Visualizzazione post con etichetta Google. Mostra tutti i post

giovedì 15 febbraio 2024

Posta: nel frattempo nel mondo reale SPF, DKIM e DMARC

Mentre ci deliziamo a discutere, da opposte condizioni, le deliziose notizie generate dal garante sui metadati il mondo va avanti anche senza di noi e le nostre velleità.

Mi ero ripromesso di scrivere delle nuove richieste di Yahoo e Google inerenti i protocolli di autenticazione della posta dopo avervi tenuto piu di un webinar. Purtroppo sono stato distratto da varie ed eventuali e i miei ultimi post sono stati “leggermente” polemici su cose del mondo italico.

Visto che non ho fatto in tempo a scrivere, il mondo non ha avuto la decenza di aspettarmi e le cose si sono messe in moto anche senza che io aveessi modo di delirarci sopra.

Di che si parla?

Si parla di SPF, DKIM e DMARC se non sapete cosa siano male, moolto male, anzi malillimo.

Si parla della richiesta di impementarli correttamente altrimenti google e yahoo non accettano più le vostre preziose email.

Non è roba nuova ma si sa da noi ad un avvertimentno si reagisce in maniera per lo più scomposta e sconclusionata, mai affrontando la radice del problema.

Ah, il mondo delle email è diventato un po’ più “piccante” nel 2024, quando Google e Yahoo, i guardiani della nostra tranquillità digitale, hanno deciso di dare una bella stretta alle regole dell’autenticazione email. Preparati a un viaggio nel bizzarro mondo dell’autenticazione, dove DMARC non è il nome di un DJ svedese e SPF non si riferisce alla tua crema solare!

Google e Yahoo Diventano i Bouncer dell’Email Club

Immagina Google e Yahoo come due buttafuori all’ingresso di un esclusivo club di email. Dal 2024, se non sei sulla lista (leggi: se le tue email non sono autenticate secondo le loro nuove regole super sofisticate), non entrerai. E non importa quanto tu sia convincente, non c’è modo di corromperli con una mancia.

I Codici di Errore: “Non Sei sulla Lista, Amico”

Se le tue email provano a intrufolarsi senza l’autenticazione adeguata, Google e Yahoo risponderanno con dei codici di errore equivalenti a un “Mi dispiace, amico, non puoi entrare”. Questi codici di errore saranno il tuo biglietto d’addio, un gentile promemoria che è ora di aggiornare le tue pratiche di autenticazione.

Apple Si Unisce alla Festa

E per non essere da meno, anche Apple ha deciso di unirsi alla festa, imponendo regole simili. Ora, immagina Apple come quel VIP che arriva alla festa e alza ulteriormente il livello. Se pensavi che aggirare Google e Yahoo fosse difficile, aspetta solo di vedere cosa ha in serbo Apple.

Altri Provider seguiranno l’Esempio

Come se non bastasse, altri provider di posta come Outlook, Hotmail, e magari anche Zoho, decidono che vogliono essere parte di questo esclusivo club dell’autenticazione. Ognuno con le proprie regole, perché, sai, più regole, più divertimento!

Cosa Fare per Non Restare Fuori dalla Festa

SPF¹: Anche qui, non stiamo parlando di protezione solare, ma di un record che dice a tutti che sei chi dici di essere.
DKIM²: Un altro pass VIP per mostrare che le tue email non sono travestite.
DMARC³: Non è un nuovo tipo di drink, ma dovrai assicurarti di averlo per passare i controlli all’ingresso.

Ora italicamente la reazione è: ma si tanto poi cambieranno idea, figurati se lo fanno adesso, ma cosa vogliono questi e via dicendo.

Nuntio vobis magno cum gaudio

La cosa è iniziata:

chi manda la posta inizia a vedere

🔎 errori𝐒𝐌𝐓𝐏

E si su un piccolo numero ancora, ma google ha iniziato a fare throottling e rigettare le email non alliineate alle loro indiczioni (che cattivoni), ma la cosa è destinata a crecere che vi piaccia o meno.

Le date iniziali sono state rilassate, ma il D day (DMARC Day) si avvicina.

