Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC. In both cases there is a misalignment of interests between content providers and service?providers. Content providers aren't highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6. Service providers aren't anxious to deploy IPv6? because there isn't a lot of content on v6, and virtually none exclusively on v6 - so they don't expand the universe of interesting stuff on the web by deploying IPv6. Basically the same things could be said about DNSSEC. more
How can we work together to improve the security and resilience of the global routing system? That is the question posed by the "Routing Resilience Manifesto" site with the suggested answer launched today of the "Mutually Agreed Norms for Routing Security (MANRS) document, to which a number of network operators have already signed on as participants, including: Comcast, Level 3, NTT, RUNNet, ClaraNet, SURFnet, SpaceNet, KPN and CERNET. more
Purists have long objected to HTML email on aesthetic grounds. On functional grounds, it tempts too many sites to put essential content in embedded (or worse yet, remote) images, thus making the messages not findable via search. For these reasons, among others, Matt Blaze remarked that "I've long thought HTML email is the work of the devil". But there are inherent security problems, too (and that, of course, is some of what Matt was referring to). Why? more
The 20th century was the golden age of surveillance. High-speed communication went either by telegraph and telephone, which needed a license from the government, or by radio, which anyone can listen to. Codes were manual or electromechanical and were breakable, e.g., the Zimmermann telegram and Bletchley Park. (The UK government spent far more effort inventing a cover story for the source of the telegram than on the break itself, to avoid telling the world how thoroughly they were spying on everyone.) more
There is a classic scene in the movie, "Jaws," when Roy Scheider gets a look at the size of the shark circling his fishing vessel and says, "We're going to need a bigger boat." The same case can be made for CIOs dealing today with application security. Hackers from all over the world are circling business and government like great whites looking for vulnerabilities in Internet-facing applications. The growth of applications is great for doing business but they have become chum in the water for predators. more
Between December 10th and 11th 2015, the China Future Network Development and Innovation Forum, jointly hosted by the Chinese Academy of Engineering and the Nanjing Municipal Government, is scheduled to be held in Nanjing, Jiangsu, China. The forum will be jointly organized by Jiangsu Future Networks Innovation Institute and Beijing Internet Institute, with the theme of "Building future network test facilities and promoting network development & innovation", and it will invite nearly a hundred industrial experts at home and abroad, to establish a platform marked by security, innovation, openness, cooperation where the policy, industry, academics, and application are integrated. more
As far as facebook is concerned, your email is your identification. This is true for other social networks like linkedin, and is slowly catching on to many other Web 2.0 services. It actually makes a lot of sense that your unique identifier (your "ID") would be your email -- it's unique by definition, it's easy to remember and most services need the email information anyway... So if email is destined to become the equivalent of your social security number or identification number (depending on which country you live in) how do we proof check that the email address we typed does not contain any typos? more
A lot of pixels have been spilled in the last few years about "advanced persistent threats" (APT); if nothing else, any high-end company that has been penetrated wants to blame the attack on an APT. But what is an APT, other than (as best I can tell) an apparent codename for China? Do they exist? After thinking about it for a while, I came up with the following representation... more
The Google-run .app TLD was always destined to draw attention and scrutiny, from the moment it fetched a then-record ICANN auction price of $25 million. Since it reached General Availability in May it has gained more than 250,000 registrations making it one of the world's most successful TLDs. However perhaps more interesting was Google's choice to add the .app TLD and its widely used .google extension to the HTTP Strict Transport Security (HSTS) Top-Level Domain preload list, offering an unprecedented level of security for all domains under .google and .app. more
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
Here at the Anti-Phishing Working Group meeting in Hong Kong, we've just released the latest APWG Global Phishing Survey. Produced by myself and my research partner Rod Rasmussen of Internet Identity, it's an in-depth look at the global phishing problem in the second half of 2013. Overall, the picture isn't pretty. There were at least 115,565 unique phishing attacks worldwide during the period. This is one of the highest semi-annual totals we've observed since we began our studies in 2007. more
Australians may lose their right to privacy online if the attorney-general has her way. Nicola Roxon's discussion paper is before a parliamentary inquiry. Proposals include storing the social media and other online and telecommunications data of Australians for two years, under a major overhaul of Australia's surveillance laws. The government passed a toned down version of these proposals last week, giving police the power to force telcos to store data on customers for a specific period while a warrant is sought. more
A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more
As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more
For the last decade and a bit, banking customers have been relentlessly targeted by professional phishers with a never-ending barrage of deceitful emails, malicious websites and unstoppable crimeware -- each campaign seeking to relieve the victim of their online banking credentials and funds. In the battle for the high-ground, many client-side and server-side security technologies have been invented and consequently circumvented over the years. Now we're about to enter a new era of mitigation attempts... more
A World-Renowned Source for Internet Developments. Serving Since 2002.