Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Here is a list of the most viewed news and blog postings that were featured on CircleID in 2007. Best wishes for 2008. more
A reasonably well informed article in Thursday's USA Today reminds us that in 2004 Bill Gates said the spam problem would be solved in early 2006, but here at the end of 2007 there's more spam than ever. They go through a laundry list of problems of spambots, new kinds of PDF and MP3 spam, and phishing, and a list of of partial or non-solutions including filters, walled gardens, and an odd system called Boxbe, a hybrid of whitelists, challenge/response, and pay for delivery. Oh, and Bill says he never said spam would be solved... more
It is one thing to bring broadband internet to the masses, but how do we make them drink from the fountain of knowledge? One of the challenges, of course, is that the industry has not yet sold turn-key applications that capture the imaginations of the unconnected. Surprising as it seems, email, Facebook, file swapping and web surfing have not yet attracted 100% of the population. Are there some applications that might lend themselves to a toll-free model in order to reach the rest of the market? more
The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it? Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year... more
I have a hypothesis: The Bush administration came to power in December 2000. American telcos were on the precipice about to go into Free fall. We have seen how Bush politicized the Justice Department and are much more aware thanks to John Dean's Broken Government and Charlie Savage's Take Over of the intense desire to aggregate executive power to feed the Addingtons belief in the Unitary Executive. We now know that Cheney was meeting with the energy industry in early 2001 promising them whatever they wanted. We may begin to ask what the domestic telecoms industry was being promised? more
A deal announced today between British Telecom and upstart FON allows BT's Internet customers to share their own broadband connections via WiFi and, in turn, be able to access WiFi free at "thousands" (doesn't say how many) of FON hotspots around the world operated by other Foneros... When you buy home Internet access from BT and opt into this plan, you are also buying roaming access at no extra charge. The technology is supposed to assure that the part of the connection which you share is segregated from your own access so that there are no security problems caused by the sharing. more
Skype's official explanation. Phil Wolff has a good set of interpolated comments on the official explanation. There are two things to add... As the Register points out, last Tuesday was Microsoft's monthly patch day and those patches required a re-boot. If we believe Skype that their problem started with excessive login attempts, this is the only plausible explanation on the table... more
If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more
Last week, my colleagues over at Sunbelt Software discovered a bogus Windows domain being registered earlier this month (where the "w" in "windows" is actually two "v"s). Today, I've been alerted to the fact that are several additional Windows domains which have registered where the "w"s have been also been replaced with "v"s... more
One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts... more
Since Skype has an open client-side API, why not use it as a transport to tunnel VPN traffic and blow through firewalls to connect you to a remote system? That's the idea raised by Peeter P. Mõtsküla in his Skype Developer Blog entry: "Idea: skypetunnel". For instance, have a Skype client running on your home machine logged in as one account. Have Skype on your laptop on another account. Initiate a connection between the two of them and wind up with secure, encrypted access through the firewall from wherever you are. Being peer-to-peer, there would be no central servers or infrastructure required (outside the usual Skype p2p cloud.) This would require, of course, a yet-to-be-created "extra" that connected into the Skype client API and was installed on both systems...but that was the point of the article... more
With my post earlier this month about the possibility of SIP botnets [also featured here on CircleID], I've had a number of people asking about more information and wondering about the possible impacts. And while I will write more on botnets in general, as far as the potential impact of "botnets" in general, one need only look over at the current situation in Estonia... Now, perhaps Russia is behind the attack... perhaps not. There are obviously much larger political issues going on between the two states. more
Fergie replied on NANOG to my recent post on the subject of broadband routers insecurity: "I'll even go a step further, and say that if ISPs keep punting on the whole botnet issue, and continue to think of themselves as 'common carriers' in some sense -- and continue to disengage on the issue -- then you may eventually forced to address those issues at some point in the not-so-distant future..." He is right, but I have a comment I felt it was important - to me - to make. Not just on this particular vulnerability, but on the "war"... more
The only Cyber law passed in Pakistan till date is the famous ETO-2002 (Electronic Transaction Ordinance - 2002). It required Ministry of IT&T to set up a Central Repository for all digital certificates and in addition to set up a body to be named as Electronic Certification Accreditation Council (ECAC) to accredit Electronic Certification Authorities to be established in the country... In this regard, government has not only closed its eyes and has blindly trusted the only certificate authority (CA) in the country operated by a private business group, it has also mandated the citizens and business to trust it. Case in point is Central Board of Revenue (CBR) that has told all taxpayers to digitally sign the emails using the certificates issued by this private party... more
In this post I'd like to discuss the threat widely circulated insecure broadband routers pose today. We have touched on it before. Today, yet another public report of a vulnerable DSL modem type was posted to bugtraq, this time about a potential WIRELESS flaw with broadband routers being insecure at Deutsche Telekom. I haven't verified this one myself but it refers to "Deutsche Telekom Speedport w700v broadband router"... more
A World-Renowned Source for Internet Developments. Serving Since 2002.