好消息!整个参议院只接受网络加密

Anyone now visiting their senator’s website will see something new: a little green lock in their browser’s address bar.
Last week the US Senate quietly began serving its entire domain — including each of the 100 elected senators’ websites — over an encrypted HTTPS channel by default.
national security
Leaked document reveals UK plans for wider internet surveillance
UK government is holding the consultation in private away from the tech industry.
Read More
互联网金融移动APP与虚假WIFI的信息安全教训
HTTPS isn’t just reserved for banks and login pages anymore, and hasn’t been for a long time. It’s nowadays seen as a measure for sites taking their own security and the privacy of their visitors seriously.
The government has been on its own encryption binge for the past few years, trying to secure every page on every domain it has to ensure a standard level of security across the government domain space.
The logic is simple enough: Serving up each page through a secure and private connection ensures that every Senate page hasn’t been intercepted or impersonated (which is easy to do) and modified by hackers — or even intelligence agencies. It also protects the web address past the domain, in most cases preventing internet providers from knowing which individual pages a person visited.
You might wonder why everyone hasn’t embraced it sooner. Encrypting web traffic used to be expensive, but the rise of free certificate services like Let’s Encrypt has made it significantly cheaper to encrypt web pages.
Thats’s the easy bit, because make no mistake — switching from HTTP, where every byte travels the web without any encryption, to HTTPS is no small feat.
The project has taken over a year to complete, and has been a slow, tedious process of switching over each of the senator’s sites incrementally to HTTPS by default. (A spokesperson for the Senate Sergeant at Arms, which headed the project, confirmed the timing but wouldn’t comment further on the project.)
In order to switch over an entire site to HTTPS, every site element and component has to be served over the secure pipe. Given that the Senate domain has over a hundred individual senator’s domains and committee sites, and many more for other sites and projects, amounting to millions of pages over many years, including some that are decades old — it’s not an overnight job.
But unlike the executive branch, which has all the help from the federal government to switch over to HTTPS, the legislative branch has been left mostly to its own devices.
The General Services Administration said it had no involvement in the Senate’s switch. “In general, GSA supports increased use of HTTPS across public services, and actively supports the executive branch’s efforts in this area,” said a spokesperson.
In pushing ahead with its HTTPS project, the Senate leapfrogged the House with its own effort to encrypt its web pages. At the time of writing, every House lawmaker’s website supports HTTPS, but only a little over half support HTTPS by default. (We asked the House’s chief administrative officer for comment, and we’ll update when we hear back.)
security
Congress is so bad at cybersecurity, two lawmakers sent advice to colleagues
The bipartisan duo sent out the advice in the wake of recent cyberattacks.
Read More
HTTPS by default is a good start, but there’s more work to be done.
In January, the government announced it would not only strictly enforce HTTPS on each new government website but it would also preload its domains and subdomains directly into web browsers — so that all browsers will always and by-default make a secure connection to a government website.
So far, plans have been made to preload executive branch websites, but it hasn’t been ruled out as a possibility for Congress in the future.
Encryption remains a hot topic in Congress. It seems half of all lawmakers are for it, and half see it as a way for criminals and terrorists to get away with literal murder. In the past couple of years, we’ve seen several attempts by lawmakers to undermine the security protections that encryption offers, such as pushing for backdoors in existing encryption standards to make surveillance easier. Last year, in the wake of the San Bernardino terrorist attack, two senators pushed for their own anti-encryption bill that eventually failed.
That bill may be on deck to be reintroduced in the current session, sparking yet another protracted chapter in the ongoing crypto war.
Now that every senator’s website offers encryption, remember that next time they bring out the pitchforks.
ZDNET INVESTIGATIONS
US government pushed tech firms to hand over source code
At the US border, expect discrimination, detention, searches, and interrogation
Leaked: TSA documents reveal New York airport’s wave of security lapses
Meet the shadowy tech brokers that deliver your data to the NSA
Trump aides’ use of encrypted messaging may violate records law
An unsecured database leaves off-the-grid energy customers exposed
Inside the global terror watchlist that secretly shadows millions
Security flaws in Pentagon servers “likely” under attack by hackers
Revealed: How one Amazon Kindle scam made millions of dollars
US government subcontractor leaks confidential military personnel data
任何人现在访问他们的参议员的网站会看到一些新的:一个绿色的小锁在他们的浏览器的地址栏。
上周,美国参议院悄悄地开始服务其整个领域-包括个当选参议员的网站-在一个加密的HTTPS通道默认。
国家安全
泄露文件显示英国计划更广泛的互联网监控
英国政府正在私下里与高科技产业进行磋商。
阅读更多
HTTPS不只是保留为银行和登录页面了,并没有很长一段时间。它现在被看作是一个衡量网站采取自己的安全和他们的游客的隐私严重。
政府一直在自己的加密狂欢在过去的几年里,试图确保每个网页上的每一个领域,它必须确保一个标准的安全水平在政府域空间。
逻辑很简单:提供每个页面通过一个安全的和私人的联系,确保每一个参议院的网页并没有被截获或扮演(这是很容易做的)和修改的黑客,甚至情报机构。它还保护网络地址过去的域,在大多数情况下,防止互联网供应商知道个人网页访问的人。

