Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
With the recent attacks against high-profile New Zealand domain names including Coca-Cola.co.nz and F-Secure.co.nz, fingers are naturally pointing to Domainz, the registrar of record for these domains, as the party responsible for this lapse in security. While domain name registrars certainly need to ensure the security and stability of their systems, domain name registries must also step up and take responsibility for mitigating risks posed by hackers... more
Experts and companies in the information security industry today announced the formation of the Secure Domain Foundation (SDF), a new, non-profit, community-driven organization devoted to the identification and prevention of Internet cyber crime utilizing the domain name system (DNS). more
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
In my recent write-up I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Then, a bit on the state of the Internet, cooperation across different fields and how these latest threats with DDoS also relate to worms and bots, as well as spam, phishing and the immense ROI organized crime sees. I try and bring some suggestions on what can be done better, and where we as a community, as well as specifically where us, the "secret hand-shake clubs" of Internet security fail and succeed. Over-secrecy, lack of cooperation, lack of public information, and not being secret enough about what really matters. more
Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more
Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more
At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more
They say (whoever "they" are) that good things come in threes, and that certainly seems true for law enforcement against spammers this week. In New York, Adam Vitale was sentenced to 30 months in prison and ordered to pay $183,000 in restitution for a week of spamming AOL back in 2005... In Illinois, an FTC settlement requires Spear Systems and company executives Bruce Parker and Lisa Kimsey to give up $29,000, stop making "false or unsubstantiated claims about health benefits" of their products, and bars them from violating CAN-SPAM ever again... And finally, in Seattle, the Robert Soloway case continues... more
The GNSO Council and the ICANN Board both seem poised to grant sufficient runway to the community to refine an idea for a simple ticketing system designed to centralize requests for registrant information disclosures and provide meaningful data that is likely to help ICANN staff enhance its assessment of the SSAD proposal. This is very good news for those who advocate for consumer safety and trust on the Internet, and it is very good news for the ICANN multistakeholder model. more
As some of us are continuing to learn this week the Monster.com service has again been successfully hacked. According to a security bulletin posted on Monster.com on January 23rd, 2009, the intruder gained access to the user database, while no resumes were apparently compromised... As a user of Monster.com what I find incredibly upsetting about this situation is that I had to find out about this through a security blog. more
The ICC's new cyber policy reframes Internet infrastructure as crucial to prosecuting atrocities, prompting DNS operators and network providers to grapple with emerging obligations around evidence, neutrality, and cooperation in international justice. more
Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company's website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). Domains used as a company's online world are part of an organization's external attack surface and need to be continuously monitored for cybercrime attacks and fraud. more
As readers of CircleID have seen, there has been a lot of activity (for example, Michael Geist's "Canadian Marketing Association Attacks Anti-Spam Bill"), as the final votes of C-27 grow nearer. The history towards getting a spam law passed in Canada has been a long one. For years, CAUCE encouraged legislators to undertake this important work... Fast forward a few years, and a few governments, and suddenly we have a law tabled in the House of Commons... more
In a tweet, EU commissioner for the Information Society Neelie Kroes congratulates OPTA on the spam fine for the golf ball printing company Backsound. Since 2004 the Dutch OPTA is the number one spam and malware fighter of the EU with a total of €1.9 million in fines. It made me ask two question to myself: How come that we seldom hear of other spam fines in the EU? And can the EU change this in any way? more
A World-Renowned Source for Internet Developments. Serving Since 2002.