February 2017 archive

Watch Live Today! DNS Privacy Workshop Streaming from NDSS 2017

lifeguard-beach

Want to learn the latest about DNS privacy? About the latest research and techniques to protect the confidentiality of your DNS info and queries?

Starting at 8:55 am PST (UTC-8) today, there will be what looks to be an outstanding workshop on DNS Privacy streaming live out of the Network and Distributed System Security Symposium (NDSS) in San Diego, California.

View the agenda of the DNS Privacy Workshop to see all the excellent sessions.  You can then join live at:

https://isoc.zoom.us/j/935912695

(Other remote connection options can be found at the bottom of the agenda page.)

Note – this workshop is not about DNSSEC, which is a method to protect the integrity of DNS (to ensure DNS info is not modified in transit), but rather new work being done within the IETF to improve the confidentiality of DNS.

The sessions include:

  • How DNS Works in Tor & Its Anonymity Implications
  • DNS Privacy through Mixnets and Micropayments
  • Towards Secure Name Resolution on the Internet – GNS
  • Changing DNS Usage Profiles for Increased Privacy Protection
  • DNS-DNS: DNS-based De-NAT Scheme
  • Can NSEC5 be practical for DNSSEC deployments?
  • Privacy analysis of the DNS-based protocol for obtaining inclusion proof
  • Panel Discussion: The Tension between DNS Privacy and DNS Service Management
  • The Usability Challenge for DNS Privacy and End Users
  • An Empirical Comparison of DNS Padding Schemes
  • DNS Service Discovery Privacy
  • Trustworthy DNS Privacy Services
  • EIL: Dealing with the Privacy Problem of ECS
  • Panel Discussion: DNS-over-TLS Service Provision Challenges: Testing, Verification, internet.nl

If you are not there in person (as I will not be), you can also follow along on the #NDSS17 hashtag on Twitter. There will also be tweets coming out of:

Stéphane Bortzmeyer will also be attending (and speaking at) the workshop – and he is usually a prolific tweeter at @bortzmeyer.

The sessions will also be recorded for later viewing. I’m looking forward to seeing the activity coming out of this event spur further activity on making DNS even more secure and private.

Please do follow along remotely – and please do share this information with other people you think might be interested. Thank you!


Image from Unsplash – I thought about showing the wide beaches, but the reality is that the conference participants won’t really get a chance to visit them. I thought “Lifeguard” was appropriate, though, because lifeguards are all about protecting people and keeping things safe.

The post Watch Live Today! DNS Privacy Workshop Streaming from NDSS 2017 appeared first on Internet Society.

Watch Live Today! DNS Privacy Workshop Streaming from NDSS 2017

lifeguard-beach

Want to learn the latest about DNS privacy? About the latest research and techniques to protect the confidentiality of your DNS info and queries?

Starting at 8:55 am PST (UTC-8) today, there will be what looks to be an outstanding workshop on DNS Privacy streaming live out of the Network and Distributed System Security Symposium (NDSS) in San Diego, California.

View the agenda of the DNS Privacy Workshop to see all the excellent sessions.  You can then join live at:

https://isoc.zoom.us/j/935912695

(Other remote connection options can be found at the bottom of the agenda page.)

Note – this workshop is not about DNSSEC, which is a method to protect the integrity of DNS (to ensure DNS info is not modified in transit), but rather new work being done within the IETF to improve the confidentiality of DNS.

The sessions include:

  • How DNS Works in Tor & Its Anonymity Implications
  • DNS Privacy through Mixnets and Micropayments
  • Towards Secure Name Resolution on the Internet – GNS
  • Changing DNS Usage Profiles for Increased Privacy Protection
  • DNS-DNS: DNS-based De-NAT Scheme
  • Can NSEC5 be practical for DNSSEC deployments?
  • Privacy analysis of the DNS-based protocol for obtaining inclusion proof
  • Panel Discussion: The Tension between DNS Privacy and DNS Service Management
  • The Usability Challenge for DNS Privacy and End Users
  • An Empirical Comparison of DNS Padding Schemes
  • DNS Service Discovery Privacy
  • Trustworthy DNS Privacy Services
  • EIL: Dealing with the Privacy Problem of ECS
  • Panel Discussion: DNS-over-TLS Service Provision Challenges: Testing, Verification, internet.nl

If you are not there in person (as I will not be), you can also follow along on the #NDSS17 hashtag on Twitter. There will also be tweets coming out of:

Stéphane Bortzmeyer will also be attending (and speaking at) the workshop – and he is usually a prolific tweeter at @bortzmeyer.

The sessions will also be recorded for later viewing. I’m looking forward to seeing the activity coming out of this event spur further activity on making DNS even more secure and private.

