After 27 years, Microsoft has finally bid farewell to the web browser Internet Explorer, and will redirect Explorer users to the latest version of its Edge browser.

As of June 15, Microsoft ended support for Explorer on several versions of Windows 10 meaning no more productivity, reliability or security updates. Explorer will remain a working browser, but wont be protected as new threats emerge.

Twenty-seven years is a long time in computing. Many would say this move was long overdue. Explorer has been long outperformed by its competitors, and years of poor user experiences have made it the butt of many internet jokes.

Explorer was first introduced in 1995 by the Microsoft Corporation, and came bundled with the Windows operating system.

To its credit, Explorer introduced many Windows users to the joys of the internet for the first time. After all, it was only in 1993 that Tim Berners-Lee, the father of the web, released the first public web browser (aptly called WorldWideWeb).

Providing Explorer as its default browser meant a large proportion of Windowss global user base would not experience an alternative. But this came at a cost, and Microsoft eventually faced multiple antitrust investigations exploring its monopoly on the browser market.

Still, even though a number of other browsers were around (including Netscape Navigator, which pre-dated Explorer), Explorer remained the default choice for millions of people up until around 2002, when Firefox was launched.

Microsoft has released 11 versions of Explorer (with many minor revisions along the way). It added different functionality and components with each release. Despite this, it lost consumers trust due to Explorers legacy architecture which involved poor design and slowness.

It seems Microsoft got so comfortable with its monopoly that it let the quality of its product slide, just as other competitors were entering the battlefield.

Even just considering its cosmetic interface (what you see and interact with when you visit a website), Explorer could not give users the authentic experience of modern websites.

On the security front, Explorer exhibited its fair share of weaknesses, which cyber criminals readily and successfully exploited.

While Microsoft may have patched many of these weaknesses over different versions of the browser, the underlying architecture is still considered vulnerable by security experts. Microsoft itself has acknowledged this:

[Explorer] is still based on technology thats 25 years old. Its a legacy browser thats architecturally outdated and unable to meet the security challenges of the modern web.

These concerns have resulted in the United States Department for Homeland Security repeatedly advising internet users against using Explorer.

Explorers failure to win over modern audiences is further evident through Microsofts ongoing attempts to push users towards Edge. Edge was first introduced in 2015, and since then Explorer has only been used as a compatibility solution.

In terms of market share, more than 64% of browser users currently use Chrome. Explorer has dropped to less than 1%, and even Edge only accounts for about 4% of users. What has given Chrome such a leg-up in the browser market?

Chrome was first introduced by Google in 2008, on the open source Chromium project, and has since been actively developed and supported.

Being open source means the software is publicly available, and anyone can inspect the source code that runs behind it. Individuals can even contribute to the source code, thereby enhancing the softwares productivity, reliability and security. This was never an option with Explorer.

Moreover, Chrome is multi-platform: it can be used in other operating systems such as Linux, MacOS and on mobile devices, and was supporting a range of systems long before Edge was even released.

Meanwhile, Explorer has mainly been restricted to Windows, XBox and a few versions of MacOS.

Microsofts Edge browser is using the same Chromium open-source code that Chrome has used since its inception. This is encouraging, but it remains to be seen how Edge will compete against Chrome and other browsers to win users confidence.

We wont be surprised if Microsoft fails to nudge customers towards using Edge as their favourite browser. The latest stats suggest Edge is still far behind Chrome in terms of market share.

Also, the fact Microsoft took seven years to retire Explorer after Edges initial release suggests the company hasnt had great success in getting Edges uptake rolling.

Web browsers play a vital role in establishing privacy and security for users. Design and convenience are important factors for users when selecting a browser. So ultimately, the browser that can most effectively balance security and ease of use will win users.

And its hard to say whether Chromes current popularity will be sustained over time. Google will no doubt want it to continue, since web browsers are significant revenue sources.

But Google as a corporation is becoming increasingly unpopular due to massive data gathering and intrusive advertising practices. Chrome is a key component of Googles data-gathering machine, so its possible users may slowly turn away.

As for what to do about Explorer (if youre one of the few people that still has it sitting meekly on your desktop) simply uninstall it to avoid security risks.

Even if youre not using Explorer, just having it installed could present a threat to your device. No one wants to be the victim of a cyber attack via a dead browser!

Read the original post:
Goodbye Internet Explorer. You won't be missed (but your legacy will be remembered) - The Conversation

WASHINGTON & ZRICH (PRWEB) June 15, 2022

The Internet Society (ISOC) and Quad9 today announced the completion of their first successful partnership for the expansion of DNS-based privacy and security services. ISOC is working with Quad9 to deploy servers and network connectivity in four new locations to further expand the global reach of their recursive DNS platform. Quad9 and ISOCs 2022 installment of cities at the edge brings Quad9s free protective DNS services to four new locations:

Quad9 is seeing over 10M threat blocks per day across these new locations. These numbers will only increase as more threat intelligence providers are integrated and more users join the service in these regions. The Internet Society works with communities worldwide to fund and build sophisticated networks and trains people with the skills needed to run and maintain their own Internet infrastructure.

