Cybersecurity |
Sponsored by |
|
Let's play the analogy game. The Internet of Things (IoT) is probably going end up being like... a box of chocolates, because you never do know what you are going to get? a big bowl of spaghetti with a serious lack of meatballs? Whatever it is, the IoT should have network folks worried about security. Of course, there is the problem of IoT devices being attached to random places on the network, exfiltrating personal data back to a cloud server you don't know anything about. more
Popular RSS reader Feedly has been hit by major distributed denial of service (DDoS) attacks beginning 2:04am PST on Wednesday causing the service to be completely down for several hours two days in a row. (Second attack still undergoing as of the time of this post.) more
Several people abroad have started mailing me and others asking if rumors of new legislation to be passed in Sweden on the 17th of June is for real. There are also reports in international forums starting to pop up. This is fairly old news, and I think that most of us are surprised that this has not generated more press both inside and outside Sweden earlier. This legislation will allow for the Swedish National Defense Radio Agency (FRA) to wiretap Internet traffic leaving the country... more
My main argument is about the policy of handling vulnerabilities for 6 months without patching (such as the Google attacks 0day apparently was) and the policy of waiting a whole month before patching this very same vulnerability when it first became an in-the-wild 0day exploit (it has now been patched, ahead of schedule). Microsoft is the main proponent of responsible disclosure, and has shown it is a responsible vendor... I simply call on it to stay responsible and amend its faulty and dangerous policies. more
The last couple of years have seen a growth in commercial sinkholing operations. What was once an academic method for studying botnets and other types of Internet-born threat, has more recently turned in to an increasingly profitable business for some organizations. Yesterday I published a blog on the DarkReading site titled Sinkholing For Profit, and I wanted to expand upon some aspects of the sinkholing discussion (there's only so much you can fit in to 800-ish word limits). more
Do you have an idea for an innovative use of DNSSEC or DANE? Have you recently deployed DNSSEC or DANE and have some "lessons learned" that you could share? Did you develop a new tool or service that works with DNSSEC? Have you enabled DNSSEC by default in your products? (And why or why not?) Do you have ideas about how to accelerate usage of new encryption algorithms in DNSSEC? more
Want to learn about the state of DNSSEC usage in North America? Or what is new in DNS monitoring? Or where DNSSEC fits into the plans of operating systems? Or how DANE is being used to bring a higher level of security to email? All those questions and much more will be discussed at the DNSSEC Workshop at ICANN 51 happening on Wednesday, October 15, 2014, from 8:30 am to 2:45 pm Pacific Daylight Time (PDT, which is UTC-7). more
Stéphane Bruno writes: "In the first few hours that followed the earthquake, mobile service was completely disrupted. It was almost impossible to place a call, due to the combination of the damages on the cellular networks and the spike in phone calls. However, on some networks, SMS service was still available. People stuck under rubbles started texting to their friends and family (in Haiti and abroad) to tell them they were still alive and needed help. Those friends and family, not knowing what to do, started posting these SOS messages on their social networks, mainly on Facebook." more
ICANN has released a set of guidelines to explain its Coordinated Vulnerability Disclosure Reporting. The guidelines serve two purposes, says ICANN: "They define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that the security, stability or resiliency of the DNS is exploited or threatened. The guidelines also explain how a party, described as a reporter, should disclose information on a vulnerability discovered in a system or network operated by ICANN." more
Few months ago in a talk given at the Institution of Engineering and Technology organised here in London by the Society for Computers and Law, Professor Lessig recounted a conversation he had with former US Counter Terrorism Czar Richard Clarke, where Larry asked the question that many had in mind... how the US Government managed to conceptualize, design and draft a piece of legislation as vast and complex as the USA PATRIOT Act in such a short period of time (a month and 15 days after 9/11), and the answer was what many people had imagined... more
Recent collaborative test by Core Competence and Nominet have concluded that 75% of common residential and small SOHO routers and firewall devices used with broadband services do not operate with full DNSSEC compatibility "out of the box". The report presents and analyzes technical findings, their potential impact on DNSSEC use by broadband consumers, and implications for router/firewall manufacturers. Included in its recommendations, the report suggests that as vendors apply DNSSEC and other DNS security fixes to devices, consumers should be encouraged to upgrade to the latest firmware. more
As the shorter of the ICANN interregnums comes to a close and the ICANN faithful finalize their dinner reservation agendas for Brussels, it is time again for a preview of what will be 'on-tap' at next week's ICANN meeting. While, as always, there is a lot going on in ICANN Land, a scan of the blogosphere and ICANN list serves suggests that the four most discussed topics will be... more
The King is dead. Long live the King! Or, given this week's events, should the phrase now be "Kelihos is dead. Long live Kelihos"? It is with a little amusement and a lot of cynicism that I've been watching the kerfuffle relating to the latest attempt to take down the Kelihos botnet. You may remember that a similar event ("Kelihos is dead") occurred late last year after Microsoft and Kaspersky took it on themselves to shut down the botnet known as Kelihos (or sometimes as Waledac 2.0 or Hlux). more
Legitimate email marketers, anti-spam groups and beleaguered recipients got a bit of good news with the arrest last week of a man described as one of the world's most prolific spammers. Robert Alan Soloway, 27, dubbed "the Seattle Spammer" by federal officials, was indicted on 35 charges related to fraudulent Internet activities. Soloway pleaded not guilty to all charges at his May 30 arraignment. You can read more here. Although it's always great when a notorious spammer gets put out of business, such actions probably won't result in a drop in the amount of spam that gets sent... more
I recently became aware of the new pay-by-mobile phone service Venmo.com. "Pay friends with your phone, skip the ATM, Settle up on meals, rent, bills and drinks" ... Venmo are using Facebook connect as a way of verifying user identities, at least that is what they claim. more