Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more
At the end of July, the Open-ended Working Group (OEWG) on ICTs -- which is currently discussing how states should and shouldn't behave in cyberspace - concluded its third meeting, which falls in the middle of its four-year mandate (ending in 2025). Below, we provide a summary of what happened, reflections on the outcomes and implications (the good and the bad), and some practical recommendations for stakeholders and governments to consider ahead of the next meeting. more
China's home grown firms are not only grabbing domestic businesses but also venturing to different countries across the world. On the other hand, foreign players face regulatory walls that make it difficult to tap businesses in China." Saibal Dasgupta reporting today in VOA more
Next Monday the WSIS+10 Second Informal Interactive Consultations will take place at the UN Headquarters in New York. Much of the discussions will focus on what is called the "zero draft", which is the draft outcome document of the overall ten-year Review of the World Summit on the Information Society (WSIS). As it stands, the text is an effort from the negotiators to collect multiple perspectives, reconcile differences and hopefully make progress towards consensus before the UN General Assembly High-Level Meeting in December. more
One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts... more
Ten years ago everyone evaluating DNS solutions was always concerned about performance. Broadband networks were getting faster, providers were serving more users, and web pages and applications increasingly stressed the DNS. Viruses were a factor too as they could rapidly become the straw that broke the camel's back of a large ISP's DNS servers. The last thing a provider needed was a bottleneck, so DNS resolution speed became more and more visible, and performance was everything. more
As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more
As noted in the first part of this series, Security and Reliability encompasses holistic network assessments, vulnerability assessments, and penetration testing. In this post I'd like to go deeper into network assessments. I stated last time that the phrase "network assessment" is broad. more
In late August the White House mandated that all of the agencies in the US government have functioning DNSSEC capabilities deployed and operational by December 2009. I am suggesting here that we, as a community, commit to the same timetable. I call upon VeriSign and other registries to bring up DNSSEC support by January 2009. more
Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password. Security problems solved, then? more
The Secure 5G and Beyond Act of 2020 has been submitted by the U.S. Congress to the White House for signing into law. It has been sitting there for several days now, but there are obviously more important developments demanding attention than a law compelling the Executive Branch to develop a 5G security strategy within 180 days through public and Federal agency consultations that will be implemented by the NTIA. more
A new report warns that unless government and private sector decision makers begin developing specific procedures and trust now against cyber-enabled economic warfare (CEEW), the United States will find itself flat-footed during a major cyber event. more
Over the past several years, domain name queries - a critical element of internet communication - have quietly become more secure, thanks, in large part, to a little-known set of technologies that are having a global impact. Verisign CTO Dr. Burt Kaliski covered these in a recent Internet Protocol Journal article, and I'm excited to share more about the role Verisign has performed in advancing this work and making one particular technology freely available worldwide. more
In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more
On Tuesday, 2020 U.S. presidential candidate John Delaney announced a plan to create a Department of Cybersecurity. more
A World-Renowned Source for Internet Developments. Serving Since 2002.