Cybersecurity |
Sponsored by |
|
As part of my job, I manage an incident response team that was engaged by a significant organization in Georgia whose network was infected by the QBOT (a.k.a. QAKBOT) malware. The customer had been infected for over a year, several teams before ours had failed to solve the problem, and they continued to get reinfected by the malware when they thought they had eradicated it. Over time it had spread to more than 1,000 computers in their ecosystem stealing user credentials along the way. more
In an article by MSNBC called "Fort N.O.C.'s" [Network Operating Center] Brock N. Meeks reports: "The unassuming building that houses the "A" root sits in a cluster of three others; the architecture looks as if it were lifted directly from a free clip art library. No signs or markers give a hint that the Internet's most precious computer is inside humming happily away in a hermetically sealed room. This building complex could be any of a 100,000 mini office parks littering middle class America." ...It is hardly the "most precious computer"!!! more
A student at a well-known US university wrote me and asked whether, given the huge national interest in getting the industry to unite behind (at least) one format, did I think that the FTC should've played a stronger role in pushing the industry to adopt an authentication format? I said: Nope. Part of the reason it's taking so long to agree on a standard is that the process is infested with academic theoreticians who are more interested in arguing about hypotheticals and pushing their pet spam solutions than in doing something useful... more
The approval on 13 May by the European Council and Parliament of a near-final draft Directive on European Cybersecurity (NIS2) brings the world's most far-reaching cyber regime closer to realization. What is generally unknown, however, is the broad scope and global extraterritorial jurisdiction reach of the Directive. It applies to almost every online service and network capability that exists as infrastructure or "offered" anywhere in Europe. more
In Taking Back The DNS I described new technology in ISC BIND as of Version 9.8.0 that allows a recursive server operator to import DNS filtering rules in what ISC hopes will become the standard interchange format for DNS policy information. Later I had to decry the possible use of this technology for mandated content blocking such as might soon be the law of the land in my country. I'm a guest at MAAWG this week in San Francisco and one of the most useful hallway discussions I've been in so far was about the Spamhaus DROP list. more
Recent news stories (based on research by Stanford student Feross Aboukhadijeh) state that an Adobe bug made it possible for remote sites to turn on a viewer's camera and microphone. That sounds bad enough, but that's not the really disturbing part. more
A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen login credentials of close to 300,000 online bank accounts and almost as many credit cards during that time, according to reports released today by RSA FraudAction Research Lab. The spyware is called Sinowal Trojan, also known as Torpig and Mebroot. RSA reports that their findings are based on data collected on this Trojan over the course of almost three years -- including information regarding its design and its infrastructure. Findings indicate that this may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters, say RSA experts. more
Well, it has been quite a while since first the Hong Kong OFTA (in 2004) and then CITB (in 2006) issued requests for public comment about a proposed UEM (Unsolicited Electronic Messaging) bill to be introduced in Hong Kong, for the purpose of regulating unsolicited email, telephone and fax solicitations. We're a large (worldwide) provider of email and spam filtering - but we're based in Hong Kong, and any regulation there naturally gets tracked by us rather more actively than laws elsewhere. We sent in our responses to both these agencies... The bill is becoming law now - and most of it looks good... There's one major fly in the ointment though... more
In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised. more
Secretary-General Kofi Annan announced today the members of the United Nations Working Group on Internet Governance, which is to prepare the ground for a decision on this contentious issue by the second phase of the World Summit on the Information Society in 2005. The establishment of the Working Group was requested by the first phase of the Summit, held in Geneva last December. At that time, countries agreed to continue the dialogue on the management of the Internet, at both the technical and policy levels. more
In the latest twist of the US-China spat, President Trump has his sights on TikTok, the short-form video-sharing platform and ByteDance subsidiary. On July 31, President Trump threatened to ban TikTok because it was a threat to US national security. On August 6, he made good on his threat when he signed an Executive Order to that effect. President Trump tightened the screws with an August 14 Executive Order requiring ByteDance to divest its assets in the US and destroy any TikTok data on its US users within 90 days. more
In a paper entitled "DNS Détente", written in the authors' personal capacities, Tricia Drakes (a former member of the ICANN Board) and Michael D. Palage (a current member of the ICANN board) have attempted to address some of the unresolved issues of the recent Preparatory Committee (PrepCom) 3 session in Geneva as discussions head to the final phase of the World Summit on the Information Society (WSIS) in Tunis (Nov 16 to 18, 2005). More specifically, the paper focuses on one of the "fundamental stumbling blocks to the continued evolution of Internet Governance"; The insistence of the United States Government (USG) that it retain its historically exclusive role in connection with authorizing changes to the Root A server, particularly with respect to country code top-level domains (ccTLDs). Shared further is the content of this paper. more
Amidst the fascinating news from the SCO saga, preparing for SANS London and contributing to the Unix timeline project at Grokline my eyes caught a piece of rather distressing news on the BBC. It appears that BT (British Telecom) intends to move its current phone network to an IP-based network by 2009 thereby sending the circuit-switched technology off to the attic. The real question is: can we guarantee the same level of reliability on VoIP as we had on circuit-switched telephony when the stated aim is to carry both voice and data traffic down the same cables (or fibres more likely)? more
Why shouldn't there be a .gadi TLD? Why not one for Microsoft? This post is not about alternate roots or why they are bad, this post is about something else. We do need to go over some background (from my perspective) very quickly though. ICANN has a steel-fist control over what happens in the DNS realm. They decide what is allowed, and who gets money from it. Whether it's VeriSign for .com or any registrar for the domains they sell. They decide if .gadi should exist or not. ...What I am here to discuss is why Microsoft, as a non-arbitrary choice this time, indeed, of all the world, should kick it aside, creating an alternate root while at the same time not disturbing the world's DNS. more
A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more
A World-Renowned Source for Internet Developments. Serving Since 2002.