Cybersecurity |
Sponsored by |
|
On Thursday, Oct 1, 2015, from 9:30am-4:30pm US EDT (UTC-4), Dyn will be holding their "TechToberFest" event in Manchester, NH, and also streaming the video live for anyone interested. There are a great set of speakers and a solid agenda. As I wrote on the Internet Society blog, I'll be part of the security panel from 3-4pm US EDT... and we who are on the panel are excited to participate just for the conversation that we are going to have! It should be fun! more
Earlier this year, I wrote about a recent enhancement to privacy in the Domain Name System (DNS) called qname-minimization. Following the principle of minimum disclosure, this enhancement reduces the information content of a DNS query to the minimum necessary to get either an authoritative response from a name server, or a referral to another name server. more
The primary means of authentication on the Internet is the password -- a half-century old, shared secret mechanism that is difficult to use (especially on mobile devices) and has acknowledged security flaws including attacks at scale. Even so, passwords remain the most prevalent form of authentication with efforts to enhance security typically relying on "bolt on" solutions that increase user friction. more
In March 2013, Spamhaus was hit by a significant DDoS attack that made its services unavailable. The attack traffic reportedly peaked at 300Gbps with hundreds of millions of packets hitting network equipment on their way. In Q1 2015, Arbor Networks reported a 334Gbps attack targeting a network operator Asia. In the same quarter they also saw 25 attacks larger than 100Gbps globally. What is really frightening about this is that such attacks were relatively easy to mount. more
Sovereign nations around the globe have clearly defined borders, but as attendees were shown at a UN Conference several years ago, cybercrime is a borderless phenomenon. In 2011 Norton Security released statistics that showed that every 14 seconds an adult is a victim of cybercrime and the numbers are growing. As internet use grows, so does the amount and type of information streaming across the web. This information crosses transnational lines, public and private sectors. more
In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Shadow IT -- the use of unsanctioned software and services by employees -- is a problem. It's a big one. According to Forbes, 72 percent of executives don't know how many "shadow" apps are being used on their network. Beyond overloading network resources and impacting data compliance, there is also the real threat of security breaches from unapproved apps. Managing IT you can't see is no easy task, but fortunately it's not impossible. Here are five tips to help bring light to the shadows. more
Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more
In 2013 I wrote a blog Telecoms as a spying tool, in which I mentioned that those who use the internet to spy indiscriminately will have to face the reality that such activities will only start a cat-and-mouse game -- the technology will always be able to stay one step ahead of those who are using the internet for criminal purposes. Since that time some very significant developments have taken place that have confirmed our prediction. more
Today the Internet Technical Advisory Committee (ITAC) to the OECD published the fifth edition of its newsletter. The ITAC was created in 2009 following the OECD's Seoul Ministerial with the objective to provide Internet technical and policy expertise to the work of the OECD on Internet-related issues. This informal group is coordinated by the Internet Society and currently counts 28 members active in domains such as open Internet/Web standards development, interconnection, IP addressing, security or privacy. more
A World-Renowned Source for Internet Developments. Serving Since 2002.