Cybersecurity

 Sponsored
by

Cybersecurity / Featured Blogs

The Economics of Hacking an Election

Aug 08, 2018

There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more

Traceability

Aug 08, 2018

At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more

Internet as Non-Kinetic WMD

Aug 04, 2018

With each passing day, a new public opinion article appears or U.S. government official pronounces how the open internet is abetting some discovered catastrophic effects on our societal institutions. In just one week, the examples include increased information on FSB & GRU attacks on electoral systems and infrastructure, Trump's obliging tactical destruction of societal norms and propagation of the QAnon cult, U.S government agency officials playing "cyber security spin-the-bottle" at press conferences... more

HTTPS Interceptions Are Much More Frequent Than Previously Thought

Jul 30, 2018

I have written about the problems with the "little green lock" shown by browsers to indicate a web page (or site) is secure. In that article, I consider the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the "green lock" paradigm - the impact of HTTPS interception. more

ITU’s Critical Cybersecurity Role and the 2018 Plenipotentiary

Jul 25, 2018

In the rather unique world of public international law for cybersecurity, the treaty provisions of the International Telecommunication Union (ITU) stand alone. They form the multilateral basis for the existence of all communication networks, internets, and services worldwide and have obtained the assent by every nation in the world. They also contain the only meaningful multilateral cybersecurity provisions that have endured over a century and a half through all manner of technological change. more

An Update on Securing BGP from IETF 102

Jul 25, 2018

One way or another we've been working on various aspects of securing the Internet's inter-domain routing system for many years. I recall presentations dating back to the late '90's that point vaguely to using some form of a digital signature on BGP updates that would allow a BGP speaker to assure themselves as to the veracity of a route advertisement. more

Why Government Agencies Use Ugly, Difficult to Use Scanned PDFs - There’s More Than Meets the Eye

Jul 20, 2018

Sometimes, a government agency will post a PDF that doesn't contain searchable text. Most often, it's a scan of a printout. Why? Don't the NSA, the Department of Justice, etc., know how to convert Word (or whatever) directly to PDF? It turns out that they know more than some of their critics do. The reason? With a piece of paper, you know much more about what you're actually disclosing. more

Essential Cyber Security Steps for Your Business

Jun 28, 2018

Layered security is a concept that's important for anyone who wants to create a strong, successful defense strategy to understand. This is a strategy that relies on the use of multiple lines of defense in an attempt to repel any potential attacks. For this reason, it's based on the principle that says "no single form of protection is enough to stop a determined cybercriminal. more

Internet Evolution: Another 10 Years Later

Jun 25, 2018

Ten years ago, I wrote an article that looked back on the developments within the Internet over the period from 1998 to 2008. Well, another ten years have gone by, and it's a good opportunity to take a little time once more to muse over what's new, what's old and what's been forgotten in another decade of the Internet's evolution... The evolutionary path of any technology can often take strange and unanticipated turns and twists. more

Why You Must Learn to Love DNSSEC

Jun 20, 2018

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more

Industry Updates

Global DNS and Domain Activity Trends in Q2 2024

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Managing Expanding Attack Surfaces for Growing Businesses

Subdomain Hijacking in the News Again - What is It?

  • By CSC
  • May 20, 2024

Looking for More Signs of Nitrogen in the DNS

Thoughts on RDRS for Brand Owners

  • By CSC
  • May 13, 2024

Unraveling the World of Security Data Aggregation

A DNS Investigation of the Typhoon 2FA Phishing Kit

View More