Please do follow along remotely – and please do share this information with other people you think might be interested. Thank you!


Image from Unsplash – I thought about showing the wide beaches, but the reality is that the conference participants won’t really get a chance to visit them. I thought “Lifeguard” was appropriate, though, because lifeguards are all about protecting people and keeping things safe.

The Danger of Giving Up Social Media Passwords – So Many Other Services Are Connected

"What's the harm in giving up my Twitter password?", you might say, "all someone can do is see my direct messages and post a tweet from me, right?"

Think again. The reality today is that social media services are used for far more than just posting updates or photos of cats. They also act as "identity providers" allowing us to easily login to other sites and services. 

We've all seen the "Login with Twitter" or "Continue with Facebook" buttons on various sites. Or for Google or LinkedIn. These offer a tremendous convenience. You can rapidly sign into sites without having to remember yet-another-password.

But...

... if you give your passwords to your social media accounts to someone, they could potentially[1]:

Dan York

The Danger of Giving Up Social Media Passwords – So Many Other Services Are Connected

What’s the harm in giving up my Twitter password?“, you might say, “all someone can do is see my direct messages and post a tweet from me, right?

Think again. The reality today is that social media services are used for far more than just posting updates or photos of cats. They also act as “identity providers” allowing us to easily login to other sites and services. 

We’ve all seen the “Login with Twitter” or “Continue with Facebook” buttons on various sites. Or for Google or LinkedIn. These offer a tremendous convenience. You can rapidly sign into sites without having to remember yet-another-password.

But…

… if you give your passwords to your social media accounts to someone, they could potentially[1]:

  • Impersonate you on social media accounts and post updates in your name.
  • Sign in to the comment sections of various news media sites and leave comments using your name.
  • Connect in to photo sites and see our photos, and modify or delete the photos, or post new ones in your name.
  • Sign in to e-commerce sites, view your orders and purchase items.
  • Login to video sites and see what videos you have watched, or post new ones to your account.
  • Login to your Medium account, view and change any articles you have written, add new comments as you.
  • Sign in to Goodreads, view all your books, see all the lists of what you want to read, view all your reviews and post reviews in your name.
  • Login to your Spotify account and learn all about what kind of music you like to listen to.

And that’s only a small number of examples.

We live in an era of highly-connected systems. And there are so many systems and services! The convenience of using our social media accounts to login is easy to understand.

But… if you give someone your password to a social media account, or are required to give your social media passwords to someone, you are giving them access to so much more than just that social media service.

What can you do?

1. Don’t give out your social media passwords!

2. Understand where your social media IDs are being used. In both Twitter and Facebook you can go into your “Settings” and choose “Apps” to see where you have granted access. You can revoke access there for sites and services you no longer use.

3. Think about whether you want to continue using your social media IDs in so many places. Does the convenience outweigh the issue of having so many services linked to one identity?

4. Enable 2-Factor Authentication on sites that offer this, which requires a second step beyond just your password to login. These are very easy to use, often using a phone or a small and inexpensive “dongle” that fits on your keyring.[2] Do note that this may not help if you are required by authorities to provide your social media passwords as they may require you provide the device used for two-factor authentication.

5. Use a password manager instead of using your social media ID to login to other sites,  which enables you to generate and use very strong passwords and access them all with one master password. There are many excellent free and paid options available for both computers and mobile devices, with a variety of features.

6. Spread the word. Help others understand how critically important our social media passwords are.

P.S. For more ideas, please see

[1] Depending upon how you have configured the service to work.

[2] The FIDO Alliance is a leader in this area, and a list of enabled sites and certified products is available on their site https://fidoalliance.org/adoption/overview/

The post The Danger of Giving Up Social Media Passwords – So Many Other Services Are Connected appeared first on Internet Society.

FIR #75: The Quality of Your Intent

Note: This episode continues our experiment with a streamlined format: two guest co-hosts instead of three panelists and fewer stories. We were able to shave even more time off the show this week and will aim for further slimming next week. Please let us know how you like the format — and the length — by sending an email to fircomments@gmail.com

Doug Haslam and Augie Ray join Shel Holtz for this week’s episode, which covered these stories…

  • An Accenture report found that loyalty programs aren’t working, with millions of reward points lingering unused while consumers have different criteria for what makes them loyal.
  • Listener Tim Watt asked about our discussion in episode #73 about Volkswagen overcoming its emissions crisis to become the world’s top automaker. We discuss whether it would have mattered had the crisis been characterized as a public health issue rather than an environmental one.
  • PewDie Pie was dropped as a paid influencer for Disney and Google dropped him from its premium ad program after he shared anti-Semitic videos. It’s a challenge for brands hold influencers accountable for their content; it’s also impossible to distinguish real rogue Twitter accounts created by disgruntled government employees from fake ones. Meanwhile, several media outlets nearly fell for a fake press release claiming McDonald’s was trying to acquire Chipotle, and a movie company launched a fake news campaign to promote a new film. With so much fakery everywhere, will consumers start distrusting everything they see?
  • Dan York reports on social media passwords.
  • The 2017 Edelman Trust Barometer calls for companies to put employees first, but new data from Gallup suggests most organizations aren’t heeding that advice.

