Portal:Internet

Portal maintenance status: (February 2020) This portal's subpages have been checked by an editor, and are needed. Please take care when editing, especially if using automated editing software. Learn how to update the maintenance information here.

---

The Internet Portal Internet Archive servers Selected article Search engine optimization (SEO) is the process of improving the volume and quality of traffic to a web site from search engines via "natural" search results. Usually, the earlier a site is presented in the search results, or the higher it "ranks," the more searchers will visit that site. SEO can also target different kinds of search, including image search, local search, and industry-specific vertical search engines. As a marketing strategy for increasing a site's relevancy, SEO considers how search algorithms work and what people search for. SEO efforts may involve a site's coding, presentation, and structure, as well as fixing problems that could prevent search engine indexing programs from fully spidering a site. Other, more noticeable efforts may include adding unique content to a site, and making sure that the content is easily indexed by search engines and also appeals to human visitors. The acronym "SEO" can also refer to "search engine optimizers," a term adopted by an industry of consultants who carry out optimization projects on behalf of clients, and by employees who perform SEO services in-house. Selected picture Lolcat or Cat Macro with white cat on laptop computer Lolcats are images combining photographs of animals, most frequently cats, with a subjectively humorous and idiosyncratic caption in broken English referred to as Kitty Pidgin, Kitteh, or lolspeak. The meme originated in the rule 1 and 2 imageboards as the Caturday internet phenomenon. The name "lolcat" is a compound word of "lol" and "cat". The phenomenon is also referred to as cat macros. Lolcats are created for photo sharing imageboards and other internet forums. News Wikinews Internet portal Further information: Timeline of computing 2020-present § 2024 July 5: Ransomware attack hits over 200 US companies, forces Swedish grocery chain to close July 31: "Avast ye scurvy file sharers!": Interview with Swedish Pirate Party leader Rickard Falkvinge October 6: European Court of Justice says Facebook must remove 'illegal' posts globally September 22: Millions don't turn up to 'storm' US airbase for extraterrestrial evidence April 8: 540 million private Facebook records found on public Internet December 23: UK police locate missing Chinese teen Mei Chen, silent on details October 29: Technology giant Microsoft completes acquisition of GitHub More at Wikinews WikiProjects Main project: WikiProject Internet Related WikiProjects: Blogging • Websites • Early Web History • Internet culture Did you know (auto-generated) - ... that Joanna Cherry showed a printed copy of an Internet meme featuring Lily Hoshikawa during a UK parliamentary committee meeting? ... that the Backrooms is associated with an Internet aesthetic which includes images of eerie and uninhabited spaces? ... that a pro-EU explanation of how Baileys is made, given by British MP Mike Gapes, was described as being "infinitely memeable" and giving him a "bizarre online infamy"? ... that Syndicate was the first to reach 1 million followers on Twitch, beating League of Legends developer Riot Games to the record? ... that since 2018, IKEA's stuffed toy shark Blåhaj has become a popular Internet meme and an icon of the online transgender community? ... that Internet activist Sally Burch was refused entry into Argentina because her presence was considered to be disruptive? Selected biography William Ford Gibson, born March 17, 1948, in Conway, South Carolina is an American-Canadian writer who has been called the "noir prophet" of the cyberpunk subgenre of science fiction. Gibson coined the term cyberspace in 1982, and popularized the concept in his debut novel, Neuromancer (1984). In depicting a visualised worldwide communications network before the ubiquity of the Internet, Gibson is credited with anticipating important aspects, and establishing the conceptual foundations, of the Internet and the Web in particular. Although much of Gibson's reputation has remained rooted in Neuromancer, his work has continued to evolve conceptually and