👉 Se vedi repliche SMTP che iniziano con un 4, si tratta di un errore temporaneo e significa che il sistema può inviare nuovamente il messaggio per la consegna; ma se inizia con 5, è un fallimento permanente, e significa che viene rifiutato e non verrà mai consegnato.

Queste sono alcune delle risposte SMTP di Google che possiamo vedere ora:

🔵 421-4.7.26 𝘛𝘩𝘪𝘴 𝘮𝘢𝘪𝘭 𝘩𝘢𝘴 𝘣𝘦𝘦𝘯 𝘳𝘢𝘵𝘦 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘣𝘦𝘤𝘢𝘶𝘴𝘦 𝘪𝘵 𝘪𝘴 𝘶𝘯𝘢𝘶𝘵𝘩𝘦𝘯𝘵𝘪𝘤𝘢𝘵𝘦𝘥. 𝘎𝘮𝘢𝘪𝘭 𝘳𝘦𝘲𝘶𝘪𝘳𝘦𝘴 𝘢𝘭𝘭 𝘴𝘦𝘯𝘥𝘦𝘳𝘴 𝘵𝘰 𝘢𝘶𝘵𝘩𝘦𝘯𝘵𝘪𝘤𝘢𝘵𝘦 𝘸𝘪𝘵𝘩 𝘦𝘪𝘵𝘩𝘦𝘳 𝘚𝘗𝘍 𝘰𝘳 𝘋𝘒𝘐𝘔

🔵 421 4.7.30 𝘛𝘩𝘪𝘴 𝘮𝘢𝘪𝘭 𝘩𝘢𝘴 𝘣𝘦𝘦𝘯 𝘳𝘢𝘵𝘦 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘣𝘦𝘤𝘢𝘶𝘴𝘦 𝘋𝘒𝘐𝘔 𝘥𝘰𝘦𝘴 𝘯𝘰𝘵 𝘱𝘢𝘴𝘴. 𝘎𝘮𝘢𝘪𝘭 𝘳𝘦𝘲𝘶𝘪𝘳𝘦𝘴 𝘢𝘭𝘭 𝘭𝘢𝘳𝘨𝘦 𝘴𝘦𝘯𝘥𝘦𝘳𝘴 𝘵𝘰 𝘢𝘶𝘵𝘩𝘦𝘯𝘵𝘪𝘤𝘢𝘵𝘦 𝘸𝘪𝘵𝘩 𝘋𝘒𝘐𝘔. 𝘈𝘶𝘵𝘩𝘦𝘯𝘵𝘪𝘤𝘢𝘵𝘪𝘰𝘯 𝘳𝘦𝘴𝘶𝘭𝘵𝘴: 𝘋𝘒𝘐𝘔 = 𝘥𝘪𝘥 𝘯𝘰𝘵 𝘱𝘢𝘴𝘴

🔵 421 4.7.32 𝘛𝘩𝘪𝘴 𝘮𝘢𝘪𝘭 𝘩𝘢𝘴 𝘣𝘦𝘦𝘯 𝘳𝘢𝘵𝘦-𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘣𝘦𝘤𝘢𝘶𝘴𝘦 𝘵𝘩𝘦𝘳𝘦 𝘪𝘴 𝘯𝘰 𝘋𝘔𝘈𝘙𝘊 𝘢𝘭𝘪𝘨𝘯𝘮𝘦𝘯𝘵

o la ben più temuta:

🔴 550 5.7.26 𝘛𝘩𝘪𝘴 𝘮𝘦𝘴𝘴𝘢𝘨𝘦 𝘥𝘰𝘦𝘴 𝘯𝘰𝘵 𝘩𝘢𝘷𝘦 𝘢𝘶𝘵𝘩𝘦𝘯𝘵𝘪𝘤𝘢𝘵𝘪𝘰𝘯 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯 𝘰𝘳 𝘧𝘢𝘪𝘭𝘴 𝘵𝘰 𝘱𝘢𝘴𝘴 𝘢𝘶𝘵𝘩𝘦𝘯𝘵𝘪𝘤𝘢𝘵𝘪𝘰𝘯 𝘤𝘩𝘦𝘤𝘬𝘴 (𝘚𝘗𝘍 𝘰𝘳 𝘋𝘒𝘐𝘔). 𝘛𝘰 𝘣𝘦𝘴𝘵 𝘱𝘳𝘰𝘵𝘦𝘤𝘵 𝘰𝘶𝘳 𝘶𝘴𝘦𝘳𝘴 𝘧𝘳𝘰𝘮 𝘴𝘱𝘢𝘮, 𝘵𝘩𝘦 𝘮𝘦𝘴𝘴𝘢𝘨𝘦 𝘩𝘢𝘴 𝘣𝘦𝘦𝘯 𝘣𝘭𝘰𝘤𝘬𝘦𝘥. 𝘗𝘭𝘦𝘢𝘴𝘦 𝘷𝘪𝘴𝘪𝘵 𝘗𝘳𝘦𝘷𝘦𝘯𝘵 𝘮𝘢𝘪𝘭 𝘵𝘰 𝘎𝘮𝘢𝘪𝘭 𝘶𝘴𝘦𝘳𝘴 𝘧𝘳𝘰𝘮 𝘣𝘦𝘪𝘯𝘨 𝘣𝘭𝘰𝘤𝘬𝘦𝘥 𝘰𝘳 𝘴𝘦𝘯𝘵 𝘵𝘰 𝘴𝘱𝘢𝘮 𝘧𝘰𝘳 𝘮𝘰𝘳𝘦 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯.

Cosa sono le “Nuove” Richieste di Google e Yahoo?

I nuovi requisiti di Google e Yahoo mirano a garantire che le email inviate siano autentiche e desiderate dai destinatari. Ecco un riassunto delle principali novità e dei requisiti previsti:

Google

Autenticazione delle Email: A partire da febbraio 2024, Google richiederà che i mittenti di email massive autentichino le loro comunicazioni seguendo le best practice stabilite.
Facilità di Disiscrizione: I mittenti dovranno fornire un meccanismo semplice, tipicamente un clic, per consentire ai destinatari di disiscriversi dalle comunicazioni email.
Controllo del Tasso di Spam: I mittenti dovranno mantenere il tasso di segnalazioni spam al di sotto di una determinata soglia (.3%) per evitare che le loro email vengano marcate come indesiderate.

Yahoo

Yahoo, insieme a Google, ha sottolineato l’importanza di queste nuove misure per migliorare l’affidabilità e la sicurezza delle comunicazioni email, enfatizzando l’esigenza di un impegno collettivo per proteggere gli utenti da spam e frodi email.

Motivazioni dietro le Nuove Richieste

Le motivazioni dietro queste nuove richieste includono la necessità di combattere lo spam e migliorare la sicurezza delle comunicazioni email. Google ha segnalato che le sue difese basate sull’intelligenza artificiale bloccano quotidianamente più del 99,9% di spam, phishing e malware, ma nonostante questo, le minacce sono diventate più complesse e pressanti. Queste nuove misure sono volte a colmare le lacune che permettono agli attaccanti di nascondersi tra i mittenti legittimi, migliorando l’autenticazione delle email e rendendo più semplice per gli utenti gestire le iscrizioni.

Requisiti Tecnici e RFC Richiamate

RFC Richiamate

Le richieste di Google e Yahoo si basano su standard definiti nelle seguenti RFC (Request for Comments):

Autenticazione Email: Le pratiche di autenticazione si basano su standard come SPF (RFC 7208), DKIM (RFC 6376) e DMARC (RFC 7489).
Link di Disiscrizione: L’implementazione di un meccanismo di disiscrizione semplice e diretto può riferirsi agli standard definiti in RFC 8058, che descrive il metodo “One-Click” per la disiscrizione dalle email commerciali.

Queste RFC forniscono le linee guida tecniche su come implementare correttamente l’autenticazione delle email e i meccanismi di disiscrizione, assicurando che i mittenti aderiscano ai livelli richiesti di sicurezza e affidabilità nelle loro comunicazioni email.

