Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Over the last year the world has been virtually buried under news items describing hacks, insecure websites, servers and scada systems, etc. Each and every time people seem to be amazed and exclaim "How is this possible?" Politicians ask questions, there is a short lived uproar and soon after the world continues its business as usual. Till the next incident. In this blog post I take a step back and try to look at the cyber security issue from this angle... more
Are you passionate about preserving the global, open Internet? Do you want to help guide work to connect the unconnected and promote / restore trust in the Internet? Do you have experience in Internet standards, development or public policy? If so, please consider applying for one of the open seats on the Internet Society Board of Trustees.
The Internet Society serves a pivotal role in the world as a leader on Internet policy, technical, economic, and social matters, and as the organizational home of the Internet Engineering Task Force (IETF). more
What is so secret about the word, "Capacity"? As I read and talk with people I realize the word, "capacity" is typically missing from the DNS discussion. "Capacity" and "Security" are the two cornerstones to maximizing DNS resilience; both of which are typically missing from the DNS discussion. Have you seen a single DNS node easily process over 863,000 queries per second? Have you seen a network routinely handle over 50Gbits/second in outbound traffic alone without breaking a sweat? more
There's a new virus infecting the Internet that's more pernicious and more dangerous than any virus that has gone before. It's the first example ever of a hybrid Internet-human virus and probably the universal common ancestor of all hybrid Internet-human viruses to come. The condition the virus leaves behind is increasingly well recognised and goes by the understated label of "post-truth" but the virus itself is so far anonymous and so I propose we name it after the effect it has on those it has infected who, put simply, can no longer distinguish reality from fiction, hence the reality virus. more
The Joint Commission, a healthcare accreditation agency, has advised hospitals and health systems to brace for at least a month of downtime following a cyberattack, according to The Wall Street Journal. This recommendation is part of new guidelines released by the agency for handling IT security events. more
It seems like there's a different headline story about Google every day lately, and there's a lot here that service providers should be paying attention to. The launch of Nexus One around CES earlier this month is especially important for all mobile operators as well as the handset vendors partnering with them. A few days later, we started hearing noise about Google Energy. more
The security of the global Default Free Zone (DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again - it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these traces the impact of Chinese "state actor" effects on BGP routing in recent years. more
It is one of those oddities that occurs around Washington from time to time. During the same hour today, the Federal Communications Commission (FCC) was meeting at its downtown headquarters trying to stop robocalls, while a large gathering of government and industry cybersecurity experts were meeting a few miles away at Johns Hopkins Applied Physics Lab advancing the principal means for threat information sharing known as STIX. more
In the wake of the election, sweeping policy shifts in the information economy are set to accelerate. Expect fast-tracked FCC reforms, Starlink subsidies, and AI-driven oversight to redefine media, tech, and regulatory landscapes. From relaxed antitrust to intensified media control, these eleven reversals signal a move toward deregulation and Chicago School libertarianism, with lasting impacts on U.S. markets and governance. more
The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more
Hacking remains a huge problem for businesses. As noted by MarketWatch, more than 175 data breaches have already happened this year, and in 2015 approximately 105 million adults in the United States had their personal information stolen. For companies, the stakes are huge: Compromised systems not only damage the bottom line but can severely impact public opinion. more
The Messaging Anti-Abuse Working Group (MAAWG), of which Return Path (my employer) is a very active participant, met recently in Heidelberg, Germany. Among other exciting projects, they finished two new best practices documents which have been lauded in the press as a big step towards stopping botnet spam... more
The level of interest in the general topic of routing security seems to come in waves in our community. At times it seems like the interest from network operators, researchers, security folk and vendors climbs to an intense level, while at other times the topic appears to be moribund. If the attention on this topic at NANOG 74 is anything to go by we seem to be experiencing a local peak. more
It makes me cringe when I hear operators or security practitioners say, "I don't care who the attacker is, I just want them to stop." I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations -- regardless of their cyber threat operation's maturity level. Attribution is important, and we as Cyber Threat Intelligence (CTI) professionals, need to do a better job explaining across all lines of business and security operations... more
The market has failed to secure cyberspace. A ten-year experiment in faith-based cybersecurity has proven this beyond question. The market has failed and the failure of U.S. policies to recognize this explains why we are in crisis. The former chairman of the Security and Exchange Commission, Christopher Cox, a longtime proponent of deregulation, provided a useful summary of the issue when he said, "The last six months have made it abundantly clear that voluntary regulation does not work."... more
A World-Renowned Source for Internet Developments. Serving Since 2002.