stylistically. After expanding on Neuromancer with two more novels to complete the dystopic Sprawl trilogy, Gibson became central to an entirely new science fiction subgenre—steampunk—with the publication in 1990 of the alternate history novel The Difference Engine, written in collaboration with Bruce Sterling. In the 1990s he composed the Bridge trilogy of novels, which focused on sociological observations of near future urban environments and late stage capitalism. His most recent novels—Pattern Recognition (2003), and Spook Country (2007)—are both set in a contemporary universe and have put Gibson's work onto mainstream bestseller lists for the first time. General images - The following are images from various internet-related articles on Wikipedia. The digital divide measured in terms of bandwidth is not closing, but fluctuating up and down. Gini coefficients for telecommunication capacity (in kbit/s) among individuals worldwide (from Internet access) Mobile broadband Internet subscriptions in 2012 as a percentage of a country's population Source: International Telecommunication Union. (from Internet access) Robert Cailliau, Jean-François Abramatic, and Tim Berners-Lee at the tenth anniversary of the World Wide Web Consortium (from History of the World Wide Web) The corridor where the World Wide Web was born, on the ground floor of building No. 1 at CERN (from History of the World Wide Web) First Internet demonstration, linking the ARPANET, PRNET, and SATNET on November 22, 1977 (from History of the Internet) Postage stamp of Azerbaijan (2004): 35 Years of the Internet, 1969–2004 (from History of the Internet) BBN Technologies TCP/IP Internet map of early 1986 (from History of the Internet) Internet Connectivity Access layer (from Internet access) Number of Internet hosts worldwide: 1969–2019 Source: Internet Systems Consortium. (from History of the Internet) Mobile broadband Internet subscriptions in 2012 as a percentage of a country's population Source: International Telecommunication Union. (from History of the Internet) 1997 advertisement in State Magazine by the US State Department Library for sessions introducing the then-unfamiliar Web (from History of the World Wide Web) Internet users in 2015 as a percentage of a country's population Source: International Telecommunication Union. (from History of the Internet) Fixed broadband Internet subscriptions in 2012 as a percentage of a country's population Source: International Telecommunication Union. (from History of the Internet) Internet users in 2015 as a percentage of a country's population Source: International Telecommunication Union. (from Internet access) The NeXT Computer used by Tim Berners-Lee at CERN became the first Web server. (from History of the World Wide Web) Where the WEB was born (from History of the World Wide Web) Map of the TCP/IP test network in February 1982 (from History of the Internet) Wi-Fi range diagram (from Internet access) Fixed broadband Internet subscriptions in 2012 as a percentage of a country's population Source: International Telecommunication Union. (from Internet access) Satellite Internet access via VSAT in Ghana (from Internet access) T3 NSFNET Backbone, c. 1992 (from History of the Internet) Stamped envelope of Russian Post issued in 1993 with stamp and graphics dedicated to first Russian underwater digital optic cable laid in 1993 by Rostelecom from Kingisepp to Copenhagen (from History of the Internet) Wi-Fi logo (from Internet access) Broadband affordability in 2011 This map presents an overview of broadband affordability, as the relationship between average yearly income per capita and the cost of a broadband subscription (data referring to 2011). Source: Information Geographies at the Oxford Internet Institute. (from Internet access) Selected quote More Did you know... ...that Internet entrepreneur Pete Ashdown (pictured) ran against incumbent Orrin Hatch in the 2006 U.S. Senate race in Utah? ...that the Working Group on Internet Governance is a United Nations body set up to investigate the future governance of the Internet and the role of ICANN? ...that the Indian Railways Fan Club is the Internet's largest website devoted to the Indian Railways and rail transport in the Indian subcontinent? Main topics HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks[1] and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion.