Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more
The October 21 DDoS attacks against the 13 root-name servers containing the master domain list for the Internet's Domain Name System (DNS), (which reportedly took offline 9 of the 13 servers) remain a clear and daunting reminder of the vulnerabilities associated with online security. Many DNS authorities have named the most recent hit the largest DDoS attack against the root server system. Chris Morrow, network security engineer for UUNET, the service provider for two of the world's 13 root servers, recently told The Washington Post... more
For many people the comments made by Michael Hayden, Former Director of the Central Intelligence Agency, at this week's Black Hat Technical Security Conference in Abu Dhabi may have been unsettling as he commented upon the state of Chinese cyber espionage. I appreciate the candor of his observations and the distinction he made between state-level motivations. In particular, his comment... more
Here is a list of the most viewed news and blog postings that were featured on CircleID in 2007. Best wishes for 2008. more
In the past few months, a flurry of gift card scams leveraging such high-profile brands as Best Buy, Whole Foods and IKEA have emerged on Facebook. These scams often use the brand's logo, website URL, or general "look and feel" on Facebook "fan" pages to give the impression that these offers are legitimate. Some scams are even bold enough to include bogus, non-interactive fan comments to add a greater sense of authenticity to the gift card offer. To date, these scams have been successful at tricking tens of thousands of consumers. In just one day, for example, a fan page titled "IKEA Get a FREE $1000 IKEA Gift Card! (ONLY AVAILABLE 1 DAY)" registered 40,000 fans before being shut down. more
This week ICANN held a public consultation in Washington, D.C., where ICANN's President's Strategy Committee (PSC) solicited remarks from a packed audience of intellectual property (IP) lawyers, domain name registrars and other Internet stakeholders on how the organization can improve institutional confidence. No surprise, ICANN's decision to add new generic top-level domains (gTLDs) to the Internet was on many participants' minds. more
Cybersquatting is so 2000, or so we thought. The Uniform Dispute Resolution Policy (UDRP) at WIPO has been chugging along for several years now, methodically determining if complainants IP rights have been violated and reassigning "ownership" of domain names. Typically, the cases are fairly boring. But some recent developments in the world of 800 lb search gorillas, Google and Baidu, suggests that the regime could be faced with substantial pressure in the near future. more
Today's FBI action against Genesis Market is the latest in a string of coordinated efforts to take down bot shops and other services that enable cybercrime. Earlier this year, the FBI seized Webstresser.org, a DDoS-for-hire service that was thought to be responsible for launching a massive attack against the City of Atlanta in 2018. more
Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
Either because of laxness on the part domain name holders or cunning on the part of thieves, registrars have been duped into transferring domain names to fraudsters' accounts. I discussed the matter last year in Recovering Domain Names Lost to Fraudulent Transfer. These cases are mostly filed in the Eastern District of Virginia, Alexandria Division, for the good reason that the registry for dot com is located in that jurisdiction and they are mostly recovered. more
During the last week, Google says it has been seeing 18 million malware and phishing emails related to COVID-19 daily. This, the company reported today, "is in addition to more than 240 million COVID-related daily spam messages." more
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
Experts and companies in the information security industry today announced the formation of the Secure Domain Foundation (SDF), a new, non-profit, community-driven organization devoted to the identification and prevention of Internet cyber crime utilizing the domain name system (DNS). more
Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more
There is a new threat in town known as "SAD DNS" that allows attackers to redirect traffic, putting companies at risk of phishing, data breach, reputation damage, and revenue loss. What is SAD DNS? No, it isn't the domain name system (DNS) feeling moody, but an acronym for a new-found threat -- "Side-channel AttackeD DNS" discovered by researchers that could revive DNS cache poisoning attacks. more
A World-Renowned Source for Internet Developments. Serving Since 2002.