Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Lastly, and certainly not the least, part four of my security predictions takes a deeper dive into mobile threats and what companies and consumer can do to protect themselves. If there is one particular threat category that has been repeatedly singled out for the next great wave of threats, it has to be the mobile platform -- in particular, smartphones... The general consensus of prediction was that we're (once again) on the cusp of a pandemic threat. more
Recently, an article I wrote for Bitcoin Magazine talked about how we can use DNS underscore scoping to better abstract Lightning addresses and even create a de facto specification that could work on any resource (like a wallet or a smart contract) across all blockchains. more
Back when I started working in this industry in 2001, ICANN was small, the industry was tight, and things moved slowly as interest groups negotiated a balance amongst the impacts of change. Change often meant added overhead and, at the very least, a one-time cost effort to implement on the commercial side. Registries and registrars preferred to be hands-off when it came to how their domains were being used. But e-crime became big business during the 2000s. more
As many people have heard, there's been a security problem at the Internal Revenue Service. Some stories have used the word hack; other people, though, have complained that nothing was hacked, that the only problem was unauthorized access to taxpayer data but via authorized, intentionally built channels. The problem with this analysis is that it's looking at security from far too narrow a perspective... more
I have a hypothesis: The Bush administration came to power in December 2000. American telcos were on the precipice about to go into Free fall. We have seen how Bush politicized the Justice Department and are much more aware thanks to John Dean's Broken Government and Charlie Savage's Take Over of the intense desire to aggregate executive power to feed the Addingtons belief in the Unitary Executive. We now know that Cheney was meeting with the energy industry in early 2001 promising them whatever they wanted. We may begin to ask what the domestic telecoms industry was being promised? more
The technical press is full of reports about the leak of a hashed password file from LinkedIn. Worse yet, we hear, the hashes weren't salted. The situation is probably both better and worse than it would appear; in any event, it's more complicated. more
Security researchers have found a new variant of the Macadocs malware to be using Google docs as a proxy server and not connecting to a command and control server directly. In a blog post on Friday, Symantec researcher Takashi Katsuki, wrote... more
Is the global, open Internet moving away from a network of networks that is universally accessible to a series of networks fragmented along policy, technical or economic lines? As some governments pass laws related to data localization and restriction of cross-border data flows, what will the impact be? What about the increasing use of DNS and content filtering? What other factors have the potential for causing fragmentation? more
Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more
Secretary Clinton's major address on internet freedom made the connection between humanity and technology. We've been waiting a long time for our political leaders to have the courage to express thoughts like this, to have a vision about the role of the internet in human history, and yesterday the day arrived. The speech wasn't an isolated event, of course. more
If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more
On July 10th Architelos released the first NameSentry Report, benchmarking abuse levels in the domain name industry. For some time now, a debate has raged about the potential impact of new gTLDs on Internet safety and security, namely abusive registrations such as phishing, spam, malware, and so on. However, without benchmarking the current state, how can we realistically evaluate if new gTLDs have made any measureable difference in the level of abuse? more
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn't protected them. more
I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more
George Reese (author of the new book Cloud Application Architectures: Building Applications and Infrastructure in the Cloud) is talking at Gluecon about securing cloud infrastructures. Two recent surveys found "security" was the number one concern of companies considering a move to the cloud. George says the key to making customers comfortable with cloud security is transparency... more
A World-Renowned Source for Internet Developments. Serving Since 2002.