Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
As noted in my first article of this series (see part one, two and three), security and reliability encompass holistic network assessments, vulnerability assessments and penetration testing. This month I'd like to go deeper into penetration testing; however, first, let's go back for a quick refresh before getting started. more
Imagine a scenario. Your website analysis shows that your page has stopped receiving visitors, yet there are no complaints that your domain is unreachable. Strange, isn't it? You are certainly wondering: What's going on? Where are my customers? You see, what happened is that you are facing the consequences of the lack of domain name system (DNS) security. more
A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more
Technologists and law enforcement have been arguing about cryptography policy for about 30 years now. People talk past each other, with each side concluding the other side are unreasonable jerks because of some fundamental incompatible assumptions between two conceptual worlds in collision. In the physical world, bank branches have marble columns and granite counters and mahogany woodwork to show the world that they are rich and stable. more
The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more
One of fastest growing trends of electronic communications is digital identity. The simplest way of establishing digital identity is to get a domain name and create a web site and email accounts. While this might have been a fairly complex undertaking some ten years ago, today it is a trivial matter. So trivial in fact that spammers and phishers can ply their trade with very low costs of entry. These low cost of entry have made the Internet a commodity business as traffic is handled in the aggregate and competitive pricing has made being an ISP a difficult business model. It also has created aggressive growth and adoption curves. The Internet is also the lowest common denominator... more
I read, with some small amount of discomfort, an article by Bill Brenner on CSO Online, wherein he interviewed several other CSOs and other "Security Execs" on their opinions on the firing of Pennsylvania CISO Robert Maley. For those who haven't heard about this, Mr. Maley was fired for talking about a security incident during the recent RSA conference without approval from his bosses. more
Distributed Denial of Services (DDoS) attacks have been the frustration of information technology professionals for many years. When asked, most tell you they wish their internet service providers (ISPs) would simply provide them "clean pipes" all the time and take care of DDoS attacks upstream before they ever get to them. Unfortunately, the resources (equipment and personnel) necessary to clean Internet connections all the time are very expensive and come with several downsides. more
In a blog post, Stewart Baker proposed restricting access to sophisticated anti-virus software as a way to limit the development of sophisticated malware. It won't work, for many different and independent reasons. To understand why, though, it's necessary to understand how AV programs work. The most important technology used today is the "signature" - a set of patterns of bytes - of each virus. Every commercial AV program on the market operates on a subscription model... more
The highest court in Germany has ruled against telephone and email data retention used to track criminal networks. Melissa Eddy of the Global and Mail reports: "A law ordering data on calls made from mobile or landline telephones and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans' constitutional right to private correspondence, the Federal Constitutional Court ruled. In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security."
more
Last month, for the 20th anniversary of Y2K, I was asked about my experiences. (Short answer: there really was a serious potential problem, but disaster was averted by a lot of hard work by a lot of unsung programmers.) I joked that, per this T-shirt I got from a friend, the real problem would be on January 19, 2038, and 03:14:08 GMT. Why might that date be such a problem? On Unix-derived systems, including Linux and MacOS, time is stored internally as the number of seconds since... more
Today I released a report on 'National cyber crime and online threats reporting centres. A study into national and international cooperation'. Mitigating online threats and the subsequent enforcing of violations of laws often involves many different organisations and countries. Many countries are presently engaged in erecting national centres aimed at reporting cyber crime, spam or botnet mitigation. more
DomainKeys Identified Mail (DKIM) is the leading email authentication technology, supported by major ISPs including Google, AOL, and Yahoo! (who invented its predecessor), popular mail server software like Sendmail, and many of the best minds in email technology. But if you peruse the archives of the IETF DKIM mailing list, or start up a conversation at MAAWG, it might appear that there's still a lot of disagreement about what a DKIM signature actually means. more
Facebook just announced support for PGP, an encrypted email standard, for email from them to you. It's an interesting move on many levels, albeit one that raises some interesting questions. The answers, and Facebook's possible follow-on moves, are even more interesting. The first question, of course, is why Facebook has done this. It will only appeal to a very small minority of users. Using encrypted email is not easy. more
In the US administration, we see important people like incoming Secretary of Defense Leon Panetta say at his Senate confirmation hearing that "a strong likelihood that the next Pearl Harbor" could well be a cyberattack that cripples the U.S. power grid and financial and government systems. He also said that cybersecurity will be one of the main focuses of his tenure at the Pentagon. But when you look at what is actually happening in cyber security, there is more position jockeying than there is real progress. more
A World-Renowned Source for Internet Developments. Serving Since 2002.