HTTP/2 Opens New Connections With the Word ‘PRISM’

Since whistleblower Edward Snowden revealed the extent of the US National Security Agency’s mass surveillance program, the word Prism has taken on a sinister meaning. The NSA’s PRISM program collected the internet communications of its citizens via nine major internet companies, including Google, Microsoft, Apple, and Yahoo. Now, John Graham-Cumming, a British coder and tech writer, has discovered a curious quirk within HTTP/2 connections: the opening protocol contains the word PRISM.

This is how HTTP/2 connection protocols begins, when unravelled from a 24-octet sequence:

PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n

Otherwise written as:

PRI * HTTP2.0

SM

The verb PRI was, until 8th July, 2013, FOO. What happened during the Summer of 2013 to motivate such a change? Edward Snowden’s NSA leak. Coincidence?

While conspiracy theorists could have a field day with the revelation, it seems to be little more than a sly Easter egg included by the cheeky programmers.

Danish developer Poul-Henning Kamp wrote at the time about his concerns for HTTP/2 in the wake of the PRISM revelations. “I think PRISM is ample evidence that [adding more encryption to HTTP/2 to fight back against the NSA] will have the 100% certain result is that all encryption will be circumvented, with bogus CA certs all the way up to PRISM and designed-in backdoors, and the net result is less or even no privacy for anybody everywhere,” Kamp wrote to his colleagues in the HTTP Working Group.

The inclusion of the word PRISM in the HTTP/2 protocol is like a knowing middle finger to the NSA, and a reminder to us that not every internet entity is colluding with intelligence agencies.

Image courtesy of Soft.net

Should We Replace Doctors With Computers?

A new announcement from Jeremy Hunt is yet another cost cutting attempt at trimming down front line services with the aim of saving cash. The health secretary wants to remove more medical decisions from the hands of doctors and therefore let computers and protocols decide aspects of care instead” I like tech, but I would prefer a qualified human doctor and not Microsoft XP handling all aspects of my care if I were to be in hospital. Mr Hunt also states that this implementation has been successful within the US health system and therefore we in the UK should be adopting similar processes.

It would not be an elected politician without a bizarre example, and Mr Hunt gave just that with the notion of production techniques that have been copied from a, (you may think originally from a hospital) no, a “Japanese car company had been copied and applied to healthcare” within a hospital in the US. Not sure human organs and brake pads can be particularly compared when devising healthcare policy. If you’re wondering, it was a hospital in Seattle that copied the production techniques from Toyota and by doing so is ranked among the safest hospitals in the world, read that in a Clarkson voice if you will.

This idea depends on the agenda of execution. Yes we all want safer hospitals and any PROVEN protocol is to be welcomed, but, is this with the aim of cutting both doctors and also staff from wards. The Tory government is aiming to cut billions from spending and is also looking to force through a new working contract for junior doctors that will see penalties for over working doctor’s scrapped and longer working hours implemented. There has been a track record in many sectors of reducing staff in favour of computer IT systems, hopefully staffing levels can be maintained and increased to meet demand, after all, a virtual paperclip cannot treat you in real life.

Thank you independent for providing us with this information.

Image courtesy of twitter.

Wikipedia Adds an Extra Layer of Security for Its Readers

Wikipedia just took security up a notch and added some extra security measures for its readers. The founders want to make connections between Wikimedia websites and their users more secure to share and view content.

The extra security measure involves HTTPS as the default encryption protocol being used from now on, along with HSTS (HTTP Strict Transport Security) to protect users from hackers trying to ‘break’ into the secure connections.

“Today, we’re happy to announce that we are in the process of implementing HTTPS by default to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic.” Wikimedia wrote on their website. “With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.”

HTTPS connections have been available since 2011 for Wikipedia and its sister websites, but users needed to use the protocol manually. However, in 2013, Wikipedia made HTTPS the default protocol for authenticated users. Now, both authenticated and anonymous users are able to browse Wikimedia websites using HTTPS automatically, regard of whether they are logged in or not.

The founders also stated that migrating to HTTPS as the default connection protocol was not easy and required years of work involving teams from across the Wikimedia Foundation. Nevertheless, their hard work paid off and users can now browse more securely on their websites. But we want to hear your opinion as users too. Do you feel more secure now that HTTPS is widely available in Wikipedia? Let us know!

