Cybersecurity |
Sponsored by |
|
The cloud computing scandal of the week is looking like being the catastrophic loss of millions of Sidekick users' data. This is an unfortunate and completely avoidable event that Microsoft's Danger subsidiary and T-Mobile (along with the rest of the cloud computing community) will surely very soon come to regret. There's plenty of theories as to what went wrong -- the most credible being that a SAN upgrade was botched, possibly by a large outsourcing contractor, and that no backups were taken... more
Last week the European Network and Information Security Agency (ENISA), which assists the European Commission and its member states with network and information security issues, published its third Anti-Spam Measures Survey. The survey provides insight into how network operators in Europe are responding to the continued onslaught of email spam. more
How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more
Equifax has announced a comprehensive resolution for its 2017 cybersecurity incident that includes a fund of up to $425 consumer fund. more
If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more
Building on my last article about Network Assessments, let's take a closer look at vulnerability assessments. (Because entire books have been written on conducting vulnerability assessments, this article is only a high level overview.) What is a vulnerability assessment? more
It's been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I'd take a moment and highlight some of the most notable milestones... more
It is inconceivable that anyone within viewing distance of a television or computer screen this week doesn't know about the disaster in Haiti. As of this writing, 50,000 bodies have been collected from the streets of Port-au-Prince. Millions of people, a number our brains simply aren't equipped to deal with, are now homeless. Help is needed now, and will be, for a very long time. more
DNSSEC is increasingly adopted by organizations to protect DNS data and prevent DNS attacks like DNS spoofing and DNS cache poisoning. At the same time, more DNS deployments are using proprietary DNS features like geo-routing or load balancing, which require special configuration to support using DNSSEC. When these requirements intersect with multiple DNS providers, the system breaks down. more
Recently, the DNS has come under an extensive attack. The so-called "DNSpionage" campaigns have brought to light the myriad methods used to infiltrate networks. These attacks employed phishing, system hopping via key exfiltration, and software zero day exploits, illustrating that many secure networks may not be fully protected. more
Whether you view Edward Snowden as a criminal or a hero, or somewhere in between, you cannot dispute that his revelations about pervasive surveillance have changed the discussions about the Internet on both technology and policy levels. If you are interested in hearing what Edward Snowden has to say himself, he is scheduled to speak today, Saturday, July 19, 2014, at 2:00pm US EDT at the HOPE-X conference in New York City. more
Do you live in the Asia-Pacific region and are interested in accelerating the deployment of key technologies such as IPv6, DNSSEC, TLS or secure routing mechanisms? If so, my Internet Society colleagues involved with the Deploy360 Programme are seeking a "Technical Engagement Manager" based somewhere in the AP region. Find out more information about the position, the requirements and the process for applying. more
Joseph Menn has an article on CNN.com wherein the crux of the story is that US experts are closing in on the hackers that broke into Google last month. It is believed by some that the Chinese government sponsored these hackers. China, naturally, denied involvement. My own take is that tools today are sophisticated enough such that you don't necessarily need state sponsorship in order to launch a cyber attack. more
The security of the global Default Free Zone (DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again - it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these traces the impact of Chinese "state actor" effects on BGP routing in recent years. more
Recently, an article I wrote for Bitcoin Magazine talked about how we can use DNS underscore scoping to better abstract Lightning addresses and even create a de facto specification that could work on any resource (like a wallet or a smart contract) across all blockchains. more