Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
As each day brings new revelations about surveillance online, we are starting to see increasing activity in national legislatures intended either to establish more control over what the security services can do to their nationals (in countries like the US), or to limit access by foreign secret services to the personal information of their citizens (countries like Brazil). Unfortunately, neither of these approaches address the underlying problem: we have a paradigm for surveillance that's fit for the analogue past, not the digital present, let alone the future. more
Are you ready to help me make the Internet more secure? Here's your chance to join me in a project to create an open-source hardware device to protect email, files and other data from hackers and government spies. The CrypTech Project was founded in late 2013 after NSA whistleblower Edward Snowden revealed that the US and other governments were exploiting weak cryptography and loose standards to gain access to citizens' email, documents, and other files. more
One summer sport in Internet governance is speculating on what direction ICANN's new CEO will take it in. Making the media rounds yesterday on Fox and Lehrer News Hour to talk about the recent DDoS attacks on US and S. Korea government and commercial websites, new CEO Rod Beckstrom pushed how the response to cyber attacks is a coordinated effort, he also alluded to ICANN's role in similar attacks. Responding to a question on the News Hour about the USG policy response to dealing with cyber attacks, Beckstrom highlighted the critical role of ISP filtering, and identified the "organic" as well as "somewhat structured" coordination which occurs during a typical response. More interestingly, he plugged ICANN's facilitating role. more
Internet connectivity is a good thing. Many of us depend on it for everything from our livelihoods to our entertainment. However, the Internet is very fragile and even the The New York Times is worried about it. But they're primarily concerned with overloads that can occur when everyone on the planet does the same thing at roughly the same time, such as surfing for news about Michael Jackson. Unfortunately, we will never avoid all such scenarios. Physical systems are designed around average and typical peak loads, not around extremely high loads associated with very unlikely events. Who would pay for that? more
The breadth of cyber threats that an organization must engage with and combat seemingly change on a daily basis. Each new technology, vulnerability or exploit vector results in a new threat that must be protected against. Meanwhile some forms of attack never appear to age -- they remain a threat to business continuity despite years of advances in defensive strategy. One particularly insidious and never-ending threat is that of the Distributed Denial of Service (DDoS) attack. more
FlyHosting had been open for business since November 2022 and was used for malicious activities such as hosting malware, botnet controllers, and carrying out DDoS attacks. more
If you are interested in presenting at the ICANN 69 DNSSEC and Security Workshop during the week of 17-22 October 2020, please send a brief (1-2 sentence) description of your proposed presentation to [email protected] by 27 August 2020. We are open to a wide range of topics related to DNS, DNSSEC, DANE, routing security, and more. There are some ideas in the Call for Participation below, but other ideas are definitely welcome, too! more
As recently reported, spam volumes indicate spam has nearly jumped back up to its pre-McColo shutdown levels. However, Symantec's The State of Spam report has also observed that in recent days spammers are increasingly piggybacking on legitimate newsletters and using the reputation of major social networking sites to try and deliver spam messages into recipients' inboxes... In its special URL investigation the report also indicates that on average approximately 90 percent of all spam messages today contain some kind of a URL. Additionally, analysis of data from past recent days, according to Symantec, have shown that 68% of all URLs in spam messages had a '.com' Top-Level Domain (TLD), 18% had a China's '.cn' ccTLD and 5% had a '.net'. more
I am writing to you as someone who is not your citizen, (although I had the fortune to wed the most beautiful of your daughters), to share my thoughts about the recent US Government Cyber Solarium Commission report. U.S.A. We owe you one! Without you and your citizens there would be no free Internet as we know it. Thank You! Your constitution is our inspiration. We, the global digital citizenship want to be "the people", in order to "secure the Blessings of Liberty to ourselves and our Posterity..." more
RIPE 63 is on this week in Vienna, Austria. Yesterday evening saw the General Meeting where members were asked to vote on a number of motions. While some of the motions were more formalities than anything else, the votes on RPKI and the membership fee structure for 2012 provoked some emotive debate. more
An extensive analysis of WannaCry seems to indicate attackers would be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis. more
In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more
One way or another we've been working on various aspects of securing the Internet's inter-domain routing system for many years. I recall presentations dating back to the late '90's that point vaguely to using some form of a digital signature on BGP updates that would allow a BGP speaker to assure themselves as to the veracity of a route advertisement. more
Yesterday's Wikipedia outage, which resulted from invalid DNS zone information, provides some good reminders about the best and worst attributes of active DNS management. The best part of the DNS is that it provides knowledgeable operators with a great tool to use to manage traffic around trouble spots on a network. In this case, Wikipedia was attempting to route around its European data center because... more
A recent decision from a federal district court addresses an issue I hadn't seen before: whether searching malware on the suspect's computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn't tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose. more
A World-Renowned Source for Internet Developments. Serving Since 2002.