Connect with guest co-hosts on Twitter at @dough and @augieray.

Links to the source material for this episode are on Contentle.

Special thanks to Jay Moonah for the opening and closing music.

FIR was recorded using Zencastr.

About today’s guest co-hosts:

Doug Haslam’s  career has spanned a variety of disciplines within the communications field: radio technology, editorial production, public relations, marketing, social media and digital. Currently a senior consultant with Stone Temple Consulting, Doug began with public radio, producing news and thoughtful sports programs, moving into technology public relations, and currently to social media and content strategy for brands of all sizes and industries. Doug’s love of media has come full circle, as his most recent positions have seen him taking full advantage of his content creation skills, managing social media and brand publishing programs for a wide variety of clients.

Augie Ray is a Research Director covering customer experience for marketing leaders at Gartner. He has had a diverse career, including leading a digital experiential agency, directing social business at USAA and managing a global customer experience team at American Express. In his present role, Augie researches and advises clients on topics such as Voice of Customer, customer journey mapping, customer experience strategy and virtual reality.

The post FIR #75: The Quality of Your Intent appeared first on FIR Podcast Network.

CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier

Today at the RSA Conference 2017 in San Francisco, our Chief Internet Technology Officer Olaf Kolkman will be speaking as part of a panel on:

Internet of Insecurity: Can Industry Solve It or Is Regulation Required?

The abstract of the session is:

Dan York

CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier

Today at the RSA Conference 2017 in San Francisco, our Chief Internet Technology Officer Olaf Kolkman will be speaking as part of a panel on:

Internet of Insecurity: Can Industry Solve It or Is Regulation Required?

The abstract of the session is:

The rise of IoT has brought forth a new generation of devices and services representing significant innovation, yet all too many ship insecure and are not supported over their life. They have become proxies for abuse with a capacity for causing significant harm. Can we wait for industry and stakeholders to adopt trust frameworks and seal programs or do we need government to step in?

The other panelist will be reknown security researcher Bruce Schneier and the moderator is Craig Spiezle, Executive Director and President of the Online Trust Alliance.

The panel starts at 8:00am Pacific (UTC-8) in the Moscone North 130 room. Unfortunately it is not being live streamed, but you can follow our @InternetSociety account on Twitter for live updates.

As background reading related to Internet of Things (IoT) security, I suggest:

If you are there at the RSA Conference today, please do visit this session and engage in the discussion.

If you are a journalist and would like to speak with Olaf more about this topic, please contact Allesandra Desantillana who is at the RSA Conference and can assist in connecting you with Olaf.

Please also watch this blog as we plan to post more information after the event.

The post CITO Olaf Kolkman Speaking at RSA 2017 about IoT Security with Bruce Schneier appeared first on Internet Society.

For Immediate Release #74: Influencer Marketing or Influencer Relationships?

Note: This episode continues our experiment with a streamlined format: two guest co-hosts instead of three panelists and fewer stories. We were able to shave even more time off the show this week and will aim for further slimming next week. Please let us know how you like the format — and the length — by sending an email to fircomments@gmail.com

Shonali Burke and Angus Nelson join Shel Holtz for this week’s episode, which covered these stories…

  • A report from TopRank Marketing, Traackr, and Brian Solis presents some influencer marketing data and recommends evolving the practice for one-shot, quick-hit marketing efforts to longer-term influencer relationship building.
  • One story Angus shared predicts the future of work will be all about freelancers and companies tapping into vastly distributed talent pools. Another opines that Human Resources will be pivotal in the future to ensure companies take advantage of the uniquely human elements of their employees. Are these ideas mutually exclusive?
  • Dan York reports on a new report out of the Pew Internet Center about algorithms.
  • The primary benefit of Artifical Intelligence is to make predictions — something that has been expensive — abundant and cheap. The value of people is in exercising judgment. This will represent a massive shift in the nature of work that people do. Are organizations taking adequate steps to prepare employees and other stakeholders for this change?
  • Ryan Holiday created the roadmap for effective unethical marketing practices. Now he’s worried that the alt-right has adopted his playbook. CEOs who are quick to condemn laws and policies may be playing right into their hands.

