Former CIA Director, George J. Tenet recently called for measures to safeguard the United States against internet-enabled attacks. "I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability, but ultimately the Wild West must give way to governance and control." Mr. Tenet seems about as confused about the internet as the ITU... more
How can the open standards organizations of the IETF and W3C "strengthen the Internet" against large-scale pervasive monitoring? That is the topic up for discussion at the "Strengthening the Internet Against Pervasive Monitoring (STRINT)" workshop planned for February 28 and March 1, 2014, and jointly sponsored by the Internet Architecture Board (IAB) and the W3C. The workshop is by invitation-only and has a deadline of Monday, January 20, 2014 (by 11:59 UTC) for submission of either position papers or Internet drafts. more
Neil Schwartzman writes to report that U.S. Cert issued Alert TA13-088A on Friday March 29, 2013. "It is a solid how-to guide to test for, and remediate DNS configurations that can be used for Distributed Denial of Service attacks." more
"Massive Email Bombs Target .Gov Addresses," Brian Krebs writes in Krebs on Security: "Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists." more
Chinese hackers have breached U.S. Navy contractors to steal a wide range of data from ship-maintenance data to missile plans through what is reported as the most debilitating cyber campaigns linked to Beijing. more
Jonathan Zittrain's recent book, The Future of the Internet -- And How to Stop It, has spurred a lot of discussion both online and offline, with blog posts lauding his insights or criticising his over-apocalyptic imagination. The book itself makes fascinating reading for those who have watched the network grow from its roots in the research community into today's global channel for communications, commerce and cultural expression... One of the reasons that Zittrain puts forward for the growing popularity of closed or, as he prefers 'tethered', devices, is that they are less vulnerable to hacking, security flaws, malware and all the other perils that face any internet-enabled system. more
Someone needs to take a good hard look at those Internet surveillance stories being strategically placed on the front page of the New York Times. There's a trail here, I believe, that's worth following. Here are some data points... there appears to be a deep interest in the ability to declare war online, as evidenced by cybersecurity research and public speeches by Herbert Lin, a key player who has worked on several cybersecurity reports for the National Research Council.
more
The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details. more
Those who have been involved in the ICANN process as long as I have naturally become accustomed to ICANN controversies at all levels. But the latest is a "wrong" of international ramifications. The four (4) versions of the Guidebook for the new generic Top-Level Domains (gTLDs) have been hundreds of pages long with a lot of The Good, The Bad, and to some, The Ugly. However, something new has appeared in the 4th and latest version called DAG4 can be called: "The Disturbing". more
It's been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events suggests all the ESPs whose clients were compromised were themselves compromised first. (That's how the crooks knew who to attack.) more
Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more
The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more
Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization. more
A new malware designed to manipulate industrial safety systems was deployed against a critical infrastructure organization that provides emergency shutdown capability for industrial processes, according to a report released today. more
A World-Renowned Source for Internet Developments. Serving Since 2002.