Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
I'm delighted to announce that the name collisions workshop this weekend will include Jeff Schmidt, CEO of JAS Global Advisors, presenting the Name Collision Occurrence Management Framework that his firm just released for public review. Jeff's presentation is one of several on the program announced by the program committee for the Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC). more
Over the past few years, we have seen a plethora of over-hyped articles in the popular press and blogosphere crowing wrong-headedly about how 'email is dead'. Social networks like Facebook and Twitter, new and as-yet unproven technologies are the supposed death-knell for our old reliable friend, e-mail. I wrote about the rumours of email's death being exaggerated back in 2007 in response to such inanity. Since then, we've seen such a cornucopia of silliness of the 'Such & such is killing email' variety that Mark Brownlow compiled a bunch of articles, and their rebuttals at his excellent site... more
On Webwereld an article was published following a new Kaspersky malware report Q1-2013. Nothing new was mentioned here. The Netherlands remains the number 3 as far as sending malware from Dutch servers is concerned. At the same time Kaspersky writes that The Netherlands is one of the most safe countries as far as infections go. So what is going on here? more
The EU's 'cyber security' Agency ENISA (The European Network and Information Security Agency) has launched a new report concluding that the EU should focus its future IT security research on five areas: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. more
In a Red Herring Conference held last week in California, Mitch Ratcliffe's offers an analytical overview of an interview held with Stratton Scalovs, VerisSign's CEO..."He then goes on to say that we need to move the complexity back into the center of the Net! He says the edge can't be so complex. Get David Isenberg in here! Ross Mayfield, sitting in front of me, laughs out loud. I am dumbfounded. According to VeriSign, the Net should not be open to any type of application, only applications that rely on single providers of services, like VeriSign. This is troglodyte talk." more
Cybersecurity regulation is coming. Whether regulations intended to enhance critical infrastructure protection will be based on existing statutory authority, new legislation, an Executive Order or a combination of legal authorities, however, is still unknown. Other aspects of the coming federal oversight of critical infrastructure cybersecurity that remain undetermined include the extent to which governance system will include voluntary characteristics and the time frame for initiation of new cybersecurity regulation. more
The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more
The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and website security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records... Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms? more
Globally, people are connecting more and more "things" to the Internet. Devices that were traditionally offline or dumb like refrigerators, cars, watches, home cameras, air condition, door locks, agriculture monitoring devices, etcetera, are now being connected to the Internet. This is referred to as the "Internet of Things" (IoT). Using sensors, IoT devices collect data of some sort, which is then most likely shared over a network connection to a service provider, where some analysis is performed on the data. more
Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more
Spam over Internet Telephony (SPIT) is viewed by many as a daunting threat. SPIT is much more fatal than email spam, for the annoyance and disturbance factor is much higher. Various academic groups and the industry have made some efforts to find ways to mitigate SPIT. Most ideas in that field are leaning on classical IT security concepts such as intrusion detection systems, black-/white-/greylists, Turing tests/computational puzzles, reputation systems, gatekeeper solutions, etc... We identified the lack of a benchmark testbed for SPIT as a serious gap in the current research on the matter, and this motivated us at the to start working on a first tool for that. more
We’ve noted in previous CSC studies that phishing continues to be an extremely popular threat vector with bad actors and shows no signs of subsiding in part, because of the COVID–19 pandemic and the rise in popularity of remote working. Indeed, the most recent figures from the Anti-Phishing Working Group (APWG) show that the numbers of phishing attacks are higher than ever before, with the quarterly total of identified unique phishing attacks exceeding 1 million for the first time in Q1 2022, and over 600 distinct brands attacked each month. more
Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA security mailing list we both read. The second, about the hotel industry, was sent by Deb Geisler to science fiction convention runners (SMOFS) mailing list we both read. more
As discussed in the several studies on name collisions published to date, determining which queries are at risk, and thus how to mitigate the risk, requires qualitative analysis. Blocking a second level domain (SLD) simply on the basis that it was queried for in a past sample set runs a significant risk of false positives. SLDs that could have been delegated safely may be excluded on quantitative evidence alone, limiting the value of the new gTLD until the status of the SLD can be proven otherwise. more
A lawsuit filed by Meta has led to a significant decrease in phishing websites tied to the domain name registrar Freenom. Cybersecurity expert Brian Krebs in a report on Friday said that Freenom, which provides free domain name registration services, was a favored resource for cybercriminals due to its policy of protecting customer identities. more
A World-Renowned Source for Internet Developments. Serving Since 2002.