Archive | Technology RSS feed for this section

Technology content from Leo Nelson

STIX and TAXII

STIX™ is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible.

TAXII™ defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries. TAXII, through its member specifications, defines concepts, protocols, and message exchanges to exchange cyber threat information for the detection, prevention, and mitigation of cyber threats. TAXII is not a specific information sharing initiative or application and does not attempt to define trust agreements, governance, or other non-technical aspects of cyber threat information sharing. Instead, TAXII empowers organizations to achieve improved situational awareness about emerging threats, enabling organizations to share the information they choose with the partners they choose.

Can Email Be Private?

In general, I’ve subscribed to the belief that email should not be considered private, particularly in light of the ease with which email may be accessed, copied and distributed. Silent Circle has a good write-up of the challenges with trying to make sure that email is secure.

Email provides no means to secure the headers (routing information, and the envelope). The routing information, which is visible by looking at the headers of any email message, by design, is all unencrypted. Any server in the path between sender and recipient, can view any portion of the headers, as they are stored as plain text in the beginning of the message.

Other sources for your reading pleasure:

Why can’t email be secure?

Why Email Can’t Be Protected From Government Surveillance

Why Email Can Never Be Truly Secure: It’s The Metadata