Cybersecurity |
Sponsored by |
|
Everyone knows the $100B/year U.S. security apparatus taps almost the entire Internet. Friendly governments help from Australia to Canada to France. Companies like AT&T, Ericsson, Verizon, and Nokia obviously cooperate. The NSA assumes that China is attempting to do the same and that Huawei, as a Chinese company, will provide assistance. The evidence suggests otherwise. Huawei is the primary opponent of U.S. security. more
Want to learn more about the current state of DNSSEC? Want to see demos of new software to secure email? Curious about the potential impact of the Root Key Rollover happening this year? Next week in Copenhagen, Denmark, ICANN 58 will include some great technical info about DNSSEC and DANE happening in several sessions. Here is the plan... more
The White House has released a charter offering more transparency into the Vulnerabilities Equities Process. more
The Internet infrastructure has been having a bad month. Not as bad as, say, the world's aviation infrastructure, but bad enough. First, Chinese Internet censorship leaked out to a few massively unlucky users of the I root server. Then China Telecom failed to filter someone who leaked thousands of hijacked routes to other people's networks through them, probably by accident. And then, inexplicably, Forbes went where no one had gone before... more
A team of researchers have released a report detailing a new type of threat in which adjacent IoT devices, such as Internet-connected light bulbs, will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction. more
The first things that usually come to mind when talking about software development risks are bugs and security issues that have not been detected or those that have been discovered but left unaddressed. Some may also point out poor code quality reviews and the use of third-party components and dependencies laced with malicious code. more
Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase, Wells Fargo and PNC were among the first to sustain intermittent damage. Eventually, the top 50 institutions found themselves in the crosshairs... In the months to come, security experts would praise the banks' collective response, from heightened DDoS protection to candid customer communications.. these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks. more
This post I've been pondering on for a long time, but never found the right angle and perhaps I still haven't. Basically I have these observations, thoughts, ideas and a truckload of questions. Where to start? With the future prospects of us all. Thomas Picketty showed us the rise of inequality. He was recently joined by Robert J. Gordon who not only joins Picketty, but adds that we live in a period of stagnation, for decades already. "All great inventions lie over 40 years and more behind us", he points out. more
Just recently, Bluesky -- the decentralized social network running on an open protocol called AT Protocol -- announced that as a mechanism for supporting its business financially, it will directly sell domain names as handles for its users. The sales will be processed through an Internet Corporation for Assigned Names and Numbers (ICANN) accredited registrar, called Namecheap. Currently, the handles on social media platforms are internal handles and not independent domain names. more
Talking technical is easy. Distilling technical detail, complex threats and operation nuances down to something that can be consumed by people whose responsibility for dealing with cybercrime lays three levels below them in their organizational hierarchy is somewhat more difficult. Since so many readers here have strong technical backgrounds and often face the task of educating upwards within their own organizations, I figured I'd share 4 slides from my recent presentation that may be helpful in communicating how the world has changed. more
A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more
The other day, I planned to take my 15-year-old son to the movie theatre to see "Hateful Eight" in 70mm film format. The theatre would not allow him in. Under article 240a of the Dutch penal code, it is a felony to show a movie to a minor when that movie is rated 16 or above. Even though I think I am responsible for what my son gets to see, I understand that the rating agency put a 16-year stamp on this politically-incorrect-gun-slinging-gore-and-curse-intense-comedy feature. more
Former Yahoo CEO Marissa Mayer apologized today at the Senate Commerce, Science and Transportation hearing regarding massive data breaches at the internet company, blaming Russian agents. more
In a speech at the Internet Policy Research Initiative at MIT, British intelligence agency GCHQ director Robert Hannigan said Monday that law enforcement and intelligence officials want only targeted ways to stop what he called "abuse of encryption" by ISIS and other terrorists and criminals. more
Garth Bruen writes: A report in LegitScript takes a look at Russian rogue Internet pharmacy hacking US government website. "As rogue Internet pharmacy networks become more sophisticated, even US government websites are at risk. Today, we're taking a look at how a rogue Internet pharmacy linked to a criminal network operating out of Russia and Eastern Europe has hacked into a US government website. The Millennium Challenge Corporation, a US foreign aid agency, utilizes a ".gov" top-level domain, which is assigned to the control of the US government. Domain names ending in .gov are typically administered by the General Services Administration." more