Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Thousands of websites are reported to have been infected by malware over the weekend forcing visitors' computers to mine cryptocurrency while using the sites. more
The country's first criminal trial about spam ended in Leesburg, Virginia earlier this month with a conviction of Jeremy Jaynes, better known under his nom de spam of Gavin Stubberfield. I was an expert witness for the prosecution, the Commonwealth of Virginia. The case was brought under Virginia's state anti-spam law, not the weaker Federal CAN-SPAM act... more
There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more
Companies sometimes find that opportunistic purchasers of domain names (often referred to as "domainers"), will purchase a domain name quite similar to that of the company, and establish a site at the URL loaded with revenue-generating sponsored ads. To accomplish these purposes, domainers seem to prefer the services of companies like HitFarm and Domain Sponsor. A web user types in the confusingly similar URL and is bombarded with pop-up ads and sponsored links to goods and services, often competitive to the company whose name or trademark is being appropriated in the URL... more
In this newly released paper Randal Vaughn and Gadi Evron discuss the threat of Distributed Denial of Service (DDoS) attacks using recursive DNS name servers open to the world. The study is based on case studies of several attacked ISPs reported to have on a volume of 2.8Gbps. One reported event indicated attacks reaching as high as 10Gbps and used as many as 140,000 exploited name servers. more
At the Internet Governance Forum in Baku, I made an intervention on behalf of NL IGF, reporting on the recommendations given by the participants of Workshop 87... I concluded that more regulatory and law enforcement bodies need to become part of the IGF discussions, as they are an integral part of governing the Internet from a safety and security perspective. Mr. Cerf responded with a one-liner: "I can't help observing, if we keep the regulatories confused, maybe they will leave us alone". more
In his book "The Darkening Web: The War for Cyberspace" (Penguin Books, New York 2017), Alexander Klimburg, an Austrian-American academic, gives "Internet Dreamers" a "Wake Up Call". He tells us the background-story why people start to be "anxious about the future of the Internet", as the recent ISOC Global Internet Report "Paths to Our Digital Future" has recognized. Klimburg refers to Alphabets CEO Erich Schmidt, who once said that "the Internet is the first thing that humanity has built that humanity does not understand". more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
A third lawsuit has been filed late Friday in a federal district court in California against VeriSign, Inc. over its controversial DNS wildcard redirection service known as SiteFinder. It was filed by the longtime Internet litigator Ira Rothken. In addition, while two other lawsuits have been filed by Go Daddy Software, Inc. and Popular Enterprises, LLC. in Arizona and Florida, this is the first lawsuit to seek class-action status. Here is an excerpt from the "Introduction" section of this class-action lawsuit... more
I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more
At the ENISA presentation on her botnet report at eco in Cologne, 9 and 10 March, one of the slots was dedicated to threats to the mobile environment. The message I was supposed to come home with was: we can still count the numbers of mobile viruses manually, <600; the problem will never be the same as on a fixed network as traffic is monitored and metered: We detect it straight away. We are studying the problem seriously. Are mobile operators really prepared for what is coming? more
Investools, Inc. recently filed an in rem domain name proceeding against a Canadian entity that registered the domain names investtools.com and investtool.com. In rem domain name proceedings are provided for under the Anticybersquatting Consumer Protection Act ("ACPA"), 15 U.S.C. 1125(d), and are a handy way for a trademark owner to acquire a domain name from a cybersquatter when the cybersquatter can't be found e.g., is located outside the U.S. ...The ACPA requires that a plaintiff demonstrate four things to establish in rem jurisdiction over a domain name... more
Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers. more
Perhaps Morgan Freeman never learned about the high profile domain name disputes involving celebrity names (e.g., Madonna, Bruce Springsteen and Julia Roberts), because he didn't register morganfreeman.com before it was snatched up by Mighty LLC in April 2003. After learning about Mighty LLC's (no stranger to domain name disputes) cybersquatting, Freeman filed a complaint before a WIPO arbitration panel under the Uniform Domain Name Dispute Resolution Policy... more
In two weeks, final negotiations will begin on the UN's proposed Cybercrime Convention, a document which has elicited widespread concern from civil society, industry groups, and some states due to the serious risks it poses to human rights, including privacy and freedom of expression. Since 2022, GPD and other groups, including EFF, Human Rights Watch and Privacy International, have sought to alert stakeholders within the process to the need for substantial revisions... more
A World-Renowned Source for Internet Developments. Serving Since 2002.