Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
There has been a lot of talk, blogging, tweeting and press reportage about the Epsilon breach, but little in the way of concrete information to consumers as to where they stand, if their personal information (PII) such as their name and email address has been lost to criminals. The CAUCE Board of Directors have developed the following FAQ that provides facts and guidance for those affected by the breach. more
The Internet was not originally designed as a single network that serviced much of the world's digital communications requirements. Its design was sufficiently flexible that it could be used in many contexts, including that of small network domains that were not connected to any other domain, through to large diverse systems with many tens of thousands of individual network elements. If that is indeed the case, then why is it that when networks wish to isolate themselves from the Internet, or when a natural calamity effectively isolates a network, the result is that the isolated network is often non-functional. more
This post follows an earlier post about DNS amplification attacks being observed around the world. DNS Amplification Attacks are occurring regularly and even though they aren't generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed -- load balancers fail, network links get saturated, and servers get overloaded. And far more intense attacks can be launched at any time. more
Hurricane Katrina will lead the endless finger pointing about what should have been done to strengthen the levees before the storm. However, as a former senior FEMA official under the Clinton Administration explained, "There's only two kinds of levees. Ones that have failed and those that will fail." The same is true for cyber-levees. more
As an admin, app security should be a top priority - but SaaS apps represent a difficult challenge in that regard. How can you protect your business from their risks, while enjoying all their rewards? Within the average enterprise, there are 508 unique cloud applications in use. That number's overwhelming enough on its own without considering that 88% of those applications aren't enterprise ready, or the fact that one in five cloud applications has data sharing as a core functionality. more
There may still be a few security practitioners working in the field who didn't have a copy of Bruce Schneier's Applied Cryptography on their bookshelf the day they started their careers. Bruce's practical guide to cryptographic algorithms, key management techniques and security protocols, first published in 1993, was a landmark volume for the newly emerging field, and has been a reference to developers ever since. more
Israel's entire voter registry was recently uploaded to a vulnerable voting management app which effectively left the data wide open for days. more
In my last post I blogged about greylisting, a well-known anti-spam technique for rejecting spam sent by botnets. When a mail server receives a an attempt to deliver mail from an IP address that's never sent mail before, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail senders always retry, badly written spamware often doesn't. I found that even though everyone knows about greylisting, about 2/3 of IPs don't successfully retry. more
Last week we heard of yet another egregious security breach at an online provider, as crooks made off with the names, address, and birth dates of eBay users, along with encrypted passwords. They suggest you change your password, which is likely a good idea, and you better also change every other place you used the same password. But that's not much help since you can't change your name, address, and birth date, which are ever so handy for phishing and identity theft. more
The EU's 'cyber security' Agency ENISA (The European Network and Information Security Agency) has launched a new report concluding that the EU should focus its future IT security research on five areas: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. more
As ICANN prepares to expand the domain name space, calls grow for a public-law framework to govern the DNS root, ensuring global equity, transparency, and accountability in managing the Internet's core infrastructure. more
Articles, blogs, and meetings about the internet of the future are filled with happy, positive words like "global", "uniform", and "open". The future internet is described in ways that seem as if taken from a late 1960's Utopian sci-fi novel: the internet is seen as overcoming petty rivalries between countries, dissolving social rank, equalizing wealth, and bringing universal justice. If that future is to be believed, the only obstacle standing between us and an Arcadian world of peace and harmony is that the internet does not yet reach everyone... more
I'm delighted to announce that the name collisions workshop this weekend will include Jeff Schmidt, CEO of JAS Global Advisors, presenting the Name Collision Occurrence Management Framework that his firm just released for public review. Jeff's presentation is one of several on the program announced by the program committee for the Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC). more
On Wednesday 22 February the United States and The Netherlands signed a "declaration of intent" on the cooperation on fighting cybercrime. This event was reported by the press as a treaty. At least that is what all Dutch postings I read wrote, with exception of the official website of the Dutch government. So what was actually signed? Reading the news reports some thoughts struck me. more
Over the past few years, we have seen a plethora of over-hyped articles in the popular press and blogosphere crowing wrong-headedly about how 'email is dead'. Social networks like Facebook and Twitter, new and as-yet unproven technologies are the supposed death-knell for our old reliable friend, e-mail. I wrote about the rumours of email's death being exaggerated back in 2007 in response to such inanity. Since then, we've seen such a cornucopia of silliness of the 'Such & such is killing email' variety that Mark Brownlow compiled a bunch of articles, and their rebuttals at his excellent site... more
A World-Renowned Source for Internet Developments. Serving Since 2002.