[2] Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site. The protection only applies after a user has visited the site at least once, relying on the principle of "trust on first use". The way this protection works is that when a user entering or selecting an HTTP (not HTTPS) URL to the site, the client, such as a Web browser, will automatically upgrade to HTTPS without making an HTTP request, thereby preventing any HTTP man-in-the-middle attack from occurring. Specification history The HSTS specification was published as RFC 6797 on 19 November 2012 after being approved on 2 October 2012 by the IESG for publication as a Proposed Standard RFC.[3] The authors originally submitted it as an Internet Draft on 17 June 2010. With the conversion to an Internet Draft, the specification name was altered from "Strict Transport Security" (STS) to "HTTP Strict Transport Security", because the specification applies only to HTTP.[4] The HTTP response header field defined in the HSTS specification however remains named "Strict-Transport-Security". The last so-called "community version" of the then-named "STS" specification was published on 18 December 2009, with revisions based on community feedback.[5] The original draft specification by Jeff Hodges from PayPal, Collin Jackson, and Adam Barth was published on 18 September 2009.[6] The HSTS specification is based on original work by Jackson and Barth as described in their paper "ForceHTTPS: Protecting High-Security Web Sites from Network Attacks".[7] Additionally, HSTS is the realization of one facet of an overall vision for improving web security, put forward by Jeff Hodges and Andy Steingruebl in their 2010 paper The Need for Coherent Web Security Policy Framework(s).[8] HSTS mechanism overview A server implements an HSTS policy by supplying a header over an HTTPS connection (HSTS headers over HTTP are ignored).[1] For example, a server could send a header such that future requests to the domain for the next year (max-age is specified in seconds; 31,536,000 is equal to one non-leap year) use only HTTPS: Strict-Transport-Security: max-age=31536000. When a web application issues HSTS Policy to user agents, conformant user agents behave as follows (RFC 6797):[9] Automatically turn any insecure links referencing the web application into secure links (e.g. http://example.com/some/page/ will be modified to https://example.com/some/page/ before accessing the server). If the security of the connection cannot be ensured (e.g. the server's TLS certificate is not trusted), the user agent must terminate the connection (RFC 6797 section 8.4, Errors in Secure Transport Establishment) and should not allow the user to access the web application (section 12.1, No User Recourse). The HSTS Policy helps protect web application users against some passive (eavesdropping) and active network attacks.[10] A man-in-the-middle attacker has a greatly reduced ability to intercept requests and responses between a user and a web application server while the user's browser has HSTS Policy in effect for that web application. Applicability The most important security vulnerability that HSTS can fix is SSL-stripping man-in-the-middle attacks, first publicly introduced by Moxie Marlinspike in his 2009 BlackHat Federal talk "New Tricks For Defeating SSL In Practice".[11][12] The SSL (and TLS) stripping attack works by transparently converting a secure HTTPS connection into a plain HTTP connection. The user can see that the connection is insecure, but crucially there is no way of knowing whether the connection should be secure. At the time of Marlinspike's talk, many websites did not use TLS/SSL, therefore there was no way of knowing (without prior knowledge) whether the use of plain HTTP was due to an attack, or simply because the website had not implemented TLS/SSL. Additionally, no warnings are presented to the user during the downgrade process, making the attack fairly subtle to all but the most vigilant. Marlinspike's sslstrip tool fully automates the attack. HSTS addresses this problem[10] by informing the browser that connections to the site should always use TLS/SSL. The HSTS header can be stripped by the attacker if this is the user's first visit. Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge attempt to limit this problem by including a "pre-loaded" list of HSTS sites.