Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Microsoft's latest Digital Defense Report reveals how cybercriminals and nation-states are rapidly adopting AI to enhance attacks. With identity-based threats soaring, the company urges urgent modernization of security systems and global cooperation. more
A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more
As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more
Just a few months after Yahoo confirmed a massive data breach impacting half a billion users, the company today disclosed a second major breach of its systems affecting over a billion users. more
The world of Internet threats has changed continually over the years. From the time that a "worm" first showed up in the wild, or whenever someone penetrated a system without authorization for the first time, various forms of attacks and malware have presented dangers to the system and those who use it. Different vectors have received varied focus over the years... Many parts of the Internet community have been involved in addressing relevant issues and fostering efforts to combat them. more
In Asia -- a region that at various points in its recent history has been a hotbed for civil unrest, secessionist movements and political instability -- the line between national security and public interest can be difficult to draw. A session organised by the Internet Society at the recently held RightsCon Southeast Asia in Manila shed some light on the perceived trade-offs between national security objectives and digital rights, in particular freedom of expression and privacy. more
Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more
By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more
After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more
The impact of the recently revealed US government data collection practices may go well beyond the privacy ramifications outlined in the Internet Society's statement: expect a chilling effect on global, resilient network architecture. As governments of other countries realize how much of their citizens' traffic flows through the US, whether or not it is destined for any user or service there, expect to see moves to curtail connections to and through the US. more
Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more
Governments often use small players as pawns in their global games of chess. Two weeks ago the European Court of Justice invalidated the EU-US Safe Harbor ("Safe Harbor") framework, turning Internet businesses into expendable pawns in a government game. But for the past fifteen years, Safe Harbor allowed data flows across the Atlantic -- fostering innovation and incredible economic development. more
My Twitter feed has exploded with the release of the Kaspersky report on the "Equation Group", an entity behind a very advanced family of malware. (Naturally, everyone is blaming the NSA. I don't know who wrote that code, so I'll just say it was beings from the Andromeda galaxy.) The Equation Group has used a variety of advanced techniques, including injecting malware into disk drive firmware, planting attack code on "photo" CDs sent to conference attendees, encrypting payloads... more
A cybersecurity company recently attempted reverse domain name hijacking for an exact match domain name of its brand, and in so doing, failed in both its bid to take ownership of the domain and potentially damaged their reputation by using this somewhat nefarious tactic and abusing the Uniform Domain Name Dispute Resolution Policy (UDRP) process. more
Do you have new information about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Copenhagen, Denmark, for ICANN 58 in March 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 58 DNSSEC Workshop! more
A World-Renowned Source for Internet Developments. Serving Since 2002.