Cisco 2008 Annual Security Report

“Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide”

Cryptographers have exploited a known weakness in the MD5 algorithm, allowing them to create forged digital certificates. Doing so potentially trashes any security provided by the HTTPS protocol

(LINK all’articolo su TechRepublic)

l’exploit vale solo per i certificati firmati con MD5, SHA1 è ancora al sicuro (per il momento).

La vulnerabilità è stata presentata il 30 Dicembre (LINK):

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Nota a margine: è stato usato un cluster di Playstation 3 per eseguire i calcoli necessari.

Interessati a cosa si nasconte dietro la connessione Internet?
Su Packetlife e poi su YouTube ci sono una serie di video sui cavi ottici sottomarini che creano le dorsali di Internet. Molti video sono pubblicati da Hibernia Atlantic “a privately held Trans-Atlantic submarine cable network”. Su Telegeography è pubblicata una mappa globale delle dorsali ottiche compresa di dati relativi alla banda disponibile. Su InternetTrafficReport ci sono i grafici realtime dello stato globale di Internet.
Dal punto di vista della security il SANS Internet Storm Center monitorizza la rete tramite l’Infocon “ intended to apply to the condition of the Internet infrastructure.”

Direttamente dall’ Economist Intelligence Unit l’indice di competitività delle industrie IT del 2008, l’Italia è al 25° posto.

Tra Ii parametri chiave della valutazione l’investimento sul personale, l’accesso alla banda larga e il comportamento del governo per quanto riguarda le tecnologie. Di seguito un estratto dei punti chiave e il link all’articolo originale.

Investing in people is mission-critical. Sourcing talent will be among the toughest challenges IT producers will face in the coming years. The US, Singapore and UK provide the best environments for human-capital development among the index countries.

Competitive broadband markets help cultivate strong IT sectors. Without fast, reliable and secure Internet access, technology firms cannot interact effectively with partners nor can they sell their services online. IT industries in the index top tier all derive substantial benefit from the high-quality networks developed through competition, but more telecoms liberalisation is needed in less developed regions to spur infrastructure development.

Governments must let market forces operate. To support the development of local IT production, policymakers' best efforts are aimed at improving education, skills development, and the financing and legal environments. E-government development and a proactive broadband strategy also help, as can calibrated support for innovation. Trouble often comes, however, when governments try to champion specific companies or technologies.

LINK