[13][14][15] Unfortunately this solution cannot scale to include all websites on the internet. See limitations, below. HSTS can also help to prevent having one's cookie-based website login credentials stolen by widely available tools such as Firesheep.[16] Because HSTS is time limited, it is sensitive to attacks involving shifting the victim's computer time e.g. using false NTP packets.[17] Limitations The initial request remains unprotected from active attacks if it uses an insecure protocol such as plain HTTP or if the URI for the initial request was obtained over an insecure channel.[18] The same applies to the first request after the activity period specified in the advertised HSTS Policy max-age (sites should set a period of several days or months depending on user activity and behavior). Google Chrome, Mozilla Firefox, and Internet Explorer/Microsoft Edge address this limitation by implementing a "HSTS preloaded list", which is a list that contains known sites supporting HSTS.[19][13][14][15] This list is distributed with the browser so that it uses HTTPS for the initial request to the listed sites as well. As previously mentioned, these pre-loaded lists cannot scale to cover the entire Web. A potential solution might be achieved by using DNS records to declare HSTS Policy, and accessing them securely via DNSSEC, optionally with certificate fingerprints to ensure validity (which requires running a validating resolver to avoid last mile issues).[20] Junade Ali has noted that HSTS is ineffective against the use of phony domains; by using DNS-based attacks, it is possible for a man-in-the-middle interceptor to serve traffic from an artificial domain which is not on the HSTS Preload list,[21] this can be made possible by DNS Spoofing Attacks,[22] or simply a domain name that misleadingly resembles the real domain name such as www.example.org instead of www.example.com. Even with an HSTS preloaded list, HSTS cannot prevent advanced attacks against TLS itself, such as the BEAST or CRIME attacks introduced by Juliano Rizzo and Thai Duong. Attacks against TLS itself are orthogonal to HSTS policy enforcement. Neither can it protect against attacks on the server - if someone compromises it, it will happily serve any content over TLS. See RFC 6797 for a discussion of overall HSTS security considerations. Privacy issues HSTS can be used to near-indelibly tag visiting browsers with recoverable identifying data (supercookies) which can persist in and out of browser "incognito" privacy modes. By creating a web page that makes multiple HTTP requests to selected domains, for example, if twenty browser requests to twenty different domains are used, theoretically over one million visitors can be distinguished (220) due to the resulting requests arriving via HTTP vs. HTTPS; the latter being the previously recorded binary "bits" established earlier via HSTS headers.[23] Browser support Settings page for HTTPS Strict Transport Security within Chromium 45, showing the status of the security policy for the domain "en.wikipedia.org". Chromium and Google Chrome since version 4.0.211.0[24][25] Firefox since version 4;[1] with Firefox 17, Mozilla integrates a list of websites supporting HSTS.[14] Opera since version 12[26] Safari since OS X Mavericks (version 10.9, late 2013)[27] Internet Explorer 11 on Windows 8.1 and Windows 7 with KB3058515 installed (Released as a Windows Update in June 2015)[28] Microsoft Edge and Internet Explorer 11 on Windows 10[29][30] BlackBerry 10 Browser and WebView since BlackBerry OS 10.3.3. Deployment best practices Depending on the actual deployment there are certain threats (e.g. cookie injection attacks) that can be avoided by following best practices. HSTS hosts should declare HSTS policy at their top-level domain name. For example, an HSTS host at https://sub.example.com should also answer with the HSTS header at https://example.com. The header should specify the includeSubDomains directive.[31] In addition to HSTS deployment, a host for https://www.example.com should include a request to a resource from https://example.com to make sure that HSTS for the parent domain is set and protects the user from potential cookie injection attacks performed by a MITM that would inject a reference to the parent domain (or even http://nonexistentpeer.example.com), which the attacker then would answer.