Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
A couple of days ago there was a lot of interest in how terrorists may have been using chat features of popular video console platforms (e.g. PS4, XBox One) to secretly communicate and plan their attacks. Several journalists on tight deadlines reached out to me for insight in to threat. Here are some technical snippets on the topic that may be useful for future reference. more
With DNSSEC for the root zone going into production in a couple of weeks, it is now possible for Top Level Domain (TLD) managers to submit their Delegation Signer (DS) information to IANA. But what does this really mean for a TLD? In this post we're going to try to sort that out. more
Security analysis suggest troubling and escalating trends in the development of malware that exploits vulnerabilities on mobile devices. "From turning mobile devices into bots, to infiltration of mobile applications, driven by the use of personal devices in the workplace, cybercriminals are taking full advantage of this market," reports M86 Security Labs in its just released Threat Predictions Report. more
In part four of this series of posts looking at emerging internet content relating to coronavirus, we explore phishing. In times of crisis, cyber criminals invariably take advantage of the growing concerns of the public. In the case of the coronavirus, they have done so by sending phishing emails that play on the fears surrounding the spread of the illness. A number of reports have emerged of emails purporting to provide advice or assistance relating to COVID-19... more
Leading French presidential candidate Emmanuel Macron's campaign confirmed on Friday a "massive" computer hack that dumped its campaign emails online less than two days before the election. more
U.S. Subcommittee on Communications & Technology and the Subcommittee on Commerce, Manufacturing, and Trade have announced a joint hearing to examine recent cyberattacks. more
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
Decentralization is a big trend in IT, and everyone has their own definition of what "decentralization" really means. With more organizations fully embracing a work-from-anywhere culture, decentralization has moved past being a fad and turned into a necessity. Decentralized cybersecurity is nothing new. Many of us have been doing it since before the pandemic. more
The public cloud services market in the mature Asia/Pacific (AP) region is on pace to grow 8.7 percent in 2015 to total $7.3 billion, up from $6.7 billion in 2014, according to new research from Gartner. more
For decades, the US government has fought against widespread, strong encryption. For about as long, privacy advocates and technologists have fought for widespread, strong encryption, to protect not just privacy but also as a tool to secure our computers and our data. The government has proposed a variety of access mechanisms and mandates to permit them to decrypt (lawfully) obtained content; technologists have asserted that "back doors" are inherently insecure. more
The Biden administration is poised to support a contentious United Nations cybercrime treaty, a move likely to spark debate over potential abuses, according to top officials. more
A glitch in Google's security update on Saturday morning caused links to every search result -- including Google's own pages -- to get flagged with the warning: "This site may harm your computer." The errors caused panic among users around the world who at first feared the popular search engine had suffered a major security failure. The problem which lasted for approximately 40 minutes has now been acknowledged and fixed by Google. The reason for the hiccup, as explained by Google, was due to a human error in the list of URLs Google uses to identify and flag websites known to install malicious software. more
There has been a significant focus over the past two years on the vulnerability and cyber threat risks faced for voting systems at the local level. That focus has typically been on State and local jurisdictions like cities, counties and towns, and resulted in the creation of the DHS Elections Infrastructure Information Sharing and Analysis Center (ISAC) to assist. However, there are other local governance entities at significant risk as well. more
Yesterday marked the last day of the OECD Ministerial Meeting on the Digital Economy, but also the culmination of a week where the need for an open and trusted Internet has been the main message from all stakeholders. Back in 2008, the OECD was one of the first intergovernmental organizations to open its discussions to the wider Internet community. more
In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more
A World-Renowned Source for Internet Developments. Serving Since 2002.