Image courtesy of enciclomedios.com

US IPv4 Address Pool Reported to Be at Its Last Drop

Well folks, the time has come to gradually transition from IPv4 towards IPv6. But don’t panic! Everyone was aware of the change and the limit is expected to be reached, as previously analysis show, sometime this summer. Will this affect your everyday user? Of course not, people will most probably not see any type of change at all (hopefully).

The guys in charge of handling the transition and making sure that everything works are the ISPs, who should have already started on getting things ready for the big change. So why do we need to make the change? Limited addresses, of course. Back in 1981 when the first IPv4 was made, it used only 32 bits to generate unique addresses. The latter number of bits is able to generate 4.3 billion unique addresses and back then people couldn’t have imagined that so many devices will be connected to the Internet is such a short amount of time.

However, further analysis pointed out the issue and so IPv6 was introduced in 1999, a 128-bit upgraded version of the IPv4 protocol, able to generate 340 trillion trillion trillion unique addresses. Now the thing is, if we are to run out of addresses for this protocol, it means that we either have the worst tech addiction or we are in an era where there are more androids running around than people.

Thank you Sci-Tech Today for providing us with this information

HTTP/2, The First HTTP Update Since 1999, Is Complete

HTTP, the fundamental internet protocol used to transmit formatted data across the web, is getting its first update in 16 years. The new standard, HTTP/2, was completed on Wednesday, according to Mark Nottingham, Chair of IETF HTTP Working Group. After a series of editorial stages, HTTP/2 will be published as the new standard for websites and browsers across the globe, becoming the first update to the protocol since HTTP 1.1 back in 1999.

HTTP/2 should speed up page loading times, strengthen connections, and help servers push data to your cache. But the most important change, a burden on developers since the inception of the internet, is the introduction of multiplexing. Previously, multiple HTTP requests at once would slow servers down, sometimes preventing page loads altogether, but HTTP/2 will allow simultaneous requests with no slow-down.

Source: Gizmodo

New Plug-In for Chrome Might Add Extra Email Protection

Encrypting emails is one of the best practices to ensure that users’ email correspondence will remain private and secure. This is why Google is working on an end-to-end email encryption web plug-in in order to deliver a simple way to secure user email correspondence.

The task is usually performed by advanced tools such as GnuPG or PGP, but Google is aiming to give everyone just another notch of security compared to what is already offered by traditional email services. Google’s extension goes by the name of “End-To-End” and is designed to be a Chrome extension which helps in decrypting, encrypting, digitally signing and verifying signed emails within the browser with the help of the OpenPGP encryption standard.

After installing the web plug-in, Google states that all further ongoing and incoming emails accessed within the browser will be processed with the help of the extension. This may or may not be required, however users wanting a little more protection between their correspondence could consider the plug-in a satisfactory addition to a more secure email transaction.

The Google extension is currently in alpha stage, therefore bugs and flaws are likely to be present. People interested in giving the extension a try can visit Google’s Blog for more information on the extension. The company said that it will not release it to the Google Web Store just yet, but it will most probably be available as soon as the major bugs are dealt with and the extension hits at least beta stage.

Thank you Tech Spot for providing us with this information

SMS and MMS To Be Merged Into Hangouts By Google

The Hangouts application, which has so far only successfully unified Google+ Messenger and Google Talk, leaving Messaging and Voice to co-exist, is finally getting SMS and MMS integration. According to sources familiar with the matter, the upcoming Hangouts version 1.3 has these features enabled and, furthermore, also allows sharing of videos via the Hangouts protocol.

Messages sent via SMS will be shown as “via SMS” next to the timestamp so that users can always figure out the protocol used for each message delivery. Users can also request delivery reports for sent SMS, a feature that is part of the SMS protocol that some use on a daily basis.

MMS picture messaging is supported as well, though it cannot be confirmed sending of video via MMS at this time. There is a settings menu for wireless alerts as well as a toggle for auto-retrieving messages while roaming. Finally, users can opt out of SMS via Hangouts altogether.

The Voice protocol has still to be implemented into Hangouts, but nobody knows if there will be another update in the future which allows Hangouts to be able to “engulf” the Voice protocol as well.

There is no official confirmation at this point about a possible release timeline and correlation between KitKat and this Hangouts update. It’s possible that Google will roll it out before KitKat but it’s equally as possible for it to come out later if it’s not fully baked just yet.

Thank you Android Police for providing us with this information.

Images courtesy of Android Police.