[32] See also Content Security Policy .dev TLD – a Google-operated TLD included in the HSTS preload-list by default HTTP Public Key Pinning References "Strict-Transport-Security". MDN Web Docs. Mozilla. Archived from the original on 20 March 2020. Retrieved 31 January 2018. Hodges, Jeff; Jackson, Collin; Barth, Adam (November 2012). "HSTS Policy". HTTP Strict Transport Security (HSTS). IETF. sec. 5.2. doi:10.17487/RFC6797. RFC 6797. "[websec] Protocol Action: 'HTTP Strict Transport Security (HSTS)' to Proposed Standard (draft-ietf-websec-strict-transport-sec-14.txt)". 2 Oct 2012. Archived from the original on 29 January 2017. Retrieved 2 Oct 2012. Hodges, Jeff (30 June 2010). "Re: [HASMAT] "STS" moniker (was: IETF BoF @IETF-78 Maastricht: HASMAT...)". Archived from the original on 2 February 2017. Retrieved 22 July 2010. "Strict Transport Security -06". 18 December 2009. Archived from the original on 21 February 2017. Retrieved 23 December 2009. "Strict Transport Security -05". 18 September 2009. Archived from the original on 24 February 2020. Retrieved 19 November 2009. "ForceHTTPS: Protecting High-Security Web Site from Network Attacks". April 2008. Archived from the original on 28 February 2020. Retrieved 19 November 2009. Hodges, Jeff; Steinguebl, Andy (29 October 2010). "The Need for Coherent Web Security Policy Framework(s)". Archived from the original on 14 August 2017. Retrieved 21 November 2012. Hodges, Jeff; Jackson, Collin; Barth, Adam (November 2012). Section 5. HSTS Mechanism Overview. IETF. sec. 5. doi:10.17487/RFC6797. RFC 6797. Hodges, Jeff; Jackson, Collin; Barth, Adam (November 2012). 2.4. Threat Model. IETF. sec. 2.3. doi:10.17487/RFC6797. RFC 6797. Marlinspike, Moxie (2009). New Tricks For Defeating SSL In Practice (PDF). Black Hat Briefings. Washington, DC. Archived (PDF) from the original on 30 December 2014. Retrieved 15 March 2012. Defeating SSL Using Sslstrip on YouTube Langley, Adam (8 July 2010). "Strict Transport Security". The Chromium Projects. Archived from the original on 1 September 2019. Retrieved 22 July 2010. Keeler, David (1 November 2012). "Preloading HSTS". Mozilla Security Blog. Archived from the original on 24 February 2020. Retrieved 6 February 2014. Bell, Mike; Walp, David (16 February 2015). "HTTP Strict Transport Security comes to Internet Explorer". Archived from the original on 15 November 2015. Retrieved 16 February 2015. Hodges, Jeff (31 October 2010). "Firesheep and HSTS (HTTP Strict Transport Security)". Archived from the original on 23 June 2016. Retrieved 8 Mar 2011. Selvi, Jose (2014-10-17). Bypassing HTTP Strict Transport Security (PDF). Black Hat Briefings. Amsterdam. Archived (PDF) from the original on 22 October 2014. Retrieved 2014-10-22. Hodges, Jeff; Jackson, Collin; Barth, Adam (November 2012). Section 14.6. Bootstrap MITM Vulnerability. IETF. sec. 14.6. doi:10.17487/RFC6797. RFC 6797. "Chromium HSTS Preloaded list". cs.chromium.org. Archived from the original on 18 February 2020. Retrieved 2019-07-10. Butcher, Simon (11 September 2011). "HTTP Strict Transport Security". Archived from the original on 26 April 2019. Retrieved 27 March 2012. Ali, Junade (20 October 2017). "Performing & Preventing SSL Stripping: A Plain-English Primer". Cloudflare Blog. Archived from the original on 14 December 2019. Retrieved 7 December 2017. Maksutov, A. A.; Cherepanov, I. A.; Alekseev, M. S. (2017). Detection and prevention of DNS spoofing attacks. 2017 Siberian Symposium on Data Science and Engineering (SSDSE). pp. 84–87. doi:10.1109/SSDSE.2017.8071970. ISBN 978-1-5386-1593-5. S2CID 44866769. "The HSTS super cookie forcing you to choose: "privacy or security?" -". sophos.com. 2 February 2015. Archived from the original on 11 February 2020. Retrieved 1 December 2015. The Chromium Developers (17 November 2010). "Strict Transport Security - The Chromium Projects". Archived from the original on 20 March 2020. Retrieved 17 November 2010. Hodges, Jeff (18 September 2009). "fyi: Strict Transport Security specification". Archived from the original on 29 February 2020. Retrieved 19 November 2009. Opera Software ASA (23 April 2012). "Web specifications support in Opera Presto 2.10". Archived from the original on 20 June 2018. Retrieved 8 May 2012. Langley, Adam [@agl__] (December 20, 2013). "Confirmed. See ~/Library/Cookies/HSTS.plist. Includes Chromium preloads as of some date and processes HSTS headers" (Tweet). Archived from the original on 9 May 2019. Retrieved 20 December 2013 – via Twitter. "HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7". windows.com. Archived from the original on 27 November 2019. Retrieved 12 June 2015. "Internet Explorer Web Platform Status and Roadmap". Archived from the original on 29 June 2015. Retrieved 14 April 2014. "Project Spartan and the Windows 10 January Preview Build - IEBlog". 