Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
As governments convene to discuss the UN Cybercrime Treaty, Google is urging caution, warning that the current draft could endanger online security and free expression. more
Online fakes can be a lucrative business and difficult to crack down on, due to the ease and low-cost of setting up multiple virtual storefronts and the ability to obfuscate an operation's identity. A federal lawsuit filed on March 1, 2010 by Polo Ralph Lauren and VF Corp. illustrates these points and highlights many of the intricacies of an online counterfeit ring. more
In a presentation EU Commissioner Viviane Reding gave a preview of the new Privacy regulation her DG is preparing. As she states, privacy rules need to be brought up to date and harmonized. With all 27 member states having the same rules and tools to enforce, a company only will deal with one privacy commissioner... So, what if we, for the sake of this blog, take this initiative towards spam and cyber crime. What would this do to spam enforcement? more
The recent announcement of a 13-year old security flaw found in an Open Source security library has renewed the debate between open source and closed source software. The library, crypt_blowfish, allows for fast two-way password encryption. The flaw introduces the potential for passwords to be easily compromised and affects PHP and a number of Linux distributions that include the crypt_blowfish library. more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
The Flagstaff Unified School District (FUSD), in Arizona which consists of 15 schools and over 9,600 students, canceled classes on both Thursday and Friday after a ransomware virus was found on multiple servers. more
In a blog post, Stewart Baker proposed restricting access to sophisticated anti-virus software as a way to limit the development of sophisticated malware. It won't work, for many different and independent reasons. To understand why, though, it's necessary to understand how AV programs work. The most important technology used today is the "signature" - a set of patterns of bytes - of each virus. Every commercial AV program on the market operates on a subscription model... more
Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more
A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more
The NATO Consultation, Command and Control Agency (NC3A) has announced the award of a contract for upgrading the NATO cyber defence capabilities. The award to private industrial companies will enable the already operating NATO Computer Incident Response Capability (NCIRC) to achieve full operational capability by the end of 2012. At approximately 58 million Euro, it represents NATO's largest investment to date in cyber defence. more
Sealing the cracks: a proposal to update the anti-cybersquatting regime to combat advertising-based cybersquatting is the title of an article by Christopher Varas in the April issue of the Journal of Intellectual Property Law & Practice. In this article, the author labels "modern cybersquatting" the monetization of domain names through PPC advertisements, and says that brand owners lack effective tools to combat this practice... more
I read, with some small amount of discomfort, an article by Bill Brenner on CSO Online, wherein he interviewed several other CSOs and other "Security Execs" on their opinions on the firing of Pennsylvania CISO Robert Maley. For those who haven't heard about this, Mr. Maley was fired for talking about a security incident during the recent RSA conference without approval from his bosses. more
This week bank costumers of The Netherlands were shocked when they realised that online banking may not be as safe as they thought. Perhaps some were surprised to hear that what they think is money, is nothing but digits, something that does not exist. Their money only exist because we all act as if it exists and accept transactions between each other aided by software run by banks, if they haven't outsourced that function. more
Today I released a report on 'National cyber crime and online threats reporting centres. A study into national and international cooperation'. Mitigating online threats and the subsequent enforcing of violations of laws often involves many different organisations and countries. Many countries are presently engaged in erecting national centres aimed at reporting cyber crime, spam or botnet mitigation. more
Earlier this year Okpako Mike Diamreyan was found guilty of wire fraud. The district court recently denied his motion for judgment of acquittal. Diamreyan "was charged with devising a scheme to defraud known as an 'advance fee.'" As the court describes it, this is a "scam . . . where a person asks an individual to pay an advance fee in order to obtain a larger sum of money, which the individual [victim] never receives." ... Two things about the case struck me... more
A World-Renowned Source for Internet Developments. Serving Since 2002.