Cybersecurity |
Sponsored by |
|
Data transmission is one area where security should be among the biggest concerns. Overseeing data integrity is the realm of communications security (ComSec) teams, and they're getting a lot of assistance these days from artificial intelligence (AI) via machine learning and other AI components that also prove helpful in improving accessibility. Under the umbrella of AI, advances like assistive technologies promote accessibility while preserving data integrity and the flow of communications. more
US presidential candidate Mitt Romney will likely be reconsidering his email passwords after his online email account was reportedly hacked. A hacker claims to have accessed Romney's Hotmail and Dropbox accounts after guessing the answer to the Republican candidate's 'favourite pet' security question. It's suspected Romney used the same password for more than one account. more
My involvement in the ICT industry over the last 40 years has always been to look at the strategic advantages that new technologies have to offer. I entered the industry through a proto-internet development called videotext. I looked at this technology, at what organisations could do with it, and assisted, for example, in the 1980s when the Commonwealth Bank introduced the world's first national online banking service called Telebank. more
As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don't worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed. Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed. more
Andrew McLaughlin reporting in the White House website: "Last week marked a significant advance in the security of the Internet. After years of intensive design, testing, and implementation work, the Internet's domain name system now has a new security upgrade that allows Internet service providers and end users alike to protect against an important online vulnerability: the clandestine redirecting of online communications to unwanted destinations." more
In case you missed it, last Thursday, May 6, we saw a remarkable day on the stock markets. The day started off with some selling which went down neat and orderly. Suddenly, around 2:40 pm eastern time, the market started selling off rapidly taking huge hits in in the span of 30 minutes. It was an incredible ride and at one point, the Dow Jones average was off 1000 points for the day, the largest drop in history (though not the largest percentage drop). It was kind of like October of 1987. more
About a week ago, I posted that Australia was getting ISPs to boot infected computers off of their network. I commented on whether or not this was a good policy. However, there was one thing in that article that I wanted to comment on but didn't... more
Friday marks the beginning of the ICANN 57 meeting in Hyderabad, India. As per usual there will be a range of activities related to DNSSEC or DANE. Two of the sessions will be streamed live and will be recorded for later viewing. Here is what is happening. All times below are India Standard Time (IST), which is UTC+05:30. Please do join us for a great set of sessions about how we can work together to make the DNS more secure and trusted! more
For the last couple of years, the most common attack vector against the DNS system is the attack against the registrar. Either the attack is on the software itself using weaknesses in the code that could inject DNS changes into the TLD registry, or social engineering the registrar support systems and the attacker receives credentials that in turn allows the attacker to perform malicious changes in DNS. DNSSEC is the common security mechanism that protects the DNS protocol, but by using the registrar attack, any changes will result in a proper working DNS delegation. more
The security vendor-phobe at the head of the conference bangs on the podium with his shoe declaring that "The greatest threat comes from within! (buy our product for your network's salvation)." Fear as a marketing strategy can never be underestimated. Particular when the fear is of the misunderstood. Media helps stoke the flames of fear-marketing with stories of fired or disgruntled IT staff who reportedly effectuate their revenge on former employers by bricking systems. more
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable... It's often said that there are too many different organizations working on the overlapping areas of abuse, trust, and related issues. I believe the collaborative approach MAAWG has chosen will bridge these gaps. more
U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. more
It must be tricky to be an advocate of transparency when your job involves selling serious encryption tools to government departments, large and small companies, hospitals and people who are concerned about having their bank account details hijacked from a home PC. After all, the point about good encryption software and the systems that surround it is that they provide a way to keep your secrets secret, while open government and the effective regulation of financial services would seem to require the widest possible dissemination of all sorts of operational data... more
Yahoo today announced it has agreed to pay $50 million in damages and will offer two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the massive security breach. more
According to press reports, DHS is going to require federal computer contractors to scan for holes and start patching them within 72 hours. Is this feasible? It's certainly a useful goal. It's also extremely likely that it will take some important sites or applications off the air on occasion - patches are sometimes buggy (this is just the latest instance I've noticed), or they break a (typically non-guaranteeed or even accidental) feature that some critical software depends on. more
A World-Renowned Source for Internet Developments. Serving Since 2002.