Cybersecurity |
Sponsored by |
|
In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more
Fallen into the wrong hands, corp.com can be an extremely dangerous domain name providing a doorway to hundreds of thousands of corporate PCs. more
In support of National Cyber Security Awareness Month, DDoS Awareness Day is a virtual, global event focused on raising awareness and education around the threat of DDoS attacks. Hosted by Neustar with and exclusive media partner CSO, DDoS Awareness Day brings together top experts in global security to share their views, technical tips and from-the-trenches experience. Attendees will also be given access to a wealth of DDoS materials: white papers, surveys, presentations, best practices and more. more
Do you have ideas about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Johannesburg, South Africa, for ICANN 59 in June 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 59 DNSSEC Workshop! more
In the first section of this piece, I argued that the anti-Huawei litany only makes sense when one realizes that it is the Chinese state, not a global telecommunication equipment manufacturer based in China, is the target of this attack. China, in this view, is an integrated monolith, and any Chinese firm can be ordered to do the government's will without any legal, political, or economic checks and balances. more
A recent survey of US companies conducted by Proofpoint has found companies increasingly concerned over data leaks via emplyee misuse of email, blogs, social networks, multimedia channels and text messages. From the report: "[A]s more US companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound email (38 percent, up from 29 percent in 2008). The pain of data leakage has become so acute in 2009 that more US companies report they employ staff whose primary or exclusive job is to monitor the content of outbound email (33 percent, up from 15 percent in 2008)." more
The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more
As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more
The Denver edition of Security BSides took place a few weeks ago in a garage turned art gallery on the far end of Denver's emerging Santa Fe Arts District, right on the border between historic working-class neighborhoods and a rambling wasteland of building supply warehouses. ... The presentation I enjoyed most was "Top 10 Ways IT is Enabling Cybercrime," presented by Daniel J. Molina from Kaspersky Labs. He described how quickly threats are evolving, how many new threats are appearing every day, and explained that the targets aren't always who you'd expect. more
Who would have thought that typewriters and handwritten letters would ever be back in fashion? But back in 2013 it was reported that Russia was buying large quantities of typewriters. When this was further investigated the country denied that this was for security reasons. Since the Snowden revelations there has been a further rush on typewriters, both by government officials and by a range of, mainly corporate, businesses. more
A paper published by researchers from the Chinese Academy of Sciences, reports a successful demonstration of satellite-based entanglement distribution to receiver stations separated by more than 1200 km -- the results illustrate the possibility of a future global quantum communication network. more
As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more
As I read through multiple postings covering the proposed Computer Fraud and Misuse Act, such as the ever-insightful writing of Rob Graham in his Obama's War on Hackers or the EFF's analysis, and the deluge of Facebook discussion threads where dozens of my security-minded friends shriek at the damage passing such an act would bring to our industry, I can't but help myself think that surely it's an early April Fools joke. more
The antivirus industry has been trying to deal with false positive detection issues for a long, long time - and it's not going to be fixed anytime soon. To better understand why, the physicist in me draws an analogy with Heisenberg's Uncertainty Principle - where, in its simplest distillation, the better you know where an atom is, the less likely you'll know it's momentum (and vice versa) - aka the "observer effect". more
Vietnam is now responsible for more than 10% of the worlds spam, according to threat analysis from managed security firm, Network Box. November saw malware threat levels remain consistently high with Vietnam taking the number one spam spot from last month’s chart topper, Brazil. more
A World-Renowned Source for Internet Developments. Serving Since 2002.