At the Government Roundtable meeting in Amsterdam on 12 September RIPE NCC presented on her results on auditing Local Internet Registries (LIRs) and on the policy process concerning certification of her members. If this showed something to the world it is that cooperation with governments and law enforcement agencies (LEAs) pays off and self-governance can work. How did this come about? more
When it comes to building a robust globe-spanning network of crimeware and making the victims dance to a tune of the cyber-criminals' choosing, you're guaranteed to find domain name abuse at the heart of the operation. DNS provides the critical flexibility and underlying scalability of modern command-and-control (C&C) infrastructure. Cyber-criminals that master DNS (and manage to maintain the stream of new domain registrations that keep it fed) tend to find themselves in command of the largest and most profitable crimeware networks. more
In an age where the world has gone global in many forms and guises, the political attention is more and more focussed on national, populist issues, that arise from fear for the unknown. I can't deny it: the future undoubtedly contains many uncertainties. This usually comes with a general public that's afraid and in fear of things they cannot oversee. Thus it is easily aroused by a populist leader who feeds on this fear and throws flammable material on the already smouldering fire. In a time where leadership is called for, it seems lacking. The Internet governance discussion demands visionary leadership on a cross border level and it needs it soon. more
The majority of network breaches begin and end with the installation of malware upon a vulnerable device. For the rest, once that initial malware beachhead has been achieved, the story is only just beginning. The breach disclosures that make the news are often confusing as they're frequently compiled from third-hand reports, opinions and technical assumptions. More often than not, they include a discussion about the malware - how advanced it was, etc. - and whether any 0-day vulnerabilities were likely used by the mysterious attacker. more
A few days ago I wrote about a piece of my intellectual property, an article I wrote and posted on DaileyMuse.com, being stolen, plagiarized, and posted on another web site under a different authors name. I hadn't been looking for my work elsewhere, I was simply browsing the access logs and visiting other websites that stood out. As a result of finding my work posted elsewhere without my permission, I contacted the owner of the website by email and provided 24 hours to remove the content before I pursued legal action. more
As hacking groups such as Anonymous and LulzSec continue to make headlines, many of us in the Information Security field can only sit back and shake our heads. The large number of successful system breaches, web site defacements, and the publication of confidential data is not at all surprising, and for the most part was only a matter of time. more
In the US administration, we see important people like incoming Secretary of Defense Leon Panetta say at his Senate confirmation hearing that "a strong likelihood that the next Pearl Harbor" could well be a cyberattack that cripples the U.S. power grid and financial and government systems. He also said that cybersecurity will be one of the main focuses of his tenure at the Pentagon. But when you look at what is actually happening in cyber security, there is more position jockeying than there is real progress. more
I've written recently about a general purpose method called DNS Response Policy Zones (DNS RPZ) for publishing and consuming DNS reputation data to enable a market between security companies who can do the research necessary to find out where the Internet's bad stuff is and network operators who don't want their users to be victims of that bad stuff... During an extensive walking tour of the US Capitol last week to discuss a technical whitepaper with members of both parties and both houses of the legislature, I was asked several times why the DNS RPZ technology would not work for implementing something like PROTECT-IP. more
The Associated Press published an article today that the Pentagon revealed that earlier this year, they suffered one of its largest ever loss of sensitive data to a foreign government by a cyberattack. ... It's hard to say what's right and what's wrong. On the one hand, the Secretary of Defense says that the cyberwar is very real. On the other hand, the cyberczar Howard Schmidt said that there is no cyberwar and instead government needs to focus its efforts to fight online crime and espionage... more
The best part is ... this isn't one of those 'now that I've got your attention' tricks, like one of those old "free beer" posters; there really is a ton of stuff happening above the 49th parallel this summer. To begin with, as a precursor to Canada's Anti-spam Law coming into effect later this year, the Office of the Privacy Commissioner, the Canadian Radio-television Telecommunications Commission, and Industry Canada have all issued regulations, the latter two in draft form with an RFC. more
A World-Renowned Source for Internet Developments. Serving Since 2002.