EU wants to regulate WhatsApp and Skype like carriers

‘);
IDG.GPT.addDisplayedAd(“gpt-pin”, “true”);
IDG.GPT.addLazyloadedAd(“gpt-pin”, “true”);
document.write(”);
青少年儿童互联网安全互动游戏
IDG.GPT.displayGoogleTagSlot(‘gpt-pin’);
if (Object.keys(IDG.GPT.companions).length > 0) {
IDG.GPT.refreshAd(‘gpt-pin’);
}
//–>
Internet-based communications services such as Skype, WhatsApp, Facebook Messenger, Google Duo, Apple iMessage, or Viber offer a host of advantages over the old-fashioned telephone — including, for their operators, exemption from the European Union’s strict telecommunications privacy rules.
The European Commission wants to change that, and on Tuesday proposed new legislation to protect consumers’ online privacy.
The move is no surprise: An early draft of the Proposal for a Regulation on Privacy and Electronic Communications leaked in December.
Smartphone apps such as Skype and WhatsApp replicate the voice calling and text-messaging features of older phones, but don’t fall under existing EU communications privacy legislation because they are data services that run over the top of an internet connection, rather than native functions of the network like phone calls and SMS. The current rules were written in 2002, before smartphones became widely available. 
The Commission is seeking to level the playing field by bringing such apps under the same regulatory umbrella.
The draft legislation also seeks to simplify the rules on tracking citizens’ browsing activities enshrined in the so-called Cookie Directive. That law, introduced in 2009, resulted in websites displaying a banner to visitors from the EU asking them if they would allow a cookie to be placed in their browser — even though most browsers already offer a way for users to indicate, site by site or globally, whether they will accept such cookies or not.
The new regulation will allow website operators to rely on browser preferences as an expression of users’ willingness to accept cookies, and will give traditional telecommunications operators greater scope to analyze call metadata, the better to compete with over-the-top service providers.
“It provides a high level of protection for consumers, while allowing businesses to innovate,” said Andrus Ansip, Commission Vice-President for the Digital Single Market.
The Internet Advertising Board U.K. said Tuesday that the proposal was an improvement on the draft leaked in December, but still imposed too many restrictions on online advertising.
“A number of areas in the proposal … could not only seriously disrupt people’s browsing experience but effectively put the future of the web as we know at danger, with considerable knock-on effects on media pluralism and digital inclusion,” warned IABUK head of policy and regulatory affairs Yves Schwarzbart.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.

Related:
Mobile
Internet
黑客们不断想法设法破解各类验证码,这无疑带动了人工智能的发展,验证码每一次被破解就表示人工智能又向前发展了一步,验证码系统也要不断升级,安全是敌我双方不断博弈的过程。
Websites
Carriers
Apps
Peter Sayer covers European public policy, artificial intelligence, the blockchain, and other technology breaking news for the IDG News Service.
信息安全“云培训”是基于互联网的应用程序,托管在云端,用于对员工进行信息安全及相关课题的培训。

猜您喜欢

乌鲁木齐经济技术开发区安全生产联合会成立
网络安全漫谈
中国企业成功走出去,打造懂风险控制,会安全管理的国际化人才,海外差旅安全教程来帮忙:
个人电脑安全基础操作指南
ELECMALL VIKINGENGINEERINGCO
应对报复社会型的枪手安全巡逻永远不够

Better authentication: Go get 'em, FIDO

Only a handful of industry associations accomplish what they set out to do. In the security realm, I’ve always been a huge fan of the Trusted Computing Group . It’s one of the few vendor organizations that truly makes computers more secure in a holistic manner.
The Fast Identity Online (FIDO) Alliance is another group with lots of vendor participation that’s making headway in computer security. Formed in 2012, FIDO focuses on strong authentication, moving the online world past less secure password logons and emphasizing safer browsers and security devices when accessing websites, web services, and cloud offerings. Its mission statement includes the words “open standards,” “interoperable,” and “scalable” —and the organization is actually doing it. Better, FIDO wants to do this in a way that’s so easy, users actually want to use the methods and devices.
All FIDO authentication methods use public/private key cryptography, which makes them highly resistant to credential phishing and man-in-the-middle attacks. Currently, FIDO has two authentication-specification mechanisms: Universal Authentication Framework (UAF), a “passwordless” method, and Universal Second Factor (U2F), a two-factor authentication (2FA) method. The last method may involve a password, which can be noncomplex, because the additional factor ensures the overall strength. FIDO authentication must be supported by your device or browser, along with the authenticating site or service.
With UAF, the user registers their device with the participating site or service and chooses to implement an authentication factor, such as PIN or biometric ID. When connecting to the site or service, or conducting a transaction that requires strong authentication, the device performs local authentication (verifying the PIN or biometric identity) and passes along the success or failure to the remote site or service. With U2F, an additional security device (a cellphone, USB dongle, or so on) is used as the second factor after the password or PIN has been provided.
The public/private key cryptography used behind the scenes is very reminiscent of TLS negotiations. Both the server and the client have a private/public key pair, and they only share the public key with each other to facilitate authentication over a protected transmission method.The web server’s public key is used to send randomly created “challenge” information back and forth between the server and client. The client’s private key never leaves the client device and can be used only when the user physically interacts with the device.

FIDO authentication goes much further than traditional TLS. It links “registered” devices to their users and those devices to the eventual websites or services. Traditional TLS only guarantees server authentication to the client. One authentication device can be linked to many (or all) websites and services. A nice graphical overview of the FIDO authentication process can be found here .
Google Security Keys
工行东营西城支行开展加强信息保护和支付安全,防范电信网络欺…
Google recently touted the success of its physical, FIDO-enabled “Security Keys” in a new whitepaper . Google’s Security Keys are supported in the Chrome browser (using JavaScript APIs) and by Google’s online services.
Several vendors make the physical, tamperproof Security Keys. The versions touted in the paper are small, USB-enabled dongles with touch-sensitive capacitors that act as the second factor. Each dongle has a unique device ID, which is registered to the user on each participating website. The public cryptography is Elliptical Curve Cryptography (ECC), with 256-bit keys (aka ECDSA_P256) and SHA-256 for signing.
Google tested its Security Keys by giving them to more than 50,000 employees and made them an option for Google online service customers. Google’s results? Zero successful phishing, faster authentication, and lower support costs—can’t beat that. The only negative was the one-time purchase cost of the devices, although Google says consumers should be able to buy Security Key devices for as little as $6 each. That’s not bad for greater peace of mind.
FIDO updates
FIDO recently announced the 1.1 version of its specification. It includes support for Bluetooth Low Energy, smartcards, and near-field communications (NFC). FIDO authentication can already be used by more than 1.5 billion user accounts, including through Dropbox, GitHub, PayPal, Bank of America, NTT DoCoMo, and Salesforce. Six of the top 10 mobile handset vendors already support FIDO, at least on some devices; mobile wallet vendors say they will participate as well.
目前信息安全产品的三个新问题较为普遍:贴牌生产过程中,其实只是将外来产品包装直接换掉和把软件界面汉化;“借用”别的产品的软件模块;只是将源代码改头换面,实际并没有掌握核心技术。
The 2.0 version of the FIDO specification is already in the works. FIDO 2.0 is partitioned into two parts: the Web Authentication Spec, which is now in the W3C Web Authentication working group; and the remaining parts, including remote device authentication—which should allow you, for example, to unlock your workstation with your cellphone.
Reducing the use of stolen credentials takes a big bite out of online crime. I can only hope that the web continues to adopt the FIDO authentication standards as fast as possible. After years of previous attempts at similar initiatives, this one looks posed for broad success.
国内越来越重视创新,黑客的水平也不断提升,相信安全问题也会逐渐增多,如何应对,值得产品和服务的研发设计人员沉思,内置安全的功能到其中是必走之路。

猜您喜欢

00:57″投行+创新”引领券商转型:华融证券证券行业2017年年度策略
公司员工信息安全意识教育动画视频
网络安全知识科普——如何保护个人信息
受不了高楼里冷淡的邻里关系北京妹爆改胡同平房
OBTAINFO INTERNETPHONESOFTWARE
网络信息安全小曲