Like much of how the Internet is governed, the way we detect and remove child abuse material online began as an ad hoc set of private practices. In 1996, an early online child protection society posted to the Usenet newsgroup alt.binaries.pictures.erotica.children (yes, such a thing really existed) to try to discourage people from posting such "erotica" on the assumption that the Internet couldn't be censored. more
In an interview with GovInfoSecurity, Sen. Thomas Carper said that the U.S. Senate is considering attaching cybersecurity legislation to a defense authorizations bill. Though clearly a ploy to be able to say "we did something about those evil hackers" before the elections, CAUCE applauds the attempt. There can be no doubt that the United States (and many other countries) sorely needs better laws to deal with these threats. more
Credit card information is the most advertised category of goods and services on the underground economy accounting for 31 percent of the total, according to recent data found by security experts. In a report released today by Symantec, stolen credit card numbers are reported to sell for as little as $0.10 to $25 per card with the average advertised stolen credit card limit at more than $4,000. According to calculations, the potential worth of all credit cards advertised during the reporting period was $5.3 billion. more
In a presentation EU Commissioner Viviane Reding gave a preview of the new Privacy regulation her DG is preparing. As she states, privacy rules need to be brought up to date and harmonized. With all 27 member states having the same rules and tools to enforce, a company only will deal with one privacy commissioner... So, what if we, for the sake of this blog, take this initiative towards spam and cyber crime. What would this do to spam enforcement? more
Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
Earlier this year Okpako Mike Diamreyan was found guilty of wire fraud. The district court recently denied his motion for judgment of acquittal. Diamreyan "was charged with devising a scheme to defraud known as an 'advance fee.'" As the court describes it, this is a "scam . . . where a person asks an individual to pay an advance fee in order to obtain a larger sum of money, which the individual [victim] never receives." ... Two things about the case struck me... more
In the past year ICANN has been putting a lot more effort into its compliance activities, which is a good thing, since the previous level was, ah, exiguous. That's the good news. The bad news is that while they're paying more attention to misbehaving registrants, the registrars, gatekeepers to the world of domains, have serious issues that ICANN has yet to address. more
I wonder how much botnets reuse IP addresses. Do they infect a system and spam, get blocked, discard the IP and move onto the next (new) one? This means that they have a nearly unlimited supply of IP addresses. Or do they infect a system and spam, get blocked, and then let it go dormant only to awaken it some time later? I decided to take a look. more
Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more
The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
Sealing the cracks: a proposal to update the anti-cybersquatting regime to combat advertising-based cybersquatting is the title of an article by Christopher Varas in the April issue of the Journal of Intellectual Property Law & Practice. In this article, the author labels "modern cybersquatting" the monetization of domain names through PPC advertisements, and says that brand owners lack effective tools to combat this practice... more
Don't worry about the bad guys turning out the lights. Worry about everything they're stealing while the lights are still on. The theft of intellectual property ranging from Hollywood films to defense secrets is underway by cyber-criminals of various stripes. Maintaining control over intellectual property may be the single most important challenge to American economic security. Implementing a cyber-reliant infrastructure is a national challenge which crosses the traditional boundaries between economic sectors and between public and private domains. more
An international group of more than 360 cyber threat intelligence researchers from over 40 countries have joined forces to help the medical sector amid the COVID-19 crisis. more
A World-Renowned Source for Internet Developments. Serving Since 2002.