Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
A reasonably well informed article in Thursday's USA Today reminds us that in 2004 Bill Gates said the spam problem would be solved in early 2006, but here at the end of 2007 there's more spam than ever. They go through a laundry list of problems of spambots, new kinds of PDF and MP3 spam, and phishing, and a list of of partial or non-solutions including filters, walled gardens, and an odd system called Boxbe, a hybrid of whitelists, challenge/response, and pay for delivery. Oh, and Bill says he never said spam would be solved... more
A weakness in modern computers allows attackers to steal encryption keys and other sensitive information, according to the latest discovery by cybersecurity firm F-Secure. more
The Internet Corporation for Assigned Names and Numbers (ICANN) has released new guidance concerning the reporting and disclosure of bugs that affect the Domain Name System, including information of how ICANN itself will behave in response to vulnerabilities. Until recently, ICANN, which is responsible for maintaining the root domain servers at the heart of the DNS system, had no specific guidelines for the reporting of vulnerabilities, leaving responsible disclosure protocols up to the researchers who discovered the bug. more
I receive spam on a daily basis from various Banks... as well as mine. None are legitimate but actually, that is not what is catching my attention receiving spam. There is something else and it deals with stealing information from me. Creating a personalized ".brand" domain name extension allows avoiding all that. Many are familiar with receiving spam through phishing attempts to have you answering an email and providing personal information such as login and passwords... more
The Denver edition of Security BSides took place a few weeks ago in a garage turned art gallery on the far end of Denver's emerging Santa Fe Arts District, right on the border between historic working-class neighborhoods and a rambling wasteland of building supply warehouses. ... The presentation I enjoyed most was "Top 10 Ways IT is Enabling Cybercrime," presented by Daniel J. Molina from Kaspersky Labs. He described how quickly threats are evolving, how many new threats are appearing every day, and explained that the targets aren't always who you'd expect. more
As the shorter of the ICANN interregnums comes to a close and the ICANN faithful finalize their dinner reservation agendas for Brussels, it is time again for a preview of what will be 'on-tap' at next week's ICANN meeting. While, as always, there is a lot going on in ICANN Land, a scan of the blogosphere and ICANN list serves suggests that the four most discussed topics will be... more
Recent collaborative test by Core Competence and Nominet have concluded that 75% of common residential and small SOHO routers and firewall devices used with broadband services do not operate with full DNSSEC compatibility "out of the box". The report presents and analyzes technical findings, their potential impact on DNSSEC use by broadband consumers, and implications for router/firewall manufacturers. Included in its recommendations, the report suggests that as vendors apply DNSSEC and other DNS security fixes to devices, consumers should be encouraged to upgrade to the latest firmware. more
I have a new book out, Thinking Security: Stopping Next Year's Hackers. There are lots of security books out there today; why did I think another was needed? Two wellsprings nourished my muse. (The desire for that sort of poetic imagery was not among them.) The first was a deep-rooted dissatisfaction with common security advice. This common "wisdom" -- I use the word advisedly -- often seemed to be outdated. Yes, it was the distillation of years of conventional wisdom, but that was precisely the problem: the world has changed; the advice hasn't. more
Wait and see approach on abuse attracts ICANN Stakeholder attention: A few weeks ago I made a detailed argument as to why product safety applies to domains, just like it does to cars and high chairs. I also argued that good products equal good business or "economically advantaged" in the long run. Then I really made a strong statement, I said if we don't actively engage other Internet stakeholders -- those that interact with our products, we would eventually lose the opportunity to self-regulate. more
A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups. more
.ORG, The Public Interest Registry (PIR) has announced today the launch of a new campaign aimed at educating IT professionals about securing DNS and the adoption of Domain Name System Security Extensions (DNSSEC). The key purpose of the "Practice Safe DNS" website, according to PIR, is to "serve as a key resource for domain holders, registrars, web developers and IT professionals to learn how they can respectively play a increasingly relevant role in providing a safer and more secure Internet." more
What does authorized access mean? If an employee with authorized access to a computer system goes into that system, downloads company secrets, and hands that information over to the company's competitor, did that alleged misappropriation of company information constitute unauthorized access? This is no small question. If the access is unauthorized, the employee potentially violated the Computer Fraud and Abuse Act (CFAA) (the CFAA contains both criminal and civil causes of action). But courts get uncomfortable here. more
A report broke today revealing hackers have successfully breached a German internet infrastructure firm that provides services to several large companies, including Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen. more
ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people -- and creates a whole lot of confusion for registrants. But that was a problem we could deal with. Fast-forward to October, 2008... more
The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services. more
A World-Renowned Source for Internet Developments. Serving Since 2002.