Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Every year those in the security industry are bombarded with various cyber security predictions. There's the good, the bad and the ugly. Some predictions are fairly ground breaking, while others are just recycled from previous years -- that's allowed of course if the threats still stand. In part one of my predictions I looked at the malware threats, so let's take a look at big data and the cloud for part two. more
The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more
Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more
The Biden administration is set to prohibit the sale of Kaspersky Lab's antivirus software in the U.S., citing national security risks due to the company's ties to the Russian government. more
The NATO Consultation, Command and Control Agency (NC3A) has announced the award of a contract for upgrading the NATO cyber defence capabilities. The award to private industrial companies will enable the already operating NATO Computer Incident Response Capability (NCIRC) to achieve full operational capability by the end of 2012. At approximately 58 million Euro, it represents NATO's largest investment to date in cyber defence. more
Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more
Lee Dryburgh initiated a great thread in the Emerging Communications public group entitled What would your perfect phone be? There are 14 messages there at this moment with a lot of good ideas, but my first thought was the term "phone" is too limiting. Indeed, some of the correspondents' ideas also go far beyond the idea of a telephone. Here's what I want and fully expect to see, eventually. more
This week bank costumers of The Netherlands were shocked when they realised that online banking may not be as safe as they thought. Perhaps some were surprised to hear that what they think is money, is nothing but digits, something that does not exist. Their money only exist because we all act as if it exists and accept transactions between each other aided by software run by banks, if they haven't outsourced that function. more
Imagine living in a country where it was necessary to register with your community government by providing a copy of one of the following... This may be necessary in perhaps a large number of nations. However, as a United States citizen and resident, I was quite surprised when my local community issued the request. I investigated and found much to my dismay, that my community in fact was required by regulation to survey its residents on a biennial basis. more
The global deployment of Domain Name System Security Extensions (DNSSEC) is charging ahead. With ICANN 38 Brussels just around the corner, DNSSEC deployment will inevitably be the hot topic of discussion over the next few days. Case in point, today, ICANN hosted the first production key ceremony at a secure facility in Culpepper, Va. where the first cryptographic digital key was used to secure the Internet root zone. The ceremony's goal was simple: for the global Internet community to trust that the procedures involved with DNSSEC are executed correctly and that the private key materials are stored securely. more
The RIPE 71 meeting took place in Bucharest, Romania in November. Here are my impressions from a number of the sessions I attended that I thought were of interest. It was a relatively packed meeting held over 5 days. So this is by no means all that was presented through the week... As is usual for RIPE meetings, it was a well organised, informative and fun meeting to attend in every respect! If you are near Copenhagen in late May next year I'd certainly say that it would be a week well spent. more
With the loud crashing of a traditional drum ceremony and an impromptu electric guitar performance by a young Korean whose rendition of Pachabel has been downloaded sixty million times on YouTube, the 36th meeting of ICANN was kicked off this morning (Korean time) by new CEO Rod Beckstrom and his fellow Directors and assembled one thousand or so participants. ICANN has always been about change, but the atmosphere in Seoul this week is charged with a sense of new challenges and new opportunities. more
How can we make the Internet of Things (IoT) more interoperable? How can we help ensure that when you buy a light bulb from one IoT vendor it will work with the light bulb from another IoT vendor? How can we avoid getting to a place where we have to use many different apps to control all the different devices in our homes? As we said in the Internet Society's IoT Overview: Understanding the Issues and Challenges of a More Connected World, "a fragmented environment of proprietary IoT technical implementations will inhibit value for users and industry. more
In an interview with GovInfoSecurity, Sen. Thomas Carper said that the U.S. Senate is considering attaching cybersecurity legislation to a defense authorizations bill. Though clearly a ploy to be able to say "we did something about those evil hackers" before the elections, CAUCE applauds the attempt. There can be no doubt that the United States (and many other countries) sorely needs better laws to deal with these threats. more
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN's post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. A reader who works with a registrar (according to his bio) commented: "Can you back up that statement with data? Our abuse desk has actually seen a reduction in abuse complaints." more
A World-Renowned Source for Internet Developments. Serving Since 2002.