Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Google is great at generating buzz, and they've done it again with their new social vitality tool, appropriately named Google Buzz. Buzz takes all of your Gmail contacts (and presumably other connections from elsewhere within the Googleplex), and makes them all your "friends" by default; it then shares your activity from Google Reader, YouTube, and other tools with all of them, and vice versa... more
Reading Peter Olthoorn's book on Google (a link is found here), I ran into a passage on IP addresses. Where Google states that it does not see an IP address as privacy sensitive. An IP address could be used by more than one person, it claims. The Article 29 Working Party, the EU privacy commissioners, states that it is privacy sensitive as a unique identifier of a private person. It got me wondering whether it is this simple. Here is a blog post meant to give some food for thought and debate. I invite you to think about the question 'how private is an IP address'? more
As a registrar at the front end of the DNSSEC deployment effort, our technical team has made a sustained investment in DNSSEC deployment so that our customers don't get overwhelmed by this wave of changes to the core infrastructure of the Domain Name System. Along the way, we've learnt a lot about how to implement DNSSEC which might hold useful lessons for other organizations that plan to deploy DNSSEC in their networks. more
In a recent article at TechWeb, the following observations were made: "Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers... Finnish-based F-Secure has identified more than 30 registered domain names for resale that would be of interest only to the legitimate holder of the trademark or to phishers..." more
DNSSEC is increasingly adopted by organizations to protect DNS data and prevent DNS attacks like DNS spoofing and DNS cache poisoning. At the same time, more DNS deployments are using proprietary DNS features like geo-routing or load balancing, which require special configuration to support using DNSSEC. When these requirements intersect with multiple DNS providers, the system breaks down. more
Bruce Schneier is a famous cryptography expert and Orin Kerr a famous cyberlaw professor. Together they've published a law journal article on Encryption Workarounds. It's intended for lawyers so it's quite accessible to non-technical readers. The article starts with a summary of how encryption works, and then goes through six workarounds to get the text of an encrypted message. more
In 2013 I wrote a blog Telecoms as a spying tool, in which I mentioned that those who use the internet to spy indiscriminately will have to face the reality that such activities will only start a cat-and-mouse game -- the technology will always be able to stay one step ahead of those who are using the internet for criminal purposes. Since that time some very significant developments have taken place that have confirmed our prediction. more
We all know how easy it can be to ignore or underestimate the possibly, or even likelihood, of a terrorist attack; just remember what happened on 9-11. That seems to be just what the U.S. is doing when it comes to a possible Cyber-Attack, no not in other countries, but right here at home where targets like private sector companies, who provide vital economic and emergency services to our population using broadband infrastructure, and are woefully under-secured for such attacks. more
By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills - and the quality assurance budgets - that something the size of the Internet deserves. more
Three parallel events in US communications policy today, all reported on widely - but with a common thread. ... Law enforcement and national security officials want to make sure that they have the same ability to execute warrants and surveillance orders online that they had in the switched-telephone-circuit age -- which will mean substantial government design mandates for new software, hardware, and communications facilities. more
The Spamhaus Project just published a long article about the botnets they've been watching during 2014. As this chart shows, we're not making any progress. They also note that the goals of botnets have changed. While in the past they were mostly used to send spam, now they're stealing banking and financial information, engaging in click fraud, and used for DDoS and other malicious mischief. more
With 2019 coming to a close, we're not just saying goodbye to the past 365 days, we're also saying goodbye to an entire decade. As we bid farewell to the 2010s, we're taking this opportunity to look back and reflect on the digital decade as well as consider what the future might have in store for us all. The past ten years were a whirlwind of change, with new advances in technology exploding onto the market at a faster pace than ever before. more
In a blog post last week, Gary Warner, director of research in computer forensics at the University of Alabama's (UAB) computer and information sciences department, wrote that it is well past time for someone to declare a "Spam Crisis in China". The warning comes along with UAB's reports that most of the spam they receive has ties to China. "It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China to host their web pages." more
Most cloud DDoS mitigation services are offered on demand meaning that customers can enable the service when they are the victim of a DDoS attack. But how can a company find out -- quickly -- that it is under attack? Sometimes it is difficult to know. In this three part series, we will examine multiple monitoring tools companies can use to capture DDoS, which can help determine whether you are under a DDoS attack. more
ICANN has apparently hired Jeff Moss (aka Dark Tangent) as CSO. Moss is a well known figure in the internet security community and was founder of Black Hat and the Def Con conferences. However isn't Moss a bit conflicted? Isn't he on one of the review teams? more
A World-Renowned Source for Internet Developments. Serving Since 2002.