Cybersecurity |
Sponsored by |
|
DomainKeys Identified Mail (DKIM) is the leading email authentication technology, supported by major ISPs including Google, AOL, and Yahoo! (who invented its predecessor), popular mail server software like Sendmail, and many of the best minds in email technology. But if you peruse the archives of the IETF DKIM mailing list, or start up a conversation at MAAWG, it might appear that there's still a lot of disagreement about what a DKIM signature actually means. more
Think for a moment of the enduring legacy of African slavery in America. Think of the way it tainted this country's culture and politics; think of the bloody Civil War, the ghettos... What if we could roll back the clock and ensure that our society was "designed" so that slavery was never permitted and never happened? ... But what if I told you that my computer science lab was working on a "new Internet" that would solve all the terrible security and privacy problems of the existing one? Would you find this claim more credible than a proposed retroactive solution to the problem of slavery? more
It's been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I'd take a moment and highlight some of the most notable milestones... more
I've been privately talking about the theoretical dangers of HTTPS hacking with the developers of a major web browser since 2006 and earlier last month, I published my warnings about HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... more
In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies. Each article in the series will cover a different aspect of security technologies and designs and how each can be deployed in the enterprise to provide the best security posture at the lowest possible budgetary and administrative cost. In Part 2 of this series I discussed security risks and vulnerability. In this article we begin to focus on the role Cisco network and security technologies play in ensuring the safety and security of network data. more
Willis Alan Ramsey, who wrote "Muskrat Love," recorded one and only one studio album. The cognoscenti of country think it's a gem, an all time top ten. There's an apocryphal story that when Ramsey was pushed to make another record he allegedly retorted, "What's wrong with the first one?" We who use the Internet every day risk losing sight of what a miracle it is, and the openness that keeps it so miraculous... We also lose sight of the fact that even as the Internet's miracles occur, it's almost always broken or malfunctioning or threatening or worse in many places along the line. more
As enterprise information security spending is scrutinized in unprecedented fashion in 2009 Information Technology management will seek to get more for their security dollar. While budgets tighten and risks grow due to the global economic downturn IT departments will be looking for point solutions, not suites of security tools. more
In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies... In Part 1 of this series, I provided an overview of the critical role that properly designed data security architectures play within an Internet-connected organization. Before we begin to discuss the security designs, processes and recommendations related to Cisco technology, let's first discuss some of the ways a network becomes unsecure... more
In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more
Today is a historic day as the first generic Top-Level Domain (gTLD) has been signed. Only a few other top level domains, all of which are country code Top-Level Domains (ccTLDs), have been signed to date. This step is part of the first phase of adoption. Authoritative DNS servers need to sign and publish their zones. The second part is for the resolvers on the Internet to validate the keys. Both systems working together will provide security in the DNS. more
A World-Renowned Source for Internet Developments. Serving Since 2002.