<5000

Richieste

Protocolli di autenticazione

implementare

SPF

DKIM

Spam rate <.3%

>5000

Richieste

Protocolli di autenticazione + unsubscribe link

Implementare SPF

DKIM

DMARC (anche in p=none)

allineati⁴

+ Unsubscribe Link

Spam rate <.3%

Quando

Timeline

Febbraio

Implementare i rotocolli di autenticzione, primi enforcement con throttling

Aprile

Enforcement nuove regole per tutti

Giugno

Termine per i mass sender per unsubscribe link

In breve, il 2024 sarà l’anno in cui l’email si metterà in tiro per entrare nel club più esclusivo del mondo digitale. Google, Yahoo, e ora anche Apple, hanno alzato il livello, e se non vuoi restare fuori a guardare, è ora di iniziare a prendere sul serio questi protocolli di autenticazione. Mettiti in coda, mostra i tuoi ID digitali e preparati a ballare al ritmo dell’autenticazione email!

Ricorda, in questo mondo digitale in evoluzione, avere le giuste credenziali è come avere il biglietto d’oro per il club più esclusivo. Non essere quel tipo alla porta che non riesce a entrare perché indossa le scarpe sbagliate!

buon divertimento 🙂

NOTE a margine, se non lo sai sallo!

martedì 31 gennaio 2017

Why IT companies are so concerned by latest (and future) USA administration moves.

Latest USA administration moves are rising a lot of concerns towards the IT community, and a lot of concerns worldwide.

There are, of course, different sentiments related to political beliefs, ethics and moral considerations that should be considered. I will not enter here in the political, ethical and moral arena to present my personal point of view on the specific subject but I would like make some considerations on the IT sector reactions to what is happening.

It is an easy prediction that the future economic outlook will be impacted by USA administration approach and actions, and this can cause understandable reactions on the various stakeholders.

It is interesting to note the different approach from companies that need a global market to survive, as the technological ones, and the ones that rely on local and few other markets.

This difference is, nowadays, more evident on the IT (SW, HW, Services) sector, a highly technological and advanced area that has 2 important needs:

1) highly qualified and skilled personnel

2) a global market to act on

Setting aside the ethical and moral considerations (which are, don’t get me wrong, imperative to anyone), from a business point of view there is no doubt that some markets (as the technological one) need globalization more than other to prosper and survive.

The IT market, although, cover a critical position here, since it is the engine of the 4th industrial revolution and it is facing, as of now, a growing resistance from the older economical model players; comments and reactions I have seen on various platforms are mostly expression of this growing sentiment.

The IT market needs, market historically leaded by USA companies, has been able to growth thanks mainly to innovation, openness and intercultural exchange.

People working in this sector belongs to different ethnic groups, countries and religions bringing, due to this diversity, high value thanks to their experience and approach. In order to create something new (which is what all the Information technology industry is about) a different approach to things is needed. It is not a case that the IT industry in USA has historically found in the open approach (in terms of market and human resources) a tremendous advantage which brought USA to lead the IT market.

IT CEOs are understandably concerned that the environment that made them prosper now can change dramatically. USA administration announced economic protectionism and other rumored or in place actions (last but not least the improperly so called “muslim” ban) could, as a matter of facts, harms those company’s ability to growth and prosper.

In this view it is totally understandable the concerns of important CEOs towards the present and future actions of USA government and the need to address those concerns openly in public.

If, as rumor says, one of the next moves will be to target H-1B visas (working visas) this will heavily affect those companies that will be forced to rethink their approach to the technological market may be forcing them, as an example, to move R&D facilities to more friendly shores.

The truth behind this is that the need for qualified people in the IT sector is still growing to a rate that there is no single nation, nor even USA, that can provide the resources needed to back up this development; therefore the need for qualified and skilled people coming from virtually anywhere is imperative for this sector.

Like it or not some political issues does affect the economic of some sectors, therefore is absolutely understandable that the technology market reacts toward an approach that can undermine its chance to grow, expand, and ultimately bring value to a country in terms of economic wealth and image.

It is worth to notice also that the IT sector is changing, the technologies are shifting from products to services that need a worldwide market to be remunerative. From Cloud to IoT, passing through security and Big data all the recent technology trends calls for the most open and widest possible market.

But there is another factor to take into account; the consolidated IT technologies that need a limited innovation approach are now offered also by emerging competitors in countries outside USA as china and others.

Even if not ready to provide, in most cases, a disruptive technologies advance those companies are able to produce, in the consolidated technology market, a stable product implementation and constant improvement in a price\competitive fashion. Quality issues in consolidated technology fields are a minor concerns since products tend to be aligned.

