Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more
WikiLeaks shook the internet again on March 7, 2017, by posting several thousand documents containing information about the tools the CIA allegedly used to hack, among others, Android and iOS devices. These classified files were obtained from the CIA's Center for Cyber Intelligence, although they haven't yet been verified and a CIA official declined to comment on this incident. This isn't the first time that the U.S. government agencies were accused of crossing the line and undermining online security and civil liberties, as it's been only a year since the infamous FBI-Apple encryption dispute. It's like "1984" all over again. more
In late August the White House mandated that all of the agencies in the US government have functioning DNSSEC capabilities deployed and operational by December 2009. I am suggesting here that we, as a community, commit to the same timetable. I call upon VeriSign and other registries to bring up DNSSEC support by January 2009. more
On Tuesday, 2020 U.S. presidential candidate John Delaney announced a plan to create a Department of Cybersecurity. more
M3AAWG is a trade association that brings together ISPs, hosting providers, bulk mailers, and a lot of infrastructure vendors to discuss messaging abuse, malware, and mobile abuse. (Those comprise the M3.) One of the things they do is publish best practice documents for network and mail operators, including two recently published, one on Password Recommendations for Account Providers, and another on Password Managers Usage Recommendations. more
Ten years ago everyone evaluating DNS solutions was always concerned about performance. Broadband networks were getting faster, providers were serving more users, and web pages and applications increasingly stressed the DNS. Viruses were a factor too as they could rapidly become the straw that broke the camel's back of a large ISP's DNS servers. The last thing a provider needed was a bottleneck, so DNS resolution speed became more and more visible, and performance was everything. more
Cisco has launched an intent-based networking solution designed to be intuitive and adapt; a new approach claimed to be one of the most significant breakthroughs in enterprise networking. more
In the past 24 months, distributed denial of service (DDoS) attacks have changed profoundly. Gone are the days when attackers worked under the radar, when machines were infected by botnet code unknowingly and attacks were disguised leaving very little to trace the exact origin. ... The other game-changer: It's easier than ever to execute attacks. The tools are so widely available that anyone with basic skills and a high-speed connection can become a "hacktivist." more
Domain tasting is a long-established practice involving the short-lived existence of a domain, which is allowed to lapse a few days after its initial registration. The practice arose in response to an Internet Corporation for Assigned Names and Numbers (ICANN) policy allowing a domain to be cancelled -- with all fees refunded -- within a five-day grace period, intended to address the issue of accidental registrations1. However, the practice is open to abuse by infringers. more
One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts... more
Much of the discussion regarding mobile security revolves around the growing "pandemic" of mobile malware. It's not uncommon to see headlines reporting the discovery of large numbers of new malware samples. However, as Google recently pointed out, with quite a bit of data to support them, there's little discussion of real world impact of these discoveries. This raises a number of relevant questions. Is the average user likely to be infected? Where does this malware come from? These are questions that deserve analysis and thoughtful responses. more
Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate. more
A group of academic researchers have revealed a design weakness in the 4G/5G protocol which can be exploited by an attacker to identify the victim's presence in a particular cell area just from the victim's soft-identity such as phone number and Twitter handle. more
Next Monday the WSIS+10 Second Informal Interactive Consultations will take place at the UN Headquarters in New York. Much of the discussions will focus on what is called the "zero draft", which is the draft outcome document of the overall ten-year Review of the World Summit on the Information Society (WSIS). As it stands, the text is an effort from the negotiators to collect multiple perspectives, reconcile differences and hopefully make progress towards consensus before the UN General Assembly High-Level Meeting in December. more
The recent heavy news coverage of WannaCry has overshadowed the latest WikiLeaks release of critical CIA malware documentation: user manuals for two hacking tools named AfterMidnight and Assassin. more
A World-Renowned Source for Internet Developments. Serving Since 2002.