Cyberattack

Cyberattack / Featured Blogs

The Worm and the Wiretap

According to recent news reports, the administration wants new laws to require that all communications systems contain "back doors" in their cryptosystems, ways for law enforcement and intelligence agencies to be able to read messages even though they're encrypted. By chance, there have also been articles on the Stuxnet computer worm, a very sophisticated piece of malware that many people are attributing to an arm of some government. The latter story shows why cryptographic back doors, known generically as "key escrow", are a bad idea.

Policy Failure Enables Mass Malware: Part II (ICANN and OnlineNIC)

On Wednesday September 29th at 1PM there will be a meeting in the Old Executive Building in Washington D.C. with Registries and domain Registrars to discuss illegal Internet sales of prescription drugs. ICANN was originally invited but declined because citing "inappropriateness" . One "U.S." Registrar who definitely will not be in attendance is OnlineNIC

Policy Failure Enables Mass Malware: Part I (Rx-Partners/VIPMEDS)

This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy.

Russian Cybercrime is Organized / Russian Cybercrime is Not Organized

The more I read, the more I see conflicting views on the state of the criminal cybercrime world. On the one hand, the Russian criminal cybercrime underworld is a scary, organized place... On the other hand, there is the position that that position is an exaggeration of what it is actually like and that it's a bunch of ragtag folks who have some advanced computer skills but they are not formally organized. ... I see this very similarly to how I see cyber warfare...

An Attack on DNS is an Attack on the Internet

On Saturday Aug 7th, DNS provider DNS Made Easy was the target of a very large denial of service attack. As far as can be determined the total traffic volume exceeded 40 Gigabit/second, enough to saturate 1 million dialup Internet lines. Several of DNS Made Easy's upstream providers had saturated backbone links themselves. There are indications that not only DNS Made Easy suffered from this attack, but the Internet as a whole.

Cyberwar vs No Cyberwar

I was browsing CircleID the other day and came across Bruce Schneier's article on cyberwar. Schneier's article, and the crux of his point, is that the term cyber war and the threat of cyber warfare has been greatly exaggerated. The real problem in cyberspace is not the threat of cyber warfare wherein a foreign government, or possibly non-state actor, conducts a cyber attack on another nation.

Clarke and Knake’s “Cyberwar”

I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited.

A Bigger Boat: Application Security Outgrows Capacity for CIOs

There is a classic scene in the movie, "Jaws," when Roy Scheider gets a look at the size of the shark circling his fishing vessel and says, "We're going to need a bigger boat." The same case can be made for CIOs dealing today with application security. Hackers from all over the world are circling business and government like great whites looking for vulnerabilities in Internet-facing applications. The growth of applications is great for doing business but they have become chum in the water for predators.

Tackling Cyber Security: Should We Trust the Libertarians? Part 2

A couple of months ago, I wrote a post posing the question of whether or not more government regulation is required in order to secure the Internet. On the one hand, anonymity is viewed in the west as a forum for freedom of speech. The anonymity of the Internet allows dissidents to speak up against unpopular governments. However, the anonymity afforded by the Internet is not so much by design as it is byproduct of its original designers not seeing how widespread it would eventually become.

Terrorism, New gTLDs, DAG4, and ICANN’s Continued US and Western Centric Bias

Those who have been involved in the ICANN process as long as I have naturally become accustomed to ICANN controversies at all levels. But the latest is a "wrong" of international ramifications. The four (4) versions of the Guidebook for the new generic Top-Level Domains (gTLDs) have been hundreds of pages long with a lot of The Good, The Bad, and to some, The Ugly. However, something new has appeared in the 4th and latest version called DAG4 can be called: "The Disturbing".