Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
There's been a lot of ink and pixels spilled of late over the Heartbleed bug. Yes, it's serious. Yes, it potentially affects almost everyone. Yes, there are some precautions you should take. But there's good news, too: for many people, it's a non-event. Heartbleed allows an attacker to recover a random memory area from a web or email server running certain versions of OpenSSL. The question is what's in that memory. It may be nothing, or it may contain user passwords (this has reportedly been seen on Yahoo's mail service), cryptographic keys, etc. more
For many years the consuming topic in DNS circles was that of the names themselves. If you wind the clock back twenty years or so, you will find much discussion about the nature of the Internet's namespace. Why were there both generic top-level labels and two-letter country codes? If we were going to persist with these extra-territorial generic country codes in the namespace, then how many should there be? Who could or should manage them? And so on. more
In the second part of this two-part series article (part one here), Andrew McLaughlin concludes his critical look at the recently reported study, Public Participation in ICANN, by John Palfrey, Clifford Chen, Sam Hwang, and Noah Eisenkraft at the Berkman Center for Internet & Society at Harvard Law School... "ICANN has never attempted to be -- and was never designed to be -- 'representative' of the worldwide Internet community in any mathematically precise way. In view of the vast size of the global population of Internet users, and the specialized technical focus of ICANN's policy-making responsibilities, it would be a hopeless task to try to achieve truly representative statistical proportionality among ICANN's participants, committees, task forces, or Board members. Rather, here's how the U.S. government's foundational 1998 DNS policy statement described the core principle of 'representation'." more
On April 28th, a widespread blackout plunged millions across Spain, Portugal, and parts of south-west France into darkness, disrupting homes, transit systems, and even sporting events like the Madrid Open. more
Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs... One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. more
According to the latest report from Anti-Phishing Working Group (APWG) while the total number of conventional, spam-based phishing campaigns declined in 2018, users of software-as-a-service (SaaS) systems and webmail services are increasingly targeted. more
The Twitter micro-blogging service was knocked offline this morning for several hours as a result of a denial of service attack (DDoS). Twitter has confirmed and reported the attack in a post on its official blog earlier today: "We are defending against this [DDos] attack now and will continue to update our status blog as we continue to defend and later investigate." The company later reported that the service as been resumed but they are still continuing to defend against and recover from this attack. No further updates have been provided yet. more
Several developments are coming together in cloud computing that are creating shockwaves throughout society and in the economy. Over the last five years we have seen the debate about cloud computing hotting up. There was the hype around the new development at the same time as warnings regarding security and privacy, and for a while the market seemed subdued about the new development. However the economic reality of cloud computing meant that enterprises and government bureaucracies had little choice but to move ahead with cloud computing... more
The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks. more
The cybersecurity debate can be highly confusing at times. There is perhaps an analogy to be made between "Cybersecurity" and "The Economy". We all want to fix the economy but making progress is not an easy task. As soon as you are beyond that statement you notice that there is a lot of nuance. Issues like trust, influence, actors, and affectivity all come to play when you want to fix the Economy. The cybersecurity discourse has similar features. more
A recent report from Pike Research, "Smart Grid Cyber Security" has found if smart grids can realize their full potential, consumers, utilities, nations, and even the earth itself will benefit. As with nearly any new technology, the industry focus has been on getting smart grids up and running, often with little consideration for cyber security issues. more
Those who care about security and usability - that is, those who care about security in the real world - have long known that PGP isn't usable by most people. It's not just a lack of user-friendliness, it's downright user hostile. Nor is modern professional crypto any better. What should be done? How should crypto in general, and PGP in particular, appear to the user? I don't claim to know, but let me pose a few questions. more
Cisco today released a high-level alert warning about a vulnerability in IPv6 packet processing functions of multiple Cisco products that could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device. more
Verisign has been involved with an initiative known as Mutually Agreed Norms for Routing Security, or MANRS, since its inception. MANRS, which is coordinated by the Internet Society, focuses on strengthening the security and resiliency of IP networks throughout the world by identifying and providing best practices for mitigating common routing security threats. MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. more
The White House has recently released a draft of the National Strategy for Trusted Identities in Cyberspace. Some of its ideas are good and some are bad. However, I fear it will be a large effort that will do little, and will pose a threat to our privacy. As I've written elsewhere, I may be willing to sacrifice some privacy to help the government protect the nation; I'm not willing to do so to help private companies track me when it's quite useless as a defense. more
A World-Renowned Source for Internet Developments. Serving Since 2002.