New WPA3 Makes Wi-Fi Security Stronger for Enterprise, Easier for Consumers Connecting IoT Devices

Summary Bullets:

• WPA3 is the new WLAN security standard, with the network and device industry on board for migration from WPA2 starting now

• Stronger authentication and encryption will thwart attackers, while Easy Connect configuration will make set-up easy for connected home and IoT devices

Fourteen years is a long time in Wi-Fi technology. In fact, it’s almost its entire history. That’s why this week’s announcement by the Wi-Fi Alliance introducing Wi-Fi CERTIFIED WPA3 is garnering much more notice than a new security standard usually gets.

Continue reading “New WPA3 Makes Wi-Fi Security Stronger for Enterprise, Easier for Consumers Connecting IoT Devices”

An Object Lesson in Response: Lenovo Breaks SSL Trust, Bungles Messaging

Mike Fratto
Mike Fratto

Summary Bullets

  • Don’t break security protocols for the sake of a few shekels. The loss of trust from customers far outweighs the benefits.
  • Don’t try to downplay the severity of your mistake. Doing so will only hinder efforts to regain customer trust.

There seems to be a neverending series of object lessons from overzealous IT vendors looking to increase their bottom line by exploiting the trust of their customers. This week, news broke causing shock and outrage that Lenovo had installed a broadly permissive CA certificate and secret key into the trusted certificate store of consumer laptops it sold, allowing it to vouch for anything. Lenovo also installed software on new consumer laptops that intercepted web connections and analyzed web images and then inserted targeted advertising into web pages to help. The intended purpose of Superfish, according to Mark Hopkins, program manager of Lenovo’s Social Media (Services) is to “[help] users find and discover products visually … [and] presents identical and similar product offers that may have lower prices,” said in one of its forums. Continue reading “An Object Lesson in Response: Lenovo Breaks SSL Trust, Bungles Messaging”

ICANN Launches Generic .dot Addresses for Any Legal Entity

B. Ostergaard
B. Ostergaard

Summary Bullets:         

  • The Internet address universe is expanding.
  • New security challenges must be weighed against giving customers a more personalized experience.

After six years of debate, ICANN, the Internet global domain name manager, has thrown open the gates and set the price bar ($185,000) for any legal entity to acquire its own generic top-level domain name (gTLD).  Examples include company brands and geographic locations below the country level (typically city names).  These also include suffixes using non-Latin and non-ASCII characters, specific product category names and general activity terms such as sports or .music.  This can become a real cash cow for the non-profit ICANN, which expects to receive between 1,000 and 1,500 applications: about two-thirds for ‘dot-brand’ gTLDs such as Hitachi (.hitachi), Canon (.canon) and Deloitte (.deloitte), and 10% from .dot cities such as London, New York and Las Vegas.  However, the TLD universe has been expanding for some time now.  In 2009, ICANN launched IDN (internationalized domain name) TLDs with non-Latin alphabets (the first being a group of Arabic names for the countries of Egypt, Saudi Arabia and the United Arab Emirates). Continue reading “ICANN Launches Generic .dot Addresses for Any Legal Entity”