The Internet Portal
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the interlinked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing.
The origins of the Internet date back to the development of packet switching and research commissioned by the United States Department of Defense in the late 1960s to enable time-sharing of computers. The primary precursor network, the ARPANET, initially served as a backbone for the interconnection of regional academic and military networks in the 1970s to enable resource sharing. The funding of the National Science Foundation Network as a new backbone in the 1980s, as well as private funding for other commercial extensions, led to worldwide participation in the development of new networking technologies, and the merger of many networks. The linking of commercial networks and enterprises by the early 1990s marked the beginning of the transition to the modern Internet, and generated a sustained exponential growth as generations of institutional, personal, and mobile computers were connected to the network. Although the Internet was widely used by academia in the 1980s, commercialization incorporated its services and technologies into virtually every aspect of modern life. (Full article...)
ScienTOMogy was a parody web site lampooning Tom Cruise's involvement with Scientology, initially hosted at the domain name scientomogy.info. The site was created in 2005 after increased media publicity surrounding Cruise's appearances on The Oprah Winfrey Show and The Today Show. ScienTOMogy gained press attention after it was contacted by the Church of Scientology with a cease and desist letter, alleging copyright infringement over use of the word "Scientomogy", claiming that it was too close to the word "Scientology". The proprietor of the site initially agreed to relent to the Church's demands, but after consulting attorneys, instead decided to keep the site. Internet traffic to the site later increased dramatically as a result of the media and press attention surrounding the Church of Scientology's alleged copyright infringement claims.
Webcams are small cameras, (usually, though not always, video cameras) whose images can be accessed using the World Wide Web, instant messaging, or a PC video conferencing application. The term webcam is also used to describe the low-resolution digital video cameras designed for such purposes, but which can also be used to record in a non-real-time fashion.
Wikinews Internet portal
Did you know (auto-generated) -
Barry Diller (born February 2, 1942 in San Francisco, California) is media executive responsible for the creation of Fox Broadcasting Company. Diller is currently the Chairman of Expedia and the Chairman and Chief Executive Officer of IAC/InterActiveCorp, an interactive commerce conglomerate and the parent of companies including ServiceMagic, Home Shopping Network, Ticketmaster, Match.com, Citysearch, LendingTree and CollegeHumor. In 2005, IAC/InterActiveCorp acquired Ask.com, marking a strategic move into the Internet search category. Diller has been on the board of The Coca-Cola Company since 2002. The new headquarters of IAC/InterActiveCorp was designed by Frank Gehry and opened in 2007 at 18th Street and the West Side Highway in Manhattan's Chelsea neighborhood. The western half of the block is dedicated to the building which stands several stories taller than the massive Chelsea Piers Sporting complex just across the West Side Highway. The extra floors guarantee a panoramic Hudson River view from Diller's top-floor office.
General images -
The following are images from various internet-related articles on Wikipedia.
More Did you know...
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797.
The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named "
The protection only applies after a user has visited the site at least once, relying on the principle of "trust on first use". The way this protection works is that a user entering or selecting a URL to the site that specifies HTTP, will automatically upgrade to HTTPS, without making an HTTP request, which prevents the HTTP man-in-the-middle attack from occurring.
The HSTS specification was published as RFC 6797 on 19 November 2012 after being approved on 2 October 2012 by the IESG for publication as a Proposed Standard RFC. The authors originally submitted it as an Internet Draft on 17 June 2010. With the conversion to an Internet Draft, the specification name was altered from "Strict Transport Security" (STS) to "HTTP Strict Transport Security", because the specification applies only to HTTP. The HTTP response header field defined in the HSTS specification however remains named "Strict-Transport-Security".
The last so-called "community version" of the then-named "STS" specification was published on 18 December 2009, with revisions based on community feedback.
The original draft specification by Jeff Hodges from PayPal, Collin Jackson, and Adam Barth was published on 18 September 2009.
