Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Once again I find myself thinking about the nature of the asymmetric warfare threat posed by politically motivated DDoS (Estonia in 07, Korea in 02, and now China vs. CNN in 08). I keep thinking about it in terms of asymmetric warfare, a class of warfare where one side is a traditional, centrally managed military with superior uniformed numbers, weaponry, and skill. On the other we have smaller numbers, usually untrained fighters with meager weapons, and usually a smaller force. Historical examples include the North Vietnamese in the 20th century and even the American Revolution in the 18th century. Clearly this can be an effective strategy for a band of irregulars... more
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable... It's often said that there are too many different organizations working on the overlapping areas of abuse, trust, and related issues. I believe the collaborative approach MAAWG has chosen will bridge these gaps. more
This morning M3AAWG announced the creation of the J.D. Falk award to recognize and honor people like J.D. who work to make the Internet safer for all users... J.D. was a legend in the abuse prevention world when I first started learning about spam and abuse prevention back in the late 90's. more
On the face of it, the answer is a rather obvious and simple "yes"! The Internet obviously works across borders. Technically, it is a global network servicing its users wherever they may be on the planet. But it is this very nature -- the fact that the Internet is not bound to a specific country or territory -- which has more and more people asking themselves whether it can really work across borders. more
As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don't worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed. Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed. more
There are a lot of theories flying around about why Twitter and other social media services got knocked offline yesterday. I've heard rumors about it being linked to political tension between Georgia and Russia. Others blame Iran for the outages. I'm not a political commentator, therefore I cannot comment on anyone's political views -- but I have some logic and common sense, and I can draw some objective conclusions. more
Friday marks the beginning of the ICANN 57 meeting in Hyderabad, India. As per usual there will be a range of activities related to DNSSEC or DANE. Two of the sessions will be streamed live and will be recorded for later viewing. Here is what is happening. All times below are India Standard Time (IST), which is UTC+05:30. Please do join us for a great set of sessions about how we can work together to make the DNS more secure and trusted! more
Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn't this odd, given that I've been doing security and privacy work for more than 30 years, and "everyone" knows that Zoom is a security disaster? To give too short an answer to a very complicated question: I do use it, via both Mac and iOS apps. Some of my reasons are specific to me and may not apply to you... more
Symantec today announced that it has signed a definitive agreement to acquire VeriSign's identity and authentication business, which includes the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. more
US presidential candidate Mitt Romney will likely be reconsidering his email passwords after his online email account was reportedly hacked. A hacker claims to have accessed Romney's Hotmail and Dropbox accounts after guessing the answer to the Republican candidate's 'favourite pet' security question. It's suspected Romney used the same password for more than one account. more
There has been plenty of buzz and chatter on the Internet recently concerning a very large DDoS attack against CloudFlare, with coverage on their blog, the New York Times, and the BBC, among many others. While attacks of this nature are certainly nothing new, the scale of this attack was surprising, reported to hit 120Gbps. For a sense of scale, your average cable modem is only about 20Mbps, or about 0.016% of that bandwidth. more
It is not uncommon for government agents to force technology companies to create or install malicious software in products in order to help them with surveillance. The American Civil Liberties Union (ACLU) has released a guide for developers that is intended to help preserve security and customers' privacy. more
The recent discovery of the goto fail and heartbleed bugs has prompted some public discussion on a very important topic: what advice should cryptologists give to implementors who need to use crypto? What should they do? There are three parts to the answer: don't invent things; use ordinary care; and take special care around crypto code. more
In case you missed it, last Thursday, May 6, we saw a remarkable day on the stock markets. The day started off with some selling which went down neat and orderly. Suddenly, around 2:40 pm eastern time, the market started selling off rapidly taking huge hits in in the span of 30 minutes. It was an incredible ride and at one point, the Dow Jones average was off 1000 points for the day, the largest drop in history (though not the largest percentage drop). It was kind of like October of 1987. more
Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase, Wells Fargo and PNC were among the first to sustain intermittent damage. Eventually, the top 50 institutions found themselves in the crosshairs... In the months to come, security experts would praise the banks' collective response, from heightened DDoS protection to candid customer communications.. these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks. more
A World-Renowned Source for Internet Developments. Serving Since 2002.