Cybersecurity |
Sponsored by |
|
Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia. His daughter was recently released, according to Joseph Menn's recent article on Boing Boin, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations. The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity. more
For a student final dissertation TV documentary short, 10 minutes, I have ended up choosing to investigate whether the landing stations for trans-atlantic cables are the achilles heel of the internet. As an outsider to the world of internet infrastructure I have been struck by how easy it has been to identify the landing stations in Cornwall and the cables that enter them. (Thank you Google for the aerial photographs) more
As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don't worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed. Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed. more
Someone needs to take a good hard look at those Internet surveillance stories being strategically placed on the front page of the New York Times. There's a trail here, I believe, that's worth following. Here are some data points... there appears to be a deep interest in the ability to declare war online, as evidenced by cybersecurity research and public speeches by Herbert Lin, a key player who has worked on several cybersecurity reports for the National Research Council.
more
According to recent news reports, the administration wants new laws to require that all communications systems contain "back doors" in their cryptosystems, ways for law enforcement and intelligence agencies to be able to read messages even though they're encrypted. By chance, there have also been articles on the Stuxnet computer worm, a very sophisticated piece of malware that many people are attributing to an arm of some government. The latter story shows why cryptographic back doors, known generically as "key escrow", are a bad idea. more
A couple of days ago, Threatpost posted an article indicating that the United States is the most bot-infected country... I think that Microsoft's mechanism of measuring bot infections is a good one, not necessarily because it is the most accurate but because it represents the most complete snapshot of botnet statistics. Because Microsoft Windows is installed on so many computers worldwide and because so many users across the world call home to the MSRT, Microsoft is able to collect a very large snapshot of data. more
Last month, application security provider Veracode came out with a study that stated that more than half of all enterprise applications aren't secure. The company tested approximately 2,900 applications over an 18-month period, and 57 percent failed to meet Veracode's "acceptable levels" of security. While this study gained a tremendous amount of traction in the media... it does not focus on the bigger issue... more
Within the last year or two, I've heard people express an opinion to the effect that if the domain name industry put as much focus on preventing distributed denial of service attacks as we have on implementing DNSSEC, the Internet would be a safer place. While there may be a grain of truth there, I suggest that this kind of thinking presents us with something of a false dichotomy. more
On Wednesday September 29th at 1PM there will be a meeting in the Old Executive Building in Washington D.C. with Registries and domain Registrars to discuss illegal Internet sales of prescription drugs. ICANN was originally invited but declined because citing "inappropriateness" . One "U.S." Registrar who definitely will not be in attendance is OnlineNIC more
Three parallel events in US communications policy today, all reported on widely - but with a common thread. ... Law enforcement and national security officials want to make sure that they have the same ability to execute warrants and surveillance orders online that they had in the switched-telephone-circuit age -- which will mean substantial government design mandates for new software, hardware, and communications facilities. more
A World-Renowned Source for Internet Developments. Serving Since 2002.