Since Quad9 is a not-for-profit, we can focus on emerging markets that have slower service, less reliability, and more opportunity for interception or manipulation of their Internet traffic, said John Todd, General Manager of Quad9. We share the values of ISOC and look forward to partnering with them on further expansion to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world.

Quad9 is a DNS recursive resolver that is freely available to anyone, offering protection to end-users or network operators against a wide variety of malicious activities while offering exceptional privacy guarantees. Quad9 is a non-profit based in Switzerland, with servers in hundreds of locations worldwide to bring these services closer to end-users in emerging markets as well as well-established internet hubs.

Quad9s objectivesto protect and empower global Internet users at the DNS levelare in close alignment with the Internet Societys own vision that the Internet is for everyone and that it should be open, globally-connected, secure, and trustworthy, said Michuki Mwangi, Distinguished Technologist, Internet Society. Creating an accessible and safe Internet requires cooperation and contributions from multiple stakeholders, working together to support and promote the development of the Internet globally.

ISOC is providing Quad9 with the technical infrastructures that enable a safer and more reliable Internet experience. This will enable the Internet user community in these four new countries to tap into the global Internet economy by creating a safer and more private experience for Internet users, opening a world of possibilities with minimal investment.

About Internet SocietyFounded in 1992 by Internet pioneers, the Internet Society is a global non-profit organization working to ensure the Internet remains a force for good for everyone. Through its community of members, special interest groups, and 120+ chapters around the world, the organization defends and promotes Internet policies, standards, and protocols that keep the internet open, globally connected, and secure. For more information, please visit: Internetsociety.org.

About Quad9Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration. When your computer performs any Internet transaction that uses the DNS (and most transactions do), Quad9 blocks lookups of malicious hostnames from an up-to-the-minute list of threats. This blocking action protects your home or business network, mobile device, or IoT systems against a wide range of threats such as malware, phishing, spyware, and botnets. It can improve performance and greatly enhance privacy. Quad9 Foundation is a Swiss-based organization whose mission is to provide a safer and more robust Internet for everyone. Quad9 is a not-for-profit organization whose operational budget comes entirely from sponsorships and donations. For more information on how to sponsor Quad9, please visit https://www.quad9.net.

Media Contact: Teena Touch for Quad9415-310-3125press@quad9.net

Share article on social media or email:

See the original post:
The Internet Society and Quad9 Partner to Deliver Advanced DNS Security to Cities at the Edge - PR Web

Leaders of several Pacific nations met in Fiji last week to strengthen ties and promote unity in the region.

The Pacific faces numerous challenges, such as the threat of climate change and major powers jostling for influence in the region. Against these adversities, Pacific countries have shown determination to preserve their own (and the regions) identity and sovereignty.

One less-appreciated aspect of Pacific security is cybersecurity. Some cyber threats are financially motivated, such as ransomware or phishing attacks, but others aim at critical infrastructure. Still other attacks threaten society and democratic processes through spreading misinformation and disinformation.

We are working with Pacific governments to assess their current cybersecurity situations and make recommendations for a path forward.

In 2018, the 18 member states of the Pacific Islands Forum signed the Boe Declaration on Regional Security. After noting climate change as the single greatest threat, the declaration lays out an expanded concept of security which includes cybersecurity.

The declaration set the scene for cybersecurity as a shared priority for the region. The response to the COVID-19 pandemic has raised the stakes even further, as online services and remote work have rapidly increased.

Cybersecurity will be necessary to enable continued economic development amid natural disasters, changes in the global security situation, and worldwide economic upheavals.

The countries of the Pacific depend on fragile undersea cables for broadband internet access. Bringing government processes online, modernising digital infrastructure, and promoting e-commerce will introduce further security risks.

At the same time as securing their digital spaces, Pacific nations may wish to maintain sovereign control of their data. Often, digitisation means data is controlled outside the country.

Read more: Undersea internet cables connect Pacific islands to the world. But geopolitical tension is tugging at the wires

Introducing digital currencies and mobile payments may also reduce a countrys control over money-related policies.

Working with overseas suppliers for cybersecurity may mean the country has to hand over the keys to sensitive data, networks, and systems.

At the invitation of Pacific island nations, we and our colleagues at Monash University and the Oceania Cyber Security Centre (OCSC) are working to help countries understand and strengthen their cybersecurity situation.

