Cybersecurity |
Sponsored by |
|
I have previously pointed out the shortcomings of good and user friendly support for DNSSEC in Microsoft's Server 2008 R2. During the period just after I wrote the post, I had a dialogue with Microsoft, but during the last months there has been no word at all. The reason I bring this up again is that more and more Top Level Domains (TLDs) now enable DNSSEC and also the fact that within six months the root will be signed. more
The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised... Unless the customer feels a little bit of pain they will not change their ways. more
There have been a number of reports recently about customer lists leaking out through Email Service Providers (ESPs). In one case, the ESP attributed the leak to an outside hack. In other cases, the ESPs and companies involved have kept the information very quiet and not told anyone that data was leaked. People do notice, though, when they use single use addresses or tagged addresses and know to whom each address was submitted. Data security is not something that can be glossed over and ignored. more
Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA security mailing list we both read. The second, about the hotel industry, was sent by Deb Geisler to science fiction convention runners (SMOFS) mailing list we both read. more
My main argument is about the policy of handling vulnerabilities for 6 months without patching (such as the Google attacks 0day apparently was) and the policy of waiting a whole month before patching this very same vulnerability when it first became an in-the-wild 0day exploit (it has now been patched, ahead of schedule). Microsoft is the main proponent of responsible disclosure, and has shown it is a responsible vendor... I simply call on it to stay responsible and amend its faulty and dangerous policies. more
Gadi Evron writes: "China responds to Google's accusations on its CNCERT web site, here. Johannes Ullrich just brought this to my attention on Facebook. In short, CNCERT wrote that China is the biggest victim of cyber attacks, and that Google lacks evidence to link the recent attacks to China as the perpetrator. I am certain more details and analysis will become available soon." more
CERN put the Large Hadron Collider through some rigorous tests, and apparently at first some of the Siemens manufactured SCADA systems failed. While they are apparently better now, and I am happy to see how serious CERN is about security, this does beg the question... WAIT! You mean it's connected to the Internet? I suddenly don't feel so safe. more
According to the latest Infrastructure Security Report by Arbor Netowrks, the Internet architecture and operations is about to face a perfect storm with the convergence of issues including IPv4 to IPv6 migration, implementation of DNS Security Extensions (DNSSEC) and to 4-byte ASNs (used for inter-domain routing on the Internet). "Any one of these changes alone would constitute a significant architectural and operational challenge for network operators; considered together, they represent the greatest and potentially most disruptive set of circumstances in the history of the Internet, given its growth in importance to worldwide communications and commerce," says the report.
more
The beginning of every year is a time for introspection, an appraisal of the year that was, and planning for the year to come. It is also a time to follow tradition and to recap the biggest news of the year. But by now, I am guessing that we have all read our fair share about the people and events who have impacted the last 12 months... if we take a larger vantage point (than our own relatively small domain name industry), these lessons from 2009 -- in my view -- could teach us all and most importantly, really shape the year ahead. more
It seems like there's a different headline story about Google every day lately, and there's a lot here that service providers should be paying attention to. The launch of Nexus One around CES earlier this month is especially important for all mobile operators as well as the handset vendors partnering with them. A few days later, we started hearing noise about Google Energy. more
Like many people, I was taken by surprised by Google's announcement about its threatened withdrawal from China in the wake of continued censorship and attacks that appeared to emanate from there. My immediate reaction was quite simple: "Wow". There's been a lot of speculation about just why they pulled out. Some reports noted that Google has been losing market share to Baidu... I don't think, though, that that's the whole story. more
Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more
I am just a security guy, as are many others who will read this. Perhaps it is time us "simple" security guys got together and wrote some recommendations for air travel security? Get out your voice out there as an organized professional group which can in turn lobby for our professional recommendations... Here are mine, just to get the ball rolling... more
Coen Dijkgraaf writes: "Project Honey Pot is a community of tens of thousands of web and email administrators from more than 170 countries around the world who are working together to track online fraud and abuse. The Project has been online since 2004 and each day receives millions of email and comment spam messages which are catalogued and shared with law enforcement and security partners. On Wednesday, December 9, 2009 at 06:20 (GMT) Project Honey Pot received its billionth email spam message. For the full article and some intersting statistics about spamming, see 1 Billion Spammers Served." more
Eugene Kaspersky, CEO and co-founder of Internet security giant Kaspersky Lab said last week that "terrorists could build a botnet that could bring down the entire Internet structure". Mr. Kaspersky ended his speech with the statement that "a global cyber police force, and global cooperation between law enforcement agencies and governments is needed". This goes very much in accordance with some of the conclusions in the Cyberspace Policy Review more
A World-Renowned Source for Internet Developments. Serving Since 2002.