There's lots of security advice in the press: keep your systems patched, use a password manager, don't click on links in email, etc. But there's one thing these adages omit: an attacker who is targeting you, rather than whoever falls for the phishing email, won't be stopped by one defensive measure. Rather, they'll go after the weakest part of your defenses. You have to protect everything -- including things you hadn't realized were relevant. more
On May 7, hackers breached parts of the computer systems that run Baltimore's government, taking down essential systems such as voice mail, email, a parking fines database, payment systems used for water bills, property taxes, real estate transactions and vehicle citations. more
ISOTF Critical Internet Infrastructure WG is now open to public participation. The group holds top experts on internet technology, critical infrastructure, and internet governance, from around the globe. Together, we discuss definitions, problems, challenges and solutions in securing and assuring the reliability of the global internet infrastructure, which is critical infrastructure for a growing number of nations, corporations and indeed, individuals -- world wide. more
International organisations should step in to prevent the "tasting," "kiting" and "spying" related to Internet domain names, say representatives from the US telecommunications and trademark industries. These new activities are dramatically altering online commerce and impacting legitimate businesses, and the United States Federal Trade Commission (FTC), World Intellectual Property Organization (WIPO) and the Internet Corporation for Assigned Names and Numbers (ICANN) should take action, they say. The US Anti-Cybersquatting Consumer Protection Act (ACPA) had too many loopholes given the actual trends in the domain name secondary market, said Sarah Deutsch, vice president and associate general counsel for Verizon, and Marilyn Cade, former AT&T lobbyist and now consultant on Internet and technology issues... more
BusinessWeek is running a column called 'Brandjacking' on the Web. In summary, nobody likes deliberate cybersquatting or typosquatting. But if Typo domain-names did not exist, the traffic would continue to flow to Microsoft or Google via the browser's error search where those very large companies would make money in the same manner as the 'evil cybersquatters'... more
Paul Vixie proposes a 'cooling-off period' when domain names are registered in order to help detect and deter malicious activity. "There's no legitimate reason for a new domain name to be registered and go live in less than a minute... more
Another contentious issue at the WCIT in Dubai is 'security'. There has been a dramatic increase in nervousness regarding a whole range of security issues, especially in relation to the internet. They include: SPAM, denial-of-service-attacks, identity theft, cybercrime, cyberwarfare, and privacy issues on social media. From the list above it is clear that some of these issues are related to content, while some can be classified as national security and others as criminal offences. In other words, there is no clear-cut issue on what constitutes security. more
On Wednesday, Project Honey Pot filed an unusual lawsuit against "John Does stealing money from US businesses through unauthorized electronic transfers made possible by computer viruses transmitted in spam." Their attorney is Jon Praed of the Internet Law Group, who is one of the most experienced anti-spam lawyers around, with whom I have worked in the past. more
A recent decision from a federal district court addresses an issue I hadn't seen before: whether searching malware on the suspect's computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn't tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose. more
Between December 2, 2018 and May 4, 2019, 197,524 phishing domains were discovered, 66% of which directly targeted consumers according to the latest State of the Internet report by Akamai. more
Users are tired of hearing about data breaches that put their sensitive information at risk. Reports show that cybercriminals stole 6.41 million records in the first quarter of 2023 alone. From medical data to passwords and even DNA information, hackers have stolen a lot of sensitive information in 2023. more
Microsoft took down a Zeus botnet recently. Within days it was publicly accosted by Fox-IT's director Ronald Prins for obstructing ongoing investigations and having used Fox-IT's data. This was followed by the accusation that Microsoft obstructs criminal proceedings... On top of all this EU Commissioner Cecilia Malmström announced that cooperation between law enforcement and industry will be forged in the European Cyber Crime Centre as of 2013. Coincidences do not exist. Why? more
Back in September of 2020, ICANN CEO Göran Marby wrote a blog post discussing the implementation of "a common strategy for Internet governance (IG) and technical Internet governance (TIG)", raising the question of whether the ICANN org. intended to pursue this distinction moving forward, as debated in a previous article. This was proven to be the case during the 2020 IGF's Open Forum #44: "ICANN Open Forum - Technical Internet Governance", organized by ICANN itself... more
During the last week, Google says it has been seeing 18 million malware and phishing emails related to COVID-19 daily. This, the company reported today, "is in addition to more than 240 million COVID-related daily spam messages." more
A lengthy email to the NANOG mailing list last month concerning suspicious routing activities of a company called Bitcanal initiated a concerted effort to kick a bad actor off the Internet. more
A World-Renowned Source for Internet Developments. Serving Since 2002.