Cybersecurity |
Sponsored by |
|
I wonder how much botnets reuse IP addresses. Do they infect a system and spam, get blocked, discard the IP and move onto the next (new) one? This means that they have a nearly unlimited supply of IP addresses. Or do they infect a system and spam, get blocked, and then let it go dormant only to awaken it some time later? I decided to take a look. more
The highest court in Germany has ruled against telephone and email data retention used to track criminal networks. Melissa Eddy of the Global and Mail reports: "A law ordering data on calls made from mobile or landline telephones and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans' constitutional right to private correspondence, the Federal Constitutional Court ruled. In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security."
more
There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more
As the steward of .ORG, Public Interest Registry is committed to serving as an "exemplary registry" for the DNS. As part of that mission, PIR published our Anti-Abuse Principles last year that serve as our north star to address questions of abuse. As PIR has stated on many occasions, generally speaking, the DNS is not the appropriate place to address questions of website content abuse because of the blunt tool we as a registry have and the collateral damage that can be caused by suspending a domain name for a piece of content. more
In an interview with GovInfoSecurity, Sen. Thomas Carper said that the U.S. Senate is considering attaching cybersecurity legislation to a defense authorizations bill. Though clearly a ploy to be able to say "we did something about those evil hackers" before the elections, CAUCE applauds the attempt. There can be no doubt that the United States (and many other countries) sorely needs better laws to deal with these threats. more
A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more
After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more
Akamai releases its Third Quarter, 2016 State of the Internet / Security Report, providing analysis of the current cloud security and threat landscape, including insight into two record setting DDoS attacks caused by the Mirai botnet. more
Credit card information is the most advertised category of goods and services on the underground economy accounting for 31 percent of the total, according to recent data found by security experts. In a report released today by Symantec, stolen credit card numbers are reported to sell for as little as $0.10 to $25 per card with the average advertised stolen credit card limit at more than $4,000. According to calculations, the potential worth of all credit cards advertised during the reporting period was $5.3 billion. more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more
In its second quarter 2011 earnings call, Verisign announced that Mark McLaughlin has submitted his resignation to become the CEO of a private company. His last day with the company will be August 25, 2011. Mark concluded his board service at the regularly scheduled board of directors meeting on July 27, 2011 and resigned as president and chief executive officer effective August 1, 2011. Jim Bidzos, Verisign's founder and previous CEO, will become the president and chief executive officer effective August 1, 2011. more
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more
The global deployment of Domain Name System Security Extensions (DNSSEC) is charging ahead. With ICANN 38 Brussels just around the corner, DNSSEC deployment will inevitably be the hot topic of discussion over the next few days. Case in point, today, ICANN hosted the first production key ceremony at a secure facility in Culpepper, Va. where the first cryptographic digital key was used to secure the Internet root zone. The ceremony's goal was simple: for the global Internet community to trust that the procedures involved with DNSSEC are executed correctly and that the private key materials are stored securely. more
A World-Renowned Source for Internet Developments. Serving Since 2002.