Cybersecurity

 Sponsored
by

Cybersecurity / Featured Blogs

Australia Booting Infected Computers Off Their Networks

Jan 29, 2010

The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised... Unless the customer feels a little bit of pain they will not change their ways. more

Protecting Customer Data

Jan 28, 2010

There have been a number of reports recently about customer lists leaking out through Email Service Providers (ESPs). In one case, the ESP attributed the leak to an outside hack. In other cases, the ESPs and companies involved have kept the information very quiet and not told anyone that data was leaked. People do notice, though, when they use single use addresses or tagged addresses and know to whom each address was submitted. Data security is not something that can be glossed over and ignored. more

Should a Domain Name Registrar Run from a PO Box?

Jan 28, 2010

In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location. The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. more

Corporate Espionage in the News: Hilton and the Oil Industry

Jan 26, 2010

Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA security mailing list we both read. The second, about the hotel industry, was sent by Deb Geisler to science fiction convention runners (SMOFS) mailing list we both read. more

Perhaps It’s Time to Regulate Microsoft as Critical Infrastructure?

Jan 23, 2010

My main argument is about the policy of handling vulnerabilities for 6 months without patching (such as the Google attacks 0day apparently was) and the policy of waiting a whole month before patching this very same vulnerability when it first became an in-the-wild 0day exploit (it has now been patched, ahead of schedule). Microsoft is the main proponent of responsible disclosure, and has shown it is a responsible vendor... I simply call on it to stay responsible and amend its faulty and dangerous policies. more

Large Hadron Collider, Nessus, and the InterWebz

Jan 23, 2010

CERN put the Large Hadron Collider through some rigorous tests, and apparently at first some of the Siemens manufactured SCADA systems failed. While they are apparently better now, and I am happy to see how serious CERN is about security, this does beg the question... WAIT! You mean it's connected to the Internet? I suddenly don't feel so safe. more

Leadership and Persuasion: Internet Freedom

Jan 23, 2010

Secretary Clinton's major address on internet freedom made the connection between humanity and technology. We've been waiting a long time for our political leaders to have the courage to express thoughts like this, to have a vision about the role of the internet in human history, and yesterday the day arrived. The speech wasn't an isolated event, of course. more

Beyond Domains: What Did We Really Learn in 2009?

Jan 20, 2010

The beginning of every year is a time for introspection, an appraisal of the year that was, and planning for the year to come. It is also a time to follow tradition and to recap the biggest news of the year. But by now, I am guessing that we have all read our fair share about the people and events who have impacted the last 12 months... if we take a larger vantage point (than our own relatively small domain name industry), these lessons from 2009 -- in my view -- could teach us all and most importantly, really shape the year ahead. more

MIT Spam Conference: 2010 Call for Papers and Participation

Jan 19, 2010

I am proud (or disappointed) to announce the 8th annual MIT Spam Conference, March 25th and 26th at MIT in Cambridge, Massachusetts. A regular research competition that brings out the best minds in the fight against unsolicited email. At this point it would be helpful to provide a little background on the conference and remind everyone that the Call For Papers is still open. more

Helping Haiti: The Email Community Response

Jan 16, 2010

It is inconceivable that anyone within viewing distance of a television or computer screen this week doesn't know about the disaster in Haiti. As of this writing, 50,000 bodies have been collected from the streets of Port-au-Prince. Millions of people, a number our brains simply aren't equipped to deal with, are now homeless. Help is needed now, and will be, for a very long time. more

Industry Updates

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Managing Expanding Attack Surfaces for Growing Businesses

Subdomain Hijacking in the News Again - What is It?

  • By CSC
  • May 20, 2024

Looking for More Signs of Nitrogen in the DNS

Thoughts on RDRS for Brand Owners

  • By CSC
  • May 13, 2024

Unraveling the World of Security Data Aggregation

A DNS Investigation of the Typhoon 2FA Phishing Kit

Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit

View More