Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Here we go again; another instance of really sophisticated spyware has been reported, a system that is "so complex and sophisticated that it's probably an advanced cyber-weapon unleashed by a wealthy country to wage a protracted espionage campaign on Iran". I won't get into the debate about whether or not it's really more impressive than Stuxnet, whether or not it's groundbreaking, or whether or not Israel launched it; let it suffice to say that there are dissenting views. I'm more interested in the implications. more
When I was in the military, we were constantly drilled about the problem of Essential Elements of Friendly Information, or EEFIs. What are EEFis? If an adversary can cast a wide net of surveillance, they can often find multiple clues about what you are planning to do or who is making which decisions. For instance, if several people married to military members all make plans to be without their spouses for a long period of time, the adversary can be certain that a unit is about to be deployed. more
Most of us, when we go to a website and see the little lock at the top of the browser, don't think twice and trust that we are communicating with the right company or organization. However, this is no longer the case because of a rather radical development that has largely occurred without notice or intervention by almost everyone. The web now has its own rapidly spreading version of CallerID spoofing that is about to get worse. more
A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two-factor authentication is harder than it seems. more
ARIN has just released a statement on the future of addressing policy. Specifically addressing the future of IPv4 addressing. What ARIN does is to emphasize the current policies and say they will be enforced even stronger than today if needed. I.e. there is no announcement of a change in policy. more
As rumours tend to be more accurate than predictions, the last /8's are hanging already on this years Christmas tree and one should hurry to get hold of a small little RIR block to put on next year's tree. I will miss the decade of heated and passionate debates between Tony Hain and Geoff Huston on when the exhaustion would actually happen. Estimates ranged all the way from 2008 to 2020 with Tony predicting early demise of IPv4 addresses while Geoff initially thought exhaustion would come later. As time passed the interval converged and here we are. more
There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more
The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and website security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records... Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms? more
Some members of Congress have gotten extremely upset about peer-to-peer filesharing. Even the New York Times has editorialized about the issue. The problem of files leaking out is a real one, but the bills are misguided. Fundamentally, the real issue is that files are being shared without the user intending that result... more
You won't go far with your cybersecurity when you're relying on the wrong intelligence. This is simply because not all types of threat intelligence are equal. You might have experienced this yourself; investing time and resources into just one only to receive meagre results in the end. Sadly, many organizations fail to realize that depending on just a single source of information is a big mistake. more
Earlier today the U.S. Court of Appeals for the DC Circuit issued its decision in Weinstein vs. Iran, a case in which families of terror victims sought to have ICANN turn over control of Iran's .IR ccTLD to plaintiffs. In a unanimous decision the three judge panel stated, "On ICANN's motion, the district court quashed the writs, finding the data unattachable under District of Columbia (D.C.) law. We affirm the district court but on alternative grounds." more
This essay discusses recent findings on the difficulty of overcoming decision bias, and it argues that this factor, when combined with a diverse and fragmented demand for new gTLDs, makes a focused marketing strategy crucial to the success of the program. In addition, success requires cooperation among registries and resellers when it comes to sales and marketing. Impulse buying aside, a product's sales are driven by the product's utility... more
An assignment in a Media and Democracy course I teach at Penn State invites students to select a telecommunications advocacy web site for analysis. I want my students to decode the message and attempt to identify whether a bias exists and who financially supports the site. The exercise typically fails miserably... Most students cannot infer that a site that advertises books by Ann Coulter trends to the right and one that talks about social justice trends to the left. more
The essay examines some of the new domain name managers' unjustifiable obsession with owning monopoly gTLDs when they should devote more energy and thought to making domain names more value adding. For the last three decades, the discourse regarding competitive advantage has focused on the need to rely on rare/unique resources and capabilities. However, more recently, the focus has shifted to the imperatives of efficient utilization of nonunique resources... more
I co-authored a book in 2005, titled "Extreme Exploits: Advanced Defenses Against Hardcore Hacks." My chapters focused on securing routing protocols such as BGP, and securing systems related to DMZs, firewalls, and network connectivity. As I look back over those chapters, I realize that the basic fundamentals of network security really haven't changed much even though technology has advanced at an incredible pace. "Defense in depth" was a hot catch phrase seven years ago, and it still applies today. more
Sponsored byCSC
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byIPv4.Global
A World-Renowned Source for Internet Developments. Serving Since 2002.