Cybersecurity |
Sponsored by |
|
The world has officially entered what the MLi Group labels as the "New Era of The Unprecedented". In this new era, traditional cyber security strategies are failing on daily basis, political and terrorist destruction-motivated cyber attacks are on the rise threatening "Survivability", and local political events unfold to impact the world overnight and forever. Decision makers know they cannot continue doing the same old stuff, but don't know what else to do next or differently that would be effective. more
In the last year or so, there's been a lot of controversy about some employers demanding social network passwords from employees or applicants. There's even been a bill introduced in Congress to bar the practice. The focus has been the privacy violation implied by such demands... The first issue is that a password gives the holder write access, not just read access, to the account. more
Another contentious issue at the WCIT in Dubai is 'security'. There has been a dramatic increase in nervousness regarding a whole range of security issues, especially in relation to the internet. They include: SPAM, denial-of-service-attacks, identity theft, cybercrime, cyberwarfare, and privacy issues on social media. From the list above it is clear that some of these issues are related to content, while some can be classified as national security and others as criminal offences. In other words, there is no clear-cut issue on what constitutes security. more
Many years ago on my first trip to London, I encountered for the first time signs that warned pedestrians that vehicles might be approaching in a different direction than they were accustomed to in their home countries, given the left-versus-right-side driving patterns around the world. (I wrote a while back about one notable change from left-to-right, the Swedish "H Day," as a comment on the IPv6 transition.) more
Paul Vixie proposes a 'cooling-off period' when domain names are registered in order to help detect and deter malicious activity. "There's no legitimate reason for a new domain name to be registered and go live in less than a minute... more
On January 8, 2013, a Judge from the United States District Court in Texas ruled against a high school sophomore's refusal to wear a smart identity card embedded with a radio frequency chip which is part of the school's smart ID card student locator project. The Judgment show the Testimonies of Superintendent and the Principal in stating that the sensors do not give exact readings nor are they able to pinpoint the exact location of the students. more
It is now out -- all 539 pages entitled "Declaratory Ruling, Report and Order, and Order" (Reversal Order). As someone who has dealt with this subject matter at a working level over the past 40+ years, it seems clear that the FCC will readily prevail here and the protagonists need to move on. (Admittedly that is wishful thinking given the appellate revenue to be made and press blather opportunities.) The document from a Federal Administrative Law perspective is very thorough and well-crafted. more
Are you ready to help me make the Internet more secure? Here's your chance to join me in a project to create an open-source hardware device to protect email, files and other data from hackers and government spies. The CrypTech Project was founded in late 2013 after NSA whistleblower Edward Snowden revealed that the US and other governments were exploiting weak cryptography and loose standards to gain access to citizens' email, documents, and other files. more
This weekend Jari Arkko, Chair of the Internet Engineering Task Force (IETF), and Stephen Farrell, IETF Security Area Director, published a joint statement on the IETF blog titled: "Security and Pervasive Monitoring"... They go on to outline some of the IETF's general principles around security and privacy as well as some of the new developments. They also point out a vigorous (and still ongoing) discussion within the IETF around how to improve the security of the Internet in light of recent disclosures. more
For many years the consuming topic in DNS circles was that of the names themselves. If you wind the clock back twenty years or so, you will find much discussion about the nature of the Internet's namespace. Why were there both generic top-level labels and two-letter country codes? If we were going to persist with these extra-territorial generic country codes in the namespace, then how many should there be? Who could or should manage them? And so on. more
March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover - a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate. more
IoT devices have ingrained themselves into almost every aspect of modern life. From home assistants to industrial machinery, it's hard to find a device that isn't connected to a network and gathering data. Despite widespread adoption, IoT cybersecurity compliance remains surprisingly low. A big reason for this is the unique challenges IoT devices pose to operators. more
One summer sport in Internet governance is speculating on what direction ICANN's new CEO will take it in. Making the media rounds yesterday on Fox and Lehrer News Hour to talk about the recent DDoS attacks on US and S. Korea government and commercial websites, new CEO Rod Beckstrom pushed how the response to cyber attacks is a coordinated effort, he also alluded to ICANN's role in similar attacks. Responding to a question on the News Hour about the USG policy response to dealing with cyber attacks, Beckstrom highlighted the critical role of ISP filtering, and identified the "organic" as well as "somewhat structured" coordination which occurs during a typical response. More interestingly, he plugged ICANN's facilitating role. more
Google has received a lot of press regarding their Project Shield announcement at the Google Ideas Summit. The effort is being applauded as a milestone in social consciousness. While on the surface the endeavor appears admirable, the long-term impact of the service may manifest more than Google had hoped for. Project Shield is an invite-only service that combines Google's DDoS mitigation technology and Page Speed service... more
On Wednesday, Project Honey Pot filed an unusual lawsuit against "John Does stealing money from US businesses through unauthorized electronic transfers made possible by computer viruses transmitted in spam." Their attorney is Jon Praed of the Internet Law Group, who is one of the most experienced anti-spam lawyers around, with whom I have worked in the past. more
A World-Renowned Source for Internet Developments. Serving Since 2002.