22 January 2015. Archived from the original on 29 November 2019. Retrieved 23 January 2015. Hodges; et al. "HTTP Strict Transport Security (HSTS) 6.1.2". ietf.org. Archived from the original on 22 July 2019. Retrieved 11 November 2016. Hodges, J.; Jackson, C.; Barth, A. (2012). "RFC 6797 - HTTP Strict Transport Security (HSTS) 11.4 Implications of includeSubDomains". IETF Tools. sec. 11.4. doi:10.17487/RFC6797. RFC 6797. External links RFC 6797 – HTTP Strict Transport Security (HSTS) IETF WebSec Working Group Security Now 262: Strict Transport Security Open Web Application Security Project (OWASP): HSTS description Online browser HSTS and Public Key Pinning test HSTS Preload Submission for Google Chrome, Mozilla Firefox, Safari, IE 11, and Edge Chromium HSTS Preloaded list Strict-Transport-Security on MDN Web Docs Featured content Extended content This is a list of recognized content, updated weekly by JL-Bot (talk · contribs) (typically on Saturdays). There is no need to edit the list yourself. If an article is missing from the list, make sure it is tagged (e.g. {{WikiProject Internet}}) or categorized correctly and wait for the next update. See WP:RECOG for configuration options. Featured articles From the Doctor to My Son Thomas Gurl.com The Million Dollar Homepage Good articles Alt attribute Alt-right pipeline Arena (web browser) Beyond the First Amendment Jeff Bezos Bomis Bulletproof hosting .bv Cow Clicker Cross-site leaks Cyber Rights DNS Certification Authority Authorization DeepStateMap.Live Everything That Happens Will Happen Today Fucking Machines Google Earth Hightail ILoo Internet meme Marketing for Wario Land: Shake It! Microsoft v. MikeRoweSoft Minneapolis wireless internet network .no Mikey Neumann Kaycee Nicole Norid On the Internet, nobody knows you're a dog PHP The Plot to Hack America Protocol Wars R/place Ralph Breaks the Internet SCP Foundation .sj The Social Network Spotify Wrapped Vcash Molly White (writer) The Wiccan Web Wikipedia and the COVID-19 pandemic World Enough and Time (Star Trek: New Voyages) Good topics Norid Featured pictures Internet map 1024 Steve Jobs and Macintosh computer, January 1984, by Bernard Gotfryd - edited Featured portals Portal:Internet Categories Category puzzle Select [►] to view subcategories Internet Internet by continent Internet by country Internet-related lists Internet access Internet architecture Internet broadcasting Internet culture Internet databases Email Internet events Internet governance History of the Internet Internet hosting Hypermedia Internet Geographic information systems Internet law Multimedia Online algorithms Internet-related organizations People related to the internet Internet security Internet Standards Internet terminology Videotelephony Works about the Internet World Wide Web Internet stubs Related portals Things you can do Things you can do Place the {{WikiProject Internet}} project banner on the talk pages of all articles within the scope of the project. Cleanup: Rate the Unassessed Internet articles in the Internet WikiProject. Requested articles: Illinois Bio-Grid, More... Stubs: Domain names, Internet broadcasting, Internet publication, Websites, World Wide Web, Computer networks, More... Associated Wikimedia The following Wikimedia Foundation sister projects provide more on this subject: Commons Free media repository Wikibooks Free textbooks and manuals Wikidata Free knowledge base Wikinews Free-content news Wikiquote Collection of quotations Wikisource Free-content library Wikiversity Free learning tools Wikivoyage Free travel guide Wiktionary Dictionary and thesaurus Wikipedia's portals Discover Wikipedia using portals List of all portals The arts portal Biography portal Current events portal Geography portal History portal Mathematics portal Science portal Society portal Technology portal Random portal WikiProject Portals