The public’s impression of the media is often as much of an expression of their political state of mind as anything. But what jumps out at me in this particular Pew Research poll is the distance between trust and name recognition.
For example, when asked about individual entities such as local and national media, state government and politicians, Americans seem to widely trust local news over everyone else for getting the story straight:
However, in the same polling data, Americans readily identify cable news outlets – CNN and Fox foremost among them – over local television news:
What accounts for this? Why do we trust our local media so much more, but identify it less? Does this mean that Americans view media dimly as a general rule and blame cable news nets for this? Or does it mean that people aren’t paying that much attention to local news, and cable news is getting more (potentially unfair) scrutiny? Or does it simply mean we trust our provincial media more implicitly? Any way you slice it, there seems to be an opening for local media of all stripes to fill the credibility gap that national media provides.
And again, I think its silly to mention “websites” as a separate entity in this polling data. I don’t think most people would regard a newspaper website to be anything other than the newspaper.
The news circulating about the IT industry is about a Man in the Middle attack against Google users in Iran. Mainstream media has not yet touched this issue, probably because its confusing, as indeed Internet security is wont to be.
#Google users in that country who used SSL (HTTPS) connections to access their email and other sensitive data got spoofed by unknown hackers with bogus Certificates that allowed them to view decrypted data as it passed between the victims and Google. No one has yet claimed responsibility.
What is a Man in the Middle attack? Basically, its a hacker insinuating himself into the conversation between you and a trusted server, in this case, Google. By fooling your computer into thinking that they’re Google – and by fooling Google into thinking they’re you – the hacker can observe as messages pass back and forth, sending them along to their intended targets so that neither you nor Google is the wiser. Basically, its the digital equivalent of eavesdropping.
MITM attacks are a very serious type of attack – and one which this blog has warned its readers about in the past. Far more worrisome in this case is the fact that the MITM attacks took place on secure, SSL-encrypted connections. The hacker is in this case privy to otherwise private information such as reading your email, accessing your friends list on Google+ or seeing the documents you marked private on Google Documents.
“But wait,” you say, “doesn’t using SSL connections prevent this type of attack? Isn’t that why you told us to use SSL for our social networking sites?” Well, the simple answer is “yes.” But as you might have expected, there are exceptions to every rule. In particular, as our world becomes more and more networked, the particularly-dangerous exception is that powerful entities like governments or service providers can short-circuit the security that SSL is meant to provide. While no one is claiming responsibility for the Iranian attack, security experts seem to agree that such a scheme is only possible for a government or “rogue” ISP.
How does any of this happen, you may wonder? Here is what I hope will be a readable Cliff’s Notes version of my Security+ Certification training for you on the subject. Its not an exhaustive discussion of the topic by any means, just what a person with a toe in the water of Security can tell you:
Secure Sockets Layers use Certificates
What makes browsing your bank account any safer than browsing Fark.com? If it is possible for someone to intercept traffic between you and any other server, why do banks and other institutions with sensitive information allow you to access it online?
The answer is that Secure Sockets Layers (SSL) create an encrypted “tunnel” of information passing back and forth. Someone absolutely could intercept this information as its passed. But the trouble (for them) is that the information is not readable without access to the “key” used to encrypt the data. Its sort of like the old Scantron sheets you used in high school to take tests: someone grabbing one of these sheets would have all the right answers to the test, but without a key to tell them what those answers are and what test they belong to, its just a card with pencil marks on it.
In the case of communications encrypted with SSL, the interceptor has even less information than that. They just have a scramble of code. But in the seemingly-paranoid world of computer security, there remains a question: how does one go about getting a secure key with which to encrypt data? And how do we know that the entity handing us a key is legitimate? That they’re not a hacker, too?