Cybersecurity |
Sponsored by |
|
Cities are among the largest regional authorities and natural human communities we know. Of course there are countries like China, India or the USA which count some hundred million or even a billion inhabitants. But there are also countries with far less than 100,000 inhabitants, like Tuvalu, Andorra or Barbados. If city communities are ranked by the number of inhabitants as independent entities among country communities, cities like Tokyo, New York, Shanghai or London head the ranking because they have more citizens than many countries. London for instance has more inhabitants than the Netherlands, and Tokyo outpaces Canada in that respect. Interestingly, there are only around 400 cities worldwide with more than 1 million inhabitants... The following post will give an overview of how cities are being identified on the Internet via Top-Level Domains and the opportunities that lay ahead. more
Ah yes, 'Security by obscurity': "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." I'm glad the guys guarding the A Root Servers are up on the latest security trends. Of course, you could hide the A Root Servers at the heart of the Minotaur's maze, but they're still going to be "right over there" in cyberspace, at 198.41.0.29 more
The U.S. government has announced today that it will indefinitely retain oversight of the Internet's root servers, ignoring pervious calls by some countries to turn the function over to an international body. more
In the beginning there was silence; then, silence begat communication, and communication begat more communication and, ultimately, group communication formed and begat a primordial "network" of communication that gradually and inevitably increased in effectiveness and complexity: there were only signal fires at first but, then, there were cave drawings, carrier pigeons, shouting from hill-tops, smoke from fire, lines of cannon fire, the telegraph, Alexander Graham Bell, and, finally, the network of networks known as the Internet. But, is that it? Is there not something more impressive in its impact upon communication than the Internet? What more might one desire than the dynamic wonders of the Internet, you ask? Well, what about ENUM? "E-What!?" more
Last week, Columbia University's School of International and Public Affairs (SIPA), in collaboration with the Global Commission on Internet Governance (GCIG), hosted a conference on Internet governance and cybersecurity. The conference gathered a variety of experts to discuss issues pertaining to Internet governance, human rights, data protection and privacy, digital trade, innovation and security. more
ICANN has been wrangling about WHOIS privacy for years. Last week, yet another WHOIS working group ended without making any progress. What's the problem? Actually, there are two: one is that WHOIS privacy is not necessarily all it's cracked up to be, and the other is that so far, nothing in the debate has given any of the parties any incentive to come to agreement. The current ICANN rules for WHOIS say, approximately, that each time you register a domain in a gTLD (the domains that ICANN manages), you are supposed to provide contact information... WHOIS data is public, and despite unenforceable rules to the contrary, it is routinely scraped... more
Where is the domain industry with the adoption of DNSSEC? After a burst of well publicized activity from 2009-2011 -- .org, .com, .net, and .gov adopting DNSSEC, roots signed, other Top-Level Domains (TLDs) signed -- the pace of adoption appears to have slowed in recent years. As many CircleID readers know, DNSSEC requires multiple steps in the chain of trust to be in place to improve online security. more
As attack vectors go, very few are as significant as obtaining the ability to insert bespoke code in to an application and have it automatically execute upon "inaccessible" backend systems. In the Web application arena, SQL Injection vulnerabilities are often the scariest threat that developers and system administrators come face to face with (albeit way too regularly). more
For those who've been living in an e-mail free cave for the past year, phishing has become a huge problem for banks. Every day I get dozens of urgent messages from a wide variety of banks telling me that I'd better confirm my account info pronto. ...Several people have been floating proposals to extend authentication schemes to the URLs in a mail message. A sender might declare that all of links in it are to its own domain, e.g., if the sender is bigbank.com, all of the links have to be to bigbank.com or maybe www.bigbank.com. Current path authentication schemes don't handle this, but it wouldn't be too hard to retrofit into SPF. ...So the question is, is it worth the effort to make all of the senders and URLs match up? more
In those circles where Internet prognostications abound and policy makers flock to hear grand visions of the future, we often hear about the boundless future represented by "The Internet of Things". This phrase encompasses some decades of the computing industry's transition from computers as esoteric piece of engineering affordable only by nations, to mainframes, desktops, laptops, handhelds, and now wrist computers. Where next? more
On Saturday, November 29, 2003 a post on the GNSO mailing list indicated that the .name registry website had been hacked. As reported by George Kirikos, "The .name registry's main website www.nic.name has been hacked, as of Saturday evening in North America. According to Netcraft, they're running Linux. They must not have kept up to date with all security updates, or someone cracked a password. Hopefully offsite backups were made, to ensure data integrity." Although, due to this emergency, the .name web servers have been pulled down as of this writing, just a short few hours ago, visitors to the .name registry home page would find a mysterious black screen upon visiting the site, including the following text... more
A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal." more
The beginning of a new decade is always an invitation to have a broader look into the future. What, in the next ten years, will happen in the Internet Governance Ecosystem? Will the 2020s see the usual swinging pendulum between more liberal and more restrictive Internet policies in an interconnected world? Or will we move towards a watershed? more
VPN products vary greatly in convenience, efficiency, and security. If security is a serious concern, an organization needs to pay close attention to the protocols a service supports. Some widely used protocols have significant weaknesses, while others offer state-of-the-art security. The best of the lot today include OpenVPN and IKEv2. What's called a VPN protocol is actually a collection of protocols. There are several functions which every VPN has to manage. more
One of the chronic features of the Bitcoin landscape is that Bitcoin exchanges screw up and fail, starting with Mt. Gox. There's nothing conceptually very hard about running an exchange, so what's the problem? The first problem is that Bitcoin and other blockchains are by design completely unforgiving. If there is a bug in your software which lets people steal coins, too bad, nothing to be done. more
A World-Renowned Source for Internet Developments. Serving Since 2002.