Cybersecurity |
Sponsored by |
There was a period of time not long ago in which signature-based threat detection was cutting-edge. Antivirus, intrusion detection systems (IDS), data leakage prevention (DLP), content filtering and even anomaly detection systems (ADS) all continue to rely heavily upon static signatures. In recent years vendors have shied away from discussing their dependence on such signatures -- instead extolling supplemental "non-signature-based" detection technologies. more
In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more
One fine night in November 2011 I got an opportunity to get my hands dirty, working on a project for the United States Federal Bureau of Investigation (FBI). They were planning to seize a bunch of computing assets in New York City that were being used as part of a criminal empire that we called "DNS Changer" since that was the name of the software this gang used to infect a half million or so computers. more
Pinning down the number of infected computers is really, really hard. I'd go as far as saying it's practically impossible to calculate, let alone observe. Still, that's not going to stop people from attempting to guess or extrapolate from their own observations. Over the years I've heard "reliable" numbers ranging from 10% through to 60% -- and I don't trust any of them. There's a whole gaggle of reasons why the numbers being thrown out to the public are inaccurate and should ideally be interpreted with a lot of skepticism by any right-minded folks. more
Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet. When I say "botnet", I use the term loosely because Zeus is not a botnet in the sense that Rustock or Waledac is (or was). Rather, Zeus is a tool kit that online criminals can buy that lets them create phishing pages, perform fast fluxing, host drive-by downloads in addition to spamming. It's more like infrastructure than a botnet, although it does have a large botnet under its control. more
On January 18, 2012, Comcast customers found they could not access the NASA.gov website. Some users assumed that Comcast was deliberately blocking the website or that NASA, like Wikipedia and Reddit, was participating in the "blackout" protests against the Stop Online Piracy Act (SOPA) going on that day. As it turned out, the truth was much less exciting, but it offers important lessons about DNSSEC. more
Don't worry about the bad guys turning out the lights. Worry about everything they're stealing while the lights are still on. The theft of intellectual property ranging from Hollywood films to defense secrets is underway by cyber-criminals of various stripes. Maintaining control over intellectual property may be the single most important challenge to American economic security. Implementing a cyber-reliant infrastructure is a national challenge which crosses the traditional boundaries between economic sectors and between public and private domains. more
"Security is all about protecting the user." That's the comment that came up the other week in the twittersphere that kicked off a not-unexpected trail of pro and con tweets. Being limited to 140 characters makes it rather difficult to have a deep and meaningful discussion on the topic and the micro-blogging apparatus isn't particularly conducive to the communicating the nuances of a more detailed thought. So I thought I'd address the topic here in blog format instead. more
In Ian Flemming's Thunderball M sends 007 to the Bahamas on a hunch that SPECTRE is hiding something there. Well, it's been our hunch for a while that the Bahamas "office" for the Registrar Internet.BS does not exist. Now we have confirmation of such. It has been documented in an explosive undercover expose by LegitScript that Internet.BS address as stated could not be verified, could not accept mail, and that the business itself could not actually be found in the Bahamas. more
This may or may not come as a shock to some of you, but ICANN's contract with the Domain Name Registrars, in terms of WHOIS inaccuracy is not enforceable. Bear with me. The ability of ICANN to enforce against a Registrar who fails to correct or delete a domain with false WHOIS does not exist. more