Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
During the 4th quarter of 2014, a record number of malware variants were detected -- an average of 255,000 new threats each day, according a recent report by Anti-Phishing Working Group (APWG). The group further reports that the number of unique phishing reports submitted to APWG during Q4 was 197,252 -- an increase of 18 percent from the 163,333 received in Q3 of 2014. more
The level of interest in the general topic of routing security seems to come in waves in our community. At times it seems like the interest from network operators, researchers, security folk and vendors climbs to an intense level, while at other times the topic appears to be moribund. If the attention on this topic at NANOG 74 is anything to go by we seem to be experiencing a local peak. more
One of the RSS feeds that I read is Reason magazine, which is a web site for libertarians. In general, libertarians want less government intervention both in our personal lives and in the economy. The idea behind libertarians is that today's Republicans want less government intervention in our economy but are perfectly fine to have them dictate some aspects of morality. Similarly, today's Democrats want less government intervention in our personal lives but are perfectly fine with creating government bureaucracy to deliver social services. That's an oversimplified summary, but is more or less correct. About two months ago I got an article in my RSS feed where Reason was commenting on the government's response to the cyber war threats. more
For nearly the past four years, the Trump Administration has purported to treat 5G supply chain security through empty political gestures such as network equipment banning. The disinformation reached its absurd zenith subsequent to the election with the Q-Anon myth of the Kraken. (The Myth advanced by Trump attorneys asserted the long-deceased Hugo Chavez working with China was corrupting voting machine software to deprive Trump of another term.) more
If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more
The U.S. Department of Homeland Security has issued a rare "emergency" directive ordering federal agencies to audit all DNS records within ten days. more
McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009. more
The technical press is full of reports about the leak of a hashed password file from LinkedIn. Worse yet, we hear, the hashes weren't salted. The situation is probably both better and worse than it would appear; in any event, it's more complicated. more
Back when I started working in this industry in 2001, ICANN was small, the industry was tight, and things moved slowly as interest groups negotiated a balance amongst the impacts of change. Change often meant added overhead and, at the very least, a one-time cost effort to implement on the commercial side. Registries and registrars preferred to be hands-off when it came to how their domains were being used. But e-crime became big business during the 2000s. more
"2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream as many high profile attacks were launched against popular Internet services and other well known targets," reports Arbor Networks in its just released Sixth Annual Worldwide Infrastructure Security Report. According to the report, the year also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. The 100 Gbps attack barrier was reached for the first time while application layer attacks hit an all-time high. Service providers experienced a marked impact on operational expense, revenue loss and customer churn as a result. more
On July 10th Architelos released the first NameSentry Report, benchmarking abuse levels in the domain name industry. For some time now, a debate has raged about the potential impact of new gTLDs on Internet safety and security, namely abusive registrations such as phishing, spam, malware, and so on. However, without benchmarking the current state, how can we realistically evaluate if new gTLDs have made any measureable difference in the level of abuse? more
What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more
Is the global, open Internet moving away from a network of networks that is universally accessible to a series of networks fragmented along policy, technical or economic lines? As some governments pass laws related to data localization and restriction of cross-border data flows, what will the impact be? What about the increasing use of DNS and content filtering? What other factors have the potential for causing fragmentation? more
Lastly, and certainly not the least, part four of my security predictions takes a deeper dive into mobile threats and what companies and consumer can do to protect themselves. If there is one particular threat category that has been repeatedly singled out for the next great wave of threats, it has to be the mobile platform -- in particular, smartphones... The general consensus of prediction was that we're (once again) on the cusp of a pandemic threat. more
Over the last couple of weeks I have spent some time working on a project to develop a DNS cache for Windows that is intended to be reasonably secure against spoof attacks, in particular in situations where NAT firewalls may prevent port randomization. The program is evolving, but currently uses a couple of ideas to attempt to defeat spoof attacks... The source code is intended to be entirely un-encumbered, that is free in all respects. I would welcome any suggestions or comments on the aims of the project, the source code, the functionality of the program or other ideas. more
A World-Renowned Source for Internet Developments. Serving Since 2002.