Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Neil Schwartzman writes to report: "Ken Magill covers the current rake fight on the IRTF's Anti-Spam Research Group mailing list concerning anti-spam DNS Blacklist, or Blocklist, (DNSBL) operators charging for delistings, that is well worth a read, he has quotes from many experts and leaders in the industry who are decidedly against the practice." more
When a business gets hacked and its corporate information is dumped on the Internet for all and sundry to see (albeit illegally), the effects of that breach are obviously devastating for all concerned. In many ways it's like the day after a fierce storm has driven a super-cargo container ship aground and beachcombers from far and wide have descended upon the ruptured carcass of metal to cart away anything they think has value or can be sold by the side of road. more
Given that I've written here about the original call for papers for the W3C/IAB "Strengthening The Internet Against Pervasive Monitoring (STRINT)" Workshop and then subsequently that the STRINT submitted papers were publicly available, I feel compelled to close the loop and note that a report about the STRINT workshop has been publicly published as an Internet-draft. more
Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more
It makes me cringe when I hear operators or security practitioners say, "I don't care who the attacker is, I just want them to stop." I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations -- regardless of their cyber threat operation's maturity level. Attribution is important, and we as Cyber Threat Intelligence (CTI) professionals, need to do a better job explaining across all lines of business and security operations... more
Tech developments saw less drama than trade and environmental shifts during Trump's first 100 days. Continuity, not abrupt change, defined his approach to AI and digital regulation. Only 9 of 139 executive orders (EOs) focused on tech. Trump's tech policy emphasised reviews and incremental shifts. Public consultations on AI, cybersecurity, and cryptocurrencies signal steady evolution over upheaval. more
Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more
The market has failed to secure cyberspace. A ten-year experiment in faith-based cybersecurity has proven this beyond question. The market has failed and the failure of U.S. policies to recognize this explains why we are in crisis. The former chairman of the Security and Exchange Commission, Christopher Cox, a longtime proponent of deregulation, provided a useful summary of the issue when he said, "The last six months have made it abundantly clear that voluntary regulation does not work."... more
The security of the global Default Free Zone (DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again - it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these traces the impact of Chinese "state actor" effects on BGP routing in recent years. more
For a number of years, there have been many different high profile incidents where major websites were defaced, taken offline, or crippled due to issues related to their domain registration. Last night, there was an incident where several high profile domains went offline due to issues at their registrar, and they are now coming back online after what I am sure was a few crazy hours for their operations teams and management. more
"Smartphones (and tablets, WdN) are invading the battlefield", reports the Economist on its website of 8 October 2011. On the same day the hacking of U.S. drones is reported on by several news sites. ("They appear friendly". Keyloggers???) Is this a coincidence? more
Security researchers are reporting a massive attack today, dubbed "WannaCry", which has reached 45,000 attacks in 74 countries around the world so far, mostly in Russia. more
Building on my last article about Network Assessments, let's take a closer look at vulnerability assessments. (Because entire books have been written on conducting vulnerability assessments, this article is only a high level overview.) What is a vulnerability assessment? more
Most of the good thrillers I tend to watch have spies and assassins in them for some diabolical reason. In those movies you'll often find their target, the Archduke of Villainess, holed up in some remote local and the spy has to fake an identity in order to penetrate the layers of defense. Almost without exception the spy enters the country using a fake passport; relying upon a passport from any country other than their own... So, with that bit of non-fiction in mind, why do so many people automatically assume that cyber-attacks sourced from IP addresses within China are targeted, state-sponsored, attacks? more
Security experts and privacy advocates see the rollout of the new 5G wireless network as a possible solution to eliminate surveillance vulnerabilities that allow spying on nearby phone calls. more
A World-Renowned Source for Internet Developments. Serving Since 2002.