The information sources of journalists are under constant threat in the age of digital surveillance. Although the confidentiality of information sources is protected by law, secret FISA courts, questionable policing practices and dictatorships regularly circumvent these regulations. To keep investigative articles coming, privacy enthusiasts in Sydney have teamed up to launch ‘Privacy for Journalists’, a website full of practical technology guides for the journalist community.
Reporters are one of the bastions of democracy, as they could expose the wrongdoings of governments, corporates or well-connected individuals affecting the many.
With the legal protections shrinking and the technical disparity widening, the protection of information sources is more challenging than ever.
Information security experts launch website and community to help investigative journalists protect their information sources.
Malicious actors operate command-and-control (C&C/C2) servers to interact with their victims’ computers. These C2 servers are intended to instruct the compromised PCs to do undesired things, such as stealing the user’s passwords, encrypting the files for ransom or attacking other computers on the network.
As a response to the growing number breaches involving CDNs, the first release of the Subresource Integrity (SRI) was published hastily in late 2015. The W3C WebAppSec Working Group decided to leave certain useful features out, in favour of an early release. Although SRI already does the job, there is some room for improvement with regards to user experience. The good news is that some of these features will be added to the next iteration of SRI.
The following article gives a brief, speculative overview of the upcoming features of Subresource Integrity.