Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Ars Technica's Dan Goodin reports that an "investigation shows the spam run worked by abusing a weakness at GoDaddy that allowed the scammers to hijack at least 78 domains belonging to Expedia, Mozilla, Yelp, and other legitimate people or organizations." more
What will the Internet look like in the next seven to 10 years? How will things like marketplace consolidation, changes to regulation, increases in cybercrime or the widespread deployment of the Internet of Things impact the Internet, its users and society? At the Internet Society, we are always thinking about what's next for the Internet. And now we want your help! more
IT security specialists have known for years that the plain DNS is not to be trusted. Any hope for improvement rests on the DNSSEC protocol deployment. In this post, I will review the current status in one critical aspect, namely the DNS root signature key management. The other two foremost are the application usage of DNSSEC protocol functionality and the operational front, or the extent of deployment in the DNS infrastructure. The operational front includes the support by the DNS root nameservers, but my focus on signature key management leaves this issue aside. more
Layered security is a concept that's important for anyone who wants to create a strong, successful defense strategy to understand. This is a strategy that relies on the use of multiple lines of defense in an attempt to repel any potential attacks. For this reason, it's based on the principle that says "no single form of protection is enough to stop a determined cybercriminal. more
Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the crypto won't protect your data. In a case like the Anthem breach, the really sensitive databases are always in use. more
BP and the Oil Industry are taking a lot of heat these days - much of it rightly so. Moving beyond the drama and evaluating the overall response of BP and others reinforces much of what is taught in incident response training and preparation... by showing the outcomes when one does not respond well. This is probably the most important incident that the responders involved will deal with in their professional lives. For those of us working to protect Internet Infrastructure and resources there are useful lessons as we consider what is happening in the Gulf of Mexico and their response effort. more
Encryption is fundamental to our daily life. Practically everything we do online makes use of encryption is some form. Access to our financial transactions, health records, government services, and exchanged private messages are all protected by strong encryption. Encryption is the process of changing the information in such a way as to make it unreadable by anyone except for those possessing special knowledge (usually referred to as a "key"), which allows them to change the information back to its original, readable form. more
Stéphane Bruno writes: "In the first few hours that followed the earthquake, mobile service was completely disrupted. It was almost impossible to place a call, due to the combination of the damages on the cellular networks and the spike in phone calls. However, on some networks, SMS service was still available. People stuck under rubbles started texting to their friends and family (in Haiti and abroad) to tell them they were still alive and needed help. Those friends and family, not knowing what to do, started posting these SOS messages on their social networks, mainly on Facebook." more
Microsoft is shipping a patch to eliminate SHA-1 hashes from its update process. There's nothing wrong with eliminating SHA-1 - but their reasoning may be very interesting. SHA-1 is a "cryptographic hash function". That is, it takes an input file of any size and outputs 20 bytes. An essential property of cryptographic hash functions is that in practice (though obviously not in theory), no two files should have the same hash value unless the files are identical. more
Ah, BYOD. How I love thee. BYOD, or "Bring Your Own Device", gives me choices. I can use a device at work I actually like and am most effective with. (How did I ever get by without my iPad?) But BYOD comes with challenges. Personal devices can be infected with malware. Once they're connected to an enterprise's network, they can be controlled by a bot master to hijack enterprise resources and wreak havoc as part of a botnet. more
According to a recent Homeland Security News Wire article, nearly 8 million patient medical records were compromised over the course of the previous two years due to data security breaches. As more hospitals and patient care providers move to store patient data electronically -- primarily as a cost savings effort -- the risk and exposure of our private medical information increases while our individual control over this information diminishes. more
According to various news outlets, Russia is reported to be planning a complete Internet shut down, as part of a test of its cyber-defenses. more
Most people - mistakenly - believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a "pivot-and-attack." more
The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters. All around us, there were new buildings under construction, with that tall towering crane anchored to the building in several places. We wondered how that crane was built, and considered how precise the building process seemed to be to the complete mess building a network seems to be. more
As with other meetings and conferences, the IGF-USA decided to move our annual event to a virtual format held on 22-23 July. We will discuss important matters of the Internet, using the Internet from our secure Internet access points. This format allows us to continue critical dialogue safe from viruses, murder hornets and whatever else is thrown at us this year. more
A World-Renowned Source for Internet Developments. Serving Since 2002.