Blockchain and public ledgers. What is it all about? If you put it in one word, that would be “decentralization”. That’s what Ethereum guys are all about. While some people don’t mind, others are concerned about the situation, where handful of major players running their Clouds, and the rest of the world trusting them blindly with their data.
Nextcloud solved part of this problem in their own way. Want to just keep your documents and files out of reach of big corporations? Nextcloud gives you a straightforward solution: use cloud approach and still keep your data on your home computer.
Next step would be secure remote access. There is no point in keeping your files anywhere, if you can’t access them, right? Thanks to the progress, secure remote access is easily solvable.
Here are the options:
Option 1 (plain old way, without Beame):
Option 2 (keep it up, with Beame):
Welcome to community of those, who fight centralization, and make corporate and government spying harder.
We think you’ll find it much easier with Beame.
Sophia Tupolev of Beame.io recently gave this talk at the Google Campus for Peerlyst’s inaugural meetup in Tel Aviv.
Public Key Infrastructure (PKI) is the strongest form of cryptographic authentication today and Transport-Layer Security (TLS) is widely-accepted as a great PKI implementation. If that’s true, then why isn’t TLS deployed universally in authentication?
Let’s consider one of the most powerful web attacks – a man-in-the-middle (MITM) using forged SSL certificates. In order for a MITM attack to work on encrypted traffic, the man-in-the-middle must possess a public or private certificate trusted by the target device. The problem is aggravated by the fact that any Certification Authority (CA) trusted by the device can sign any domain name. Nobody wants to risk their identity being stolen with a forged certificate.
Who has access to your company’s servers? The requirement for secure access rights in the enterprise eclipses the authentication technology in use today. Passwords are obsolete and SMS for multi-factor authentication is deprecated. Single-sign on increases the risk of breaches of centralized identity storage. Connected devices pose a threat of their own, since IoT devices and their data do not have trusted identities.
Identifying the connected human and device in a trustworthy way is a pressing universal need. The connected human needs to move effortlessly in and out of protected physical and virtual environments. The connected device needs to realize its market potential. Fortunately, the science of cryptography lies at the heart of the answer to this problematic paradigm.Read more ⟶
The White House’s National Cyber Security Alliance (NCSA) is running a campaign called #lockdownurlogin to promote Strong Authentication. In theory, this is a worthy initiative. In practice, it’s partially misleading because it appears to recommend OTP over SMS (One-time password over text message) as a way to do 2FA (two-factor authentication).
It’s still a draft guideline in review, but the U.S. National Institute for Standards and Technology (of the U.S. Department of Commerce) has clearly stated in its new guidelines for digital authentication that “Out-of-band authentication using the PSTN [public switched telephone network] is deprecated and is being considered for removal in future editions of this guideline.”
Sure, government moves slowly, but here’s the highest office in the nation leading well-intentioned internet users to adopt practices that will only put them at further risk.
P.S. If you’ve read this far, you might enjoy this summer’s piece by by Brian Krebs, about how the Social Security Administration has only just adopted OTP over SMS.
I’d like to share a fresh interview with our CEO, Zeev Glozman, where he talks about Beame.io’s open source technology. “It’s SAML without a central repo. Your own private encrypted network.” Thanks to Greg Posner, who is a skilled interviewer handling a complex subject! Read more ⟶
This post was inspired by a redditor who today didn’t quite see how Beame.io differs from Let’s Encrypt, which we do appreciate as a great service.
Services like Let’s Encrypt have their own value, but we provide more than just a “…online service for certificates,” as this redditor put it. The main difference is that Let’s Encrypt requires you to have a public IP address on your server which has to be pre-registered in the DNS. We target machines or devices without permanent IP addresses such as devices behind NAT. We offer unique and random domains on a subdomain of our own, therefore we don’t provide a meaningful identity. You can assign the meaning yourself. We provide TLS tunneling to run your own HTTPS server on a private LAN and have it still globally accessible.
Learn more by trying our open source SDK and take advantage of the free certs in the beta!
“‘I’m Slim Shady, yes, I’m the real Shady/all you other Slim Shadys are just imitating/So won’t the real Slim Shady please stand up…”
This sounds like Slim Shady (Eminem) was having an identity and access management problem. Now, I wasn’t allowed to listen to Eminem growing up, but of course, I did, anyway. Similarly, nobody else is supposed to know my private data, but they do, anyway. How many times a day are you asked to prove your identity?
Today’s ubiquitous client-server architecture is problematic. It limits the power of our smartphones, and not only. It limits our privacy.
Computing went from local servers to Cloud servers. That solved a lot of problems but created epic new problems, as well. One of these problems is ID, which is currently addressed by the username/password, and sometimes by a one-time password.
Then, generation of auth tokens: short-lived, long-lived, etc. That allows access to the data. Those tokens are granted to devices and applications.
Next, here’s the problem with the cloud.Read more ⟶
1. The link between cyber and kinetic threats;
2. Implications of technology and the public trust;
3. The human factor in cyber security;
4. The benefits of integrative approach to cyber security.