Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The Microsoft action against 3322.org, a Chinese company, started with the news that computers were infected during the production phase. Stepping away from the controversy surrounding the approach, there are important lessons that cyber security officials and upper management, deciding on the level of and budget for cyber security in organisations should learn and take into account. I'm writing this contribution from a premise: China uses the fact that most IT devices are built in China to its advantage. Allow me to start with an account from personal memory to set the stage. more
Kenzie is a security researcher who has registered numerous domain names that are typographic errors of well-known trademarks (e.g., rnastercard, rncdonalds, nevvscorp, rncafee, macvvorld, rnonster, pcvvorld). He points the domain names to the actual sites in question (e.g., rncdonalds points to mcdonalds.com), but he is looking to demonstrate how these typo domains are used for "social engineering" attacks. more
The world is abuzz this week with some flaming malware - well "Flame" is the family name if you want to be precise. The malware package itself is considerably larger than what you'll typically bump into on average, but the interest it is garnering with the media and antivirus vendors has more to do with the kinds of victims that have sprung up - victims mostly in the Middle East, including Iran - and a couple of vendors claiming the malware as being related to Stuxnet and Duku. more
Verisign is deeply committed to protecting our critical internet infrastructure from potential cybersecurity threats, and to keeping up to date on the changing cyber landscape. Over the years, cybercriminals have grown more sophisticated, adapting to changing business practices and diversifying their approaches in non-traditional ways. We have seen security threats continue to evolve in 2020, as many businesses have shifted to a work from home posture due to the COVID-19 pandemic. more
It is not often that you read a book where afterward nothing seems the same again. Like Adam Smith's The Wealth of Nations, Shoshana Zuboff's book: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power,, puts what we do in these times into a context and gives a focus to ongoing issues of privacy and governance with regard to the Domain Name System. This is even more astonishing as the book does not even mention the DNS, the Internet ecosystem or even Internet Governance directly. more
Surveillance capitalism monetizes private data that it collects without consent of the individuals concerned, data to analyze and sell to advertisers and opinion-makers. There was always an intricate relationship between governments and surveillance capitalists. Governments have the duty to protect their citizens from the excesses of surveillance capitalism. On the other hand, governments use that data, and surveillance capitalism's services and techniques. more
Hackers behind the massive data breach of the hotel group Marriott International Inc have left clues suggesting ties to the Chinese government intelligence-gathering operation. more
In mid-August China launched "QUESS" (Quantum Experiments at Space Scale), a new type of satellite that it hopes will be capable of "quantum communications" which is supposed to be hack-proof, through the use of "quantum entanglement". This allows the operator to ensure that no one else is listening to your communications by reliably distributing keys that are then used for encryption in order to be absolutely sure that there is no one in the middle intercepting that information. more
A reader recently brought to my attention an upcoming conference in London in the UK -- The Oil and Gas Cyber Security Forum. Here's a little blurb: "Despite investments into state of the art technology, a majority of the oil and gas industry remain blissfully unaware of the vulnerabilities, threats and capability of a malicious cyber attack on control systems..." I bring this up because it is relevant to the trends in cyber security that we see this year - that of the Advanced Persistent Threat. more
The Anti-Phishing Working Group has released its latest Global Phishing Survey, written by myself and Rod Rasmussen. This report comprehensively examines a large data set of more than 250,000 confirmed phishing attacks detected in 2015 and 2016. By analyzing this cybercrime activity, we have learned more about what phishers have been doing, and how they have done it. Unfortunately, there's more phishing than ever, and phishers are registering more domain names than ever. more
In 2010, ICANN's Security and Stability Advisory Committee (SSAC) published SAC045 [PDF], a report calling attention to particular problems that may arise should a new gTLD applicant use a string that has been seen with measureable (and meaningful) frequency in queries for resolution by the root system. The queries to which they referred involved invalid Top-Level Domain (TLD) queries (i.e., non-delegated strings) at the root level of DNS, queries which elicit responses commonly referred to as Name Error, or NXDomain, responses from root name servers. more
Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more
As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more
The indicators of compromise (IOCs) outlined in my last blog post can be used as a baseline for developing intrusion sets and tracking attack campaigns and threat actors. When launching an attack, threat actors use a variety of vectors and infrastructure, which Verisign iDefense analysts -- as well as analysts across the cybersecurity community -- correlate to group attacks, tracking actors and determining attack methods. more
The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative... The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order? more
A World-Renowned Source for Internet Developments. Serving Since 2002.