIX model, wherein the CA key is the trust anchor,
in the case of the DNSSEC PKI, the trust anchor is the DNS root the key.
Certificate usage (‘2’/’3’) of the TLSA resource record explains how end-to-end security of web browsing could be
done without involving the CA ecosystem. That is, a domain holder creates a self-signed certificate, but can still
be authenticated by the browser vendors.
• 2’ - In a use case, wherein an organization has planned to create its own CA and each department in the
‘
organization creates its own certificates with the created CA as trust anchor for their respective department
web sites. During validation, the browsers will not normally trust the organization department web site, since
it does not have the organization CA in its list of trusted CA. But, when it receives the TLSA RR as part of
the response after DNSSEC validation, it is sure that the TLSA payload is not forged unless and otherwise
someone has access to the domain’s DNS zone. To validate the certificate, the browser has to make sure that
the CA of the target certificate is the same as that of the «Certificate for association» field in the TLSA RR.
• 3’ - In a use case, wherein the domain administrator issues the self-signed certificate which is stored as target
‘
certificate in the web server, and a fingerprint of the certificate is added in the domain’s DNS zone as the
“Certificate for association” field in the TLSA RR. To validate the certificate, the browser has to make sure that
the target certificate matches the «Certificate for association» field in the TLSA RR.
Thus DANE technology not only reinforces the security of web browsing at the last mile using the existing PKIX
model, but also provides an alternative option i.e. only using DNS leveraged by DNSSSEC, hence completely
bypassing the mechanism of providing and managing X.509 certificates via PKIX.
Implementing and securing using DANE
The first step towards setting DANE for a domain name is to create a TLSA resource record for the domain by the
domain administrator. There are several tools available to generate a TLSA record. One of them is SWEDE8. The
generated TLSA resource record is provisioned in the DNS zone of the domain by the domain administrator and
the zone is signed using DNSSEC.
During DNS resolution, the TLSA resource record should also be queried as shown in the Figure 4. If the ‘certificate Usage’ field in the TLSA resource record has values ‘0’ or ‘1’, then the application must validate the target
certificate using the PKIX infrastructure (Refer III.1). If the certificate Usage field in the TLSA resource record has
values ‘2’ or ‘3’, then validation is done using DNSSEC (Refer III.3).
8
https://github.com/pieterlexis/swede
9
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr
10. Issue paper n°12
3
Conclusion: DANE - the missing piece in End-to-End Internet security
DANE is not only for web browsing
DANE was conceived to solve the issues relating to web browsing. Now, there have been efforts in the DANE
Working Group9 (WG) at the IETF, to extend its usage to securing other application such as mail (s/MIME), instant
messaging (XMPP) etc. All these works are ongoing process and if they are adopted by the IETF and published
as RFCs, there will be implementations. DNSSEC is a common prerequisite infrastructure for all these implementations.
Role of DANE in accelerating DNSSEC deployment
As explained in the beginning of this document, a typical Internet communication involves the DNS ecosystem
to resolve the address of a particular domain name. DNSSEC makes sure that the data obtained through DNS
resolution is from the legitimate zone for the domain name (i.e. data origin authentication) and the data is not
tampered in transit (i.e. data integrity). These security extensions make DNSSEC as a vital component for Internet
communications requiring a high-level of trust in the DNS infrastructure.
As in many of the important technologies (such as IPv6), the chicken and egg problem for DNSSEC exists. Many
service and network infrastructure providers are in a “wait and see” approach to join the DNSSEC bandwagon.
The reasons vary from complexity in implementing DNSSEC to unwarranted breakdowns and commercial incentives. Many of them are ready to wait until there is a scenario that will force them to deploy DNSSEC in their
network infrastructure.
Many of the discussions for slow DNSSEC adoption has been attributed to the lack of a “Killer app” using DNSSEC as the security foundation. The commercial opportunity that such an application creates may generate the
consumer pressure for DNSSEC adoption. Even though applications built on DNSSEC and DANE protocol may
not be the “Killer app” for DNSSEC, but if implemented seamlessly, it will provide security to millions of users
using Internet for secured communication. Inherent usage of these applications by millions of users which require
the DNSSEC-Secured network infrastructure will force the stakeholders to deploy DNSSEC. Thus, DANE could be
a catalyst in accelerating DNSSEC adoption.
Read all of our issues papers:
http://www.afnic.fr/en/resources/publications/issue-papers-6.html
9
https://datatracker.ietf.org/wg/dane/charter/
10
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | contact@afnic.fr | Twitter : @AFNIC | Facebook : afnic.fr