Cybersecurity |
Sponsored by |
Tomorrow afternoon at 1pm EST Apple will be giving testimony to the House Judiciary Committee. The session that Apple and others will be taking part in is aptly named, The Encryption Tightrope: Balancing Americans' Security and Privacy In common with other hearings the various witnesses called to speak have already submitted their written testimony, so we can already look at it and analyse it. more
It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more
On Friday, GoDaddy revealed that it had suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. more
A team of developers including .SE (The Internet Infrastructure Foundation), LNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson have come together to create open source software, called OpenDNSSEC, to make it easier to deploy DNSSEC. Patrik Wallström, responsible for DNSSEC at .SE comments: "In order to spread the use of DNSSEC to an increased number of domain names, the management surrounding this technology must be simplified. Together with a number of collaborators, we're developing OpenDNSSEC. Leveraging our deployment experience, we will produce a well-packaged, easy-to-use and flexible DNSSEC tool that eliminates all manual procedures. Those in charge of name servers no longer need detailed knowledge about the protocol in order to use it." more
On June 3, 2020, EURid, the registry for .EU domains, published its timeline and action plan to withdraw and delete .EU domains registered to entities and individuals located in the U.K. ... Following the .EU regulations that were published on March 29, 2019, registrations of .EU domain names may be held by EU citizens, citizens of Iceland, Liechtenstein, and Norway, independent of their place of residence -- as well as organizations that are established in the EU. more
As governments convene to discuss the UN Cybercrime Treaty, Google is urging caution, warning that the current draft could endanger online security and free expression. more
Ubiquiti Networks Inc., a San Jose based maker of networking technology, has disclosed that cyber criminals stole $46.7 million via a "business email compromise fraud involving employee impersonation." more
This past month on 03-06 March, the global industry sub-group that exists at the center of 5G security met virtually. It is known as SA3 within the 3GPP organization, and it met over a period of five days to deal with some of the most important 5G security requirements. 3GPP is a "partnership" created among all the world's major standards bodies, which over several decades has cooperatively developed and evolved by far the largest and most successful global electronic communications network. more
Google, which through its Postini email security and archiving service processes over 3 billion email connections a day, reports that despite recent series of major botnet takedowns, spam levels during the first quarter of 2010 have held fairly steady. "This suggests that there's no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns." more
During a London conference, Huawei's chairman Liang Hua told reporters the company would sign no-spy agreements with governments as a response to United States' pressure on Europe to bar the Chinese telecommunications company over spying concerns. more
Network security experts from across the U.S. government told a U.S. Senate Armed Services Subcommittee on Tuesday that federal networks have been thoroughly penetrated by foreign spies, and that current perimeter-based defenses that attempt to curb intrusions are outdated and futile. more
In August of last year I wrote in a blog about the importance of cryptech to wide-scale trust in the Internet. For those who don't know about it, http://cryptech.is is a project aiming to design and deploy an openly developed, trustable Hardware Security Module (HSM) which can act both as a keystore (holding your secrets and keeping them private) and as a signing engine. more
Introduced by ranking Senate members of the Homeland Security and Governmental Affairs Committee, the Protecting Cyberspace as a National Asset Act of 2010, S.3480 is intended to create an Office of Cyber Policy in the executive branch of the government, confirmed by the Senate and ultimately reporting to the president. Senators Joe Lieberman, Blanche Lincoln and Tom Carper introduced the bill publicly on June 10, and a critical part of the bill is that critical infrastructure networks such as electricity grids, financial systems and telecommunications networks need to cooperate with the Office of Cyber Policy. more
As anyone who's been in the DDoS attack trenches knows, large multi-gigabit attacks have become more prevalent over the last few years. For many organizations, it's become economically unfeasible to provision enough bandwidth to combat this threat. How are attackers themselves sourcing so much bandwidth? more
"We often refer to the Cuyahoga River in Cleveland that caught on fire over 20 times before we actually did something to introduce the Clean Water Act," says Allan Friedman, the director of cybersecurity initiatives for the Department of Commerce's National Telecommunications and Information Administration (NTIA), in conference call on Monday. more