Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. more
As few as seven years ago, cyber-threat intelligence was the purview of a small handful of practitioners, limited mostly to only the best-resourced organizations - primarily financial institutions that faced large financial losses due to cyber crime - and defense and intelligence agencies involved in computer network operations. Fast forward to today, and just about every business, large and small, is dependent on the Internet in some way for day-to-day operations, making cyber intelligence a critical component of a successful business plan. more
There has been a recent spate of well publicised Distributed Denial of Service (DDoS) attacks that bring websites down and render them useless, including Evernote and most recently Feedly. In light of this, here are some comments and tips to help companies evaluate and prepare not to be held for ransom or suffer lost reputation and sales as a result. more
Popular RSS reader Feedly has been hit by major distributed denial of service (DDoS) attacks beginning 2:04am PST on Wednesday causing the service to be completely down for several hours two days in a row. (Second attack still undergoing as of the time of this post.) more
Over the last few years, there has been an increased effort to modernize the U.S. electric grid. Building a "Smart Grid" has been central in the effort to help utilities better manage their resources, minimize power outages and reduce energy consumption. However, adding more electronic devices and sensors to the grid's network has made it a prime target of cyberattacks, like Distributed Denial of Service (DDoS) attacks, which if successful, could cause wide-spread disruption of services affecting many other sectors. more
Given that I've written here about the original call for papers for the W3C/IAB "Strengthening The Internet Against Pervasive Monitoring (STRINT)" Workshop and then subsequently that the STRINT submitted papers were publicly available, I feel compelled to close the loop and note that a report about the STRINT workshop has been publicly published as an Internet-draft. more
Since the end of last year, amplification attacks have been increasingly used by attackers and received heavy media coverage. Everyday protocols not given much thought before, like Network Time Protocol (NTP), can be asked in a very short remote command to send a very large response (list of 600 clients last connected to the NTP server) to a spoofed IP address (the target) by the requestor/attacker. more
Delegation from the European Standardization Organizations (ESOs) - CEN, CENELEC and ETSI - met with Neelie Kroes, the Vice-President of the European Commission responsible for the Digital Agenda, in Brussels yesterday (2 April 2014) discussing how to maximize the positive contribution that standards can make to enhancing internet security and protecting personal data, in order to support the successful implementation of the EU Cybersecurity Strategy. more
There have been quite a few news stories released over the last 24 hours regarding a wide-scale compromise of 300,00 Internet gateway devices. Here's the executive summary of what happened, how to check if you are vulnerable, and what you can do to fix it... If you use any of these devices, you should check it to ensure your device has not been compromised. more
A widespread compromise of consumer-grade small office/home office (SOHO) routers has been discovered by threat intelligence group Team Cymru. According to the report, "attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack." more
There are quite a lot of NTP-amplified denial of service attacks going around at the moment targeting tech and ecommerce companies, including some in the email space. What does NTP-amplifed mean? NTP is "Network Time Protocol" - it allows computers to set their clocks based on an accurate source, and keep them accurate. It's very widely used - OS X and Windows desktops typically use it by default, and most servers should have it running. more
BGP. Border Gateway Protocol. The de-facto standard routing protocol of the Internet. The nervous system of the Internet. I don't think I can overstate the importance, the criticality of BGP to the operation of the modern Internet. BGP is the glue that holds the Internet together at its core. And like so many integral pieces of the Internet, it, too, is designed and built on the principle of trust... The folks who operate the individual networks that make up the Internet are generally interested in keeping the Internet operating, in keeping the packets flowing. And they do a great job, for the most part. more
Not long after the message that Microsoft will stop updating Windows XP from 8 April onwards, after extending it beyond the regular life cycle for over a year already, came the soothing message that malware will be monitored for another year. That may be good news to some, but the fact remains that this is not the same as patching. Remaining on XP leads to a vulnerable state of the desktop, lap top and any other machine running on XP; vulnerable to potential hacks, cyber crimes, becoming part of a botnet, etc. more
How can the open standards organizations of the IETF and W3C "strengthen the Internet" against large-scale pervasive monitoring? That is the topic up for discussion at the "Strengthening the Internet Against Pervasive Monitoring (STRINT)" workshop planned for February 28 and March 1, 2014, and jointly sponsored by the Internet Architecture Board (IAB) and the W3C. The workshop is by invitation-only and has a deadline of Monday, January 20, 2014 (by 11:59 UTC) for submission of either position papers or Internet drafts. more
Jim Cowie of Renesys reports: Traffic interception has certainly been a hot topic in 2013. The world has been focused on interception carried out the old fashioned way, by getting into the right buildings and listening to the right cables. But there's actually been a significant uptick this year in a completely different kind of attack. more
A World-Renowned Source for Internet Developments. Serving Since 2002.