If we add the geopolitical issues that lead, as an example, some countries to start looking for alternatives to USA products (China, Russia, Pakistan, India are an example, but understandable the middle east area in the future) the picture is more clear.

This is not politic, but economy.

One further economical consideration, the inevitable shift to a so called “data economy” (the real meaning of the 4th industrial revolution) is something that should be driven. Closing the economy to the old models although make you feel in your “comfort zone” will just retard the inevitable, creating more later costs to adapt.

But there are also ethical and moral consideration to be taken into account, and most of those CEO for once demonstrate that business and ethics can match, probably due not only to their business but also their heritage.

Kudos to Satya Nadella , Brad Smith, Sundar Pichai, Tim Cook, Mark Zuckerberg and the others that put business and ethics as a matter and speak out.

Antonio

Top Silicon Valley investor calls on tech CEOs to speak out against Trump’s immigration order (businessinsider.com)
Silicon Valley denounces Trump immigration ban (rappler.com)
Technology companies blast Donald Trump’s travel ban as Airbnb offers to house refugees denied entry to the US (telegraph.co.uk)
Google CEO Sundar Pichai fears impact of Trump immigration order, recalls staff (techcrunch.com)
Google Recalls its Staff After Trump’s Immigration Ban (wccftech.com)
Google’s largest ever crisis fund raising $4 million for immigration-related organizations (9to5google.com)
What CEOs are saying about the Muslim ban, and what they actually mean (mashable.com)
Google, Apple and other top US firms are rushing to counter Donald Trump’s immigration curbs (scroll.in)

venerdì 12 febbraio 2016

The IoT Files - intro and security

The IoT Files – intro and security

I will start a series of posts on the IoT (Internet o Things) since it seems me that most of the talking about IoT are missing some key aspects.

I will start with a general introduction, taken from a webinar I delivered recently.

There is a lot of rumors around IoT lately. It seems the new holy grail of the technology industry, the panacea that will solve every business pain and will drive us to the next point.

All those talking are interesting, but somehow a little bit apologetic, since there is a lot of things still to be evaluated in an IoT world, and some could give us some headache and concerns.

so let us start trying to understand what we are talking about when we talk about IoT.

IoT,internet of things is the extension of the consumerization of connected device, that will cover much more than we are used nowadays. the key target of the IoT is the User and its world.

This does not means that IoT is not about scada systems or industrial contol systems, or e-government or smart cities. is all about this and more, but the focus point will be the user, the new hyperconnectd guy: mr Guy Smart.

But aren’t we already hyperconnectd with our always present smartphones, tablets and now smartwatch?

What is the difference between us now and mr Smart?

The difference rely on the level of devicesystems connected that are related to the new user. Way more than the simple phone and watch; we can think of wearable devices, medical devices, glasses for augmented reality, smart shoes that tell us how we walk or belt that monitor pour waste and diet.

But My Smart is not only using those stuffs he wear, he is also living in a hyper connected world. driving a smart car (autonomous and more…) on smart roads, with intelligent traffic lights, in a smart city where he find its smart home.

All connected, all sharing information, all dynamically changing status upon the user request and the context.

A way to live quite different from our actually way of life, since everything can modify the behavior related to the heat of the moment.

All this look wonderful, a personalized environment that follow our needs and provide us a completely new experience. A new industrial revolution able to shape our needs and think and way of life.

But is this real? how far are we from this?

To understand what all this means we should start from the definition of Internet of Things. A good definition is the following:

The Internet of Things ( IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems.

According to most of the analyst this is the main trend we should expect in the next years.

All analysts forecast billions of devices connected, a great hope for a growing business….

But is this coming without a price?
Is this so easy to achieve?
What are the consequences?

IoT is a great opportunity, but is also something should make us think about the consequence. as every thing there is always a price to pay, and we should understand what is this price.

I will try to give a short description of 5 aspects related to IoT we should take care of:

Security
Privacy
Infrastructures
Business Models
Culture

IoT and Security

I know that security is on everyone mouth recently, the rising of cyber crime and the warfare has put security under everyone attention.

But yet we are far away from a real understanding of what security really is, and what means make security. We usually focus on particular aspect of the security domain, or on specific technologies, forgetting that make security is a complex affair that cope with behavioral science as well as technology. Is more a process than a product or service.