The HSTS specification is based on original work by Jackson and Barth as described in their paper "ForceHTTPS: Protecting High-Security Web Sites from Network Attacks".
Additionally, HSTS is the realization of one facet of an overall vision for improving web security, put forward by Jeff Hodges and Andy Steingruebl in their 2010 paper The Need for Coherent Web Security Policy Framework(s).
HSTS mechanism overview
A server implements an HSTS policy by supplying a header over an HTTPS connection (HSTS headers over HTTP are ignored). For example, a server could send a header such that future requests to the domain for the next year (max-age is specified in seconds; 31,536,000 is equal to one non-leap year) use only HTTPS:
When a web application issues HSTS Policy to user agents, conformant user agents behave as follows (RFC 6797):
The HSTS Policy helps protect web application users against some passive (eavesdropping) and active network attacks. A man-in-the-middle attacker has a greatly reduced ability to intercept requests and responses between a user and a web application server while the user's browser has HSTS Policy in effect for that web application.
The most important security vulnerability that HSTS can fix is SSL-stripping man-in-the-middle attacks, first publicly introduced by Moxie Marlinspike in his 2009 BlackHat Federal talk "New Tricks For Defeating SSL In Practice". The SSL (and TLS) stripping attack works by transparently converting a secure HTTPS connection into a plain HTTP connection. The user can see that the connection is insecure, but crucially there is no way of knowing whether the connection should be secure. At the time of Marlinspike's talk, many websites did not use TLS/SSL, therefore there was no way of knowing (without prior knowledge) whether the use of plain HTTP was due to an attack, or simply because the website had not implemented TLS/SSL. Additionally, no warnings are presented to the user during the downgrade process, making the attack fairly subtle to all but the most vigilant. Marlinspike's sslstrip tool fully automates the attack.
HSTS addresses this problem by informing the browser that connections to the site should always use TLS/SSL. The HSTS header can be stripped by the attacker if this is the user's first visit. Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge attempt to limit this problem by including a "pre-loaded" list of HSTS sites. Unfortunately this solution cannot scale to include all websites on the internet. See limitations, below.
HSTS can also help to prevent having one's cookie-based website login credentials stolen by widely available tools such as Firesheep.
Because HSTS is time limited, it is sensitive to attacks involving shifting the victim's computer time e.g. using false NTP packets.
The initial request remains unprotected from active attacks if it uses an insecure protocol such as plain HTTP or if the URI for the initial request was obtained over an insecure channel. The same applies to the first request after the activity period specified in the advertised HSTS Policy
Junade Ali has noted that HSTS is ineffective against the use of phony domains; by using DNS-based attacks, it is possible for a man-in-the-middle interceptor to serve traffic from an artificial domain which is not on the HSTS Preload list, this can be made possible by DNS Spoofing Attacks, or simply a domain name that misleadingly resembles the real domain name such as www.example.org instead of www.example.com.
Even with an HSTS preloaded list, HSTS cannot prevent advanced attacks against TLS itself, such as the BEAST or CRIME attacks introduced by Juliano Rizzo and Thai Duong. Attacks against TLS itself are orthogonal to HSTS policy enforcement. Neither can it protect against attacks on the server - if someone compromises it, it will happily serve any content over TLS.
See RFC 6797 for a discussion of overall HSTS security considerations.
HSTS can be used to near-indelibly tag visiting browsers with recoverable identifying data (supercookies) which can persist in and out of browser "incognito" privacy modes. By creating a web page that makes multiple HTTP requests to selected domains, for example, if twenty browser requests to twenty different domains are used, theoretically over one million visitors can be distinguished (220) due to the resulting requests arriving via HTTP vs. HTTPS; the latter being the previously recorded binary "bits" established earlier via HSTS headers.
Deployment best practices
Depending on the actual deployment there are certain threats (e.g. cookie injection attacks) that can be avoided by following best practices.
Select [►] to view subcategories
Things you can do
The following Wikimedia Foundation sister projects provide more on this subject: