Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Recent collaborative test by Core Competence and Nominet have concluded that 75% of common residential and small SOHO routers and firewall devices used with broadband services do not operate with full DNSSEC compatibility "out of the box". The report presents and analyzes technical findings, their potential impact on DNSSEC use by broadband consumers, and implications for router/firewall manufacturers. Included in its recommendations, the report suggests that as vendors apply DNSSEC and other DNS security fixes to devices, consumers should be encouraged to upgrade to the latest firmware. more
A reasonably well informed article in Thursday's USA Today reminds us that in 2004 Bill Gates said the spam problem would be solved in early 2006, but here at the end of 2007 there's more spam than ever. They go through a laundry list of problems of spambots, new kinds of PDF and MP3 spam, and phishing, and a list of of partial or non-solutions including filters, walled gardens, and an odd system called Boxbe, a hybrid of whitelists, challenge/response, and pay for delivery. Oh, and Bill says he never said spam would be solved... more
The Internet Corporation for Assigned Names and Numbers (ICANN) has released new guidance concerning the reporting and disclosure of bugs that affect the Domain Name System, including information of how ICANN itself will behave in response to vulnerabilities. Until recently, ICANN, which is responsible for maintaining the root domain servers at the heart of the DNS system, had no specific guidelines for the reporting of vulnerabilities, leaving responsible disclosure protocols up to the researchers who discovered the bug. more
The Online Trust Alliance (OTA) joined a unanimous vote at the Federal Communications Commission's (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) meeting today, approving the voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (ISPs), also known as the ABCs for ISPs. As a member of the CSRIC appointed by FCC Chairman Julius Genachowski, the OTA has been working with the FCC and leading ISPs to develop this voluntary Code. more
Coen Dijkgraaf writes: "Project Honey Pot is a community of tens of thousands of web and email administrators from more than 170 countries around the world who are working together to track online fraud and abuse. The Project has been online since 2004 and each day receives millions of email and comment spam messages which are catalogued and shared with law enforcement and security partners. On Wednesday, December 9, 2009 at 06:20 (GMT) Project Honey Pot received its billionth email spam message. For the full article and some intersting statistics about spamming, see 1 Billion Spammers Served." more
What does authorized access mean? If an employee with authorized access to a computer system goes into that system, downloads company secrets, and hands that information over to the company's competitor, did that alleged misappropriation of company information constitute unauthorized access? This is no small question. If the access is unauthorized, the employee potentially violated the Computer Fraud and Abuse Act (CFAA) (the CFAA contains both criminal and civil causes of action). But courts get uncomfortable here. more
Resource Public Key Infrastructure (RPKI) is a method to secure internet routing traffic by cryptographically verifying routes. As we begin 2022, we look back at 2021 and see how the year saw another significant step towards its adoption. High-profile issues with the old trust-based model of Border Gateway Protocol, designed several decades ago, have shown the continued importance of protecting popular networks from mistakes or hackers. more
I have a new book out, Thinking Security: Stopping Next Year's Hackers. There are lots of security books out there today; why did I think another was needed? Two wellsprings nourished my muse. (The desire for that sort of poetic imagery was not among them.) The first was a deep-rooted dissatisfaction with common security advice. This common "wisdom" -- I use the word advisedly -- often seemed to be outdated. Yes, it was the distillation of years of conventional wisdom, but that was precisely the problem: the world has changed; the advice hasn't. more
A report broke today revealing hackers have successfully breached a German internet infrastructure firm that provides services to several large companies, including Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen. more
Several people abroad have started mailing me and others asking if rumors of new legislation to be passed in Sweden on the 17th of June is for real. There are also reports in international forums starting to pop up. This is fairly old news, and I think that most of us are surprised that this has not generated more press both inside and outside Sweden earlier. This legislation will allow for the Swedish National Defense Radio Agency (FRA) to wiretap Internet traffic leaving the country... more
The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more
The Denver edition of Security BSides took place a few weeks ago in a garage turned art gallery on the far end of Denver's emerging Santa Fe Arts District, right on the border between historic working-class neighborhoods and a rambling wasteland of building supply warehouses. ... The presentation I enjoyed most was "Top 10 Ways IT is Enabling Cybercrime," presented by Daniel J. Molina from Kaspersky Labs. He described how quickly threats are evolving, how many new threats are appearing every day, and explained that the targets aren't always who you'd expect. more
As you've probably read, WikiLeaks has released a trove of purported CIA documents describing their hacking tools. There's a lot more that will be learned, as people work their way through the documents. For now, though, I want to focus on something that's being misreported, possibly because of deliberately misleading text by WikiLeaks itself. Here's the text from WikiLeaks... more
Wait and see approach on abuse attracts ICANN Stakeholder attention: A few weeks ago I made a detailed argument as to why product safety applies to domains, just like it does to cars and high chairs. I also argued that good products equal good business or "economically advantaged" in the long run. Then I really made a strong statement, I said if we don't actively engage other Internet stakeholders -- those that interact with our products, we would eventually lose the opportunity to self-regulate. more
For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more
A World-Renowned Source for Internet Developments. Serving Since 2002.