Connect with guest co-hosts on Twitter at @shonali and @angusnelson.

Links to the source material for this episode are on Contentle.

Special thanks to Jay Moonah for the opening and closing music.

FIR was recorded using Zencastr.

About today’s guest co-hosts:

A veteran of small and large PR agencies, Shonali Burke is the award-winning president & CEO of her eponymous social PR consulting firm, Shonali Burke Consulting, Inc., where she and her team(s) help for- and non-profit organizations small and large reach business goals by taking their communications “from corporate codswallop to community cool.” Shonali also serves on the Adjunct Faculty at Johns Hopkins University in its M.A. /Communication program, as well as the Rugers University School of Communication and Information.  Before launching her own consultancy, Shonali worked as Vice President of Digital Media and marketing for MSL Group, and as Vice President of Media and Communications for the ASPCA.

Angus Nelson is the “people guy” at Brain+Trust Partners, an engaging consultant, facilitator, speaker, and executive coach. Former head of Member Success at Crowd Companies, he and Jeremiah Owyang founded an innovation community of Fortune 1000 companies – his focus on the p2p economy and future of work. He’s spoken at corporate headquarters for Walmart, Whole Foods, Coke, Adobe, Hallmark and Swisscom. His podcast, “Up In Your Business”, was recognized as a Top 20 Business Podcast on Inc.com. He’s been featured in Inc.com, Aol.com, Huffington Post, VentureBeat, and SocialFresh.com. Later this year, Morgan James will release his book, “Empowering Work” addressing the gigification of corporate roles, freelance economy,  and the needy for emotional intelligence in the future of work.

The post FIR #74: Influencer Marketing or Influencer Relationships? appeared first on FIR Podcast Network.

For Immediate Release #73: One crisis after another

Note: This episode is the first of several that experiments with a streamlined format: two guest co-hosts instead of three panelists and fewer stories. The goal is to slim FIR down to a more listenable length. This first effort shaved more than 30 minutes off the usual length and next week we hope to reduce even more. Please let us know how you like the format — and the length by sending an email to fircomments@gmail.com

Christopher Carfi and Serena Ehrlich join Shel Holtz for this week’s episode, which covered these stories…

  • At least three Super Bowl commercials were forthright in addressing issues that are controversial in the early days of the Trump Administration and the increasingly polarized political atmosphere
  • President Trump was referenced in 32 of the S&P 500 quarterly earnings calls in January, 20% more than  President Obama was in 2009. Do Investor Relations professionals need to factor the president into their planning?
  • Not too long ago, some columnists and analysts predicted Volkswagen might not survive its emissions-fraud scandal. Today, they are the world’s top automaker. How did crisis communication help save the company?
  • Dan York reports on a new report from the International Red Cross about using messaging apps in humanitarian crises and Snapchat’s introduction of Snapcodes that let users open your company website
  • Hundreds of thousands of people deleted Uber’s app from their phones during the three days the #DeleteUber hashtag trended. What did Uber do wrong?

Connect with guest co-hosts on Twitter at @ccarfi and @serena.

Links to the source material for this episode are on Contentle.

Special thanks to Jay Moonah for the opening and closing music.

FIR is usually recorded using Zencastr.

About today’s panel:

Christopher Carfi is GoDaddy’s Director of Content Marketing, and leads the team responsible for GoDaddy’s global content marketing strategy and its execution. A veteran of both startups and the enterprise, Chris also has a deep track record in developing customer community and evangelist programs for brands such as Adobe, H&R Block and Aruba Networks while holding executive positions at Ant’s Eye View and Edelman Digital, and he was co-founder and CEO at Cerado. He currently lives in the Bay Area with his family. Chris holds a degree in Computer Science from Northwestern University and an MBA from Carnegie Mellon University.

Serena Ehrlich, Director of Social and Evolving Media, provides guidance for internal and external content creation and distribution services, ranging from PR programming to mobile marketing to social media updates. Throughout her career Ehrlich has worked to provide guidance on investor relations, public relations and overall consumer behavior relations trends. Before rejoining Business Wire in 2013, Ehrlich designed and implemented successful local, national and international social, influencer, mobile and traditional marketing campaigns for brands including Kraft, Kohls, Avon, Mattel, Mogreet and more. A ’91 graduate of Brandeis University with a B.A. in History, Ehrlich was named one of the 2013 Top 25 Women in Mobile to Watch by Mobile Marketer.

The post FIR #73: One crisis after another appeared first on FIR Podcast Network.

TDYR 322 – How to create a Snapcode for any website

This past week brought the ability to create a "snapcode" for any website. This makes it easy for Snapchat users to very easily get to your sites. In this episode I talk about how to do that and why I think this could be very useful...