Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Joseph Menn has an article on CNN.com wherein the crux of the story is that US experts are closing in on the hackers that broke into Google last month. It is believed by some that the Chinese government sponsored these hackers. China, naturally, denied involvement. My own take is that tools today are sophisticated enough such that you don't necessarily need state sponsorship in order to launch a cyber attack. more
In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more
Distributed denial-of-service (DDoS) attacks that targeted U.S. financial institutions this week have reached 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks. more
When it comes to breach disclosures, today's chief information security officers (CISOs) are struggling with an especially turbulent regulatory environment. Security teams are understaffed, and systems are more extensive, making them harder to monitor and defend, while threats are becoming more sophisticated, more frequent, and more varied. It's at precisely this difficult juncture that regulations and enforcement are rapidly changing, leaving CISOs feeling like they are running up the down escalator. more
This year in July gen. Keith Alexander, director of the National Security Agency and head of the US Cyber Command participated at DefCon, the hackers conference in Las Vegas. In his address, gen. Alexander said, among other things, "This is the world's best cybersecurity community. In this room right here is the talent our nation needs to secure cyberspace."... As someone, who is regularly meeting the top Russian cyber folks, I already know (unofficially, of course) how the words of gen. Alexander were met in Moscow. more
The cloud computing scandal of the week is looking like being the catastrophic loss of millions of Sidekick users' data. This is an unfortunate and completely avoidable event that Microsoft's Danger subsidiary and T-Mobile (along with the rest of the cloud computing community) will surely very soon come to regret. There's plenty of theories as to what went wrong -- the most credible being that a SAN upgrade was botched, possibly by a large outsourcing contractor, and that no backups were taken... more
You have just a couple of days to either complete a survey or submit a paper to join the "Coordinating Attack Response at Internet Scale (CARIS)" Workshop happening on June 19, 2015, in Berlin, Germany... If you are interested in helping improve the overall security and resilience of the Internet through increased communication between the groups responding to the large-scale attacks happening on the Internet every day, I would strongly encourage you to apply! more
This is a story about my mother and Obama. My mother: "Have you heard about Obama? Really impressive guy." Me: "What about him?" My mother: "x, y and z." Me: "Where did you hear about this?" My mother: "I read email too, you are not the only one who is into technology." Luckily, my mother bases her opinion on more than just spam messages... more
I received a spam message the other day that went to my Junk Mail Folder. I decided to take a look at it and dissect it piece by piece. It really is amazing to see how spam crosses so many international borders and exploits so many different machines. Spammers have their own globally redundant infrastructure and it highlights the difficulties people have in combating the problem of it. more
It's been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I'd take a moment and highlight some of the most notable milestones... more
Bruce Schneier in an op-ed piece published in the Guardian on Thursday writes: "Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract..." more
Domain Pulse, the yearly get-together of the German-speaking registries of nic.at (Austria), Denic (Germany) and SWITCH (Switzerland) is happening on February 21 and 22 in Vienna. The conference alternates between the countries -- last year it was Switzerland, this year Austria and next year Germany... Domain Pulse covers everything in the domain name arena from management of the DNS, what's happening in each of the ccTLDs, after market and domaining, security threats to the DNS and internet as well as wider issues affecting the internet's development such as internet governance. more
A years-long cyberespionage campaign by a Chinese state-sponsored group known as Salt Typhoon has revealed a striking escalation in both scale and technical sophistication. more
As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more
I don't (and probably won't) have anything substantive to say about the technical details of the just-announced Meltdown and Spectre attacks. What I do want to stress is that these show, yet again, that security is a systems property: being secure requires that every component, including ones you've never heard of, be secure. These attacks depend on hardware features... and no, many computer programmers don't know what those are, either. more
A World-Renowned Source for Internet Developments. Serving Since 2002.