你可能想知道为什么每个人都没有拥抱它更快。加密Web流量曾经是昂贵的,但像我们这样加密的免费证书服务的崛起使得它大大便宜的加密网页。
这是很容易的一点,因为没有错误-从HTTP转换,其中每个字节没有任何加密的网络传输到HTTPS是不小的壮举。
该项目已经花了一年多的时间完成,一直是一个缓慢的,繁琐的过程中切换到参议员的每一个网站增量HTTPS默认。(一位负责该项目的参议院警长的发言人证实了时机,但不会对该项目进一步置评。)
为了将整个站点切换到HTTPS,每个站点元素和组件必须被服务于安全管道。鉴于参议院领域拥有超过一百个个人参议员的域名和委员会的网站,以及更多的其他网站和项目,数以百万计的网页多年,包括一些几十年前-这不是一夜之间的工作。
但与联邦政府的所有帮助转移到HTTPS的行政部门不同的是,立法部门主要留给自己的设备。
总务管理局说,它没有参与参议院的转变。”总的来说,GSA支持HTTPS在公共服务的使用增加,并积极支持该地区的行政部门的努力,”一位发言人说。
在推进项目的HTTPS,参议院超过房子有自己的努力来加密网页。在写作的时候,每个众议院立法者的网站支持HTTPS,但只有一半以上的支持HTTPS默认。(我们要求众议院首席行政官发表评论,我们将更新时,我们听到了。)
随着云计算、物联网、智慧城市等概念相继落实,我们的社会变得高度信息化,同时信息安全问题也日益严峻,而信息安全和我们所有的用户都息息相关,所以我们每个人都应该采取合理的步骤以确保我们的个人系统和信息数据的安全。
安全
国会是如此糟糕的网络安全,两位立法者发送意见给同事
两党铎发出建议,在最近的网络攻击之后。
阅读更多
默认情况下HTTPS是一个良好的开端,但还有更多的工作要做。
在一月,政府宣布它不仅严格执行HTTPS在每个新的政府网站,但它也将其域和子域名直接转发到Web浏览器-使所有浏览器将始终默认地与政府网站安全连接。
到目前为止,已经计划对行政分支网站进行预判,但它并没有排除将来国会的可能性。
加密仍然是国会的热门话题。似乎有一半的立法者赞成,一半认为这是罪犯和恐怖分子逃脱字面谋杀的一种方式。在过去的几年里,我们已经看到一些议员试图破坏安全保护,加密提供了,如推动现有的加密标准的后门使监视变得更容易。去年,在圣贝纳迪诺遭受恐怖袭击后,两位参议员推动本国的反加密的法案,最终失败。
该法案可能会在甲板上被重新在目前的会议,引发了另一个旷日持久的章节正在进行的加密战争。
现在,每一个参议员的网站提供加密,记住,下一次他们把干草叉。
ZDNet的调查
美国政府推动科技公司交出源代码
在美国边境,期待歧视、拘留、搜查和审讯
泄露:TSA文件揭示纽约机场的安全漏洞浪潮
满足的影子技术经纪人,提供您的数据到国家安全局
特朗普助手使用加密消息可能违反记录法
一个无担保的数据库离开了网格能源客户暴露
那暗暗的阴影在全球反恐监视名单上百万
安全漏洞在五角大厦服务器“可能”受到黑客攻击
透露:亚马逊如何点燃一个骗局数百万美元
美国政府转包商泄露机密军事人员数据
多家网站曝出严重安全漏洞,在得到修复之前暂时不要使用它们,另要确保在不同的网站使用不同的密码。

猜您喜欢

两高联合出台司法解释 筑起个人信息安全防火墙
CyberSecurity网络安全意识——如何创建强健又易记的密码
网络信息安全小曲
如何防范智能手机、平板电脑和可穿戴式设备成为互联网犯罪人员的跳板或肉鸡呢?
FUNNYWACKYVIDEOS SYSTEMVIEW4YOU
互联网安全之软件下载