There is a classic scene in the movie, "Jaws," when Roy Scheider gets a look at the size of the shark circling his fishing vessel and says, "We're going to need a bigger boat." The same case can be made for CIOs dealing today with application security. Hackers from all over the world are circling business and government like great whites looking for vulnerabilities in Internet-facing applications. The growth of applications is great for doing business but they have become chum in the water for predators. more
"We need to break down silos", is a phrase often heard in national and international meetings around cyber security and enforcing cyber crime. So it is no coincidence that at the upcoming NLIGF (Netherlands Internet Governance Forum), the IGF, but also an EU driven event like ICT 2013 have "Breaking down silos" and "Building bridges" on the agenda. But what does it mean? And how to do so? more
As ICANN introduces new generic top level domains (gTLDs) and separates itself from US oversight, it has the opportunity to distance itself from the taint of cybersquatting, brand abuse, and criminal activity involving domains... To underscore the scope of the issue, consider this research on just 30 top Interbrand-ranked global brands. The most recent MarkMonitor Brandjacking Index found cybersquatting incidents increased over 40% in the last year for the brands that were studied; these leading brands suffered as many as 15,000 incidents per brand... more
In a seemingly never-ending row of news on hacks of websites now the news in which 2.3 million individual cases of privacy sensitive data were accessible through a leak in the websites of most public broadcasting stations in the Netherlands. To make the news more cheerful, the accessible data was, if compiled, sufficient to successfully steal a complete identity. What were thoughts that came to my mind after hearing this news on Friday? more
Cyber crime = crime. How do we make police forces understand this and how to get it prioritized? In this series of blogs I am looking into whether aggregating data can change the way cyber crime is approached and prioritized. At a seminar at the IT Security trade fair in Utrecht detective super intendant Charlie McMurdie, head of the cyber crime unit of the London Metropolitan police, said that cyber crime was recently prioritized by the UK government. She also said the following and I'm allowed to quote this... more
It was fascinating last week to read coverage of congressional hearings around the SOPA bill, or Stop Online Privacy Act. The bill has strong support from the Motion Picture Association of America, the U.S. Chamber of Commerce and big pharmaceutical companies. It's opposed by most technology and telecom companies, plus consumer advocate groups like the Electronic Frontier Foundation and Public Knowledge. more
This morning, Global Payments held a conference call with investors and analysts covering their earlier breach announcement and projected earnings. Global Payments had also released an update advisory yesterday stating that "the company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers have been exported" and that only Track 2 card data may have been stolen. more
Over at Word to the Wise, Laura Atkins has a post up where she talks about the real problem with ESPs and their lack of internal security procedures which resulted in the breach of many thousands of email addresses (especially Epsilon). However, Atkins isn't only criticizing ESP's lack of security but also the industry's response wherein they have suggested countermeasures that are irrelevant to the problem. more
Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more
Reading Peter Olthoorn's book on Google (a link is found here), I ran into a passage on IP addresses. Where Google states that it does not see an IP address as privacy sensitive. An IP address could be used by more than one person, it claims. The Article 29 Working Party, the EU privacy commissioners, states that it is privacy sensitive as a unique identifier of a private person. It got me wondering whether it is this simple. Here is a blog post meant to give some food for thought and debate. I invite you to think about the question 'how private is an IP address'? more
Maybe you saw this story: A Chinese man (whose name is not given) has been sentenced to serve three years in prison for extorting "virtual items and currency" from a "fellow Internet café user." The currency was worth 100,000 yuan or $14,700. The man who's sentenced to three years and the three friends who helped him also "extorted virtual equipment for online games" from their victim. The friends only seem to have been given a fine; the primary extortionist got both a fine and a jail time. The virtual currency was QQ coins... As I'm sure all of us know, there's a thriving market in virtual goods and currency... more
We're in an interregnum where society has paused, and there's no telling how things may turn. In such times of crisis, we are the explorer; exploring the uncharted waters of change, where dangers and opportunities lie. How the pandemic caused this greater societal change may not be something that an individual can alter, we may, however, take the helm and navigate. more
In January 1995, the RFC Editor published RFC 1752: "The Recommendation for the IP Next Generation Protocol"... The Internet is a security officer's nightmare -- so much openness, so easy to capture packet traffic (and/or spoof it!) and send all manner of unwanted traffic. It was built as a research network, hosted by institutes that were 1/ professionally responsible and 2/ interested in working together collegially. So, in the 19 years since the publication of that statement, have we really failed to address the stated goal? more
Last week at Virus Bulletin in 2012, Tyler Moore of Southern Methodist University (SMU) gave a talk entitled "Measuring the cost of cyber crime." It was a study done in collaboration with multiple individuals in multiple countries. The study sought to answer this question - How much does cyber crime cost? Up until this point, nobody really knew. more
Tragedies frequently result in flurries of legal activity. Last years witnessed the Myspace tragedy in which a 13 year old girl committing suicide. Unfortunately stalking laws have been clumsy tools that are difficult if not impossible for law enforcement officials to wield. Where existing laws respond poorly to tragedies, the option behind Door Number One is to enact a new law, and the option behind Door Number Two is to argue for a reinterpretation of current law that would somehow miraculously shoehorn the tragedy into the law. Unlike game shows, legal contestants can pick both doors -- which is what happened in this case. more
A World-Renowned Source for Internet Developments. Serving Since 2002.