Cybersecurity |
Sponsored by |
|
On 24 May, NIST published recommendations that are a key component of the U.S. cybersecurity ecosystem -- known as vulnerability disclosure guidelines. NIST (National Institute of Standards and Technology) is an agency of the Department of Commerce whose mission includes "developing cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public." more
Domain name registries and registrars play a critical role in the functioning of the internet, serving as gatekeepers to the DNS. As such, they have an important responsibility to ensure the security and stability of the DNS but also to promote the use of a domain name in a meaningful way for the end user. To be more efficient in achieving these goals, the domain name industry has started to become more open to the idea of leveraging their own internal data to gain insights about their current business. more
The pace of generative AI development has been astonishing to the degree that the normative space has been unable to keep up. As governments start looking into some implementations of the technology, such as ChatGPT, more advanced techniques and products continue to emerge by the day. Society is changing in irrevocable ways, and it is paramount that the Internet Governance community turns its attention to this question. more
How bad is the human security weakness problem? Verizon's 2022 Data Breaches Investigations Report says 82 percent of data breaches have human involvement. This involvement can mean misconfigurations, poor security policy implementation, negligence, and falling prey to social engineering schemes. Essentially, a vast majority of data breaches have penetrated cyber defenses because of human carelessness, inconsistencies, and gullibility. more
The Australian Signals Directorate (ASD) has issued a new set of guidelines warning about the security risks posed by the use of 5G technology in so-called Smart Cities. The ASD's concerns align with those of the Five Eyes security alliance, which has warned that the interconnected nature of a fully connected city makes it vulnerable to cyberattacks. more
CENTR, the association which represents European country code top-level domain name registries (ccTLDs), such as .de for Germany or .no for Norway, has provided feedback to the United Nations' initiative on a Global Digital Compact (GDC). The GDC seeks to "outline shared principles for an open, free and secure digital future for all", and invites multistakeholder participation in the consultation phase. more
Unsuspecting website visitors are often unaware when they have landed on a spoofed page or are re-directed to malware-hosting web servers designed to steal their sensitive data and information. This attack is known as subdomain hijacking, or subdomain takeover. A web user's private information is then traded on the dark web, and cybercriminals profit, further fueling the expansion of identity theft in the online world. more
At regular intervals, I have discussed the cybersecurity situation in Australia. In those assessments, I wrote about my frustration that the previous government policies more or less resembled a fire brigade approach. Trying to address individual incidents with regulations and legislation rather than coming up with a holistic strategy. more
In today's digital age, securing your website and ensuring your users' safety has never been more critical. Secure sockets layer (SSL) certificates are the go-to solution for securing websites by encrypting the data transmitted between web servers and browsers. Historically, SSL digital certificates could be valid for years, after which they had to be renewed or replaced. more
Last month, the U.S. National Cybersecurity Strategy was launched, providing a new roadmap for stronger collaboration between those operating within the digital ecosystem. The strategy calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world. more
Over the past several years, domain name queries - a critical element of internet communication - have quietly become more secure, thanks, in large part, to a little-known set of technologies that are having a global impact. Verisign CTO Dr. Burt Kaliski covered these in a recent Internet Protocol Journal article, and I'm excited to share more about the role Verisign has performed in advancing this work and making one particular technology freely available worldwide. more
In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more
In the latest twist of the US-China spat, President Trump has his sights on TikTok, the short-form video-sharing platform and ByteDance subsidiary. On July 31, President Trump threatened to ban TikTok because it was a threat to US national security. On August 6, he made good on his threat when he signed an Executive Order to that effect. President Trump tightened the screws with an August 14 Executive Order requiring ByteDance to divest its assets in the US and destroy any TikTok data on its US users within 90 days. more
OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ... more
When I was first advocating home networking at Microsoft, we encountered a problem. The existing systems and applications had implicitly assumed they were inside a safe environment and didn't consider threats from bad actors. Early Windows systems hadn't yet provided file system with access control and other protections though there were some attempts to have separate logins to keep some settings separate. more
Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign's commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS. more
Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more
Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more
Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more
As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more
Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more
Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more