Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more
FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more
An anonymous tip has lead security experts Brian Krebs and Matthew Chambers to four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains. more
Let's be honest about it. Nobody -- including those very clever people that were present at its birth -- had the slightest idea what impact the internet would have in only a few decades after its invention. The internet has now penetrated every single element of our society and of our economy, and if we look at how complex, varied and historically different our societies are, it is no wonder that we are running into serious problems with the current version of our internet. more
Authorities across 18 African nations, aided by the United Kingdom and INTERPOL, have arrested 1,209 suspects and dismantled over 11,000 illicit cyber infrastructures. more
Thanks to Prof. Goldman I see that the Virginia Supreme Court issued its opinion in Jaynes, the state-law criminal spam case that has wound its way through the courts there. It affirms the conviction and rejects the various challenges to Virginia's spam statute... As a side note I should say that it's not often one is actually excited to read an order in a case you're not involved with. This is definitely one of those instances where the excitement is palpable... The news reports billed the case as the first felony conviction for sending spam. more
Dell filed a suit in Florida in early October against a nest of domain tasters in Miami, widely reported in the press last week... The primary defendant is a Miami resident named Juan Vasquez, doing business as several registrars called BelgiumDomains, CapitolDomains, and DomainDoorman, as well as a whole bunch of tiny companies of unknown authenticity... Those registrars have an egregious history of domain churning. I gave a talk on domain tasting at MAAWG in October in which I picked out the registrars who churned the most domains from the May registrar reports, and those three were the worst, each having registered about 500,000 domains, refunded over 10 million... more
According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. more
You all remember cybersquatting, a popular sport in the late 90s, right? McDonalds.com, JenniferLopez.com, Hertz.com and Avon.com thankfully all point to the right web sites today, but thaiairline.com, mcdonald.com, luftansa.com, gugle.com, barnesandnobles.com and other misspellings are fake web sites intended to trap the casual surfer with a hand that's a bit too much quicker than the eye... If you want to go to the McDonalds web site, you don't even spend the 10 seconds to look it up -- you will type McDonalds.com and expect to see the latest dollar meal menu. But the same is true for the other popular form of communication -- email... more
I've written recently about a general purpose method called DNS Response Policy Zones (DNS RPZ) for publishing and consuming DNS reputation data to enable a market between security companies who can do the research necessary to find out where the Internet's bad stuff is and network operators who don't want their users to be victims of that bad stuff... During an extensive walking tour of the US Capitol last week to discuss a technical whitepaper with members of both parties and both houses of the legislature, I was asked several times why the DNS RPZ technology would not work for implementing something like PROTECT-IP. more
The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more
Imagine a California non-profit corporation providing material assistance to a criminal wanting to do you physical and financial harm. Then, imagine that corporation is ICANN. Imagine no longer, because that is precisely what the ICANN Compliance department managed to pull off this week, in an all-too-common demonstration of the havoc they can cause by sheer ineptitude, without apology or concern. This is the situation which crossed my desk this week. more
Yesterday I participated in a panel at the International Consumer Product Safety Conference sponsored by the International Consumer Product Health and Safety Organization (ICPHSO) held at the European Commission in Brussels Belgium. This conference brings together the global community of product safety engineers, manufacturers, retailers, regulators, inspectors, and counterfeiting investigators. The role of online fraud and illicit product traffic is clearly one of the conference priorities. more
Webstresser.org, considered the world’s biggest marketplace to hire DDoS services, has been taken down according to an announcement issued today by the European Union Agency for Law Enforcement (Europol). more
A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. more
A World-Renowned Source for Internet Developments. Serving Since 2002.