Cybersecurity

Sponsored
by

Cybersecurity / Most Commented

House of Cards

Time flies. Although it was over 18 months ago, it seems just like yesterday that a small Czech provider, SuproNet, caused global Internet mayhem by making a perfectly valid (but extremely long) routing announcement. Since Internet routing is trust-based, within seconds every router in the world saw this announcement and tried to pass it on. Unfortunately, due to the size of this single message, quite a few routers choked -- resulting in widespread Internet instability. Today, over a year later, we were treated to a somewhat different version of the exact same story. more

First Leap to Secure Linguistic Internet - Arabic SSL Certificates Launched

Linguistic Internet is becoming stronger with the first leap to develop non-Latin applications, as Arabic Language SSL Certificates has been launched by M/s ArabicSSL with the support of Live Multilingual Translator and The Multilingual Internet Group. This step is highly appreciable because this will ensure the security and stability and develop trust over new Internet layers of Internationalized Domains (IDN TLDs). more

DNSSEC Deployment Among ISPs: The Why, How, and What

It's no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they've learned and what advice they would give other ISPs considering DNSSEC deployment. more

The [Dot]Brand Tribes - Part 3

In part two of The [Dot] Brand Tribes we argued that introducing new branded generic Top-Level Domains (gTLDs) would bring value to brand owners and have positive effects on customer recognition. In this last post we'll continue that theme and talk about how brand owners can come together to provide shared spaces using the banking industry as an example. more

Cyber-Spin: How the Internet Gets Framed as Dangerous

At the beginning of this year, a set of powerhouse organizations in cybersecurity (CSO Magazine, Deloitte, Carnegie Mellon's CERT program, and the U.S. Secret Service) released the results of a survey of 523 business and government executives, professionals and consultants in the ICT management field. The reaction generated by this survey provides an unusually clear illustration of how cyber-security discourse has become willfully detached from facts. more

MIT 2010 Spam Conference Starts Tomorrow…

In January we presented the glorious history of the MIT spam conference, today we present the schedule for the first day. Opening session will be from this author, Garth Buren with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference... more

China Hacks Google, Etc.

Many news sources are reporting on how Google and other corporations were hacked by China. The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day. more

The World’s Most Dangerous Country Code Top-Level Domains

If you want to know the world's most dangerous country code Top-Level Domains (ccTLDs), ask an anti-virus software company. McAfee has released its list of most dangerous country codes. Here are the top five... more

Spymaster Sees Israel As World Cyberwar Leader

HaAretz, an Israeli newspaper, quotes Major-General Yaldin as saying: "Fighting in the cyber dimension is as significant as the introduction of fighting in the aerial dimension in the early 20th century." (my translation) If this statement is to be believed, Israel is active in cyberspace. And yet, why would Israel admit that, regardless of if it really happens? One option is... more

Yahoo, Gmail, Hotmail Compromised - But How?

One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more

Helping Banks Fight Phishing and Account Fraud, Whether They Like It or Not

On Wednesday, Project Honey Pot filed an unusual lawsuit against "John Does stealing money from US businesses through unauthorized electronic transfers made possible by computer viruses transmitted in spam." Their attorney is Jon Praed of the Internet Law Group, who is one of the most experienced anti-spam lawyers around, with whom I have worked in the past. more

Routing Redundancy: How Much Is Enough?

Internet connectivity is a good thing. Many of us depend on it for everything from our livelihoods to our entertainment. However, the Internet is very fragile and even the The New York Times is worried about it. But they're primarily concerned with overloads that can occur when everyone on the planet does the same thing at roughly the same time, such as surfing for news about Michael Jackson. Unfortunately, we will never avoid all such scenarios. Physical systems are designed around average and typical peak loads, not around extremely high loads associated with very unlikely events. Who would pay for that? more

Innovation and Cybersecurity Regulation

The market has failed to secure cyberspace. A ten-year experiment in faith-based cybersecurity has proven this beyond question. The market has failed and the failure of U.S. policies to recognize this explains why we are in crisis. The former chairman of the Security and Exchange Commission, Christopher Cox, a longtime proponent of deregulation, provided a useful summary of the issue when he said, "The last six months have made it abundantly clear that voluntary regulation does not work."... more

Top 10 Spam Stories of 2008

Well, it's a yearly tradition in the western hemisphere that at the end of the year, we compose a top 10 list of the 10 most . Since it is now 2009, I thought that I would create my own list of the top 10 spam stories of 2008. Now, not all of these will be universally applicable to everyone, they are the top 10 stories as seen by me. more

Day 30: Kaminsky DNS Bug Disclosure

In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially "destroy the Web". more