What should be put us on alert is that in a IoT world the dependency of our lifestyle and life from the devices will be so tight that security will assume a completely new meaning for the normal user. We are not talking about an annoying virus on our laptop, but something that can literally kills us as in the case for medical device or smart drive systems.

IoT bring a lot of security concerns, some quite easy to understand, other alas too often neglected. Let us try to name a few:

Hacking

This is something everyone knows, every years the knowledge about hacking rise up as well as hackers ability. Is a never ending run. But can we try to imagine what would happen in a world where the number of hackable devices is in the range of billions?

This is something we should take into serious consideration, no OS is secure (sorry Linux, Unix and Mac guys) and we are talking of billions of objects that exchange data, transmit data, manipulate data, collect data through sensors. the attacking surface will become incredibly wider, and the result unpredictable.

The classical reactive approach of OS designer have to be radically modified, since this can be the door for a hell. A new security design approach is needed. And don’t think for a moment that IoT device will have few lines of code and therefore easy to be secured. Even the smallest simplest device will have its sensor and will have to communicate data and receive orders (otherwise wold not be SMART). so there is nothing like a simple OS here. beside the smaller the OS the herder can be to secure and patch it. in bigger environment it is a common operation to wrap the vulnerability into something that solve somehow the problem, will this be possible in the smaller IoT OS?

Cyber Criminals

And if the hacking surface will grow, we can expect also criminal activities to grow and find new way to monetize the risks.

For the ones who works in the Cyber Security arena, it is well known that Cyber criminality move more money than drug and weapon illegal market. this can only grow, making cyber crime more important than ever. And when something is so important, corruption and collaboration between the underworld and the official ones is to be expected.

So IoT brings with him a great concerns from this point of view.

Cyber Warfare

But if it is not a criminal organization, can be a government. Do we really think that this will be an area where government will not play the part? Do we realize that IoT will be tied to our life, and our productive environment. So targeting the IoT could harm a country more than a conventional war, blocking its productive system.

Science Fiction? Try to remember stuxnet and may be we can agree that this is a plausible scenario: a country that attack the IoT infrastructure in order to harm another country.

And if it is not a state, a government can be a terrorist organization, activism …..

Geopolitical Issues

And if it is not on purpose, may be the system can be harmed by geopolitical issues. In an Hyperconnected world damage can be done even targeting something else.

Censorship

Let’s take censorship as an example. we can not realize that censorship can harm the functionality of a device, at the end we are not talking about nor twitter nor facebook, but…

Take your android phone and go to China, as an example, and you will see directly the effect of censorship on IoT. Your wonderful android functions and services will not work since Google has be banned for censorship reasons from china. (Sure you can use VPN, but please, try to see the picture here).

Errors and Incidents

And even if it is not on purpose, accident and errors can anyway harm the system. probably in ways at the moment we still don’t see, due the complex nature of the various interrelationships between the objects.

Compatibility

And if will be not error or incidents the harm can be done by compatibility issues. At the end you will like to change object or location from time to time. some IoT objects will travel with you, compatibility will become a great issue.

What if you change medical device provider and the new does not support vital data taken from the old one? or if you go in place that does not allow the same level of communication? (may be because encryption is not allowed there).

What More?

Many other scenarios can be recalled related to IoT and security, this is not an exhaustive list, but it is good to make the point. Security is a serious issue in an IoT world.

The classical approach that consider security an “Add ON” of IT and a business weight to avoid have to change dramatically. Security Must become part of normal thinking because the risk is higher than ever.

When consider IoT and security ask yourself:

Would you drive or feel safe in a easy to hack car, in a easy to hack road.
Would you like to depend on easy to hack medical device?
Would you like to count on a hackable safe city system?
….

We have to realize that Security is important in all realms.

It is not just a product add on §(the antivirus….) but we will have to deal with new things like:

Operating System security

Vendor Security Approach
Service Provider Security System
Supply Chain Security

Authentication

Communication security:

Reliable
Protected
…

Compatibility

Open Sources vs legacy code

Vulnerability and Vulnerability Disclosure policy

Hacking accidents communication

Training and awareness

Reliability

alas we are still far form the arrival.

Next post I will talk about Privacy in the IoT