Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
According to the latest report from Anti-Phishing Working Group (APWG) while the total number of conventional, spam-based phishing campaigns declined in 2018, users of software-as-a-service (SaaS) systems and webmail services are increasingly targeted. more
For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities. more
The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks. more
Trust is such a difficult concept in any context, and certainly, computer networks are no exception. How can you be assured that your network infrastructure is running on authentic platforms, both hardware and software and its operation has not been compromised in any way? more
At the recent Anti-Phishing Working Group meeting in San Francisco, Rod Rasmussen and I published our latest APWG Global Phishing Survey. Phishing is a distinct kind of e-crime, one that's possible to measure and analyze in depth. Our report is a look at how criminals act and react, and what the implications are for the domain name industry. more
Anyone who reads the papers sees stories -- or hype -- about cyberwarfare. Can it happen? Has it already happened, in Estonia or Georgia? There has even been a Rand Corporation study on cyberwarfare and cyberdeterrence. I wonder, though, if real cyberwarfare might be more subtle -- perhaps a "cyber cold war"? more
What do Europeans interested in Internet policy think about cybersecurity, network neutrality, IANA, improving Internet access and other topics? Tomorrow the second day of the European Dialog on Internet Governance (EuroDIG) 2015 in Sofia, Bulgaria, will cover all those topics and many more. I've listed some of the sessions that either I or my Internet Society colleagues are participating in. I will personally be involved as a panelist on the two sessions about cybersecurity. more
Signing Email is now a Draft Standard! Signing email transitioned from a proposed standard to a draft standard (RFC6376 -- one of the new RFCs) over at the IETF a few days ago. The other is RFC6377. Let's go through a brief history of DKIM RFCs to refresh our memories... more
Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. On another blog, they were commenting that various experts were claiming that this is the case. more
Here we go again; another instance of really sophisticated spyware has been reported, a system that is "so complex and sophisticated that it's probably an advanced cyber-weapon unleashed by a wealthy country to wage a protracted espionage campaign on Iran". I won't get into the debate about whether or not it's really more impressive than Stuxnet, whether or not it's groundbreaking, or whether or not Israel launched it; let it suffice to say that there are dissenting views. I'm more interested in the implications. more
Recent events have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are an important element of internet infrastructure; their functionality and security rely upon many factors such as their delegated name servers. more
A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two-factor authentication is harder than it seems. more
Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet", reported that the incidence of DDOS attacks is on the rise. And by this he means that these attacks are on the rise both in the number of attacks and the intensity of each attack. A similar observation was made in the Versign DDOS Trends report for the second quarter of 2015, reporting that DDOS attacks are becoming more sophisticated and persistent in the second quarter of 2016. more
Something bad happens online. I can tie that something-bad back to an IP address. Do I know who did the bad thing? According to the Federal District Court in Arizona, I don't. An IP address may identify the owner of an Internet access account; it does not identify who was online at that particular time and who may be responsible for the actions in question. In Breaking Glass Pictures v Does, DAZ 2013, Plaintiff brought a claim for copyright infringement, wants early discovery, but the court is refusing. more
There is considerable rhetoric propagated today about 5G security. Some of the more blatant assertions border on xenophobia with vague assertions that the 5G vendors from some countries cannot be trusted and wholesale government banning is required. Existing treaty obligations are being summarily abrogated in favour of bilateral trade bullying. These are practices that the late President George H.W. Bush sought to eliminate a quarter century ago through intergovernmental organization initiatives... more
A World-Renowned Source for Internet Developments. Serving Since 2002.