Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Only two years after signing the DNS root zone, the powerful lure of a secure global infrastructure for data distribution is starting to reveal itself. It is illustrated clearly by two proposed technical standardizations that seek to leverage secure DNS. To some degree these developments highlight the strength of DNS institutions and how they might fill gaps elsewhere in the Internet's governance. But an increasing reliance upon and concentration of power in the DNS also makes getting its global governance correct even more important. more
Mobile networks aren't usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are. This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren't known to be sources of spam (at least not yet). What's really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it's permissible, are the culprits more
DNSSEC continues to gain momentum as network operators and domain owners watch and learn from early adopters. The learning process is made easier by efforts such as the ongoing work conducted by researchers at Sandia labs to methodically identify and categorize the kinds of problems that are occurring. more
On Wednesday 22 February the United States and The Netherlands signed a "declaration of intent" on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me. more
It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private? Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. more
We all know how easy it can be to ignore or underestimate the possibly, or even likelihood, of a terrorist attack; just remember what happened on 9-11. That seems to be just what the U.S. is doing when it comes to a possible Cyber-Attack, no not in other countries, but right here at home where targets like private sector companies, who provide vital economic and emergency services to our population using broadband infrastructure, and are woefully under-secured for such attacks. more
I wonder how much botnets reuse IP addresses. Do they infect a system and spam, get blocked, discard the IP and move onto the next (new) one? This means that they have a nearly unlimited supply of IP addresses. Or do they infect a system and spam, get blocked, and then let it go dormant only to awaken it some time later? I decided to take a look. more
The trade press is abuzz today with reports about a security breach at Verisign. While a security breach at the company that runs .COM, .NET, and does the mechanical parts of managing the DNS root is interesting, this shouldn't be news, at least, not now. Since Verisign is a public company, they file a financial report called a 10-Q with the SEC every quarter. According to the SEC's web site, Verisign filed their 10-Q for June through September 2011 on October 28th. more
In my last post I blogged about greylisting, a well-known anti-spam technique for rejecting spam sent by botnets. When a mail server receives a an attempt to deliver mail from an IP address that's never sent mail before, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail senders always retry, badly written spamware often doesn't. I found that even though everyone knows about greylisting, about 2/3 of IPs don't successfully retry. more
U.S. Office of Management and Budget released a memo today establishing a program to reduce "duplicative efforts, inconsistencies and cost inefficiencies when assessing and authorizing cloud systems." The initiative called, Federal Risk and Authorization Management Program (FedRAMP), is aimed to develop a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services through standardized security requirements and controls. more
"Smartphones (and tablets, WdN) are invading the battlefield", reports the Economist on its website of 8 October 2011. On the same day the hacking of U.S. drones is reported on by several news sites. ("They appear friendly". Keyloggers???) Is this a coincidence? more
The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more
On September 12 China, the Russian Federation, Tajikistan and Uzbekistan released a Resolution for the UN General Assembly entitled "International code of conduct for information security." The resolution proposes a voluntary 12 point code of conduct based on "the need to prevent the potential use of information and communication technologies for purposes that are inconsistent with the objectives of maintaining international stability and security and may adversely affect the integrity of the infrastructure within States..." more
When I first wrote about Domain Registry Locking over a year and a half ago, Verisign was the only Registry offering a true Registry Lock Service. Of course, not long after, Neustar announced their Registry Lock Service too. Recently however, a number of ccTLD Registries have also adopted Registry Locking programs... more
An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned. ... While there is no definitive proof, of course, that China was behind these attacks, there is a lot of circumstantial evidence that points in that direction. China (allegedly) has a long history of engaging in espionage activities in order to gain access to information. In the United States, this is sometimes referred to as cyber warfare, but I think that cyber espionage is a better choice of terms. more
A World-Renowned Source for Internet Developments. Serving Since 2002.