Cybersecurity |
Sponsored by |
|
It would be one of the ironies of global technology development that the West has effectively so far followed a Jugaad principle of "good enough" innovation for DNS security, whereas India could well embrace all the latest advances in DNS security as its Internet economy grows. Like most other protocols from the early Internet, the DNS protocol was not designed with security built in. For those protocols, security services were typically either implemented at a different layer of the protocol stack, or were added on later. more
Yesterday, in my post on three new threats in one day, I posed the question whether it was necessary to develop regulations that would set a minimum standard on cyber security for devices that connect to the Internet. I'm having second thoughts here, which I'll explain in this post, but also try to look at a way forward and ask you to engage. more
The most effective early email-borne viruses didn't need botnets. They didn't change your computer settings, or steal your login credentials. And they somehow convinced regular users to help them spread. The first warnings about the Good Times virus began to appear in November of 1994, and by December the warnings were seen all over as people did what the warning said, and forwarded it to all their friends. There was another outbreak the following March... more
On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package. more
Today, this is how easily "TRUST" by your users/customers can be shattered, your revenues devastated, your share value plunged into the abyss, and your business destroyed. Furthermore, conventional thinking belongs only in university libraries, not in board rooms. It is time to seriously consider other innovative Out-Of-The-Box Solutions and doing things differently, or start writing your business obituary. more
Sixty years ago, Paul Baran and Sharla Boehm at The RAND Corporation released a seminal paper that would fundamentally reshape the cyber world forever more. Their paper, simply known as Memorandum RM -- 1303, described how specialized computers could be used to route digital communications among a distributed universe of other computers. It set the stage for a flood of endless developments that resulted in the interconnected world of everything, everywhere, all the time. more
Facebook alerted users today that its engineering team on Tuesday had discovered a security issue affecting almost 50 million accounts. more
Lee Dryburgh initiated a great thread in the Emerging Communications public group entitled What would your perfect phone be? There are 14 messages there at this moment with a lot of good ideas, but my first thought was the term "phone" is too limiting. Indeed, some of the correspondents' ideas also go far beyond the idea of a telephone. Here's what I want and fully expect to see, eventually. more
Do you have new information about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Copenhagen, Denmark, for ICANN 58 in March 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 58 DNSSEC Workshop! more
The alarming rise of phishing attacks has been underscored by a recent study "Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing conducted" by the Interisle Consulting Group, revealing a tripling of such attacks since May 2020. Despite efforts by companies and policymakers to combat this cybercrime, the data suggests that the prevailing strategies are ineffective and worsening each year. more
Technical development often comes in short, intense bursts, where a relatively stable technology becomes the subject of intense revision and evolution. The DNS is a classic example here. For many years this name resolution protocol just quietly toiled away. The protocol wasn't all that secure, and it wasn't totally reliable, but it worked well enough for the purposes we put it to. more
The 20th century was the golden age of surveillance. High-speed communication went either by telegraph and telephone, which needed a license from the government, or by radio, which anyone can listen to. Codes were manual or electromechanical and were breakable, e.g., the Zimmermann telegram and Bletchley Park. (The UK government spent far more effort inventing a cover story for the source of the telegram than on the break itself, to avoid telling the world how thoroughly they were spying on everyone.) more
Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more
In a recent talk at Black Hat, Apple's head of security engineering (Ivan Krsti?) described many security mechanisms in iOS. One in particular stood out: Apple's Cloud Key Vault, the way that Apple protects cryptographic keys stored in iCloud. A number of people have criticized Apple for this design, saying that they have effectively conceded the "Going Dark" encryption debate to the FBI. They didn't, and what they did was done for very valid business reasons -- but they're taking a serious risk... more
The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more
A World-Renowned Source for Internet Developments. Serving Since 2002.