Using the University of Oxfords Cybersecurity Capacity Maturity Model for Nations (CMM) and our own research, we help countries assess their current situation, identify their priorities and determine how to strengthen local capacity and sovereign capability.

These assessments are a crucial first step. Each nation is different. Tailored approaches to cybersecurity that consider the local culture, context and preservation of national sovereignty are needed.

So far, eight of these reviews have been conducted in the Pacific. Seven of these where conducted by the OCSC. Worldwide, more than 87 nations have worked through similar reviews.

In the Federated States of Micronesia, for example, the OCSC completed an assessment in collaboration with the Asia-Pacific Telecommunity in 2020.

After the assessment, we worked with the Federated States of Micronesia in 2021 to co-develop a National Cybersecurity Roadmap. The roadmap sets a path to build local capacity and sovereign capability to protect the countrys national interests and citizens who are most at risk from cyber harms.

Read more: Fight for control threatens to destabilize and fragment the internet

In 2019 we conducted an assessment in Vanuatu. Since then, Vanuatu has strengthened its cybersecurity in several ways, including:

We and our colleagues are in the process of developing a regional framework for island state cybersecurity. It will help Pacific countries build effective emergency response teams, strengthen cyber resilience, and ensure data sovereignty.

As well as assistance with assessments and planning, Pacific nations will also need funding including from countries like Australia to address their own identified priorities.

As the Boe Declaration underlines, we are all on the journey to developing digital resilience. If we work together, the whole Pacific family can strengthen regional security while maintaining sovereignty.

Read more: What skills does a cybersecurity professional need?

Link:
Cybersecurity in the Pacific: how island nations are building their online defences - The Conversation

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.

The user interface for Downthem[.]org.

Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com, two DDoS-for-hire services that had thousands of customers who paid to launch more than 200,000 attacks.

Despite admitting to FBI agents that he ran these so-called booter services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by public defenders. Gatrels co-defendant and partner in the business, Juan Severon Martinez of Pasadena, Calif., pleaded guilty just before the trial.

After a nine-day trial in the Central District of California, Gatrel was convicted on all three counts, including conspiracy to commit unauthorized impairment of a protected computer, conspiracy to commit wire fraud, and unauthorized impairment of a protected computer.

Prosecutors said Downthem sold subscriptions allowing customers to launch DDoS attacks, while AmpNode provided bulletproof server hosting to customers with an emphasis on spoofing servers that could be pre-configured with DDoS attack scripts and lists of vulnerable attack amplifiers used to launch simultaneous cyberattacks on victims.

Booter and stresser services let customers pick from among a variety of attack methods, but almost universally the most powerful of these methods involves whats known as a reflective amplification attack. In such assaults, the perpetrators leverage unmanaged Domain Name Servers (DNS) or other devices on the Web to create huge traffic floods.

Ideally, DNS servers only provide services to machines within a trusted domain such as translating an Internet address from a series of numbers into a domain name, like example.com. But DNS reflection attacks rely on consumer and business routers and other devices equipped with DNS servers that are (mis)configured to accept queries from anywhere on the Web.

Attackers can send spoofed DNS queries to these DNS servers, forging the request so that it appears to come from the targets network. That way, when the DNS servers respond, they reply to the spoofed (target) address.

The bad guys also can amplify a reflective attack by crafting DNS queries so that the responses are much bigger than the requests. For example, an attacker could compose a DNS request of less than 100 bytes, prompting a response that is 60-70 times as large. This amplification effect is especially pronounced if the perpetrators query dozens of DNS servers with these spoofed requests simultaneously.

The government charged that Gatrel and Martinez constantly scanned the Internet for these misconfigured devices, and then sold lists of Internet addresses tied to these devices to other booter service operators.

Gatrel ran a criminal enterprise designed around launching hundreds of thousands of cyber-attacks on behalf of hundreds of customers, prosecutors wrote in a memorandum submitted in advance of his sentencing. He also provided infrastructure and resources for other cybercriminals to run their own businesses launching these same kinds of attacks. These attacks victimized wide swaths of American society and compromised computers around the world.

The U.S. and United Kingdom have been trying to impress on would-be customers of these booter services that hiring them for DDoS attacks is illegal. The U.K. has even taken out Google ads to remind U.K. residents when they search online for terms common to booter services.

The case against Gatrel and Martinez was brought as part of a widespread crackdown on booter services in 2018, when the FBI joined law enforcement partners overseas to seize 15 different booter service domains.

Those actions have prompted a flurry of prosecutions, with wildly varying sentences when the booter service owners are invariably found guilty. However, DDoS experts say booter and stresser services that remain in operation continue to account for the vast majority of DDoS attacks launched daily around the globe.

View original post here:
Downthem DDoS-for-Hire Boss Gets 2 Years in Prison Krebs on Security - Krebs on Security