Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Last month, for the 20th anniversary of Y2K, I was asked about my experiences. (Short answer: there really was a serious potential problem, but disaster was averted by a lot of hard work by a lot of unsung programmers.) I joked that, per this T-shirt I got from a friend, the real problem would be on January 19, 2038, and 03:14:08 GMT. Why might that date be such a problem? On Unix-derived systems, including Linux and MacOS, time is stored internally as the number of seconds since... more
In 2012 I wrote a blog on CircleID called State hacking: Do's and don'ts, pros and cons. In this post I give some thoughts to the concept of a government "hacking back" at criminals. The reason for this was an announcement by the Dutch government that it contemplated law along these lines. The proposed law is now here: the Act Computer Criminality III. more
By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more
As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more
The Conficker worm will be active again on April 1st, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member ‘botnet’ of zombie computers that can be controlled remotely by the worm’s as yet unidentified authors. more
The dividing line between developers and IT operations used to be distinct. Developers were responsible for adding new features securely, but it was IT operations who had responsibility for infrastructure and network security. For the most part, developers didn't have to think too much about the wider security context. With the advent of the cloud, and of devops, things changed radically. more
Imagine living in a country where it was necessary to register with your community government by providing a copy of one of the following... This may be necessary in perhaps a large number of nations. However, as a United States citizen and resident, I was quite surprised when my local community issued the request. I investigated and found much to my dismay, that my community in fact was required by regulation to survey its residents on a biennial basis. more
How can we make the Internet of Things (IoT) more interoperable? How can we help ensure that when you buy a light bulb from one IoT vendor it will work with the light bulb from another IoT vendor? How can we avoid getting to a place where we have to use many different apps to control all the different devices in our homes? As we said in the Internet Society's IoT Overview: Understanding the Issues and Challenges of a More Connected World, "a fragmented environment of proprietary IoT technical implementations will inhibit value for users and industry. more
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN's post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. A reader who works with a registrar (according to his bio) commented: "Can you back up that statement with data? Our abuse desk has actually seen a reduction in abuse complaints." more
In the wake of increasingly lenient bring your own device (BYOD) policies within large corporations, there's been a growing emphasis upon restricting access to business applications (and data) to specific geographic locations. Over the last 18 months more than a dozen start-ups in North America alone have sprung up seeking to offer novel security solutions in this space - essentially looking to provide mechanisms for locking application usage to a specific location or distance from an office, and ensuring that key data or functionality becomes inaccessible outside these prescribed zones. more
It is one thing to bring broadband internet to the masses, but how do we make them drink from the fountain of knowledge? One of the challenges, of course, is that the industry has not yet sold turn-key applications that capture the imaginations of the unconnected. Surprising as it seems, email, Facebook, file swapping and web surfing have not yet attracted 100% of the population. Are there some applications that might lend themselves to a toll-free model in order to reach the rest of the market? more
The ACPA and the UDRP provide two separate and distinct methods for resolving domain name disputes. Both alternatives have many critics and proponents, but the true value of each will ultimately be determined by how well each combats cyber-squatting. Separately, the UDRP and the ACPA will probably work well to defuse most of the cyber-squatting that is currently invading the Internet. If combined together the UDRP and the ACPA can be a cost saving and effective way to prevent cybersquatting... more
Mobile networks aren't usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are. This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren't known to be sources of spam (at least not yet). What's really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it's permissible, are the culprits more
Google in partnership with the University of Michigan and the University of Illinois, has published the results of a multi-year study that measured how email security has evolved since 2013. Although Gmail was the foundation of the research, insights from the study are believed to be applicable to email more broadly. more
The past couple of weeks have been pretty seminal for anyone concerned about the state of Internet security and the bigger picture as to how much we could - do - and should - trust the Web. These two strange words - WikiLeaks and Stuxnet - have suddenly entered our lexicon and there is a lot to be concerned about in the world of smart grid. more
A World-Renowned Source for Internet Developments. Serving Since 2002.