Cybersecurity |
Sponsored by |
|
In light of the recent decision by the United States government to "maintain its historic role in authorizing changes or modifications to the authoritative root zone file" and ICANN's recent decisions to add more gTLDs (including .xxx), and to renew VeriSign as the .net registry, readers may be interested in the just-published report of the National Research Council's Computer Science and Telecommunications Board, Signposts in Cyberspace: The Domain Name System and Internet Navigation. ...a comprehensive policy-oriented examination of the Domain Name System in the broader context of Internet navigation. more
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure... more
Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information. In the past few months, one company after another is being forced to admit customer data has been lost or stolen. In many cases, they have them come forth repeatedly over the next few weeks, or even months revising the estimated number of impacted customers. To date, I don't think any have ever lowered those numbers. ...Let's consider two events that didn't make the front page of C|Net or CNN. more
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. ...However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of. more
Just in case you've been out of the country for the last 12 months, a new scourge is hitting the Internet and the world of email and it's called phishing. The Anti-Phishing Working Group defines phishing as identity theft "attacks using 'spoofed' e-mails and fraudulent Websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords..." According to various experts, the incidents of phishing are rising at an alarming rate: there were 13,000 unique phishing attacks in January alone - that's a 42 percent surge over the previous month. The real problem is that phishing works. more
This is an overview of the booklet, "Internet Governance: Issues, Actors and Divides," recently published by DiploFoundation and the Global Knowledge Partnership. "Internet Governance is not a simple subject. Although it deals with a major symbol of the DIGITAL world, it cannot be handled with a digital - binary logic of true/false and good/bad. Instead, the subject's many subtleties and shades of meaning and perception require an ANALOGUE approach, covering a continuum of options and compromises." Update: This article was reposted with additional information and a new title. more
In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more
IT security strategies invariably focus on maintaining impenetrable fortresses around computers and network systems. Firewalls, virtual private networks and anti-virus programs are the tools IT engineers use to create their digital security. Sophisticated defense systems can be very effective at keeping the obvious attackers at bay, yet they often create a false sense of security because the real attacks, the kind that inflict irreparable damage on a system or network, avoid the obvious routes into the secure fortress. more
As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more
It's funny, but I recall the battle cry that the WWW was "free" back in its early days. When contributing game concept to the early and great gaming pioneers like Infocom, there was such a great esprit-du-corps amongst our team regarding the fun as well as utility that the WWW offerred. In retrospect, we were so naive. I recall the days when guys like Bill Gates prided themselves on being such a great "hackers" - it was a noble term back then. more
The following article is an excerpt from the recently released Internet Analysis Report 2004 - Protocols and Governance. Full details of the argument for protocol reform can be found at 'Internet Mark 2 Project' website, where a copy of the Executive Summary can be downloaded free of charge. ..."In releasing this section for comment, I would like to point out that the report's conclusions are based on a cumulative examination of various protocols and systems. We are at a point of time where other protocols and systems are equally problematic -- the report points to some significant problems with DNS structure and scalability, and also points out that, to all intents and purposes, the basic email protocol, SMTP, is broken and needs immediate replacement." more
The first week in July I went to an acronym-heavy World Symposium on the Internet Society Thematic Meeting on spam in Geneva. A few people have reported this as a meeting by "the UN", which it wasn't. Although the International Telecommunications Union is now part of the UN, it dates back to an 1865 treaty to manage international telegraph communication... more
As the Internet has grown and matured, it has become obvious to everyone involved that the DNS Whois system, as it currently exists, is not a sustainable way to share contact information for resolving network problems. ICANN, in an attempt to save DNS Whois, has plunged head long into the process of developing new policies aimed at fixing it. While I respect all of the hard work that has gone into this process, the results thus far have only made it clearer that this system faces intractable problems. more
Amidst the fascinating news from the SCO saga, preparing for SANS London and contributing to the Unix timeline project at Grokline my eyes caught a piece of rather distressing news on the BBC. It appears that BT (British Telecom) intends to move its current phone network to an IP-based network by 2009 thereby sending the circuit-switched technology off to the attic. The real question is: can we guarantee the same level of reliability on VoIP as we had on circuit-switched telephony when the stated aim is to carry both voice and data traffic down the same cables (or fibres more likely)? more
A United Nations task force recently held a two-day workshop on the question of who governs the Internet. U.N. Secretary General Kofi Annan challenged those of us present to ensure that the Internet and the World Wide Web support "the cause of human development."
Following in the long-standing tradition of skepticism about governments in the Internet community, some in the technical community and the Internet's chattering classes view the concerns expressed by the United Nations and countries such as Brazil, India and others, as a threat to the operation of the Internet itself. This article was originally published at CNET News.Com on April 6, 2004. more
A World-Renowned Source for Internet Developments. Serving Since 2002.